Commit graph

647 commits

Author SHA1 Message Date
Matt Caswell
522b11e969 Fix no-dso builds
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8111)
2019-01-30 15:26:48 +00:00
Antonio Iacono
e85d19c68e crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of  Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).

This patch adds support for adding  ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)
2019-01-27 23:59:21 +01:00
Richard Levitte
9afc2b92fe Rework building: adapt some scripts
The platform module collection is made in such a way that any Perl
script that wants to take part of the available information can use
them just as well as the build system.

This change adapts test/recipes/90-test_shlibload.t, util/mkdef.pl,
and util/shlib_wrap.sh.in

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Corey Minyard
c6048af23c Fix a memory leak in the mem bio
If you use a BIO and set up your own buffer that is not freed, the
memory bio will leak the BIO_BUF_MEM object it allocates.

The trouble is that the BIO_BUF_MEM is allocated and kept around,
but it is not freed if BIO_NOCLOSE is set.

The freeing of BIO_BUF_MEM was fairly confusing, simplify things
so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM
in mem_free(), where it should be done.

Alse add a test for a leak in the memory bio
Setting a memory buffer caused a leak.

Signed-off-by: Corey Minyard <minyard@acm.org>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8051)
2019-01-21 17:47:02 +10:00
Matt Caswell
9effc496ad Add a test for correct handling of the cryptopro bug extension
This was complicated by the fact that we were using this extension for our
duplicate extension handling tests. In order to add tests for cryptopro
bug the duplicate extension handling tests needed to change first.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)
2019-01-07 09:39:10 +00:00
Matt Caswell
87bbbfb1e4 Fix no-cmac
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7979)
2019-01-06 09:58:01 +00:00
Matt Caswell
88d57bf83f Test atexit handlers
Test that atexit handlers get called properly at process exit, unless we
have explicitly asked for them not to be.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)
2019-01-04 13:19:39 +00:00
Bernd Edlinger
1f483a69bc Fix cert with rsa instead of rsaEncryption as public key algorithm
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7962)
2018-12-31 09:47:12 +01:00
Todd Short
b1ceb439f2 Add RFC5297 AES-SIV support
Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.

Add multiple AAD input capacity in the EVP tests.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)
2018-12-12 08:16:10 +10:00
Matt Caswell
6de98b4fb6 Add an Ed448 malleability test
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)
2018-12-11 11:53:55 +00:00
Richard Levitte
909f1a2e51 Following the license change, modify the boilerplates in test/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)
2018-12-06 14:19:22 +01:00
Richard Levitte
3a63dbef15 Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most central change is that we now express the version number with
three macros, one for each part of the version number:

    OPENSSL_VERSION_MAJOR
    OPENSSL_VERSION_MINOR
    OPENSSL_VERSION_PATCH

We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):

    OPENSSL_VERSION_PRE_RELEASE
    OPENSSL_VERSION_BUILD_METADATA

To get the library's idea of all those values, we introduce the
following functions:

    unsigned int OPENSSL_version_major(void);
    unsigned int OPENSSL_version_minor(void);
    unsigned int OPENSSL_version_patch(void);
    const char *OPENSSL_version_pre_release(void);
    const char *OPENSSL_version_build_metadata(void);

Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):

    OPENSSL_SHLIB_VERSION

We also provide a macro that contains the release date.  This is not
part of the version number, but is extra information that we want to
be able to display:

    OPENSSL_RELEASE_DATE

Finally, also provide the following convenience functions:

    const char *OPENSSL_version_text(void);
    const char *OPENSSL_version_text_full(void);

The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:

    OPENSSL_VERSION_NUMBER
    OPENSSL_VERSION_TEXT
    OPENSSL_VERSION
    OpenSSL_version_num()
    OpenSSL_version()

Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:

    OPENSSL_info()

For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Matt Caswell
e65a79d2aa Add an Ed25519 signature maleability test
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7697)
2018-12-03 14:21:05 +00:00
Richard Levitte
f1d49ed947 Don't test the collected system errors when configured to not have them
Config options 'no-err' and 'no-autoerrinit'

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7711)
2018-11-27 09:01:35 +00:00
Richard Levitte
0777de15ff Avoid test_errstr in a cross compiled configuration
There's too high a chance that the openssl app and perl get different
messages for some error numbers.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7699)
2018-11-24 18:48:13 +01:00
Richard Levitte
4b801fdcf4 Add an error message test recipes for system error messages
This ensures we collected them properly and and as completely as can
be tested safely.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7681)
2018-11-23 12:34:45 +01:00
Matt Caswell
c486283cb8 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7668)
2018-11-20 13:26:47 +00:00
Matt Caswell
65d2c16cbe Fix no-ec and no-tls1_2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7620)
2018-11-14 11:28:01 +00:00
Richard Levitte
1828939974 Fix rpath-related Linux "test_shlibload" failure.
When libssl and libcrypto are compiled on Linux with "-rpath", but
not "--enable-new-dtags", the RPATH takes precedence over
LD_LIBRARY_PATH, and we end up running with the wrong libraries.
This is resolved by using full (or at least relative, rather than
just the filename to be found on LD_LIBRARY_PATH) paths to the
shared objects.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)
2018-11-14 00:41:57 +01:00
Shane Lontis
6e624a6453 KMAC implementation using EVP_MAC
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7597)
2018-11-14 07:01:09 +10:00
Richard Levitte
425036130d Fix SipHash init order.
Setting the SipHash hash size and setting its key is done with two
independent functions...  and yet, the internals depend on both.

Unfortunately, the function to change the size wasn't adapted for the
possibility that the key was set first, with a different hash size.

This changes the hash setting function to fix the internal values
(which is easy, fortunately) according to the hash size.

evpmac.txt value for digestsize:8 is also corrected.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7613)
2018-11-12 07:15:55 +01:00
Tomas Mraz
75b68c9e4e Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #7391
2018-11-10 21:29:36 +01:00
Dr. Matthias St. Pierre
1901516a4b Test: enable internal tests for shared Windows builds
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)
2018-11-08 16:27:24 +01:00
Paul Yang
c1da4b2afe Add poly1305 MAC support
This is based on the latest EVP MAC interface introduced in PR #7393.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7459)
2018-11-05 13:07:07 +08:00
Pauli
afc580b9b0 GMAC implementation
Remove GMAC demo program because it has been superceded by the EVP MAC one

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7548)
2018-11-05 08:09:41 +10:00
Richard Levitte
9f2e18111e Have a couple of SipHash test uses the EVP_PKEY method
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7494)
2018-10-30 08:09:07 +01:00
Richard Levitte
c89d9cdab1 EVP_MAC: Add SipHash implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7494)
2018-10-30 08:09:07 +01:00
Richard Levitte
388de53c27 Make sure at least one HMAC test still uses the EVP_PKEY method
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7483)
2018-10-30 05:51:01 +01:00
Richard Levitte
56adb7d937 Make sure at least one CMAC test still uses the EVP_PKEY method
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7484)
2018-10-30 05:34:50 +01:00
Richard Levitte
ce5d64c79c test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run()
pkey_test_ctrl() was designed for parsing values, not for using in
test runs.  Relying on its returned value when it returned 1 even for
control errors made it particularly useless for mac_test_run().

Here, it gets replaced with a MAC specific control function, that
parses values the same way but is designed for use in a _run() rather
than a _parse() function.

This uncovers a SipHash test with an invalid control that wasn't
caught properly.  After all, that stanza is supposed to test that
invalid control values do generate an error.  Now we catch that.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7500)
2018-10-29 17:29:30 +01:00
Richard Levitte
8effd8fa67 Refactor util/mkdef.pl for clearer separation of functionality
Move the .num updating functionality to util/mknum.pl.
Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively,
using the separate ordinals reading module.
Adapt the build files.
Adapt the symbol presence test.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Pauli
95eda4f09a FIPS 140-2 IG A.9 XTS key check.
Add a check that the two keys used for AES-XTS are different.

One test case uses the same key for both of the AES-XTS keys.  This causes
a failure under FIP 140-2 IG A.9.  Mark the test as returning a failure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7120)
2018-09-12 08:40:47 +10:00
Matt Caswell
1212818eb0 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
2018-09-11 13:45:17 +01:00
Richard Levitte
c2278c8bc4 TESTS: add test of decoding of invalid zero length ASN.1 INTEGER zero
Confirms #7134

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7153)
2018-09-09 03:35:26 +02:00
Richard Levitte
2725232132 TESTS: add SipHash tests with digestsize controls
Confirms #7143

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)
2018-09-09 01:47:56 +02:00
Matt Caswell
f01344cb5c Do not reset SNI data in SSL_do_handshake()
PR #3783 introduce coded to reset the server side SNI state in
SSL_do_handshake() to ensure any erroneous config time SNI changes are
cleared. Unfortunately SSL_do_handshake() can be called mid-handshake
multiple times so this is the wrong place to do this and can mean that
any SNI data is cleared later on in the handshake too.

Therefore move the code to a more appropriate place.

Fixes #7014

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7149)
2018-09-07 18:24:59 +01:00
Pauli
e0810e3502 Fix HMAC SHA3-224 and HMAC SHA3-256.
Added NIST test cases for these two as well.

Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6972)
2018-09-04 08:09:12 +10:00
Pauli
fc196a5eb9 Make OBJ_NAME case insensitive.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7089)
2018-09-04 07:35:45 +10:00
Billy Brumley
bfb10b9758 [test] throw error from wrapper function instead of an EC_METHOD specific one
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7028)
2018-09-03 20:25:41 +02:00
Billy Brumley
30c41bfb15 [test] ECC: make sure negative tests pass for the right reasons
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7028)
2018-09-03 20:25:41 +02:00
Matt Caswell
5627f9f217 Don't detect a downgrade where the server has a protocol version hole
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7013)
2018-08-22 15:15:19 +01:00
Matt Caswell
3e7cb13dff Test that a client protocol "hole" doesn't get detected as a downgrade
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7013)
2018-08-22 15:15:19 +01:00
Nicola Tuveri
5d92b853f6 Replace GFp ladder implementation with ladd-2002-it-4 from EFD
The EFD database does not state that the "ladd-2002-it-3" algorithm
assumes X1 != 0.
Consequently the current implementation, based on it, fails to compute
correctly if the affine x coordinate of the scalar multiplication input
point is 0.

We replace this implementation using the alternative algorithm based on
Eq. (9) and (10) from the same paper, which being derived from the
additive relation of (6) does not incur in this problem, but costs one
extra field multiplication.

The EFD entry for this algorithm is at
https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4
and the code to implement it was generated with tooling.

Regression tests add one positive test for each named curve that has
such a point. The `SharedSecret` was generated independently from the
OpenSSL codebase with sage.

This bug was originally reported by Dmitry Belyavsky on the
openssl-users maling list:
https://mta.openssl.org/pipermail/openssl-users/2018-August/008540.html

Co-authored-by: Billy Brumley <bbrumley@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7000)
2018-08-21 09:51:18 +01:00
Matt Caswell
32097b33bd Change Post Handshake auth so that it is opt-in
Having post handshake auth automatically switched on breaks some
applications written for TLSv1.2. This changes things so that an explicit
function call is required for a client to indicate support for
post-handshake auth.

Fixes #6933.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
2018-08-20 15:14:01 +01:00
Dr. Matthias St. Pierre
95c91cb3fc test/recipes/30-test_evp_data: fix two typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7001)
2018-08-18 06:57:42 +02:00
Matt Caswell
86ed2e1cb0 Fix a bug in test_sslversions
The TLSv1.4 tolerance test wasn't testing what we thought it was.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
2018-08-15 12:33:30 +01:00
Matt Caswell
9f22c52723 Turn on TLSv1.3 downgrade protection by default
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
2018-08-15 12:33:30 +01:00
Matt Caswell
35e742ecac Update code for the final RFC version of TLSv1.3 (RFC8446)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
2018-08-15 12:33:30 +01:00
Pauli
58094ab60f Add SHA3 HMAC test vectors from NIST.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6963)
2018-08-15 11:43:34 +10:00
Matt Caswell
9b287d53db Add a test for TLSv1.3 fallback
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6894)
2018-08-09 10:53:09 +01:00