Commit graph

24323 commits

Author SHA1 Message Date
Richard Levitte
2893111fc6 Make more use of OSSL_PARAM for digests
A lot of the different numbers associated with digests are really
algorithm parameters.  block size, digest length, that sort of
thing.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
246a1f3dfa Add OSSL_PARAM_construct_from_text() and OSSL_PARAM_allocate_from_text()
These are utility functions that can be used to replace calls to
ctrl_str type functions with get_params / set_params types of calls.
They work by translating text values to something more suitable for
OSSL_PARAM, and by interpretting parameter keys in a compatible
fashion.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)
2019-08-12 12:50:41 +02:00
Richard Levitte
82bd7c2cbd Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex()
They do the same thing as OPENSSL_hexstr2buf() and OPENSSL_buf2hexstr(),
except they take a result buffer from the caller.

We take the opportunity to break out the documentation of the hex to /
from buffer conversion routines from the OPENSSL_malloc() file to its
own file.  These routines aren't memory allocation routines per se.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)
2019-08-12 12:50:41 +02:00
Vladimir Kotal
a42cb4ba8a enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9434)
2019-08-12 12:46:55 +02:00
Richard Levitte
853094dbe1 Configurations/unit-Makefile.tmpl: Don't clean away dotted files
A local 'make clean' did some sweeping removals of files execpt for
the .git directory.  This is a little too sweeping, as other dotted
files might be cleaned away if they happen to match the pattern that's
searched for.

An example is a symlink .dir-locals.el that would keep disappearing if
you build in the source tree and do a make clean...

So we change this to leave all dotted files alone.  Our builds do not
produce such files anyway, so this is a harmless (or rather, less
harmful) change.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9573)
2019-08-12 12:04:57 +02:00
Denis Ovsienko
3c74e77bd8 Remove some duplicate words from the documentation
Fixup INSTALL and a couple man pages to get rid of "the the" and "in the
in the".

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9563)
2019-08-12 16:00:01 +08:00
Shane Lontis
c04a9916d4 Fix windows compile errors in params.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9569)
2019-08-12 14:07:41 +10:00
Bernd Edlinger
3119c84976 Add a clang-7 build target with --strict-warnings
[extended tests]

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9450)
2019-08-11 21:18:01 +02:00
Matt Caswell
1a2a3a4206 Extend tests of SSL_check_chain()
Actually supply a chain and then test:
1) A successful check of both the ee and chain certs
2) A failure to check the ee cert
3) A failure to check a chain cert

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Matt Caswell
5235ef44b9 Fix SSL_check_chain()
The function SSL_check_chain() can be used by applications to check that
a cert and chain is compatible with the negotiated parameters. This could
be useful (for example) from the certificate callback. Unfortunately this
function was applying TLSv1.2 sig algs rules and did not work correctly if
TLSv1.3 was negotiated.

We refactor tls_choose_sigalg to split it up and create a new function
find_sig_alg which can (optionally) take a certificate and key as
parameters and find an appropriate sig alg if one exists. If the cert and
key are not supplied then we try to find a cert and key from the ones we
have available that matches the shared sig algs.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Matt Caswell
db26ec8087 Fix test_key_exchange with no_tlsv1_2
Make sure we only test TLSv1.2 things if TLSv1.2 is actually available.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Matt Caswell
53890ea27c Fix test_sslextension if TLSv1.2 has been disabled
A skip rule was skipping the wrong number of tests.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Matt Caswell
20946b9465 Add TLS tests for RSA-PSS Restricted certificates
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
2019-08-09 13:19:16 +01:00
Matt Caswell
39d9ea5e50 Add Restricted PSS certificate and key
Create a PSS certificate with parameter restrictions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
2019-08-09 13:19:16 +01:00
Matt Caswell
9bcc9f973b Ensure RSA PSS correctly returns the right default digest
A default digest of SHA256 was being returned for RSA PSS even if the
PSS parameters indicated a different digest must be used. We change this
so that the correct default digest is returned and additionally mark this
as mandatory for PSS.

This bug had an impact on sig alg selection in libssl. Due to this issue
an incorrect sig alg might be selected in the event that a server is
configured with an RSA-PSS cert with parameter restrictions.

Fixes #9545

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
2019-08-09 13:19:16 +01:00
Vladimir Kotal
d6dda392c1 use native atomic increment function on Solaris
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9215)
2019-08-09 13:16:41 +01:00
Shane Lontis
ac5a61caf8 Add missing SIZE_MAX define for windows
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9559)
2019-08-09 21:38:42 +10:00
Bernd Edlinger
bba0d270a6 Add a CHANGES entry for BN_generate_prime_ex
BN_generate_prime_ex no longer avoids factors 3..17863 in p-1
when not computing safe primes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:08 +02:00
Bernd Edlinger
03b9393e15 Update documentation of BN_generate_prime_ex
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:08 +02:00
Bernd Edlinger
28b4880b8b Merge probable_prime_dh_safe with bn_probable_prime_dh
This should avoid half of the trial divisions in probable_prime_dh_safe
and avoid bn_probable_prime_dh generating primes with special properties.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:08 +02:00
Bernd Edlinger
3ce0566dab Add a parameter to probable_prime if we look for a safe prime
Currently probable_prime makes sure that p-1 does not have
any prime factors from 3..17863, which is useful for safe primes,
but not necessarily for the general case.

Issue was initially reported here:
MIRONOV, I. Factoring RSA Moduli II.
https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:07 +02:00
Vladimir Kotal
8c47e55ee6 mention what happens if OPENSSL_NO_RC2 is defined
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9415)
2019-08-09 09:47:00 +01:00
raja-ashok
c8edb04fac Restrict usage of bio_dgram_sctp_data only to DGRAM SCTP methods
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9216)
2019-08-09 09:36:54 +01:00
Vladimir Kotal
861335001b make ecp_nistz256_point_add_vis3() local
fixes #8936

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9132)
2019-08-09 09:11:07 +01:00
Martin Ukrop
6d5aa88d74 Fix reversed meaning of error codes
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were still reversed in the X509_STORE_CTX_get_error function documentation.
This used to be the problem also in the verify application documentation, but was fixed on 2010-02-23 in 7d3d178.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9529)
2019-08-08 10:24:17 +01:00
Matt Caswell
7c03bb9fff Clarify the INSTALL instructions
Ensure users understand that they need to have appropriate permissions
to write to the install location.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9268)
2019-08-08 10:20:37 +01:00
Matt Caswell
5c5cdcd815 Avoid holding a lock when calling OPENSSL_init_crypto
We move an OPENSSL_init_crypto call slightly earlier in the process to
avoid calling it while holding the store lock. This can lead to deadlocks.

Fixes the no-engine build.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9547)
2019-08-08 10:11:16 +01:00
Matt Caswell
b9a758060d Fix no-filenames
If built with no-filenames then we shouldn't test this functionality in
the test suite.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9544)
2019-08-08 10:06:12 +01:00
Matt Caswell
f92e0815b8 Fix no-ec
Fix some unguarded references to EC code inside the FIPS provider.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9543)
2019-08-08 10:01:18 +01:00
Shane Lontis
3505d70bad Fix document nit in EVP_MAC.pod
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9551)
2019-08-08 14:23:52 +10:00
Shane Lontis
7dddf2fcc5 Change EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9542)
2019-08-08 13:14:05 +10:00
Matt Caswell
a6482df03a Fix enable-ec_nistp_64_gcc_128
When creating a BN_CTX, make sure we store it in the right variable!

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9546)
2019-08-07 15:50:55 +01:00
Matt Caswell
c50fd0f959 Fix BN error reporting
Commit ed57f7f935 implemented the macro ERR_raise and updated err.h to use
it. A typo in err.h means that errors in the BN library are mistakenly
attributed to the RSA library.

This was found due to the following error appearing in a travis log:

00:07:CB:13:05:7F:00:00:error:0400006C:rsa routines::data greater than mod
len:crypto/bn/bn_gcd.c:613:
00:07:CB:13:05:7F:00:00:error:04000003:rsa routines::BN
lib:crypto/rsa/rsa_gen.c:393:
/home/travis/build/openssl/openssl/util/shlib_wrap.sh
/home/travis/build/openssl/openssl/apps/openssl genrsa -out rsamptest.pem
-primes 5 8192 => 1
not ok 12 - genrsa 8192p5

The line in question (crypto/bn/bn_gcd.c:613) actually looks like this:

        BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);

The test was checking for that error being raised, but was instead seeing
a different error and thus failing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9539)
2019-08-07 11:46:59 +01:00
Matt Caswell
f305ecdac0 Run evp_test in FIPS mode
We run the cipher and digest evp_test test files in FIPS mode. Some
ciphers/digests aren't available in FIPS mode so we mark those as
only being available in the default provider.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9531)
2019-08-07 11:40:40 +01:00
Matt Caswell
7f612b1f04 Don't set ctx->cipher until after a successful fetch
If an implict EVP_CIPHER_fetch fails then ctx->cipher should not be set
otherwise strange things will happen when trying to free the ctx.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9531)
2019-08-07 11:40:32 +01:00
Shane Lontis
e9c116ebcb GCM cipher in provider now fails if passed bad keylength
Fixes #9500

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9512)
2019-08-07 11:39:04 +10:00
raja-ashok
88f19d86d9 Update man page for new API SSL_get_negotiated_group()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9323)
2019-08-06 12:04:52 +01:00
raja-ashok
fb8c6db45f Test SSL_get_negotiated_group() API
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9323)
2019-08-06 12:04:52 +01:00
raja-ashok
84d4b9e31d API to get negotiated key exchange algorithm in TLS1.3
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9323)
2019-08-06 12:04:52 +01:00
Matt Caswell
bbda79976b Fix ECDSA_SIG docs
They incorrectly said that i2d_ECDSA_SIG returns 0 on error. In fact it
returns a negative value on error.

We fix this by moving the i2d_ECDSA_SIG/d2i_ECDSA_SIG docs onto the same
page as all the other d2i/i2d docs.

Fixes #9517

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9533)
2019-08-06 11:31:47 +01:00
Matt Caswell
f585cefc04 Add documentation for new EC functions
Document the new EC functions that are OPENSSL_CTX aware.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
2019-08-06 11:19:07 +01:00
Matt Caswell
04ca002703 Insert a dummy call to EC code in the FIPS provider
Test that EC code works properly in the FIPS provider

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
2019-08-06 11:19:07 +01:00
Matt Caswell
a9612d6c03 Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
2019-08-06 11:19:07 +01:00
Matt Caswell
c1a3f16f73 Correct the Extended Master Secret string for EBCDIC
The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string
"extended master secret". On EBCDIC machines it actually contained the
value "extecded master secret"

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9430)
2019-08-06 11:02:50 +01:00
Matt Caswell
8bbf63e48f Fix SSL_MODE_RELEASE_BUFFERS functionality
At some point in the past do_ssl3_write() used to return the number of
bytes written, or a value <= 0 on error. It now just returns a success/
error code and writes the number of bytes written to |tmpwrit|.

The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code
for the number of bytes written rather than |tmpwrit|. This has the effect
that the buffers are not released when they are supposed to be.

Fixes #9490

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9505)
2019-08-05 17:12:21 +01:00
Matt Caswell
59972370e3 Documentation for the provider Key Exchange operation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9506)
2019-08-05 14:32:48 +01:00
David von Oheimb
decdb980de Fix deprecation inconsisteny w.r.t. CRYPTO_mem_debug_{push,pop}()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9483)
2019-08-04 13:15:30 +02:00
Rich Salz
ff988500c2 Replace FUNCerr with ERR_raise_data
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9496)
2019-08-02 11:41:54 +02:00
Pauli
823ee00a39 Use NULL as parameter when pointer can only be NULL.
Code clarification.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9514)
2019-08-02 11:56:46 +10:00
Patrick Steuer
2b2eb210a1 Fix commit a672a02a s390x build breakage
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9501)
2019-08-01 12:14:18 +02:00