Commit graph

10280 commits

Author SHA1 Message Date
Daniel DeFreez
758229f7d2 Fix null pointer dereference in ssl_module_init
CLA: Trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8183)
2019-02-11 08:30:46 +10:00
Todd Short
2aa2beb06c Fix d2i_PublicKey() for EC keys
o2i_ECPublicKey() requires an EC_KEY structure filled with an EC_GROUP.

o2i_ECPublicKey() is called by d2i_PublicKey(). In order to fulfill the
o2i_ECPublicKey()'s requirement, d2i_PublicKey() needs to be called with
an EVP_PKEY with an EC_KEY containing an EC_GROUP.

However, the call to EVP_PKEY_set_type() frees any existing key structure
inside the EVP_PKEY, thus freeing the EC_KEY with the EC_GROUP that
o2i_ECPublicKey() needs.

This means you can't d2i_PublicKey() for an EC key...

The fix is to check to see if the type is already set appropriately, and
if so, not call EVP_PKEY_set_type().

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8168)
2019-02-08 09:57:26 +00:00
Antoine Salon
8269e44f9e blake2: avoid writing to output buffer when using default digest length
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)
2019-02-06 09:24:28 +00:00
Antoine Salon
33e113b0cb blake2: backport changes to blake2s
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)
2019-02-06 09:18:43 +00:00
Antoine Salon
d1ad7c834e blake2: register MAC objects
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)
2019-02-06 09:18:43 +00:00
Antoine Salon
c3a261f8d3 blake2b: add EVP_MAC API
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)
2019-02-06 09:18:43 +00:00
Antoine Salon
fc3c0223e8 blake2b: add support for parameter setting and keyed hash
The param block structure is used as a container for parameter values
Added blake2b keyed init

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)
2019-02-06 09:18:43 +00:00
Antoine Salon
1856886416 blake2: add implementation support for variable digest length
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)
2019-02-06 09:18:43 +00:00
Sam Roberts
df4439186f Remove unnecessary trailing whitespace
Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.

Trailing whitespace remains in test data and external source.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8092)
2019-02-05 16:25:11 +01:00
Patrick Steuer
d6f4b0a8bf crypto/poly1305/asm/poly1305-s390x.pl: add vx code path.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7991)
2019-02-05 15:43:40 +01:00
Richard Levitte
1039c78255 Build: correct assembler generation in crypto/rc4/build.info
In the removal of BEGINRAW / ENDRAW, attention to the difference
between capital .S and lowercase .s wasn't duly paid.  This corrects
the error.

Fixes #8155

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8157)
2019-02-04 21:34:32 +01:00
Andy Polyakov
a28e4890ee poly1305/asm/poly1305-ppc.pl: add vector base 2^26 implementation.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8120)
2019-02-01 09:23:25 +01:00
Andy Polyakov
f8f3d624b7 perlasm/ppc-xlate.pl: add VSX word load/store instructions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8120)
2019-02-01 09:23:25 +01:00
Bernd Edlinger
5dc40a83c7 Fix a crash in reuse of i2d_X509_PUBKEY
If the second PUBKEY is malformed there is use after free.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8122)
2019-01-31 19:24:07 +01:00
Bernd Edlinger
5364902250 Fixed d2i_X509 in-place not re-hashing the ex_flags
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8116)
2019-01-31 19:17:50 +01:00
Bernd Edlinger
a727627922 Fix a memory leak with di2_X509_CRL reuse
Additionally avoid undefined behavior with
in-place memcpy in X509_CRL_digest.

Fixes #8099

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8112)
2019-01-31 19:10:57 +01:00
Richard Levitte
da7e31e0c7 Build: remove EXTRA
We never used it for anything

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)
2019-01-31 16:19:50 +01:00
Richard Levitte
77adb75e16 Build: Remove BEGINRAW / ENDRAW / OVERRIDE
It was an ugly hack to avoid certain problems that are no more.

Also added GENERATE lines for perlasm scripts that didn't have that
explicitly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)
2019-01-31 16:19:49 +01:00
David Benjamin
a97faad76a Document and add macros for additional DSA options
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only
exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone
code (see also issue #1319). Add the missing wrapper macros and document them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8093)
2019-01-30 10:04:47 -06:00
Matt Caswell
fa6b1ee111 Don't leak memory from ERR_add_error_vdata()
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then
a mem leak can occur. This commit checks that we successfully added the
error data, and if not frees the buffer.

Fixes #8085

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8105)
2019-01-29 11:08:18 +00:00
Antonio Iacono
e85d19c68e crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of  Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).

This patch adds support for adding  ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)
2019-01-27 23:59:21 +01:00
Ping Yu
9f5a87fd66 add an additional async notification communication method based on callback
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Signed-off-by: Ping Yu <ping.yu@intel.com>
Signed-off-by: Steven Linsell <stevenx.linsell@intel.com>

(Merged from https://github.com/openssl/openssl/pull/7573)
2019-01-27 12:27:17 +00:00
David Asraf
3d43f9c809 crypto/bn: fix return value in BN_generate_prime
When the ret parameter is NULL the generated prime
is in rnd variable and not in ret.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8076)
2019-01-27 12:12:50 +00:00
Klotz, Tobias
5c8b7b4caa Cleanup vxworks support to be able to compile for VxWorks 7
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7569)
2019-01-24 17:55:04 +01:00
Richard Levitte
9dd4ed28eb Rework building: Unix changes to handle extensions and product names
Add platform::Unix, which is a generic Unix module to support product
name and extensions functionlity.  However, this isn't quite enough,
as mingw and Cygwin builds are done using the same templates, but
since shared libraries work as on Windows and are named accordingly,
platform::mingw and platform::Cygwin were also added to provide the
necessary tweaks.

This reworks Configurations/unix-Makefile.tmpl to work out product
names in platform::Unix et al terms.  In this one, we currently do
care about the *_extension config attributes, and the modules adapt
accordingly where it matters.

This change also affected crypto/include/internal/dso_conf.h.in, since
the DSO extension is meant to be the same as the short shared library
extension, which isn't '.so' everywhere.

'shared_extension' attributes that had the value
'.so.\$(SHLIB_VERSION_NUMBER)' are removed, platform::Unix provides
an extension where the shared library version number is hard-coded
instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
2019-01-21 19:31:32 +01:00
Bernd Edlinger
c8f370485c PPC: Try out if mftb works before using it
If this fails try out if mfspr268 works.

Use OPENSSL_ppccap=0x20 for enabling mftb,
OPENSSL_ppccap=0x40 for enabling mfspr268,
and OPENSSL_ppccap=0 for enabling neither.

Fixes #8012

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8043)
2019-01-21 15:42:04 +01:00
Corey Minyard
c6048af23c Fix a memory leak in the mem bio
If you use a BIO and set up your own buffer that is not freed, the
memory bio will leak the BIO_BUF_MEM object it allocates.

The trouble is that the BIO_BUF_MEM is allocated and kept around,
but it is not freed if BIO_NOCLOSE is set.

The freeing of BIO_BUF_MEM was fairly confusing, simplify things
so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM
in mem_free(), where it should be done.

Alse add a test for a leak in the memory bio
Setting a memory buffer caused a leak.

Signed-off-by: Corey Minyard <minyard@acm.org>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8051)
2019-01-21 17:47:02 +10:00
David Benjamin
3afd537a3c Reduce inputs before the RSAZ code.
The RSAZ code requires the input be fully-reduced. To be consistent with the
other codepaths, move the BN_nnmod logic before the RSAZ check.

This fixes an oft-reported fuzzer bug.
https://github.com/google/oss-fuzz/issues/1761

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7187)
2019-01-17 08:17:59 +10:00
Richard Levitte
807989df56 crypto/bio/b_dump.c: change all char* to void*, and constify
Some of these functions take char*, which is seldom right, they should
have been unsigned char*, because the content isn't expected to be
text.

Even better is to simply take void* as data type, which also happens
to be transparent for any type these functions are called with, be it
char* or unsigned char*.  This shouldn't break anything.

While we're at it, constify the input data parameters.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7890)
2019-01-16 18:10:41 +01:00
Richard Levitte
5f40dd158c crypto/armcap.c, crypto/ppccap.c: stricter use of getauxval()
Having a weak getauxval() and only depending on GNU C without looking
at the library we build against meant that it got picked up where not
really expected.

So we change this to check for the glibc version, and since we know it
exists from that version, there's no real need to make it weak.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8028)
2019-01-16 18:00:48 +01:00
Richard Levitte
aefb980c45 crypto/uid.c: use own macro as guard rather than AT_SECURE
It turns out that AT_SECURE may be defined through other means than
our inclusion of sys/auxv.h, so to be on the safe side, we define our
own guard and use that to determine if getauxval() should be used or
not.

Fixes #7932

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7933)
2019-01-16 06:19:17 +01:00
Matt Caswell
d63bde7827 Check more return values in the SRP code
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)
2019-01-15 11:29:40 +00:00
Matt Caswell
0a5bda639f Check a return value in the SRP code
Spotted by OSTIF audit

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)
2019-01-15 11:29:40 +00:00
Anna Henningsen
e26f653def Fix compilation with -DREF_PRINT
CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8016)
2019-01-13 18:30:38 +01:00
Matt Caswell
87d06aed64 Fix compilation on sparc
Fixes #7966

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7997)
2019-01-08 16:26:47 +00:00
Viktor Dukhovni
df1f538f28 More configurable crypto and ssl library initialization
1.  In addition to overriding the default application name,
    one can now also override the configuration file name
    and flags passed to CONF_modules_load_file().

2.  By default we still keep going when configuration file
    processing fails.  But, applications that want to be strict
    about initialization errors can now make explicit flag
    choices via non-null OPENSSL_INIT_SETTINGS that omit the
    CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been
    both undocumented and unused).

3.  In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
    if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.

4.  Don't set up atexit() handlers when called with INIT_BASE_ONLY.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7986)
2019-01-07 14:02:28 -05:00
Viktor Dukhovni
b2f16a2271 Update generator copyright year.
Some Travis builds appear to fail because generated objects get
2019 copyrights now, and the diff complains.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7986)
2019-01-07 14:01:58 -05:00
Richard Levitte
e74be3d497 crypto/evp/e_aes.c: build again on s390x
The stuff needed to build with SIV wasn't in place for s390x

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7988)
2019-01-05 09:43:14 +01:00
Patrick Steuer
f760137b21 crypto/chacha/asm/chacha-s390x.pl: add vx code path.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6919)
2019-01-05 09:40:35 +01:00
Patrick Steuer
c66bb88cb0 s390x assembly pack: perlasm support.
Added crypto/perlasm/s390x.pm Perl module. Its primary use is to be
independent of binutils version, that is to write byte codes of
instructions that are not part of the base instruction set.
Currently only gas format is supported.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6919)
2019-01-05 09:38:40 +01:00
Matt Caswell
de2debc524 Support _onexit() in preference to atexit() on Windows
This enables cleanup to happen on DLL unload instead of at process exit.

[extended tests]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)
2019-01-04 13:19:39 +00:00
Matt Caswell
41999e7d35 Introduce a no-pinshared option
This option prevents OpenSSL from pinning itself in memory.

Fixes #7598

[extended tests]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)
2019-01-04 13:19:39 +00:00
Matt Caswell
8f6a5c56c1 Implement OPENSSL_INIT_NO_ATEXIT
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)
2019-01-04 13:19:39 +00:00
Matt Caswell
660a1e0434 Fix a RUN_ONCE bug
We have a number of instances where there are multiple "init" functions for
a single CRYPTO_ONCE variable, e.g. to load config automatically or to not
load config automatically. Unfortunately the RUN_ONCE mechanism was not
correctly giving the right return value where an alternative init function
was being used.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)
2019-01-04 13:19:39 +00:00
Matt Caswell
51adf14a94 make update
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7972)
2019-01-03 09:21:39 +00:00
Bernd Edlinger
1f483a69bc Fix cert with rsa instead of rsaEncryption as public key algorithm
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7962)
2018-12-31 09:47:12 +01:00
Shreya Bhandare
47ec2367eb EVP_PKEY_size declared to take a const parameter
CLA: trivial
Function EVP_PKEY_size has been modified to take a const parameter

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7892)
2018-12-23 00:25:33 +01:00
Jung-uk Kim
c79a022da9 Do not complain when /dev/crypto does not exist.
FreeBSD does not enable cryptodev(4) by default.  OpenBSD disabled support
for /dev/crypto by default from 4.9 and removed it from 5.7.  Now the engine
is properly enabled by default on BSD platforms (see #7885), it continuously
complains:

Could not open /dev/crypto: No such file or directory

Hide the nagging error message behind ENGINE_DEVCRYPTO_DEBUG.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7896)
2018-12-23 00:07:13 +01:00
FdaSilvaYY
da84249be6 Coverity fix in some crypto/asn1 code
Call to i2d method returns an int value.

Fix:
CID 1338183 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
CID 1371691 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
CID 1371692 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7359)
2018-12-22 18:11:42 +01:00
Ken Goldman
baba154510 Admit unknown pkey types at security level 0
The check_key_level() function currently fails when the public key
cannot be extracted from the certificate because its algorithm is not
supported.  However, the public key is not needed for the last
certificate in the chain.

This change moves the check for level 0 before the check for a
non-NULL public key.

For background, this is the TPM 1.2 endorsement key certificate.
I.e., this is a real application with millions of certificates issued.
The key is an RSA-2048 key.

The TCG (for a while) specified

     Public Key Algorithm: rsaesOaep

rather than the commonly used

     Public Key Algorithm: rsaEncryption

because the key is an encryption key rather than a signing key.
The X509 certificate parser fails to get the public key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7906)
2018-12-20 02:55:12 -05:00