Commit graph

2585 commits

Author SHA1 Message Date
Matt Caswell
70c35fd1f6 Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref
All the other upref functions are spelled as "up_ref". These new functions
should be consistent.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)
2019-06-28 10:02:09 +01:00
Benjamin Kaduk
7cb8fb07e8 Add regression test for #9099
Augment the cert_cb sslapitest to include a run that uses
SSL_check_chain() to inspect the certificate prior to installing
it on the SSL object.  If the check shows the certificate as not
valid in that context, we do not install a certificate at all, so
the handshake will fail later on in processing (tls_choose_sigalg()),
exposing the indicated regression.

Currently it fails, since we have not yet set the shared sigalgs
by the time the cert_cb runs.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)
2019-06-26 12:20:55 -05:00
Paul Yang
4b931252be Fix incorrect usage of a test case
test/x509_check_cert_pkey_test.c has incorrect usage description.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9250)
2019-06-26 17:36:56 +08:00
Pauli
edc6235648 The params_test uses wrong size for BN check.
Before the return size was included in the OSSL_PARAM structure, the size
global was updated via a pointer.  The size global variable has been removed
and the in structure return size used instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9248)
2019-06-26 16:33:41 +10:00
Shane Lontis
10c25644e3 EC only uses approved curves in FIPS mode.
Once there are buildable fips tests, some tests that are data driven
from files will need to be modified to exclude non approved curves in
fips mode.

These changes were tested by temporarily adding #define FIPS_MODE 1 to
all the modified source files.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9081)
2019-06-25 12:00:25 +10:00
Richard Levitte
a9550b74d3 OSSL_NAMEMAP: make names case insensitive
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8967)
2019-06-24 10:58:13 +02:00
Richard Levitte
734a462e40 Add a namemap test
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8967)
2019-06-24 10:58:13 +02:00
Pauli
2c840201e5 Allow AES XTS decryption using duplicate keys.
This feature is enabled by default outside of FIPS builds
which ban such actions completely.

Encryption is always disallowed and will generate an error.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9112)
2019-06-24 17:54:47 +10:00
Pauli
4e7991b497 Change OSSL_PARAM return size to not be a pointer.
Instead of referencing the return size from the OSSL_PARAM structure, make the
size a field within the structure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9135)
2019-06-24 14:43:55 +10:00
Pauli
2d905f6715 Print thread IDs nicely.
Remove the union that effectively cast thread IDs to long integers before
display and instead print a hex dump of the entire object.

Refer #9191

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9194)
2019-06-21 08:29:44 +10:00
Richard Levitte
ba4341316c test/testutil/init.c, apps/openssl.c: add trace cleanup handle earlier
It turned out that the internal trace cleanup handler was added too
late, so it would be executed before OPENSSL_cleanup().
This results in address errors, as the trace code that's executed in
OPENSSL_cleanup() itself tries to reach for data that's been freed at
that point.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9196)
2019-06-20 18:19:06 +02:00
Frederik Wedel-Heinen
7a5f5fd32a Update test/README
Changed a bad reference: test/Makefile -> test/build.info

Add ../apps/include as include path to include opt.h used by test/testutil.h.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9154)
2019-06-20 17:16:50 +10:00
Tomas Mraz
8b7b32921e Fix and document BIO_FLAGS_NONCLEAR_RST behavior on memory BIO
The BIO_FLAGS_NONCLEAR_RST flag behavior was not properly documented
and it also caused the length to be incorrectly set after the reset
operation.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9179)
2019-06-19 14:29:27 +02:00
Richard Levitte
d73458d17a Add tracing capability in test utilities
If a test program goes wrong, it's sometimes helpful to be able to
trace what goes on in libcrypto and libssl.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9191)
2019-06-19 12:43:05 +02:00
Rich Salz
8908d18cb1 Change ERR_add_error_[v]data to append
The "add error data" functions now append to the current error.
Add a test for this.
Cleanup some of the ERR_put functions.
In the FIPS module, always append "(in the FIPS module)" to any errors.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9181)
2019-06-18 23:21:38 +02:00
Matt Caswell
52b18ce104 Add the function OPENSSL_thread_stop_ex()
This adds the ability to clean up a thread on a per OPENSSL_CTX basis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 16:19:44 +01:00
Richard Levitte
989b2ad786 Move uplink file information to build.info files
This file information was hidden in config target files, when they
should really be part of build.info like any other file we build
from.  With build.info variables, the task became much easier.

We take the opportunity to move apps_init_src and apps_aux_src to
apps/build.info as well, and to clean up apps/build.info.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:52 +02:00
Matt Caswell
65dc5c3cc1 Fix no-ec with no-dh
Make sure that the combination of no-ec with no-dh builds successfully.
If neither ec or dh are available then TLSv1.3 is not possible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)
2019-06-17 10:57:19 +01:00
Matt Caswell
dbc6268f68 Allow TLSv1.3 in a no-ec build
Now that we have TLSv1.3 FFDHE support there is no reason why we should
not allow TLSv1.3 to be used in a no-ec build. This commit enables that
to happen.

It also fixes no-ec which was previously broken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)
2019-06-17 10:57:19 +01:00
Matt Caswell
6597d62b8b Fix no-dh
The recent TLSv1.3 FFDHE support missed a few OPENSSL_NO_DH guards.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9153)
2019-06-13 11:07:42 +01:00
raja-ashok
8e63900a71 Add testcase for TLS1.3 FFDHE
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8178)
2019-06-12 10:18:34 +01:00
Shane Lontis
a1f0478277 Fix Windows Compile failure due to missing <inttypes.h>
Including <inttypes.h> caused a windows build failure.
The test is now skipped if strtoimax & strtoumax are not supported.
It does this by checking for a define which is only available if
inttypes.h is not included. The include is done automagically inside e_os2.h.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8986)
2019-06-11 21:27:55 +10:00
Shane Lontis
f0efeea29e PBKDF2 updates to conform to SP800-132
The existing code used PKCS5 specifications.
SP800-132 adds the following additional constraints for:
  - the range of the key length.
  - the minimum iteration count (1000 recommended).
  - salt length (at least 128 bits).
These additional constraints may cause errors (in scrypt, and
some PKCS5 related test vectors). To disable the new
constraints use the new ctrl string "pkcs5".
For backwards compatability, the checks are only enabled by
default for fips mode.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8868)
2019-06-11 20:40:07 +10:00
Matt Caswell
4e297b7441 Make the rand_crng code OPENSSL_CTX aware
This is in preparation for moving this code inside the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)
2019-06-07 12:04:34 +01:00
David Makepeace
87762939b5 Fixed typo in code comment.
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9102)
2019-06-07 10:47:19 +10:00
Shane Lontis
ad14e8e508 Coverity fixes
covID 1445689 Resource leak (in error path)
covID 1445318 Resource leak (in test - minor)
covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used)
covID 1443691 Resource leak (in app - minor)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9071)
2019-06-06 09:34:17 +10:00
Shane Lontis
d5e5e2ffaf Move digests to providers
Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)
2019-06-04 12:09:50 +10:00
Matt Caswell
cb30e46b45 Really fail if we have a test failure
Commit c5f7a99645 broke the test framework such that some tests might
fail, but the test framework still gives a PASS result overall.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9056)
2019-06-03 13:27:11 +01:00
Matt Caswell
a77b4dba23 Write a test for receiving a KeyUpdate (update requested) while writing
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)
2019-06-03 11:51:14 +01:00
Shane Lontis
19e512a824 Add the content type attribute to additional CMS signerinfo.
Fixes #8923

Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not adding the required signed attribute
content type. The content type attribute should always exist since it is required is there are
any signed attributes.
As the signing time attribute is always added in code, the content type attribute is also required.
The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes
e.g. The message digest attribute is a signed attribute that must exist if any signed attributes
exist, it cannot be an unsigned attribute and there must only be one instance containing a single
value.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8944)
2019-06-03 15:19:48 +10:00
Richard Levitte
878dc8dd95 Join the x509 and x509v3 directories
This has been long overdue.

Note that this does not join the X509 and X509V3 error modules, that
will be too many macro changes at this stage.

Fixes #8919

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8925)
2019-05-29 09:32:50 +02:00
Pauli
5d2f3e4a6c Test of uniformity of BN_rand_range output.
Rework the test so that it fails far less often.

A number of independent tests are executed and 5% are expected to fail.
The number of such failures follows a binomial distribution which permits
a statistical test a 0.01% expected failure rate.

There is a command line option to enable the stochastic range checking.
It is off by default.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8830)
2019-05-29 09:54:29 +10:00
Shane Lontis
d4e2d5db62 fix timeout in 30-test_evp_pkey_dparam
enabling the 'enable-crypto-mdebug' option and running parameter generation
causes timeouts.
Loading pregenerated params is more suited for these tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9022)
2019-05-29 09:50:19 +10:00
Shane Lontis
6aa2e59e1c Add d2i_KeyParams/i2d_KeyParams API's.
Convert EVP_PKEY Parameters to/from binary.
This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters
in a similar way to Public and Private Keys.
The API's can be used by applications (including openssl apps) that only
want to use EVP_PKEY without needing to access low level key API's.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8903)
2019-05-27 21:55:10 +10:00
FdaSilvaYY
5b3accde60 OCSP: fix memory leak in OCSP_url_svcloc_new method.
Add a few coverage test case.

Fixes #8949

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8959)
2019-05-27 08:11:50 +10:00
Matt Caswell
ecb0f148a9 Add the NIST CAVS test vectors for CCM
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and
coverts them for use within evp_test. This commit also adds a script to
convert the .rsp CAVS files into the evp_test format.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8981)
2019-05-23 10:49:54 +01:00
Pauli
da89ac0b25 Optional property query support.
Add the possibility of a property query clause to be optional by preceding
it with a question mark.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8943)
2019-05-22 10:45:39 +10:00
Pauli
9830e7ea42 Params conversion tests.
Add ranged checked OSSL_PARAM conversions between the native types.  A
conversion is legal only if the given value can be exactly represented
by the target type.

Includes a test case that reads a stanza test case file and verified that param
conversions are processed properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8733)
2019-05-21 07:42:54 +10:00
Shane Lontis
8bbeaaa4fc Added X963KDF API
X963 KDF is used for CMS ec keyagree Recipient Info.
The X963 KDF that is used by CMS EC Key Agreement has been moved
into a EVP_KDF object. This KDF is almost identical to the the SSKDF
hash variant, so it has been implemented inside the SSKDF code with
its own method table.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8902)
2019-05-16 11:43:41 +10:00
Dr. Matthias St. Pierre
3a50a8a91a Ignore entropy from RAND_add()/RAND_seed() in FIPS mode
The functions RAND_add() and RAND_seed() provide a legacy API which
enables the application to seed the CSPRNG.

But NIST SP-800-90A clearly mandates that entropy *shall not* be provided
by the consuming application, neither for instantiation, nor for reseeding.

The provided random data will be mixed into the DRBG state as additional
data only, and no entropy will accounted for it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8722)
2019-05-10 07:22:05 +02:00
Pauli
c5f7a99645 Test skip option.
Provide C test cases with the option to skip tests and subtests.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8695)
2019-05-09 20:21:09 +10:00
Pauli
1fb3c0afff Skip the no derivation functions when in FIPS mode because they are not
applicable.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8695)
2019-05-09 20:21:09 +10:00
Tobias Nießen
67c81ec311 Allow specifying the tag after AAD in CCM mode
This change allows to pass the authentication tag after specifying
the AAD in CCM mode. This is already true for the other two supported
AEAD modes (GCM and OCB) and it seems appropriate to match the
behavior.

GCM and OCB also support to set the tag at any point before the call
to `EVP_*Final`, but this won't work for CCM due to a restriction
imposed by section 2.6 of RFC3610: The tag must be set before
actually decrypting data.

This commit also adds a test case for setting the tag after supplying
plaintext length and AAD.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7243)
2019-05-08 10:57:59 +01:00
Boris Pismenny
7c3a7561b5 ssl: Add SSL_sendfile
This commit adds the SSL_sendfile call, which allows KTLS sockets to
transmit file using zero-copy semantics.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)
2019-05-07 14:24:16 +01:00
Simo Sorce
4679345149 Change the digest string from "md" to "digest"
Conform to other modules which were changed at the last minute and this
discrepancy was not noticed.
Retain "md" as an alias so not to break 3rd party backports/tests scripts.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8783)
2019-05-03 23:47:43 +02:00
Shane Lontis
d2ba812343 Added EVP_KDF (similiar to the EVP_MAC)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)
2019-05-03 17:52:50 +02:00
Matt Caswell
1aedc35fd6 Instead of global data store it in an OPENSSL_CTX
Various core and property related code files used global data. We should
store all of that in an OPENSSL_CTX instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)
2019-05-02 22:42:09 +01:00
Dr. Matthias St. Pierre
31fc48ddc3 Test: use keywords instead of magic numbers for 'rsa_pss_saltlen'
Since commit 137096a7ea it is possible to specify keywords instead
of negative magic numbers for the salt length. This commit replaces
the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes
by `rsa_pss_saltlen:max`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8860)
2019-05-02 23:01:42 +02:00
Richard Levitte
1ccf49737c p_get_params() [test/p_test.c]: clear the OSSL_PARAM buffers for every test
Fixes #8796

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8851)
2019-05-01 13:19:18 +02:00
Richard Levitte
a39eb84006 Replumbing: give the possibility for the provider to create a context
OSSL_provider_init() gets another output parameter, holding a pointer
to a provider side context.  It's entirely up to the provider to
define the context and what it's being used for.  This pointer is
passed back to other provider functions, typically the provider global
get_params and set_params functions, and also the diverse algorithm
context creators, and of course, the teardown function.

With this, a provider can be instantiated more than once, or be
re-loaded as the case may be, while maintaining instance state.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8848)
2019-04-30 15:34:23 +02:00
Pauli
8094a69458 Squashed commit of the following:
Digest stored entropy for CRNG test.

Via the FIPS lab, NIST confirmed:

    The CMVP had a chance to discuss this inquiry and we agree that
    hashing the NDRNG block does meet the spirit and letter of AS09.42.

    However, the CMVP did have a few questions: what hash algorithm would
    be used in this application? Is it approved? Is it CAVs tested?

SHA256 is being used here and it will be both approved and CAVs tested.

This means that no raw entropy needs to be kept between RNG seedings, preventing
a potential attack vector aganst the randomness source and the DRBG chains.

It also means the block of secure memory allocated for this purpose is no longer
required.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8790)
2019-04-30 13:43:19 +10:00
Todd Short
555cbb328e Collapse ssl3_state_st (s3) into ssl_st
With the removal of SSLv2, the s3 structure is always allocated, so
there is little point in having it be an allocated pointer. Collapse
the ssl3_state_st structure into ssl_st and fixup any references.

This should be faster than going through an indirection and due to
fewer allocations, but I'm not seeing any significant performance
improvement; it seems to be within the margin of error in timing.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7888)
2019-04-29 17:26:09 +01:00
David Benjamin
d7fcf1feac Copy RSA-PSS saltlen in EVP_PKEY_CTX_dup.
pkey_rsa_copy was missing a field. Test this by repeating the operation
through an EVP_PKEY_CTX_dup copy in evp_test.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8759)
2019-04-26 09:57:07 -05:00
Pauli
bb5b3e6dd0 Statistically test BN_rand_range().
Add a Chi^2 goodness of fit test to empirically provide a degree of confidence
in the uniformity of the output of the random range generation function.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8818)
2019-04-25 23:02:22 +10:00
Shane Lontis
c54492ecf8 Added app for EVP_KDF
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8762)
2019-04-24 11:56:47 +02:00
Matt Caswell
a5cf198bad Fix no-ec2m
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8792)
2019-04-23 10:39:47 +01:00
Matt Caswell
a595b10d34 Add some more test vectors for ChaCha20
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8780)
2019-04-19 09:37:47 +01:00
Simo Sorce
87d9955e8c Add SSHKDF in evp_kdf_test
Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8774)
2019-04-18 12:38:47 +01:00
Tomas Mraz
06add280d9 Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)
2019-04-16 10:50:30 +01:00
Tomas Mraz
d34bce03ac Add testing of RDONLY memory BIOs
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)
2019-04-16 10:50:30 +01:00
Bernd Edlinger
c9dc22bc3d Add test for the BIO_get_mem_ptr() regression
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)
2019-04-16 10:50:30 +01:00
Matt Caswell
fd367b4ce3 Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt()
These undocumented functions were never integrated into the EVP layer
and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised
and usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only
one is ever used. The security implications are believed to be minimal,
but this issue was never fixed for backwards compatibility reasons.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8710)
2019-04-12 14:22:41 +01:00
Pauli
6517516324 Add prediction resistance capability to the DRBG reseeding process.
Refer to NIST SP 800-90C section 5.4 "Prediction Resistance.l"

This requires the seed sources to be approved as entropy sources, after
which they should be considered live sources as per section 5.3.2 "Live
Entropy Source Availability."

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8647)
2019-04-12 18:16:20 +10:00
Shane Lontis
5173cdde7d ec key validation checks updated
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8564)
2019-04-11 20:37:13 +10:00
Shane Lontis
37f03b9881 doc fixups
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
2019-04-11 12:05:38 +03:00
Nicola Tuveri
ac2b52c6ad Separate the lookup test
This fixes the "verifying the alias" case.
Actually, while working on it, I realized that conceptually we were
testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at
the same time, and actually not in the proper way.

I think it's fair to assume that overwriting the curve name for an
existing group with `NID_undef` could lead to the unexpected behaviour
we were observing and working around.
Thus I decided to separate the lookup test in a dedicated simpler test
that does what the documentation of `EC_GROUP_check_named_curve()`
suggests: the lookup functionality is meant to find a name for a group
generated with explicit parameters.

In case an alternative alias is returned by the lookup instead of the
expected nid, to avoid doing comparisons between `EC_GROUP`s with
different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS`
of the "alias group" and create a new explicit parameters group to use
in `EC_GROUP_cmp()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
2019-04-11 12:05:38 +03:00
Nicola Tuveri
8d4f150f70 EC_GROUP_set_curve() might fail for arbitrary params
Setting arbitrary `p`, `a` or `b` with `EC_GROUP_set_curve()` might fail
for some `EC_GROUP`s, depending on the internal `EC_METHOD`
implementation, hence the block of tests verifying that
`EC_GROUP_check_named_curve()` fails when any of the curve parameters is
changed is modified to run only if the previous `EC_GROUP_set_curve()`
call succeeds.

`ERR_set_mark()` and `ERR_pop_to_mark()` are used to avoid littering the
thread error stack with unrelated errors happened during
`EC_GROUP_set_curve()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
2019-04-11 12:05:38 +03:00
Shane Lontis
8402cd5f75 added code to validate EC named curve parameters
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
2019-04-11 12:05:38 +03:00
Pauli
6c7d80ab3b Reseeding without derivation function is not supported in FIPS mode.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8648)
2019-04-11 08:52:22 +10:00
Bernd Edlinger
491360e7ab Avoid creating invalid rsa pss params
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8621)
2019-04-10 20:21:57 +02:00
Paul Yang
ccf453610f Make X509_set_sm2_id consistent with other setters
This commit makes the X509_set_sm2_id to 'set0' behaviour, which means
the memory management is passed to X509 and user doesn't need to free
the sm2_id parameter later. API name also changes to X509_set0_sm2_id.

Document and test case are also updated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8626)
2019-04-09 20:44:42 +08:00
Richard Levitte
bbcaef6324 test/params_test.c : Adjust tests to check utf8_ptr sizes
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8703)
2019-04-09 14:10:23 +02:00
Richard Levitte
f55ed701a4 Params API: {utf8,octet}_ptr need to know the data size
When the purpose is to pass parameters to a setter function, that
setter function needs to know the size of the data passed.  This
remains true for the pointer data types as well.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8703)
2019-04-09 14:10:23 +02:00
Matt Caswell
d030892312 Add a legacy provider and put MD2 in it
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)
2019-04-09 10:24:43 +01:00
Richard Levitte
195852fefc Params: add OSSL_PARAM_construct_end()
OSSL_PARAM_END is a macro that can only be used to initialize an
OSSL_PARAM array, not to assign an array element later on.  For
completion, we add an end constructor to facilitate that kind of
assignment.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8704)
2019-04-09 11:18:26 +02:00
Pauli
e9cfa19201 Avoid alignment problems in params API.
Using a byte buffer causes problems for device that don't handle unaligned
reads.  Instead use the properly aligned variable that was already pointed at.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8696)
2019-04-08 14:28:59 +10:00
Pauli
6ce84e6410 Fix big endian param API tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8629)
2019-04-06 19:15:44 +10:00
Pauli
3538b0f7ad Move the AES-XTS mode duplicated key check into the init_key function rather
than the update call.  The means an earlier error return at the cost of some
duplicated code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8625)
2019-04-05 10:55:40 +10:00
Matt Caswell
1576dfe090 Test that we can use the FIPS provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)
2019-04-04 23:09:47 +01:00
Matt Caswell
fd3a904636 Skip the correct number of tests if SM2 is disabled
Fixes no-sm2 (and also no-sm3 and no-ec)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8650)
2019-04-04 16:51:51 +01:00
Richard Levitte
2a2bc6fc12 For provider tests, don't define a OPENSSL_NO_ macro
Since the macro to indicate if the test provider module is available
is local to the test programs, it's better to use a name that isn't
as easily confused with a library feature disabling macro that one
would expect to find in opensslconf.h.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8664)
2019-04-04 13:39:33 +02:00
Matt Caswell
64f4fff796 Add a test for EVP_MD_block_size()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8604)
2019-04-03 15:50:13 +01:00
Matt Caswell
5a2bd6bc66 Add an EVP_MD_CTX_md() test
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8614)
2019-04-03 15:44:36 +01:00
Richard Levitte
e4e91084d6 replaced snprintf with BIO version (for windows builds)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8651)
2019-04-03 15:44:17 +02:00
Richard Levitte
6d872a838d Add test for the provider configuration module
We reuse test/provider_internal_test.c and test/p_test.c,
and get it loaded one more time via the configuration file
test/provider_internal_test.conf

To support different platform standards regarding module
extensions, we generate test/provider_internal_test.conf

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
2019-04-03 11:42:48 +02:00
Richard Levitte
521b7cb388 Correct the checks of module availability in provider test programs
Previously, the macro OPENSSL_NO_SHARED was defined of the test/p_test
module wasn't built, but the provider test programs didn't check that
macro.  We rename it to OPENSSL_NO_MODULE, since that name describes
the situation more than OPENSSL_NO_SHARED does, and use it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
2019-04-02 07:30:07 +02:00
Richard Levitte
34786bdee0 Configuration / build: make it possible to disable building of modules
While we're at it, sort out inconsistencies with the build of modules:
- not building shared libraries means not building dynamic engines.
  However, other modules may still be built.
- not having DSO functionality doesn't mean not to build modules (even
  though we can't use them from apps linked with libraries that are
  built this way).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
2019-04-02 07:30:06 +02:00
Boris Pismenny
2fab79af46 sslapitest: add test ktls Rx
Add a unit-test for ktls receive side.

Change-Id: I890588681d05fba419f644f6d903be6dc83c9ed5
Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
2019-04-01 11:54:48 +01:00
Shane Lontis
cad8347be2 fixed public range check in ec_GF2m_simple_oct2point
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8607)
2019-03-30 14:49:00 +01:00
Pauli
f3448f5481 issue-8493: Fix for filenames with newlines using openssl dgst
The output format now matches coreutils *dgst tools.

[ edited to remove trailing white space ]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8578)
2019-03-30 11:22:51 +10:00
Paul Yang
317ba78fe1 Add test cases for SM2 cert verification
This follows #8321 which added the SM2 certificate verification feature.
This commit adds some test cases for #8321.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)
2019-03-30 08:31:25 +09:00
Pauli
72962d025f Correctly initialise PACKET to zero in the tests to avoid possible problems
with padding bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:01 +10:00
Pauli
6fc1e6246f Propery initialise struct sslapitest_log_counts to zero using memset.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:01 +10:00
Pauli
d69226a3fc Add the FIPS related continuous random number generator (CRNG) testing.
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details.

The check is fairly simplistic, being for the entropy sources to not feed
the DRBG the same block of seed material twice in a row.  Only the first
DRBG in a chain is subject to this check, latter DRBGs are assumed to be
safely seeded via the earlier DRBGs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8599)
2019-03-29 17:50:48 +10:00
Shane Lontis
a3c62426b9 coverity fixes for SSKDF + mac_app + kdf test cleanup
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8566)
2019-03-28 10:17:38 +00:00
Pauli
a9e34e9ef1 Fix test builds.
/usr/include/bits/waitstatus.h includes endian.h under some libc's.
This clashes with the new test header file, so rename the latter.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8600)
2019-03-28 15:02:19 +10:00
Pauli
045162e52c Detect endian without relying on defined symbols.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8572)
2019-03-28 08:05:18 +10:00
Matt Caswell
48fdeca01d Don't allow SHAKE128/SHAKE256 with HMAC
See discussion in github issue #8563

Fixes #8563

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
2019-03-27 14:32:08 +00:00
Matt Caswell
183f52e29a Fix a memory leak in ARIA GCM
Fixes #8567

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8586)
2019-03-27 10:26:52 +00:00
Matt Caswell
1f019cd0ac Fix no-ec
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8588)
2019-03-27 10:09:04 +00:00