Commit graph

23503 commits

Author SHA1 Message Date
Matt Caswell
59d846ffb1 Add TLS tests for RSA-PSS Restricted certificates
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)

(cherry picked from commit 20946b9465)
2019-08-09 13:24:14 +01:00
Matt Caswell
fc009331ab Add Restricted PSS certificate and key
Create a PSS certificate with parameter restrictions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)

(cherry picked from commit 39d9ea5e50)
2019-08-09 13:24:14 +01:00
Matt Caswell
7467c87c6e Ensure RSA PSS correctly returns the right default digest
A default digest of SHA256 was being returned for RSA PSS even if the
PSS parameters indicated a different digest must be used. We change this
so that the correct default digest is returned and additionally mark this
as mandatory for PSS.

This bug had an impact on sig alg selection in libssl. Due to this issue
an incorrect sig alg might be selected in the event that a server is
configured with an RSA-PSS cert with parameter restrictions.

Fixes #9545

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)

(cherry picked from commit 9bcc9f973b)
2019-08-09 13:24:14 +01:00
Vladimir Kotal
85171a929d mention what happens if OPENSSL_NO_RC2 is defined
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9415)

(cherry picked from commit 8c47e55ee6)
2019-08-09 09:47:32 +01:00
Vladimir Kotal
c762f5fa35 make ecp_nistz256_point_add_vis3() local
fixes #8936

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9132)

(cherry picked from commit 861335001b)
2019-08-09 09:12:42 +01:00
Martin Ukrop
bb00b0404d Fix reversed meaning of error codes
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were still reversed in the X509_STORE_CTX_get_error function documentation.
This used to be the problem also in the verify application documentation, but was fixed on 2010-02-23 in 7d3d178.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9529)

(cherry picked from commit 6d5aa88d74)
2019-08-08 10:25:13 +01:00
Matt Caswell
d00209a3b1 Clarify the INSTALL instructions
Ensure users understand that they need to have appropriate permissions
to write to the install location.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9268)

(cherry picked from commit 7c03bb9fff)
2019-08-08 10:21:55 +01:00
Shane Lontis
728f9449c3 Change EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes
Note a flag needed to be added since some ssl tests fail if they output any error
(even if the error is ignored). Only ciphers that handle the GET_IV_LEN control set this flag.

Fixes #8330

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9499)
2019-08-08 13:19:23 +10:00
Matt Caswell
da4ea0cfe6 Fix ECDSA_SIG docs
They incorrectly said that i2d_ECDSA_SIG returns 0 on error. In fact it
returns a negative value on error.

We fix this by moving the i2d_ECDSA_SIG/d2i_ECDSA_SIG docs onto the same
page as all the other d2i/i2d docs.

Fixes #9517

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9533)

(cherry picked from commit bbda79976b)
2019-08-06 11:34:10 +01:00
Matt Caswell
bd1a74f8ee Correct the Extended Master Secret string for EBCDIC
The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string
"extended master secret". On EBCDIC machines it actually contained the
value "extecded master secret"

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9430)

(cherry picked from commit c1a3f16f73)
2019-08-06 11:17:16 +01:00
Matt Caswell
f2bb79a78a Fix SSL_MODE_RELEASE_BUFFERS functionality
At some point in the past do_ssl3_write() used to return the number of
bytes written, or a value <= 0 on error. It now just returns a success/
error code and writes the number of bytes written to |tmpwrit|.

The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code
for the number of bytes written rather than |tmpwrit|. This has the effect
that the buffers are not released when they are supposed to be.

Fixes #9490

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9505)

(cherry picked from commit 8bbf63e48f)
2019-08-05 17:17:25 +01:00
Dr. Matthias St. Pierre
74b9ce2d84 Add missing accessors for X509 AuthorityKeyIdentifier
Complements commit b383aa2081, which added X509_get0_authority_key_id().

 const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
 const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);      [NEW]
 const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);       [NEW]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9494)
2019-08-01 12:13:37 +02:00
raja-ashok
77fa495f7f Use allow_early_data_cb from SSL instead of SSL_CTX
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9471)

(cherry picked from commit 59b2cb2638)
2019-08-01 11:39:53 +10:00
Antoine Cœur
a5c83db4ae Fix Typos
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9295)
2019-07-31 19:48:30 +02:00
joe2018Outlookcom
ca33a43fe2 Fix warning C4164 in MSVC.
Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared.
Fixes #9487

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9488)

(cherry picked from commit 0c789f59f1)
2019-07-31 17:32:16 +01:00
David von Oheimb
ffc2b6373a make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9466)

(cherry picked from commit 7408f6759f)
2019-07-31 17:07:44 +03:00
Bernd Edlinger
74f4cc0276 Use OPENSSL_strlcpy instead of strncpy in e_afalg.c
This avoids a spurious gcc warning:
./config enable-asan --strict-warnings
=>
In function 'afalg_create_sk',
    inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11:
engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be
    truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation]
  376 |     strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
      |     ^~~~~~~

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9478)

(cherry picked from commit 62cc845fc9)
2019-07-30 20:38:50 +02:00
Pauli
7de305510a Add weak platform independent PRNG to test framework.
Implement the GNU C library's random(3) pseudorandom number generator.
The algorithm is described: https://www.mscs.dal.ca/~selinger/random/

The rationale is to make the tests repeatable across differing platforms with
different underlying implementations of the random(3) library call.

More specifically: when executing tests with random ordering.

[extended tests]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9463)

(cherry picked from commit e9a5932d04)
2019-07-29 09:16:22 +10:00
David Benjamin
e4a282fe03 Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.
tls_parse_stoc_key_share was generating a new EVP_PKEY public/private
keypair and then overrides it with the server public key, so the
generation was a waste anyway. Instead, it should create a
parameters-only EVP_PKEY.

(This is a consequence of OpenSSL using the same type for empty key,
empty key with key type, empty key with key type + parameters, public
key, and private key. As a result, it's easy to mistakenly mix such
things up, as happened here.)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9445)

(cherry picked from commit 166c0b98fd)
2019-07-25 16:26:06 -04:00
Richard Levitte
54aa9d51b0 Fix default installation paths on mingw
Mingw config targets assumed that resulting programs and libraries are
installed in a Unix-like environment and the default installation
prefix was therefore set to '/usr/local'.

However, mingw programs are installed in a Windows environment, and
the installation directories should therefore have Windows defaults,
i.e. the same kind of defaults as the VC config targets.

A difficulty is, however, that a "cross compiled" build can't figure
out the system defaults from environment the same way it's done when
building "natively", so we have to fall back to hard coded defaults in
that case.

Tests can still be performed when cross compiled on a non-Windows
platform, since all tests only depend on the source and build
directory, and otherwise relies on normal local paths.

CVE-2019-1552

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9400)
2019-07-25 13:08:46 +02:00
Pauli
b4b42d441d Make rand_pool buffers more dynamic in their sizing.
The rand pool support allocates maximal sized buffers -- this is typically
12288 bytes in size.  These pools are allocated in secure memory which is a
scarse resource.  They are also allocated per DRBG of which there are up to two
per thread.

This change allocates 64 byte pools and grows them dynamically if required.
64 is chosen to be sufficiently large so that pools do not normally need to
grow.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9428)

(cherry picked from commit a6a66e4511)
2019-07-23 23:30:12 +10:00
Bernd Edlinger
e8d866dcb1 Allocate DRBG additional data pool from non-secure memory
The additional data allocates 12K per DRBG instance in the
secure memory, which is not necessary. Also nonces are not
considered secret.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9424)
2019-07-23 23:14:14 +10:00
Dr. Matthias St. Pierre
77cb24344d Remove HEADER_X509_H include detector from apps
The HEADER_X509_H check is redundant, because <openssl/x509.h>
is already included.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9365)
2019-07-24 17:08:38 +02:00
Dr. Matthias St. Pierre
19b7b64c72 Remove OPENSSL_X509V3_H include detector from openssl/cms.h
The check is redundant, because <openssl/x509v3.h> is included.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9365)
2019-07-24 17:08:38 +02:00
Dr. Matthias St. Pierre
ca066211a8 Remove HEADER_BSS_FILE_C module include guard
This include guard inside an object file comes as a surprise and
serves no purpose anymore. It seems like this object file was
included by crypto/threads/mttest.c at some time, but the include
directive was removed in commit bb8abd6.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9365)
2019-07-24 17:08:38 +02:00
Dr. Matthias St. Pierre
0904e31297 Remove external HEADER_SYMHACKS_H include guard
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9365)
2019-07-24 17:08:38 +02:00
Bernd Edlinger
ddd16c2fe9 Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.

Backport-of: #9363

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9435)
2019-07-24 14:59:52 +02:00
Pauli
8e74733859 Avoid double clearing some BIGNUMs
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9438)

(cherry picked from commit 82925f9dd0)
2019-07-23 16:55:40 +10:00
Richard Levitte
12bd8f4631 Cygwin: enable the use of Dl_info and dladdr()
These weren't available in Cygwin at the time our DSO code was
written, but things have changed since.

Fixes #9385

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9402)

(cherry picked from commit 38f6f99cdf)
2019-07-21 11:08:56 +02:00
Richard Levitte
a9befadf73 test/enginetest.c: Make sure no config file is loaded
If a config file gets loaded, the tests get disturbed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9393)

(cherry picked from commit 5800ba7610)
2019-07-19 20:20:02 +02:00
Bernd Edlinger
7fab431040 Add value_barriers in constant time select functions
The barriers prevent the compiler from narrowing down the
possible value range of the mask and ~mask in the select
statements, which avoids the recognition of the select
and turning it into a conditional load or branch.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9217)

(cherry picked from commit 04edd688b3)
2019-07-18 16:02:20 +02:00
Shane Lontis
0a9a7540d4 Cleanup use of X509 STORE locks
Cosmetic changes to use the X509_STORE_lock/unlock functions.
Renamed some ctx variables to store.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9366)

(cherry picked from commit 7a9abccde7)
2019-07-18 15:19:46 +10:00
Patrick Steuer
0f6fd61459 s390x assembly pack: fix restoring of SIGILL action
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9381)

(cherry picked from commit c17d60ea29)
2019-07-17 20:15:38 +02:00
Bernd Edlinger
8d64f00fd9 Fix a C++ comment in the refcount.h
Although in a false-conditional code section gcc-4.8.4 flagged this with
a C90 warning :-(

include/internal/refcount.h:108:7: error: C++ style comments are not allowed in ISO C90 [-Werror]
       // under Windows CE we still have old-style Interlocked* functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9388)
2019-07-17 14:17:45 +02:00
Matt Caswell
beeaa8d06e Fix the return value for SSL_get0_chain_certs()
This function was always returning 0. It should return 1 on success.

Fixes #9374

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9395)

(cherry picked from commit 7bc82358ae)
2019-07-17 12:38:46 +01:00
Todd Short
686ead4537 Fix SSL_CTX_set_session_id_context() docs
Also, use define rather than sizeof

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9377)

(cherry picked from commit fe9edc9d39)
2019-07-16 13:58:18 +01:00
Viktor Dukhovni
2b7efbd032 Actually silently ignore GET / OCSP requests
Reviewed-by: Matt Caswell <matt@openssl.org>
2019-07-16 06:14:36 -04:00
Pauli
cf8b373248 Remove DRBG from SSL structure.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9390)

(cherry picked from commit 3d9b33b5e4)
2019-07-16 13:25:31 +10:00
Krists Krilovs
b4f55c6f6c Fix wrong lock claimed in x509 dir lookup.
x509 store's objects cache can get corrupted when using dir lookup
method in multithreaded application. Claim x509 store's lock when
accessing objects cache.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9326)

(cherry picked from commit a161738a70)
2019-07-15 11:39:53 +10:00
agnosticdev
ab2d477c0a issue-9316: Update return documentation for RAND_set_rand_engine
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9351)

(cherry picked from commit 5fe6e2311d)
2019-07-12 00:06:21 +10:00
Dmitry Belyavskiy
a48cd0c5b9 Avoid NULL pointer dereference. Fixes #9043.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9059)

(cherry picked from commit 9fd6f7d1cd)
2019-07-08 20:15:44 +10:00
John Schember
7b031c2062 iOS build: Replace %20 with space in config script
CLA: trivial

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9297)

(cherry picked from commit 53fd220c8f)
2019-07-08 10:57:30 +02:00
Lei Maohui
5a63e155ff Fix build error for aarch64 big endian.
Modified rev to rev64, because rev only takes integer registers.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827
Otherwise, the following error will occur.

Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b'

CLA: trivial

Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9151)

(cherry picked from commit 7b0fceed21)
2019-07-08 10:54:46 +02:00
Dr. Matthias St. Pierre
5763449373 man: fix typo in OPENSSL_fork_prepare.pod
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9318)

(cherry picked from commit 933a73b914)
2019-07-07 19:35:49 +02:00
Bernd Edlinger
9fd44200fe Fix an endless loop in BN_generate_prime_ex
Happens when trying to generate 4 or 5 bit safe primes.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9311)

(cherry picked from commit 291f616ced)
2019-07-07 08:07:25 +02:00
Tomas Mraz
78af3f6f95 Clarify documentation of SSL_CTX_set_verify client side behavior
Fixes #9259

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9291)

(cherry picked from commit e6716f2bb4)
2019-07-04 17:02:23 +02:00
Martin Peylo
374cab6390 Adding Test.pm with workaround for Perl abs2rel bug
If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g.
"./config ../openssl", then a bug in Perl's abs2rel may trigger that directory-
rewriting in __cwd results in wrong entries in %directories under certain
circumstances, e.g. when a test executes run(app(["openssl"]) after indir.

There should not be any need to go to a higher directory from BLDDIR or SRCDIR,
so it should be OK to use them in their absolute form, also resolving all
possible symlinks, right from the start.

Following the File::Spec::Functions bug description (reported to perl.org):

When abs2rel gets a path argument with ..s that are crossing over the ..s
trailing the base argument, the result is wrong.

Example
PATH: /home/goal/test/..
BASE: /home/goal/test/../../base
Good result: ../goal
Bad  result: ../..

Bug verified with File::Spec versions
- 3.6301
- 3.74 (latest)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7031)

(cherry picked from commit 7a2027240e)
2019-07-02 20:12:28 +02:00
Bernd Edlinger
42180a229e Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data
The member value.ptr is undefined for those ASN1 types.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9278)

(cherry picked from commit 94f4d58a87)
2019-07-02 16:25:00 +02:00
Bernd Edlinger
261ec72d58 Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN
BOOLEAN does not have valid data in the value.ptr member,
thus don't use it here.

Fixes #9276

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9278)

(cherry picked from commit 6335f837cf)
2019-07-02 16:24:19 +02:00
Dr. Matthias St. Pierre
3003d2dba9 Add regenerated header files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9281)
2019-07-02 10:06:15 +02:00