Commit graph

20282 commits

Author SHA1 Message Date
Andy Polyakov
a078d9dfa9 sha/asm/keccak1600-x86_64.pl: remove redundant moves.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-06-29 21:15:45 +02:00
Andy Polyakov
64aef3f53d Add sha/asm/keccak1600-x86_64.pl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-06-29 21:15:09 +02:00
Richard Levitte
4c17819c41 Add internal functions to fetch PEM data from an opened BIO
store_attach_pem_bio() creates a STORE_CTX with the 'file' scheme
loader backend in PEM reading mode on an already opened BIO.
store_detach_pem_bio() detaches the STORE_CTX from the BIO and
destroys it (without destroying the BIO).

These two functions can be used in place of STORE_open() and
STORE_close(), and are present as internal support for other OpenSSL
functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2745)
2017-06-29 19:25:39 +02:00
Richard Levitte
7852f588a6 Make it possible to tell the file loader to use secure memory
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3483)
2017-06-29 19:19:40 +02:00
Steven Danneman
8530039a30 Fix double array increment in s_client mysql connect
The packet parsing code for the server version string was incrementing
the array index twice on every iteration. This meant that strings with
an even number of characters would pass, but strings with an odd number
(ex: 5.7.18-0ubuntu0.16.04.1) would cause the pos variable to get out
of sync.

This would cause a later failure with "MySQL packet is broken."

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3799)
2017-06-29 08:20:14 -04:00
Richard Levitte
6fc1d33c90 STORE 'file' scheme loader: refactor the treatment of matches
Sometimes, 'file_load' couldn't really distinguish if a file handler
matched the data and produced an error or if it didn't match the data
at all.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:33 +02:00
Richard Levitte
f95c439804 STORE: Add an entry in NEWS and CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:33 +02:00
Richard Levitte
2fad1dd26a STORE test recipe: Remove comment refering to OpenConnect
These tests were inspired by OpenConnect and incorporated
by permission of David Woodhouse under CLA

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
8f507bc5d5 Add documentation for the storeutl app
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
e2e603fe7c Add documentation for STORE functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
fa66949c26 engine app: print out information on STORE loaders and STORE FILE handlers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
f91ded1fc4 STORE: add ENGINE information to loaders
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
d32e10d6fa Test that storeutl with a directory path works as expected
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
970f467ac3 STORE 'file' scheme loader: Add directory listing capability
This has it recognised when the given path is a directory.  In that
case, the file loader will give back a series of names, all as URI
formatted as possible given the incoming URI.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
7ad2ef366c STORE 'file' scheme loader: Add handler for encrypted PKCS#8 data
Add a separate handler for encrypted PKCS#8 data.  This uses the new
restart functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
1aabc2445b STORE 'file' scheme loader: refactor file_load to support decoding restart
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Richard Levitte
50ecedda40 STORE: Add a OSSL_STORE_INFO type to help support file handler restarts
Some containers might very simply decode into something new that
deserves to be considered as new (embedded) data.  With the help of a
special OSSL_STORE_INFO type, make that new data available to the
loader functions so they can start over.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
6d737ea09b STORE tests: add PKCS#12 tests
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
a09003ea22 STORE 'file' scheme loader: add support for the PKCS#12 container
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
e61ec2d9ba STORE 'file' scheme loader: add support for containers
Containers are objects that are containers for a bunch of other
objects with types we recognise but aren't readable in a stream.  Such
containers are read and parsed, and their content is cached, to be
served one object at a time.

This extends the FILE_HANDLER type to include a function to destroy
the cache and a function to simulate the EOF check.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
e1613d9f25 Add a test that checks the store utility
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
c403a1ddff Add a simple store utility command
This command can be used to view the contents of any supported type of
information fetched from a URI, and output them in PEM format.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
9c6da42d0c Add a STORE loader for the "file" scheme
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
dc10560eba Make it possible to peek at BIO data through BIO_f_buffer()
This is needed for the upcoming "file" scheme STORE loader.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
86f7b04212 Make asn1_d2i_read_bio accessible from STORE
This is needed for the upcoming "file" scheme STORE loader.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
71a5516dcc Add the STORE module
This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
  that accesses a URI and helps loading the supported objects (PKEYs,
  CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
  object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
  reference.
- Functions to register and unregister loaders for different URI
  schemes.  This enables dynamic addition of loaders from applications
  or from engines.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
c785fd48e6 Make it possible to refer to ERR_R_UI_LIB
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Matt Caswell
a599574be1 Updates following review of SSL_export_key_material() changes
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)
2017-06-29 10:15:50 +01:00
Matt Caswell
e88c40af45 Update the SSL_export_keying_material() documentation for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)
2017-06-29 10:15:50 +01:00
Matt Caswell
2197d1dfbe Add an SSL_export_keying_material() test
There aren't any test vectors for this, so all we do is test that both
sides of the communication create the same result for different protocol
versions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)
2017-06-29 10:15:50 +01:00
Matt Caswell
0ca8d1ecf2 Update SSL_export_keying_material() for TLSv1.3
Fixes #3680

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)
2017-06-29 10:15:49 +01:00
Greg Zaverucha
519a5d1ef2 Fix sample code
Fix memory leak in sample encryption code and check return value of
fopen.

CLA: trivial

Signed-off-by: Greg Zaverucha <gregz@microsoft.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3790)
2017-06-29 00:38:26 +02:00
Richard Levitte
afe9bba749 crypto/mem.c: on Windows, use rand() instead of random()
Windows doesn't provide random().  In this particular case, our
requirements on the quality of randomness isn't high, so we don't
need to care how good randomness rand() does or doesn't provide.

Fixes #3778

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3779)
2017-06-28 22:15:02 +02:00
Todd Short
eed3ec9047 ssl_session_dup() missing ext.alpn_session
Properly copy ext.alpn_session in ssl_session_dup()
Use OPENSSL_strndup() as that's used in ssl_asn1.c

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3770)
2017-06-28 14:53:23 -05:00
Richard Levitte
3668721d3a Add dependency on apps/progs.h for test/uitest.o
uitest.o depends on apps.h which depends on progs.h, which is
dynamically generated, so we need to explicitely add a dependency
between uitest.o and progs.h for the latter to be generated in time.

Fixed #3793

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3794)
2017-06-28 14:41:05 +02:00
Richard Levitte
a2755b1695 test/uitest.c's pem_password_cb returned 1 instead of the password length
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3791)
2017-06-28 14:24:28 +02:00
Richard Levitte
3816be5d4a UI_UTIL_wrap_read_pem_callback: make sure to terminate the string received
The callback we're wrapping around may or may not return a
NUL-terminated string.  Let's ensure it is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3791)
2017-06-28 14:24:28 +02:00
Richard Levitte
e041f3b8ba Document the added devcrypto engine in CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
8bd2c65fbb Comment on the lack of documentation for asymmetric ciphers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
4f79affb05 Adapt for BSD cryptodev.h differences
The BSD cryptodev.h doesn't have things like COP_FLAG_WRITE_IV and
COP_FLAG_UPDATE.  In that case, we need to implement that
functionality ourselves.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
619eb33a0c Add new /dev/crypto engine
Based on cryptodev-linux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
9a32dcf42e Add the common error ERR_R_OPERATION_FAIL
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Rich Salz
f367ac2b26 Use randomness not entropy
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3773)
2017-06-27 12:14:49 -04:00
Benjamin Kaduk
c91ec01365 Fix return-value checks in OCSP_resp_get1_id()
Commit db17e43d88 added the function
but would improperly report success if the underlying dup operation
failed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3775)
2017-06-27 10:49:53 -05:00
Richard Levitte
0ffdaebf9a util/mkerr.pl: avoid getting an annoying warning about negative count
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)
2017-06-27 14:49:06 +02:00
Richard Levitte
4b2799c13c util/mkerr.pl: allow module names prefixed with OSSL_ or OPENSSL_
To make sure that our symbols don't clash with other libraries, we
claim the namespaces OSSL and OPENSSL.  Because C doesn't provide
namespaces, the only solution is to have them as prefixes on symbols,
thus we allow OSSL_ and OPENSSL_ as prefixes.

These namespace prefixes are optional for the foreseeable future, and
will only be used for new modules as needed on a case by case basis,
until further notice.

For extra safety, there's an added requirement that module names -
apart from the namespace prefix - be at least 2 characters long.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)
2017-06-27 14:49:06 +02:00
Rich Salz
4b8515baa6 Rename static global "lock" to "obj_lock"
Breaks djgpp, masks a common kernel function name.
Thanks to Gisle Vanem for pointing this out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3776)
2017-06-26 14:29:19 -04:00
Paul Yang
edea42c602 Change to check last return value of BN_CTX_get
To make it consistent in the code base

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3749)
2017-06-26 15:40:16 +02:00
Paul Yang
9e1d5e8dff Fix return value checking for BIO_sock_init
BIO_sock_init returns '-1' on error, not '0', so it's needed to check
explicitly istead of using '!'.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3766)
2017-06-26 15:19:12 +02:00
Paul Yang
e8e5597606 Fix inaccurate comments in bn_prime.c
As well as a coding style nit is fixed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3763)
2017-06-26 14:59:30 +02:00