Additionally, merge ENGINE_CONF into CONF.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8680)
Other configuration modules may have use for tracing, and having one
tracing category for each of them is a bit much. Instead, we make one
category for them all.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8680)
It was assumed that the config functionality returned a boolean.
However, it may return a negative number on error, so we need to take
that into account.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8679)
The three macros EVP_F_AESNI_XTS_INIT_KEY, EVP_F_AES_T4_XTS_INIT_KEY
and EVP_F_AES_XTS_INIT_KEY are affected.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8682)
than the update call. The means an earlier error return at the cost of some
duplicated code.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8625)
This prevents failure of openssl s_server socket binding to wildcard
address on hosts with disabled IPv6.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8550)
This configuration module supports a configuration structure pretty
much like the engine configuration module, i.e. something like this:
openssl_conf = openssl_init
[openssl_init]
providers = provider_section
[provider_section]
# Configure the provider named "foo"
foo = foo_section
# Configure the provider named "bar"
bar = bar_section
[foo_section]
# Override name given in the provider section
identity = myfoo
# The exact path of the module. This is platform specific
module_path = /opt/openssl/modules/foo.so
# Whether it should be automatically activated. Value is unimportant
activate = whatever
# Anything else goes as well, and becomes parameters that the
# provider can get
what = 1
# sub-sections will be followed as well
ever = ever_section
[ever_section]
cookie = monster
All the configurations in a provider section and its sub-sections
become parameters for the provider to get, i.e. the "foo" provider
will be able to get values for the following keys (with associated
values shown):
identity => myfoo
module_path => /opt/openssl/modules/foo.so
activate => whatever
what => 1
ever.cookie => monster
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
Provider parameters are parameters set by the core that the provider
can retrieve. The primary use it to support making OpenSSL
configuration data available to the provider.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
Limit the number of AES blocks in a data unit to 2^20 or less.
This corresponds to the mandates in IEEE Std 1619-2018 and NIST SP 800-38E.
Note: that this is a change from IEEE Std 1619-2007 which only recommended
this limit.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8627)
I turns out that this made crypto/rand/rand_win.c to never build with
BCrypt support unless the user sets _WIN32_WINNT. That wasn't the
intent.
This reverts commit cc8926ec8f.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8641)
Add support for Linux TLS Rx offload in the BIO layer.
Change-Id: I79924b25dd290a873d69f6c8d429e1f5bb2c3365
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
'no-dso' is meaningless, as it doesn't get any macro defined.
Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may
be some odd platforms with no DSO scheme. For those, we generate the
internal macro DSO_NONE aand use it.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/#8622)
It seems more intuitive to set `OPENSSL_TRACE=all` instead of
`OPENSSL_TRACE=any` to obtain trace output for all categories.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)
Previously, if the openssl application was run with OPENSSL_TRACE=any,
all trace output would just show 'ANY' as the category name, which was
not very useful. To get the correct category name printed in the trace
output, the openssl application now registers separate channels for
each category.
The trace API is unchanged, it is still possible for an application to
register a single channel for the 'ANY' category to see all outputt,
if it does not need this level of detail.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)
When OSSL_trace_get_category_num() is called with an unknown category
name, it returns -1. This case needs to be considered in order to
avoid out-of-bound memory access to the `trace_channels` array.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)
Partially reverts d33d76168f Don't fail when tracing is disabled
Commit d33d76168f fixed the problem that the initialization of
libcrypto failed when tracing was disabled, because the unoperational
ossl_trace_init() function returned a failure code. The problem was
fixed by changing its return value from failure to success.
As part of the fix the return values of other unimplemented trace API
functions (like OSSL_trace_set_channel(),OSSL_trace_set_callback())
was changed from failure to success, too. This change was not necessary
and is a bit problematic IMHO, because nobody expects an unimplemented
function to pretend it succeeded.
It's the application's duty to handle the case correctly when the trace
API is not enabled (i.e., OPENSSL_NO_TRACE is defined), not the API's job
to pretend success just to prevent the application from failing.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)
>=20% faster than present code.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8560)
The initialisation was also flawed, failing to account for padding and
alignment bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
If the structures have empty padding bytes, ensure they are zeroed.
These structures are added to seed pools as complete blocks including
any padding and alignment bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8610)
Revert win32_pathbyaddr() which is used in DSO_dsobyaddr().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
Replace it with InitializeCriticalSection()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details.
The check is fairly simplistic, being for the entropy sources to not feed
the DRBG the same block of seed material twice in a row. Only the first
DRBG in a chain is subject to this check, latter DRBGs are assumed to be
safely seeded via the earlier DRBGs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8599)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8569)
DH_check is used to test the validity of Diffie-Hellman parameter sets (p, q, g). Among the tests performed are primality tests on p and q, for this BN_is_prime_ex is called with the rounds of Miller-Rabin set as default. This will therefore use the average case error estimates derived from the function BN_prime_checks_for_size based on the bit size of the number tested.
However, these bounds are only accurate on testing random input. Within this testing scenario, where we are checking the validity of a DH parameter set, we can not assert that these parameters are randomly generated. Thus we must treat them as if they are adversarial in nature and increase the rounds of Miller-Rabin performed.
Generally, each round of Miller-Rabin can declare a composite number prime with probability at most (1/4), thus 64 rounds is sufficient in thwarting known generation techniques (even in safe prime settings - see https://eprint.iacr.org/2019/032 for full analysis). The choice of 64 rounds is also consistent with SRP_NUMBER_ITERATIONS_FOR_PRIME 64 as used in srp_Verify_N_and_g in openssl/apps/s_client.c.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8593)
EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places
were not getting this check correct.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
We treat that as automatic success. Other EVP_*Update functions already do
this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is
a bit of an anomoly. That treats 0 byte input length as an error.
Fixes#8576
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8587)
constant time with a memory access pattern that does not depend
on secret information.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8543)
