Commit graph

23830 commits

Author SHA1 Message Date
Patrick Steuer
2e6b615f79 s390x assembly pack: import poly from cryptogams repo
>=20% faster than present code.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8560)
2019-03-29 17:05:39 +01:00
Richard Levitte
558ea84743 Remove heartbeats completely
Fixes #4856

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1928)
2019-03-29 13:50:59 +01:00
Richard Levitte
d88736df4d Windows, VMS: build fixes
The naming of generated assembler wasn't done quite right.  There are
assembler files that are generated from a perl script, and there are
those who are not.  Only the former must be renamed to the platform
specific asm extension.

Furthermore, we need to make sure that 'OSSL_provider_init' isn't case
sensitive on VMS, to allow for the least surprise for provider
builders.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8529)
2019-03-29 12:52:58 +01:00
Pauli
72962d025f Correctly initialise PACKET to zero in the tests to avoid possible problems
with padding bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:01 +10:00
Pauli
6fc1e6246f Propery initialise struct sslapitest_log_counts to zero using memset.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:01 +10:00
Pauli
79bc34185f Correctly zero the DISPLAY_COLUMNS structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:00 +10:00
Pauli
80de174281 Make the array zeroing explicit using memset.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:00 +10:00
Pauli
2661d716d9 It isn't necessary to initialise a struct stat before a stat(2) system call.
The initialisation was also flawed, failing to account for padding and
alignment bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:00 +10:00
Pauli
64a45882c7 Ensure that the struct msghdr is properly zeroed.
This is probably harmless but best to properly initialise things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:00 +10:00
Richard Levitte
c75f80a468 openssl dgst: show MD name at all times - CHANGES entry
Related to #8609

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8612)
2019-03-29 11:26:55 +01:00
Richard Levitte
7ed4b97b61 openssl dgst: show MD name at all times
When 'openssl dgst' is called with a MD alias (such as sha256) and no
further arguments (i.e. input is taken from stdin), the MD name wasn't
shown.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8609)
2019-03-29 11:24:22 +01:00
Pauli
678d2681b2 Clear seed source structures.
If the structures have empty padding bytes, ensure they are zeroed.
These structures are added to seed pools as complete blocks including
any padding and alignment bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8610)
2019-03-29 20:11:41 +10:00
Soujyu Tanaka
9c98aa354d For the lack of GetModuleHandleEx(), we use DSO route for WinCE.
Revert win32_pathbyaddr() which is used in DSO_dsobyaddr().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
2019-03-29 09:54:12 +00:00
Soujyu Tanaka
3d098890b2 Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
2019-03-29 09:51:24 +00:00
Soujyu Tanaka
09305a7d0a Avoid linking error for InitializeCriticalSectionAndSpinCount().
Replace it with InitializeCriticalSection()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
2019-03-29 09:51:24 +00:00
Soujyu Tanaka
88ffc8dea4 Avoid linking error on WCE700 for _InterlockedExchangeAdd().
This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
2019-03-29 09:51:24 +00:00
Pauli
d69226a3fc Add the FIPS related continuous random number generator (CRNG) testing.
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details.

The check is fairly simplistic, being for the entropy sources to not feed
the DRBG the same block of seed material twice in a row.  Only the first
DRBG in a chain is subject to this check, latter DRBGs are assumed to be
safely seeded via the earlier DRBGs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8599)
2019-03-29 17:50:48 +10:00
Andy Polyakov
cd353c7768 Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8540)
2019-03-29 07:33:15 +01:00
Andy Polyakov
291bc802e4 IA64 assembly pack: add {chacha|poly1305}-ia64 modules.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8540)
2019-03-29 07:33:15 +01:00
Shane Lontis
952abb1521 Fixed unmatched BN_CTX_start/end if an invalid exponent is used.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8569)
2019-03-29 12:41:43 +10:00
Pauli
711a161f03 Fix broken change from b3d113e.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8606)
2019-03-29 09:24:07 +10:00
Paul Monson
0b885f72c2 conn_is_closed should return 1 if get_last_sys_error is WSAECONNRESET
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8590)
2019-03-28 10:22:20 +00:00
Shane Lontis
a3c62426b9 coverity fixes for SSKDF + mac_app + kdf test cleanup
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8566)
2019-03-28 10:17:38 +00:00
Dmitry Belyavskiy
72b89b8e20 Add some checks of OCSP functions
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8308)
2019-03-28 10:06:48 +00:00
Matt Caswell
cc6d92619f Make OCSP_id_cmp and OCSP_id_issuer_cmp accept const params
Fixes #8589

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8597)
2019-03-28 09:56:05 +00:00
Pauli
a9e34e9ef1 Fix test builds.
/usr/include/bits/waitstatus.h includes endian.h under some libc's.
This clashes with the new test header file, so rename the latter.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8600)
2019-03-28 15:02:19 +10:00
Pauli
045162e52c Detect endian without relying on defined symbols.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8572)
2019-03-28 08:05:18 +10:00
Jake Massimo
2500c093aa Increase rounds of Miller-Rabin testing DH_check
DH_check is used to test the validity of Diffie-Hellman parameter sets (p, q, g). Among the tests performed are primality tests on p and q, for this BN_is_prime_ex is called with the rounds of Miller-Rabin set as default. This will therefore use the average case error estimates derived from the function BN_prime_checks_for_size based on the bit size of the number tested.

However, these bounds are only accurate on testing random input. Within this testing scenario, where we are checking the validity of a DH parameter set, we can not assert that these parameters are randomly generated. Thus we must treat them as if they are adversarial in nature and increase the rounds of Miller-Rabin performed.

Generally, each round of Miller-Rabin can declare a composite number prime with probability at most (1/4), thus 64 rounds is sufficient in thwarting known generation techniques (even in safe prime settings - see https://eprint.iacr.org/2019/032 for full analysis). The choice of 64 rounds is also consistent with SRP_NUMBER_ITERATIONS_FOR_PRIME 64 as used in srp_Verify_N_and_g in openssl/apps/s_client.c.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8593)
2019-03-27 14:59:25 +00:00
Matt Caswell
48fdeca01d Don't allow SHAKE128/SHAKE256 with HMAC
See discussion in github issue #8563

Fixes #8563

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
2019-03-27 14:32:08 +00:00
Matt Caswell
1783847061 Correctly check the return code of EVP_MAC_ctrl everwhere it is used
EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places
were not getting this check correct.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
2019-03-27 14:31:56 +00:00
Matt Caswell
183f52e29a Fix a memory leak in ARIA GCM
Fixes #8567

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8586)
2019-03-27 10:26:52 +00:00
Matt Caswell
a8274ea351 Tolerate 0 byte input length for Update functions
We treat that as automatic success. Other EVP_*Update functions already do
this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is
a bit of an anomoly. That treats 0 byte input length as an error.

Fixes #8576

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8587)
2019-03-27 10:14:03 +00:00
Matt Caswell
1f019cd0ac Fix no-ec
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8588)
2019-03-27 10:09:04 +00:00
Dr. Matthias St. Pierre
fc4e500b03 Fix three identical grammatical errors
Reported by Mak Kolybabi

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8591)
2019-03-27 01:00:57 +01:00
Shane Lontis
866cc2334c style nit fix
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8580)
2019-03-26 15:20:22 +10:00
Hubert Kario
29716a03e8 ts(1): digest option is mandatory
not specifying the digest both on command line and in the config file
will lead to response generation aborting with

140617514493760:error:2F098088:time stamp routines:ts_CONF_lookup_fail: \
    cannot find config variable:crypto/ts/ts_conf.c:106:tsr_test::signer_digest

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8421)
2019-03-25 13:36:40 +01:00
Shane Lontis
f4b4574f4b replaced snprintf with BIO version (for windows builds)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8571)
2019-03-25 11:37:24 +10:00
Bernd Edlinger
9c0cf214e7 Modify the RSA_private_decrypt functions to check the padding in
constant time with a memory access pattern that does not depend
on secret information.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8543)
2019-03-22 14:46:04 +01:00
Bernd Edlinger
94dc53a3f7 Make err_clear_constant_time really constant time
[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8542)
2019-03-22 14:22:11 +01:00
Pauli
b3d113ed29 Cosmetic rand/drbg changes.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8554)
2019-03-22 15:21:59 +10:00
Matt Caswell
fdf6c0b6b7 Document the functions EVP_MD_fetch() and EVP_MD_upref()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Matt Caswell
847d0f81bb Add a test for EVP_MD_fetch
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Matt Caswell
de29ff17a2 Implement SHA256 in the default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Matt Caswell
8c8cf0d962 Make EVP_Digest* functions provider aware
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Matt Caswell
3653d0c224 Implement EVP_MD_fetch()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Matt Caswell
8a73348be0 Add a skeleton default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Shane Lontis
df5375b446 fixed mismatching #ifdef cpp
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8544)
2019-03-21 10:22:07 +10:00
Lorinczy Zsigmond
861e45624f Reorganized signature-scheme detection in 'apps/s_cb.c:security_callback_debug' callback-function.
So far, it only handled hash-and-algorithm pairs from TLS1.2,
now it also handles 'schemes' defined in TLS1.3 like 0x0807=ed25519 or
0x0809=rsa_pss_pss_sha256

Now it prints information in one of these formats:

... Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128 ... TLS1.3
... Algorithm digest=SHA384, algorithm=DSA, security bits=192  ... TLS1.2
... Algorithm scheme=unknown(0x0e01), security bits=128        ... unhandled case

To implement this added three new lookup-tables: signature_tls13_scheme_list,
signature_tls12_alg_list, signature_tls12_hash_list.

Also minor changes in 'security_callback_debug', eg adding variable 'show_nm'
to indicate if we should show 'nm'.

Also coding-styles fixes from matcaswell

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8445)
2019-03-20 13:44:02 +00:00
Richard Levitte
905c9a72a7 OPENSSL_config(): restore error agnosticism
Great effort has been made to make initialization more configurable.
However, the behavior of OPENSSL_config() was lost in the process,
having it suddenly generate errors it didn't previously, which is not
how it's documented to behave.

A simple setting of default flags fixes this problem.

Fixes #8528

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8533)
2019-03-20 14:24:46 +01:00
Shane Lontis
138ef774fe Updated doc for BN_clear, BN_CTX_end when param is NULL
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8532)
2019-03-20 10:29:51 +01:00