Commit graph

23851 commits

Author SHA1 Message Date
Patrick Steuer
e8d0678da4 EVP_Digest*: enable SHA3 pre-hashing for ECDSA
Fixes #8957

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)
2019-05-22 16:49:45 +02:00
Patrick Steuer
887e22dd8b s390x assembly pack: allow specifying the tag after aad in aes-ccm
67c81ec311 forgot about s390x

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8971)
2019-05-22 10:57:50 +02:00
Pauli
da89ac0b25 Optional property query support.
Add the possibility of a property query clause to be optional by preceding
it with a question mark.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8943)
2019-05-22 10:45:39 +10:00
Kurt Roeckx
70b0b977f7 Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8741
2019-05-21 16:44:02 +02:00
Matt Caswell
2c23689402 Revert "EVP_*Update: ensure that input NULL with length 0 isn't passed"
This reverts commit dcb982d792.

This change is causing extended tests to fail.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8964)
2019-05-21 14:38:58 +01:00
Richard Levitte
54af7f5502 Configure: for '-z defs', also check $config{cflags}
When sanitize options are added as 'enable-msan' or similar, the
-fsanitize C flags is set in $config{cflags} rather than
$config{CFLAGS}, so we need to check both.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8965)
2019-05-21 13:50:27 +02:00
Arne Schwabe
c04b66b18d Change SSL parameter SSL_session_reused const
This function only returns a status and does not modify the parameter.
Since similar function are already taking const parameters, also
change this function to have a const parameter.

Fixes #8934

CLA: trivial
Signed-off-by: Arne Schwabe <arne@rfc2549.org>

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8945)
2019-05-21 09:58:50 +10:00
Pauli
9830e7ea42 Params conversion tests.
Add ranged checked OSSL_PARAM conversions between the native types.  A
conversion is legal only if the given value can be exactly represented
by the target type.

Includes a test case that reads a stanza test case file and verified that param
conversions are processed properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8733)
2019-05-21 07:42:54 +10:00
Richard Levitte
538f38db50 Clear CRMF vs CMP confusion
In the development of the CRMF sub-system, there seems to have been
some confusion as to what configuration option should be used.
'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP
rather than OPENSSL_NO_CRMF...

In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we
need 'no-crmf' to depend on 'no-cmp'.  We do this by making 'crmf' a
silent "option" that get affected by 'cmp' by way of %disable_cascades.
This allows options to be "aliases" for a set of other ones, silent or
not.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8897)
2019-05-20 16:19:00 +02:00
Pauli
2752c8984c Revert "ppc assembly pack: always increment CTR IV as quadword"
The 32 bit counter behaviour is necessary and was intentional.

This reverts commit e9f148c935.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8958)
2019-05-20 18:08:42 +10:00
Richard Levitte
d3136af3c3 Configure: let platform->dsoext() default with platform->shlibextsimple()
We still use '.so' as a last resort...

Fixes #8950

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8951)
2019-05-20 05:18:01 +02:00
Daniel Axtens
e9f148c935 ppc assembly pack: always increment CTR IV as quadword
The kernel self-tests picked up an issue with CTR mode. The issue was
detected with a test vector with an IV of
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD: after 3 increments it should wrap
around to 0.

There are two paths that increment IVs: the bulk (8 at a time) path,
and the individual path which is used when there are fewer than 8 AES
blocks to process.

In the bulk path, the IV is incremented with vadduqm: "Vector Add
Unsigned Quadword Modulo", which does 128-bit addition.

In the individual path, however, the IV is incremented with vadduwm:
"Vector Add Unsigned Word Modulo", which instead does 4 32-bit
additions. Thus the IV would instead become
FFFFFFFFFFFFFFFFFFFFFFFF00000000, throwing off the result.

Use vadduqm.

This was probably a typo originally, what with q and w being
adjacent.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8942)
2019-05-17 11:05:16 +10:00
Valentin Robert
3e4e43e609 Fix typo in NOTES.PERL
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8905)
2019-05-16 11:46:59 +10:00
Shane Lontis
8bbeaaa4fc Added X963KDF API
X963 KDF is used for CMS ec keyagree Recipient Info.
The X963 KDF that is used by CMS EC Key Agreement has been moved
into a EVP_KDF object. This KDF is almost identical to the the SSKDF
hash variant, so it has been implemented inside the SSKDF code with
its own method table.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8902)
2019-05-16 11:43:41 +10:00
Richard Levitte
0211740fcc EVP_FETCH: remove the need to transport the legacy NID through construction
Now that the legacy NID isn't used as a main index for fetched
algorithms, the legacy NID was just transported around unnecessarily.
This is removed, and the legacy NID is simply set by EVP_{API}_fetch()
after the construction process is done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
2019-05-12 13:43:38 -07:00
Richard Levitte
1f79ddf504 util/find-doc-nits: Fine tune detection of POD markup in NAME section
POD markup is only forbidden in the actual names, while permitted in
the description.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
2019-05-12 13:43:38 -07:00
Richard Levitte
2e49c05472 EVP_FETCH: deal with names without pre-defined NIDs
We didn't deal very well with names that didn't have pre-defined NIDs,
as the NID zero travelled through the full process and resulted in an
inaccessible method.  By consequence, we need to refactor the method
construction callbacks to rely more on algorithm names.

We must, however, still store the legacy NID with the method, for the
sake of other code that depend on it (for example, CMS).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
2019-05-12 13:43:38 -07:00
Richard Levitte
baff732dc6 Make the generic EVP fetching mechanism use the namenum map
This avoids using the ASN1_OBJECT database, which is bloated for the
purpose of a simple number <-> name database.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
2019-05-12 13:43:38 -07:00
Richard Levitte
f2182a4e6f Create internal number<->name mapping API
This can be used as a general name to identity map.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
2019-05-12 13:43:38 -07:00
Dr. Matthias St. Pierre
ffa9bff8a2 Ignore entropy from RAND_add()/RAND_seed() in FIPS mode [fixup]
Small correction to RAND_DRBG(7) (amends 3a50a8a91a)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8909)
2019-05-12 17:01:55 +10:00
Dr. Matthias St. Pierre
3a50a8a91a Ignore entropy from RAND_add()/RAND_seed() in FIPS mode
The functions RAND_add() and RAND_seed() provide a legacy API which
enables the application to seed the CSPRNG.

But NIST SP-800-90A clearly mandates that entropy *shall not* be provided
by the consuming application, neither for instantiation, nor for reseeding.

The provided random data will be mixed into the DRBG state as additional
data only, and no entropy will accounted for it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8722)
2019-05-10 07:22:05 +02:00
Pauli
c5f7a99645 Test skip option.
Provide C test cases with the option to skip tests and subtests.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8695)
2019-05-09 20:21:09 +10:00
Pauli
1fb3c0afff Skip the no derivation functions when in FIPS mode because they are not
applicable.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8695)
2019-05-09 20:21:09 +10:00
Shane Lontis
7eeefcd841 Fixed 32bit issue for kdf_opts
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8901)
2019-05-09 15:27:24 +10:00
Richard Levitte
ad37edce68 Don't use '-z defs' if sanitizers are used
There are quite a number of sanitizers for clang that aren't
documented in the clang user documentation.  This makes it impossible
to be selective about what sanitizers to look at to determine if
'-z defs' should be used of not.

Under these circumstances, the sane thing to do is to just look for
any sanitizer specification and not use '-z defs' if there's one
present.

Fixes #8735

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8892)
2019-05-09 06:41:42 +02:00
Rashmica Gupta
99592c73e7 crypto/ppccap.c: Fix which hwcap value used to check for HWCAP_ARCH_3_00
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8889)
2019-05-09 14:19:46 +10:00
Lorinczy Zsigmond
c3be39f2e4 Squashed commit of the following:
Add new option '-http_server_binmode' which allows the server to open and send
binary files as well as text.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8811)
2019-05-09 09:16:19 +10:00
Richard Levitte
5c3f1e34b5 ossl_bsearch(): New generic internal binary search utility function
OBJ_bsearch_ and OBJ_bsearch_ex_ are generic functions that don't
really belong with the OBJ API, but should rather be generic utility
functions.  The ending underscore indicates that they are considered
internal, even though they are declared publicly.

Since crypto/stack/stack.c uses OBJ_bsearch_ex_, the stack API ends up
depending on the OBJ API, which is unnecessary, and carries along
other dependencies.

Therefor, a generic internal function is created, ossl_bsearch().
This removes the unecessary dependencies.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8899)
2019-05-08 16:17:16 +02:00
Tobias Nießen
67c81ec311 Allow specifying the tag after AAD in CCM mode
This change allows to pass the authentication tag after specifying
the AAD in CCM mode. This is already true for the other two supported
AEAD modes (GCM and OCB) and it seems appropriate to match the
behavior.

GCM and OCB also support to set the tag at any point before the call
to `EVP_*Final`, but this won't work for CCM due to a restriction
imposed by section 2.6 of RFC3610: The tag must be set before
actually decrypting data.

This commit also adds a test case for setting the tag after supplying
plaintext length and AAD.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7243)
2019-05-08 10:57:59 +01:00
Guido Vranken
36e619d70f EVP_EncryptUpdate, EVP_EncryptFinal_ex: don't branch on uninitialized memory
If ctx->cipher->cupdate/ctx->cipher->cfinal failed, 'soutl' is left
uninitialized.

This patch incorporates the same logic as present in EVP_DecryptUpdate and
EVP_DecryptFinal_ex: only branch on 'soutl' if the preceding call succeeded.

Bug found by OSS-Fuzz.

Signed-off-by: Guido Vranken <guidovranken@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8874)
2019-05-08 11:02:36 +10:00
Pauli
0dc6bf3c39 Coverity CID 1444950: Control flow issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
1f76076095 Coverity CID 1444951: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
ff6c7cc60f Coverity CID 1444952: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
1702c500b5 Coverity CID 1444953: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
d05105665f Coverity CID 1444954: Integer handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
97ee8af495 Coverity CID 1444955: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
6521cb0319 Coverity CID 1444956: Integer handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
21d9856986 Coverity CID 1444957: Error handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
d2c2e49eab Coverity CID 1444958: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
0484af225d Coverity CID 1444959: Integer handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
a05bf83c79 Coverity CID 1444960: Error handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
ea053ec99e Coverity CID 1444961: Integer handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:52:58 +10:00
Pauli
4894dcad62 Coverity CID 1444963: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
2019-05-08 09:35:52 +10:00
Matt Caswell
9acbe07d23 Reject obviously invalid DSA parameters during signing
Fixes #8875

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8876)
2019-05-07 16:47:30 +01:00
Boris Pismenny
7c3a7561b5 ssl: Add SSL_sendfile
This commit adds the SSL_sendfile call, which allows KTLS sockets to
transmit file using zero-copy semantics.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)
2019-05-07 14:24:16 +01:00
Boris Pismenny
72fb59c721 Linux ktls sendfile
This commit introduces support for Linux KTLS sendfile.
Sendfile semantics require the use of a kernel TLS socket to construct the TLS
record headers, encrypt and authenticate the data.
KTLS sendfile improves performance by avoiding the copy of file data into user
space, which is required today.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)
2019-05-07 14:24:16 +01:00
Dr. Matthias St. Pierre
260a16f336 man: fix a typo and a grammar nit in EVP_PKEY_meth_new(3)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8893)
2019-05-07 12:00:45 +02:00
Simo Sorce
4679345149 Change the digest string from "md" to "digest"
Conform to other modules which were changed at the last minute and this
discrepancy was not noticed.
Retain "md" as an alias so not to break 3rd party backports/tests scripts.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8783)
2019-05-03 23:47:43 +02:00
Shane Lontis
ff8029c189 Added generated files for EVP_KDF changes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)
2019-05-03 17:52:50 +02:00
Shane Lontis
d2ba812343 Added EVP_KDF (similiar to the EVP_MAC)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)
2019-05-03 17:52:50 +02:00