Commit graph

1550 commits

Author SHA1 Message Date
Antoine Salon
ebfd055b29 Making SRP_user_pwd functions public
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Antoine Salon
51f03f1227 Added SRP_VBASE_add0_user()
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Shane Lontis
6e624a6453 KMAC implementation using EVP_MAC
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7597)
2018-11-14 07:01:09 +10:00
Viktor Dukhovni
a51c9f637c Added missing signature algorithm reflection functions
SSL_get_signature_nid()      -- local signature algorithm
    SSL_get_signature_type_nid() -- local signature algorithm key type
    SSL_get_peer_tmp_key()       -- Peer key-exchange public key
    SSL_get_tmp_key              -- local key exchange public key

Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key().  Changed internal
calls to use the new name.

Reviewed-by: Matt Caswell <matt@openssl.org>
2018-11-12 16:55:38 -05:00
David Woodhouse
ecbb2fca93 Add EVP_PKEY_supports_digest_nid()
Rather than relying only on mandatory default digests, add a way for
the EVP_PKEY to individually report whether each digest algorithm is
supported.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
2018-11-10 03:23:14 +02:00
Pauli
38cfa99122 EVP_MAC ctrl numbering duplicate removal.
Both EVP_MAC_CTRL_SET_MD and EVP_MAC_CTRL_SET_CIPHER were numbered 4.
This would preclude any future MAC from using both.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7566)
2018-11-06 07:04:36 +10:00
Paul Yang
41eac6122a Fix a collision in function err numbers
'make update' complains about this

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7571)
2018-11-05 23:08:34 +08:00
Richard Levitte
e0bf7c0181 Collapse different classes of macro databases
We have $config{openssl_algorithm_defines}, $config{openssl_other_defines}
and $config{openssl_thread_defines}.  These are treated exactly the same
in include/openssl/opensslconf.h.in, so having them separated into three
different databases isn't necessary, the reason for the separation being
long gone.  Therefore, we collapse them into one and the same,
$config{openssl_feature_defines}.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)
2018-11-05 09:27:36 +01:00
Paul Yang
c1da4b2afe Add poly1305 MAC support
This is based on the latest EVP MAC interface introduced in PR #7393.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7459)
2018-11-05 13:07:07 +08:00
Pauli
afc580b9b0 GMAC implementation
Remove GMAC demo program because it has been superceded by the EVP MAC one

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7548)
2018-11-05 08:09:41 +10:00
Benjamin Kaduk
95658c3243 Add tsan_decr() API, counterpart of tsan_counter()
The existing tsan_counter() API increments a reference counter.
Provide a new API, tsan_decr(), to decrement such a reference counter.
This can be used, for example, when a reference is added to the session_ctx's
sess_accept stats but should more properly be tracked in the regular ctx's
statistics.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7464)
2018-11-03 23:12:45 -05:00
Richard Levitte
c89d9cdab1 EVP_MAC: Add SipHash implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7494)
2018-10-30 08:09:07 +01:00
Dr. Matthias St. Pierre
cf3d6ef7af rand_drbg.h: include <openssl/obj_mac.h>
The RAND_DRBG_TYPE preprocessor define depends on a NID, so  we have
to include obj_mac.h to make the header selfcontained.

Fixes #7521

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7524)
2018-10-30 08:01:26 +01:00
Richard Levitte
6723f86746 EVP_MAC: Add HMAC implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7483)
2018-10-30 05:49:54 +01:00
Richard Levitte
f71faf2753 EVP_MAC: Add CMAC implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7484)
2018-10-30 05:34:50 +01:00
Richard Levitte
cc3a2e4f51 VMS & cryptoerr.h: include symhacks.h
Needed to clear a clash between ERR_load_CRYPTO_strings and
ERR_load_crypto_strings

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7194)
2018-10-29 14:03:02 +01:00
Richard Levitte
f842b6b2a4 Add convenience functions EVP_str2ctrl() and EVP_hex2ctrl()
These functions are generalizations of EVP_PKEY_CTX_str2ctrl() and
EVP_PKEY_CTX_hex2ctrl().  They will parse the value, and then pass the
parsed result and length to a callback that knows exactly how to pass
them on to a main _ctrl function, along with a context structure
pointer.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Richard Levitte
5e55159b3a Add generic EVP_PKEY_METHOD for EVP_MACs
The MAC EVP_PKEY implementations are currently implemented for each
MAC.  However, with the EVP_MAC API, only one such implementation is
needed.

This implementation takes into account the differences between HMAC
and CMAC implementations, and observes that all other current MAC
implementations seem to follow the HMAC model.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Richard Levitte
0145dd324e Add automatic initializations support for EVP_MAC objects
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Richard Levitte
567db2c17d Add EVP_MAC API
We currently implement EVP MAC methods as EVP_PKEY methods.  This
change creates a separate EVP API for MACs, to replace the current
EVP_PKEY ones.

A note about this EVP API and how it interfaces with underlying MAC
implementations:

Other EVP APIs pass the EVP API context down to implementations, and
it can be observed that the implementations use the pointer to their
own private data almost exclusively.  The EVP_MAC API deviates from
that pattern by passing the pointer to the implementation's private
data directly, and thereby deny the implementations access to the
EVP_MAC context structure.  This change is made to provide a clearer
separation between the EVP library itself and the implementations of
its supported algorithm classes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Antoine Salon
9453b19634 Deprecate ECDH_KDF_X9_62()
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)
2018-10-17 13:22:14 +03:00
Antoine Salon
ffd89124bd EVP module documentation pass
Replace ECDH_KDF_X9_62() with internal ecdh_KDF_X9_63()

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)
2018-10-17 13:22:14 +03:00
Dr. Matthias St. Pierre
3064b55134 DRBG: fix reseeding via RAND_add()/RAND_seed() with large input
In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
was implemented by buffering the data in a random pool where it is
picked up later by the rand_drbg_get_entropy() callback. This buffer
was limited to the size of 4096 bytes.

When a larger input was added via RAND_add() or RAND_seed() to the DRBG,
the reseeding failed, but the error returned by the DRBG was ignored
by the two calling functions, which both don't return an error code.
As a consequence, the data provided by the application was effectively
ignored.

This commit fixes the problem by a more efficient implementation which
does not copy the data in memory and by raising the buffer the size limit
to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits
but it was chosen intentionally to avoid platform dependent problems
like integer sizes and/or signed/unsigned conversion.

Additionally, the DRBG is now less permissive on errors: In addition to
pushing a message to the openssl error stack, it enters the error state,
which forces a reinstantiation on next call.

Thanks go to Dr. Falko Strenzke for reporting this issue to the
openssl-security mailing list. After internal discussion the issue
has been categorized as not being security relevant, because the DRBG
reseeds automatically and is fully functional even without additional
randomness provided by the application.

Fixes #7381

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7382)
2018-10-16 22:15:43 +02:00
Matt Caswell
990fe90994 Fix a typo in a macro
Fixes #7385

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7385)
2018-10-12 09:45:53 +01:00
Richard Levitte
18958cefd8 Remove SSL_version_str
I was never exported in our shared libraries and no one noticed, and
we don't seem to use it ourselves, so clean it away.

In all likelyhood, this is a remain from the 90's, when it was in
fashion to litter library modules with these kinds of strings.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7340)
2018-10-03 22:15:15 +02:00
Richard Levitte
b44882a0bd Clean out aliases in include/openssl/symhacks.h
Only a few clashing ones remain

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
2018-09-30 19:46:19 +02:00
Richard Levitte
7e09c5eaa5 Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
BIO_s_log() is declared for everyone, so should return NULL when not
actually implemented.  Also, it had explicit platform limitations in
util/mkdef.pl that didn't correspond to what was actually in code.
While at it, a few other hard coded things that have lost their
relevance were removed.

include/openssl/ocsp.h had a few duplicate declarations.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
2018-09-30 19:46:19 +02:00
Shane Lontis
8bf3665196 Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6779)
2018-09-28 07:22:13 +10:00
Pauli
5c39a55d04 Use secure_getenv(3) when available.
Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.

CPU processor override flags are unchanged.

Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7047)
2018-09-24 11:21:18 +10:00
Pauli
972f67889b Use 'i' as parameter name not 'I'.
The latter causes problems when complex.h is #included.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)
2018-09-17 09:14:03 +10:00
Dr. Matthias St. Pierre
c402e943cd Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant
The new DRBG API added the aforementioned #define. However, it is
used internally only and having it defined publicly does not serve
any purpose except causing potential version compatibility problems.

Fixes #7182

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7190)
2018-09-12 23:36:18 +02:00
Pauli
d6b345708f Limit the number of AES-GCM keys allowed in TLS. A new error is raised if this
limit is ever reached.

This is a FIPS 140-2 requirement from IG A.5 "Key/IV Pair Uniqueness
Requirements from SP 800-38D".

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7129)
2018-09-12 09:25:20 +10:00
Richard Levitte
a4a90a8a3b The next version in master is at least 1.1.2, not 1.1.1x
The OMC hasn't yet decided what the next release version will be, but
it's at least going to 1.1.2, so we set that value for the moment.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7180)
2018-09-11 16:51:38 +02:00
Matt Caswell
fc4e1ab470 Prepare for 1.1.1a-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-09-11 13:49:46 +01:00
Matt Caswell
1708e3e85b Prepare for 1.1.1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-09-11 13:48:18 +01:00
Matt Caswell
1212818eb0 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
2018-09-11 13:45:17 +01:00
Paul Yang
4803717f5e Support setting SM2 ID
zero-length ID is allowed, but it's not allowed to skip the ID.

Fixes: #6534

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
0a8fdef752 Support pmeth->digest_custom
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
00902d9414 Introduce EVP_MD_CTX_set_pkey_ctx
Thus users can use this function to set customized EVP_PKEY_CTX to
EVP_MD_CTX structure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Alex Gaynor
96e05986f4 Fixed a comment that referenced the wrong method
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7100)
2018-09-04 09:46:19 +10:00
Pauli
e0810e3502 Fix HMAC SHA3-224 and HMAC SHA3-256.
Added NIST test cases for these two as well.

Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6972)
2018-09-04 08:09:12 +10:00
Richard Levitte
64a48fc7f0 Rename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_list
They add a single item, so the names give a false impression of what
they do, making them hard to remember.  Better to give them a somewhat
better name.

Fixes #6930

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6931)
2018-09-03 13:10:17 +02:00
Paul Kehrer
20c3672174 add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESP
fixes #7081

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7082)
2018-09-03 06:07:22 +02:00
Andy Polyakov
a88e328c3a internal/tsan_assist.h: add tsan_ld_acq and tsan_st_rel.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6996)
2018-08-26 17:46:52 +02:00
Matt Caswell
d41a831927 Prepare for 1.1.1-pre10-dev
Reviewed-by: Tim Hudson <tjh@openssl.org>
2018-08-21 13:15:56 +01:00
Matt Caswell
bb20b3fd50 Prepare for 1.1.1-pre9 release
Reviewed-by: Tim Hudson <tjh@openssl.org>
2018-08-21 13:14:10 +01:00
Matt Caswell
e97be71804 Add support for SSL_CTX_set_post_handshake_auth()
We already have SSL_set_post_handshake_auth(). This just adds the SSL_CTX
equivalent.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
2018-08-20 15:14:01 +01:00
Matt Caswell
32097b33bd Change Post Handshake auth so that it is opt-in
Having post handshake auth automatically switched on breaks some
applications written for TLSv1.2. This changes things so that an explicit
function call is required for a client to indicate support for
post-handshake auth.

Fixes #6933.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
2018-08-20 15:14:01 +01:00
Benjamin Kaduk
50f3994b51 Avoid shadowing 'free' in X509_LOOKUP_met_set_free
gcc 4.6 (arguably erroneously) warns about our use of 'free' as
the name of a function parameter, when --strict-warnings is enabled:

crypto/x509/x509_meth.c: In function 'X509_LOOKUP_meth_set_free':
crypto/x509/x509_meth.c:61:12: error: declaration of 'free' shadows a global declaration [-Werror=shadow]
cc1: all warnings being treated as errors
make[1]: *** [crypto/x509/x509_meth.o] Error 1

(gcc 4.8 is fine with this code, as are newer compilers.)

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6991)
2018-08-17 13:57:23 -05:00
Andy Polyakov
d2b863643d crypto/threads_*: remove CRYPTO_atomic_{read|write}.
CRYPTO_atomic_read was added with intention to read statistics counters,
but readings are effectively indistinguishable from regular load (even
in non-lock-free case). This is because you can get out-dated value in
both cases. CRYPTO_atomic_write was added for symmetry and was never used.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6883)
2018-08-17 12:40:39 +02:00