Commit graph

23470 commits

Author SHA1 Message Date
Richard Levitte
f272be676b Adapt ENGINE_TABLE_DEBUG to the new generic trace API
Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:14 +01:00
Richard Levitte
f4db05df0e Adapt ENGINE_CONF_DEBUG to the new generic trace API
Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:14 +01:00
Richard Levitte
5c64173586 Adapt OPENSSL_INIT_DEBUG to the new generic trace API
Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:13 +01:00
Richard Levitte
77359d22c9 Adapt CIPHER_DEBUG to the new generic trace API
Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:13 +01:00
Richard Levitte
49b26f54f4 Adapt SSL_DEBUG to the new generic trace API
Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:13 +01:00
Richard Levitte
16a9d3746e Make it possible to disable the TRACE API
This disabled the tracing functionality by making functions do
nothing, and making convenience macros produce dead code.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:13 +01:00
Richard Levitte
682b444f8a apps/openssl.c: Adapt to enable tracing output
Use the environment variables OPENSSL_TRACE to determine what's going
to be enabled.  The value of this variables is a comma separated list
of trace and debugging names, which correspond to the trace category
macros defined in include/openssl/trace.h.

For example, setting OPENSSL_DEBUG=TRACE,SSL will enable debugging output
for the types OSSL_TRACE_CATEGORY_TRACE and OSSL_TRACE_CATEGORY_SSL.

This also slightly changes the handling of the prefix method in
apps/apps.c.  This is for the better, as the prefix method pointer was
unneccessarily stored in two places.

Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:13 +01:00
Richard Levitte
2390c573aa Add generic trace API
The idea is that the application shall be able to register output
channels or callbacks to print tracing output as it sees fit.

OpenSSL internals, on the other hand, want to print thoses texts using
normal printing routines, such as BIO_printf() or BIO_dump() through
well defined BIOs.

When the application registers callbacks, the tracing functionality
sets up an internal BIO that simply forwards received text to the
appropriate application provided callback.

Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:13 +01:00
Pauli
8ab53b193a Make the sparse array code use ossl_uintmax_t as its index rather than size_t.
This should never reduce the range covered and might increase it on some
platforms.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8415)
2019-03-06 13:50:54 +10:00
Richard Levitte
7120f1e7c7 padlock: generate assembler source for static libraries too
The GENERATE lines for generating the padlock assembler source were
wrongly placed in such a way that they only applied to the shared
library build.

[extended tests]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8412)
2019-03-05 20:53:15 +01:00
Matt Caswell
c96ce52ce2 Don't write the tick_identity to the session
Sessions must be immutable once they can be shared with multiple threads.
We were breaking that rule by writing the ticket index into it during the
handshake. This can lead to incorrect behaviour, including failed
connections in multi-threaded environments.

Reported by David Benjamin.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8383)
2019-03-05 14:23:36 +00:00
Richard Levitte
284d19c2ce Add advice on setting CXX at the same time as CC
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)
2019-03-05 09:26:13 +01:00
Richard Levitte
26a053d195 Travis: use enable-buildtest-c++
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)
2019-03-05 09:26:13 +01:00
Richard Levitte
ac4033d658 Configure: make C++ build tests optional and configurable
Disabled by default

Fixes #8360

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)
2019-03-05 09:26:13 +01:00
Richard Levitte
ff825807bc VMS: fix util/[un]local.com.in to handle attributes
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8382)
2019-03-05 08:56:20 +01:00
Richard Levitte
ce506d27ab testutil: ensure good treatment of argv on non-Unix platforms
From a Unix point of view, some other platform families have certain
quirks.  Windows command prompt doesn't expand globs into actual file
names, so we must do this.  VMS has some oddity with argv pointer size
that can cause crashes if you're not careful (by copying it to a less
surprising pointer size array).

The fixups already exist and are used in the apps/ code.  However, the
testutil code started using the opt routines from apps/ without
including the non-Unix fixups.  This change fixes that.

For VMS' sake, libtestutil gets an app_malloc() shim, to avoid sucking
in all of apps/apps.c.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8381)
2019-03-05 08:53:19 +01:00
Richard Levitte
9b542d72d2 VMS: move copy_argc to its own module and make it an aux source
copy_argv was never initialization code.

Make it self-cleaning too.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8381)
2019-03-05 08:51:09 +01:00
Richard Levitte
469ce8ff48 Deprecate the "hw" configuration options, make "padlockeng" disablable
The "hw" and "hw-.*" style options are historical artifacts, sprung
from the time when ENGINE was first designed, with hardware crypto
accelerators and HSMs in mind.

Today, these options have largely lost their value, replaced by
options such as "no-{foo}eng" and "no-engine".

This completes the transition by making "hw" and "hw-.*" deprecated,
but automatically translated into more modern variants of the same.

In the process, we get rid of the last regular expression in
Configure's @disablables, a feature that was ill supported anyway.
Also, padlock now gets treated just as every other engine.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8380)
2019-03-05 08:46:51 +01:00
Vitezslav Cizek
e3b35d2b29 openssl_strerror_r: Fix handling of GNU strerror_r
GNU strerror_r may return either a pointer to a string that the function
stores in buf, or a pointer to some (immutable) static string in which case
buf is unused.

In such a case we need to set buf manually.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8371)
2019-03-04 10:06:54 +00:00
Pauli
68ad17e874 Check for negative return for signature size.Addresses Coverity 1442933
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8392)
2019-03-04 13:39:09 +10:00
Bernd Edlinger
38023b87f0 Fix seeding from random device w/o getrandom syscall
Use select to wait for /dev/random in readable state,
but do not actually read anything from /dev/random,
use /dev/urandom first.

Use linux define __NR_getrandom instead of the
glibc define SYS_getrandom, in case the kernel headers
are more current than the glibc headers.

Fixes #8215

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8251)
2019-03-01 18:28:11 +01:00
Matt Caswell
ed86f884ba Fix no-ec, no-sm2 and no-sm3
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8372)
2019-03-01 14:11:10 +00:00
Paul Yang
cc838ee2d6 Add section order check in util/find-doc-nits
This patch checks if the EXAMPLES section in a pod file is placed
before the RETURN VALUES section.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8338)
2019-02-28 21:38:20 +08:00
Paul Yang
4564e77ae9 Place return values after examples in doc
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8338)
2019-02-28 21:38:19 +08:00
Richard Levitte
69f6b3ceab apps/ca.c: only output DER with SPKAC input and when -out is chosen
So say the docs

Fixes #8055

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8368)
2019-02-28 13:06:32 +01:00
Richard Levitte
cee719c2d8 The use of the likes of UINT32_MAX requires internal/numbers.h
Found a few more cases.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8366)
2019-02-28 10:31:20 +01:00
Richard Levitte
8e7984e578 Configure: support a few more "make variables" defaulting from env
CFLAGS, CXXFLAGS, CPPFLAGS, LDFLAGS, and LDLIBS

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8325)
2019-02-27 18:49:44 +01:00
Richard Levitte
874f785988 .travis.yml: change -std=c89 to -ansi
For C, -ansi is equivalent to -std=c90
For C++, -ansi is equivalent to -std=c++98

We also place -ansi in CPPFLAGS instead of the usual command line config,
to avoid getting it when linking (clang complains)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8325)
2019-02-27 18:49:43 +01:00
Richard Levitte
e373c70a3e Configuration: divide devteam flags into language specific sets
Some of the devteam flags are not for C++

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8325)
2019-02-27 18:49:43 +01:00
Richard Levitte
9f27d4bf32 Do buildtests on our public header files with C++ as well
This ensures that we don't mistakenly use C++ keywords anywhere public.

Related to #8313

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8325)
2019-02-27 18:49:43 +01:00
Richard Levitte
4ca00f934f OpenSSL::Util::Pod: allow slashes in names
The names in the NAME section may describe headers, which contain a slash
for OpenSSL headers.  We deal with that by converting slashes to dashes
for the file names.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8286)
2019-02-27 18:36:31 +01:00
Richard Levitte
7753be74a3 Replumbing: Add include/openssl/core.h, initially with core types
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8286)
2019-02-27 18:36:30 +01:00
Simo Sorce
8d76481b18 Implement SSH KDF
SSH's KDF is defined in RFC 4253 in Section 7.2

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7290)
2019-02-27 11:02:54 +00:00
Richard Levitte
149c12d5e4 Make the padlock engine build correctly
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8220)
2019-02-27 11:32:14 +01:00
Richard Levitte
2fce15b58b Ensure configured module specific and application specific defines are used
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8220)
2019-02-27 11:32:14 +01:00
Richard Levitte
88780b1c5f Add PADLOCK_ASM to dso_defines rather than lib_defines
Since the padlock code is an engine, the assembler is for a module,
not a library link to when building a program...  there's a
distinction.

Fixes #2311

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8220)
2019-02-27 11:32:14 +01:00
Richard Levitte
546ca2f4f5 The use of the likes of UINT32_MAX requires internal/numbers.h
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8354)
2019-02-27 11:30:55 +01:00
Paul Yang
e766f4a053 Fix the default digest algorthm of SM2
Currently SM2 shares the ameth with EC, so the current default digest
algorithm returned is SHA256. This fixes the default digest algorithm of
SM2 to SM3, which is the only valid digest algorithm for SM2 signature.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8186)
2019-02-27 10:05:17 +08:00
Paul Yang
a7cef52f9b Support raw input data in apps/pkeyutl
Some signature algorithms require special treatment for digesting, such
as SM2. This patch adds the ability of handling raw input data in
apps/pkeyutl other than accepting only pre-hashed input data.

Beside, SM2 requries an ID string when signing or verifying a piece of data,
this patch also adds the ability for apps/pkeyutil to specify that ID
string.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8186)
2019-02-27 10:05:17 +08:00
Richard Levitte
4089b43407 Revert "Configure: stop forcing use of DEFINE macros in headers"
Github PR #8246 provides a better solution to the problem.

This reverts commit f11ffa505f.

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8247)
2019-02-26 22:47:18 +01:00
Richard Levitte
fa4d419c25 Add BN_native2bn and BN_bn2nativepad, for native BIGNUM import/export
These are a couple of utility functions, to make import and export of
BIGNUMs to byte strings in platform native for (little-endian or
big-endian) easier.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8346)
2019-02-26 22:44:48 +01:00
Billy Brumley
1a31d8017e [test] modernize ecdsatest and extend ECDSA sign KATs
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8314)
2019-02-26 17:59:51 +02:00
Nicola Tuveri
b3883f77df Fix trivial typo in EVP_DigestVerifyInit doc
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8319)
2019-02-26 17:42:19 +02:00
Matt Caswell
f4800345d9 Clarify that SSL_shutdown() must not be called after a fatal error
Follow on from CVE-2019-1559

Reviewed-by: Richard Levitte <levitte@openssl.org>
2019-02-26 10:54:04 +00:00
Richard Levitte
565a19eef3 Disable 02-test_errstr.t on msys/mingw as well as MSWin32
There is too high a risk that perl and OpenSSL are linked with
different C RTLs, and thereby get different messages for even the most
mundane error numbers.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8343)
2019-02-26 10:38:51 +00:00
Richard Levitte
13d928d38b Rearrange the inclusion of curve448/curve448_lcl.h
The real cause for this change is that test/ec_internal_test.c
includes ec_lcl.h, and including curve448/curve448_lcl.h from there
doesn't work so well with compilers who always do inclusions relative
to the C file being compiled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8334)

(cherry picked from commit f408e2a352)
2019-02-25 19:38:06 +01:00
Matt Caswell
576129cd72 Ensure bn_cmp_words can handle the case where n == 0
Thanks to David Benjamin who reported this, performed the analysis and
suggested the patch. I have incorporated some of his analysis in the
comments below.

This issue can cause an out-of-bounds read. It is believed that this was
not reachable until the recent "fixed top" changes. Analysis has so far
only identified one code path that can encounter this - although it is
possible that others may be found. The one code path only impacts 1.0.2 in
certain builds. The fuzzer found a path in RSA where iqmp is too large. If
the input is all zeros, the RSA CRT logic will multiply a padded zero by
iqmp. Two mitigating factors:

- Private keys which trip this are invalid (iqmp is not reduced mod p).
Only systems which take untrusted private keys care.
- In OpenSSL 1.1.x, there is a check which rejects the oversize iqmp,
so the bug is only reproducible in 1.0.2 so far.

Fortunately, the bug appears to be relatively harmless. The consequences of
bn_cmp_word's misbehavior are:

- OpenSSL may crash if the buffers are page-aligned and the previous page is
non-existent.
- OpenSSL will incorrectly treat two BN_ULONG buffers as not equal when they
are equal.
- Side channel concerns.

The first is indeed a concern and is a DoS bug. The second is fine in this
context. bn_cmp_word and bn_cmp_part_words are used to compute abs(a0 - a1)
in Karatsuba. If a0 = a1, it does not matter whether we use a0 - a1 or
a1 - a0. The third would be worth thinking about, but it is overshadowed
by the entire Karatsuba implementation not being constant time.

Due to the difficulty of tripping this and the low impact no CVE is felt
necessary for this issue.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8326)
2019-02-25 16:26:56 +00:00
David von Oheimb
56a98c3efd fix x509 -force_pubkey option to take effect with cert input or self-signing; improve its doc
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8165)
2019-02-25 10:26:23 +00:00
Pauli
ef9f606699 CID 1442838: API usage errors
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8318)
2019-02-24 21:27:02 +10:00
Pauli
71d1b229e9 CID 1442835: Integer Overflow
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8318)
2019-02-24 21:26:39 +10:00