Commit Graph

29321 Commits

Author SHA1 Message Date
Shane Lontis
0050db7bb3 Test d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully.
This confirms that another merge has addressed this issue.

Fixes #14996

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15303)
2021-05-20 08:52:57 +01:00
Pauli
e3884ec5c3 Revert "ARM assembly pack: translate bit-sliced AES implementation to AArch64"
This reverts commit da51566b25.

Fixes #15321

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15364)
2021-05-20 08:51:30 +01:00
Shane Lontis
b7140b0604 Add migration guide for 3.0
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14710)
2021-05-20 08:44:08 +01:00
Benjamin Kaduk
6e495312fd Update SSL_new_session_ticket() manual for triggered send
Document the recently added functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)
2021-05-19 14:56:08 -07:00
Benjamin Kaduk
a0bbcb42a9 Test new SSL_new_session_ticket() functionality
Now that we can become "in init" directly after the call, test the
various scenarios where explicit SSL_do_handshake() calls can come
into play.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)
2021-05-19 14:56:08 -07:00
Benjamin Kaduk
7c73fefe38 Let SSL_new_session_ticket() enter init immediately
The initial implementation always deferred the generation of the
requested ticket(s) until the next application write, but this
is not a great fit for what it actually does, architecturally wise.
A request to send a session ticket means entering back into the
handshake state machine (or "in init", as it's known in the
implementation).  The state machine transition is not something that
only occurs at an application-data write, and in general could occur at
any time.  The only constraint is that we can't enter "init" while in
the middle of writing application data.  In such cases we will need to
wait until the next TLS record boundary to enter the state machine,
as is currently done.

However, there is no reason why we cannot enter the handshake state
machine immediately in SSL_new_session_ticket() if there are no
application writes pending.  Doing so provides a cleaner API surface to
the application, as then calling SSL_do_handshake() suffices to drive
the actual ticket generation.  In the previous state of affairs a dummy
zero-length SSL_write() would be needed to trigger the ticket
generation, which is a logical mismatch in the type of operation being
performed.

This commit should only change whether SSL_do_handshake() vs zero-length
SSL_write() is needed to immediately generate a ticket after the
SSL_new_session_ticket() call -- the default behavior is still to defer
the actual write until there is other application data to write, unless
the application requests otherwise.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)
2021-05-19 14:56:08 -07:00
Dr. David von Oheimb
e34e91d7e5 danetest.c: Improve code formatting
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)
2021-05-19 20:15:26 +02:00
Dr. David von Oheimb
d6bf19a465 X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)
2021-05-19 20:15:26 +02:00
Dr. David von Oheimb
558f2a0146 X509 build_chain(): Fix two potential memory leaks on issuer variable
This also removes an inadequate guard: if (num == ctx->num_untrusted)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)
2021-05-19 20:15:26 +02:00
Dr. David von Oheimb
fc48b5c825 X509 build_chain(): Make the variable 'curr' local to the loop body
This increases readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)
2021-05-19 20:14:55 +02:00
Dr. David von Oheimb
e2abc685b7 X509 build_chain(): Rename variable 'depth' to 'max_depth'
This should increase readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)
2021-05-19 20:14:55 +02:00
Dr. David von Oheimb
aaa584cee7 X509 build_chain(): Restrict scope of 'self_signed' variable
This should increase readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)
2021-05-19 20:14:55 +02:00
Richard Levitte
da750b15c0 Make apps/progs.pl not look at apps/progs.c
apps/progs.pl will have apps/progs.c as output, and on some systems,
the output file of a program is locked against reading.
Unfortunately, apps/progs.c is also part of the sources that make up
apps/openssl, so it's necessary to mark that file in a way that makes
progs.pl skip over it.

Fortunately, this is easily done with a special attribute in
apps/build.info and a simple adaptation of apps/progs.pl.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15332)
2021-05-19 19:04:06 +02:00
Richard Levitte
dd05c7938d build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmts
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15332)
2021-05-19 19:03:16 +02:00
Tomas Mraz
b41ebb991e speed: Document the deficiencies of the command
Fixes #7032

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15330)
2021-05-19 16:03:28 +02:00
Dr. David von Oheimb
cf6cba90d5 80-test_cms.t: Disable new tests for binary input in Windows
This is a quick workaround for #15347.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15351)
2021-05-19 15:03:30 +02:00
Dr. David von Oheimb
25fad2ece8 apps/list: Remove obsolete -missing-help option
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)
2021-05-19 14:13:12 +02:00
Dr. David von Oheimb
e34307b8ac find-doc-nits -c: Fix handling in case expected helpstr is not found
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)
2021-05-19 14:13:12 +02:00
Dr. David von Oheimb
5bac37cb14 unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)
2021-05-19 14:13:12 +02:00
Jake Cooke
cad4f3facc Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15316)
2021-05-19 22:12:19 +10:00
Richard Levitte
bf991b25ca Make sure to include "crypto/ctype.h" to get ossl_isdigit()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)
2021-05-19 12:41:34 +02:00
Richard Levitte
d2f5321293 Make sure to include "internal/numbers.h" to get SIZE_MAX
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)
2021-05-19 12:41:34 +02:00
Richard Levitte
857cbe176f Fix crypto/bio/b_sock.c for VMS
Current VMS C-RTL does not have <sys/select.h>.  <sys/socket.h> is
a good enough replacement to get fd_set.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)
2021-05-19 12:41:34 +02:00
Richard Levitte
fea559085b Fix include/internal/sockets.h for VMS
It needs to include <openssl/opensslconf.h>

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)
2021-05-19 12:41:34 +02:00
Richard Levitte
ac2aa13aaf Fix include/openssl/e_os2.h for VMS
It would try to define OPENSSL_SYS_VMS if that macro is defined.
That's just not right.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)
2021-05-19 12:41:34 +02:00
Richard Levitte
bba402ece7 Tweak apps/build.info for VMS
A bit of quoting is all that's needed, and it doesn't hurt other platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:34 +02:00
Richard Levitte
31be74d3ca VMS need to build DSO with name shortening, because of provider code
We have pretty long symbol names, so they need to be shortened to fit
in the linker's 31 character limit on symbols.

Symbol name shortening with the VMS C compiler works in such a way
that a symbol name that's longer than 31 characters is mangled into
its first original 22 characters, followed by a dollar sign and the
32-bit CRC of the original symbol name in hexadecimal.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:34 +02:00
Richard Levitte
8ba3a15816 Configurations/descrip.mms.tmpl: Add another inclusion hack
crypto/ec/curve448/ has a series of inclusions that throws VMS C
off, so we compensate for it the same way as we have done before.

Fixes #14247

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:34 +02:00
Richard Levitte
0cbb6f6a9a Configurations/descrip.mms.tmpl: Change strategy for include directories
Instead of what we used to do, put all include directories in a number
of DCL variables and generate the /INCLUDE qualifier value on the
command line, we instead generate VMS C specific header files with
include directory pragmas, to be used with the VMS C's /FIRST_INCLUDE
qualifier.  This also shortens the command line, the size of which is
limited.

VMS C needs to have those include directories specified in a Unix
form, to be able to safely merge #include paths with them when
searching through them.

Fixes #14247

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:34 +02:00
Richard Levitte
cfc73c230d Thrown away all special descrip.mms variables
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:34 +02:00
Richard Levitte
0c1428f441 Fix configdata.pm.in's "use lib" for VMS
`use lib` needs Unix formatted paths.  For VMS, it means that we must
make sure to convert paths, and we may as well generalise it.

In this case, we need to adapt the functions sourcedir() and sourcefile()

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:34 +02:00
Richard Levitte
a1181fbdd0 Fix The VMS variant of platform->staticname()
It was looking in the wrong place in %unified_info to determine if the
library would be installed or not.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:17 +02:00
Richard Levitte
a2625c0fc8 Fix OpenSSL::fallback for VMS
VMS unpackers will typically convert any period ('.') in directory
names to underscores, since the period is a path separator on VMS,
just like '/' is a path separator on Unix.  Our fallback mechanism
needs to account for that.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:17 +02:00
Richard Levitte
22119050ab Configurations/descrip.mms.tmpl: Diverse updates
Get it back in sync with the other templates, and correct a few syntax
errors that have crept in.

Fixes #14247

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:17 +02:00
Richard Levitte
58ad786aa7 Turn off VMS C's info about unsupported pragmas
VMS C can be notoriously informative about certain things, such as
unsupported pragmas.  The case here is that it doesn't support
"#pragma once", and since we use those quite a lot, that's a lot of
repeated information.  We simply turn that warning off.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
2021-05-19 12:31:16 +02:00
Richard Levitte
2660b7cfba Rework how a build file (Makefile, ...) is produced
The memory footprint of how we produced the Makefile was quite...
important, because we have all the processing in one perl snippet, and
generate the details of the build file by appending to the "magic"
variable $OUT.  The result is that this variable gets to hold the
majority of the build file text, and depending on memory reallocation
strategies for strings, the heap may hold multiple (possibly not just
a few) copies of this string, almost all of them "freed" but still
taking up space.  This has resulted in memory exhaustion.

We therefore change strategy, and generate the build file in two
phases, where the first phase generates the full template using small
perl snippets for each detail, and the second phase processes this
template.  This is much kinder to process memory.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)
2021-05-19 10:13:02 +02:00
Richard Levitte
da51dc5f68 Move some OpenSSL perl utility functions to OpenSSL::Util
quotify1() and quotify_l() were in OpenSSL::Template, but should be
more widely usable.

configdata.pm.in's out_item() is also more widely useful and is
therefore moved to OpenSSL::Util as well, and renamed to dump_data().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)
2021-05-19 10:13:02 +02:00
Dr. David von Oheimb
8a734d3aaf CMS_get0_SignerInfos(): Prevent spurious error on cms_get0_signed() failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)
2021-05-19 09:23:41 +02:00
Dr. David von Oheimb
1b96cc70eb apps/cms.c: Simplify make_receipt_request() and load_content_info(()
Also improve adherence to code formatting rules.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)
2021-05-19 09:23:30 +02:00
Dr. David von Oheimb
6b83d032a6 apps/cms.c: Make -sign and -verify handle binary input
Fixes #8940

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)
2021-05-19 09:23:30 +02:00
Dr. David von Oheimb
7c701c590d Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary input
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)
2021-05-19 09:23:30 +02:00
Dr. David von Oheimb
184238794f bio_lib: Add BIO_get_line, correct doc of BIO_gets
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)
2021-05-19 09:23:30 +02:00
Pauli
c4fca3f705 fips: remove unnecessary commas to get CI working
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15337)
2021-05-19 13:15:14 +10:00
Tomas Mraz
753f1f24ac Avoid failing label removal if label is not there
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)
2021-05-19 13:08:27 +10:00
Tomas Mraz
a51ccd5be7 Separate FIPS checksum and labelling into different workflows
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)
2021-05-19 13:08:27 +10:00
Rich Salz
47c88d453e Remove "openssl ifdef" handling
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)
2021-05-19 10:36:01 +10:00
Rich Salz
e53ad1d8f2 Remove '=for openssl ifdef'
No longer needed after rewrite of cmd-nits

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)
2021-05-19 10:34:43 +10:00
Matt Caswell
40692ed7c8 Better error messages if there are no encoders/decoders/store loaders
If you don't have the base or default providers loaded and therefore there
are no encoders/decoders or store loaders then the error messages can be
cryptic. We provide better hints about how to fix the problem.

Fixes #13798

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15306)
2021-05-18 15:30:25 +01:00
Dr. David von Oheimb
9be5f9a869 Move ossl_sleep() to e_os.h and use it in apps
Fixes #15304

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15308)
2021-05-18 14:49:33 +02:00
Dr. David von Oheimb
78c44e4f81 DOC: Fix nits found by improved find-doc-nits -c
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)
2021-05-18 13:02:41 +02:00