Commit Graph

24855 Commits

Author SHA1 Message Date
Christian Heimes
132b5facf8 Add test cases for min/max protocol API
Signed-off-by: Christian Heimes <christian@python.org>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6553)
2019-11-02 11:06:45 +01:00
Richard Levitte
b4a7b4ec4a Configure: Make --strict-warnings meaningful with MSVC cl
We also add this to our x86_64 builds on appveyor

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10287)
2019-11-02 11:00:13 +01:00
Richard Levitte
181f5185ee BIO_s_connect: add an error state and use it
If no connection could be made, addr_iter will eventually end up being
NULL, and if the user didn't check the returned error value, the
BIO_CONN_S_CONNECT code will be performed again and will crash.

So instead, we add a state BIO_CONN_S_CONNECT_ERROR that we enter into
when we run out of addresses to try.  That state will just simply say
"error" back, until the user does something better with the BIO, such
as free it or reset it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7630)
2019-11-02 10:44:27 +01:00
Pauli
5d0cf102e0 DRBG: add check for XOF so these can be disallowed by the DRBGs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
2019-11-02 15:10:54 +10:00
Pauli
9fff0a4b0d DRBG: weaken the restriction on allowed digests.
The artificial restriction of digests for the HMAC and HASH DRBGs is lifted.
Any fetchable digest is acceptable except XOF ones (such as SHAKE).

In FIPS mode, the fetch remains internal to the provider so only a FIPS
validated digest will be located.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
2019-11-02 15:10:54 +10:00
Patrick Steuer
c47a56d615 s390x: fix build errors
ecp_s390x_nistp.c and ecx_meth.c need to include s390x_arch.h.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10317)
2019-11-01 17:24:52 +01:00
jayaram
fefe3169bb fix for Missing null check after OPENSSL_zalloc
Fixes #10283

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10296)
2019-11-01 16:13:15 +01:00
Patrick Steuer
351ba5bd27 md4/md5: macros should not include the line following them
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10311)
2019-11-01 15:58:00 +01:00
Scott Wilson
6624e1f7b6 Fix potential memory leak in dh_ameth.c
Free dukm in error handling of dh_cms_encrypt()

Fixes #10294

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10310)
2019-11-01 12:39:46 +01:00
Rich Salz
6e4618a0d7 Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226

Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
2019-10-31 14:26:34 +01:00
Rich Salz
9fcb9702fb Infrastructure for templated doc in POD files
Use new doc-build capabilities
Add -i flag to dofile.
Add doc/man1 to SUBDIRS for the new templated doc files
Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff.
Put template references in common place
Template options and text come at the end of command-specific options:
opt_x, opt_trust, opt_r (in that order).
Refactor xchain options.
Do doc-nits after building generated sources.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10159)
2019-10-31 14:19:29 +01:00
Richard Levitte
fb1ecf85c9 evp_pkey_ctx_free_old_ops(): Make sure to assign NULL to freed pointers
Otherwise, should this function be called more than once on the same
EVP_PKEY_CTX, we get double free issues.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10292)
2019-10-31 12:26:59 +01:00
Jakub Zelenka
2aa28a1abc Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9823)
2019-10-31 11:15:31 +00:00
Billy Brumley
305bf9c866 [crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10209)
2019-10-31 11:05:04 +00:00
Kelvin Lee
8e8901e1e4 Fix typo in cipher_chacha20_poly1305_hw.c.
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10275)
2019-10-31 10:50:38 +00:00
Tanzinul Islam
38b71bd470 Fix find/rm command in Unix clean recipe
The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless).

>rm -f `find . -name '*.d' \! -name '.*' -print`
>rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory
>make: [Makefile:1910: clean] Error 1 (ignored)

Exclude directories from being matched by the `find` commands.

CLA: trivial

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10264)
2019-10-31 10:34:13 +00:00
John Baldwin
f059e4cc43 Don't generate a MAC when using KTLS.
The kernel will generate the MAC when transmitting the frame.  Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts.  Note that this path is not taken when
using stitched cipher suites.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
2019-10-31 10:24:32 +00:00
John Baldwin
1ca50aa975 Fix BIO_get_ktls_send() and BIO_get_ktls_recv() to work again.
This partially reverts 3119ab3c9e.  In the
case of a simple openssl s_server instance, the bio in s->wbio is a
BIO_TYPE_BUFFER BIO, not BIO_TYPE_SOCKET.  This caused all of the checks
to fail breaking KTLS.

The default return value of control methods I have looked it is zero
for unknown control requests, so invoking the control requests should
be returning 0 for non-socket BIOs already.

This does still map the requests to 0 at compile time for the non-KTLS
case so that the compiler can optimize the checks away entirely.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
2019-10-31 10:24:32 +00:00
John Baldwin
712c094293 Simplify NO_KTLS path in SSL_sendfile.
Avoid tripping over errno values from previous system calls in the
thread and just hardcode the specific error.  BIO_get_ktls_send()
should never be true in the NO_KTLS path, so the #ifdef could be
moved even higher up to assume that error path in the NO_KTLS case
instead.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
2019-10-31 10:24:32 +00:00
Andrew Gallatin
54f30cb57c Bypass multiblock and send individual records when using KTLS.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
2019-10-31 10:24:32 +00:00
Andrew Gallatin
2111f5c283 Add support for in-kernel TLS (KTLS) on FreeBSD.
- Check for the <sys/ktls.h> header to determine if KTLS support
  is available.
- Populate a tls_enable structure with session key material for
  supported algorithms.  At present, AES-GCM128/256 and AES-CBC128/256
  with SHA1 and SHA2-256 HMACs are supported.  For AES-CBC, only MtE
  is supported.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
2019-10-31 10:24:32 +00:00
Richard Levitte
181ea366f6 crypto/evp/evp_fetch.c: Make it more prominent that these functions are EVP
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10257)
2019-10-31 11:13:57 +01:00
Pauli
0fee1dffbb KDF: use string names not macros to align with other algorithms.
Only the KDF and PRF algorithms used the macros for their names, all other
algorithms used a string name directly.  This brings the KDFs and PRFs into
line with the rest.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10293)
2019-10-31 13:20:09 +10:00
Dr. Matthias St. Pierre
d9b8c7237c Add a GitHub issue template for documentation issues
This template automatically adds the [issue: documentation] label.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
2019-10-30 17:46:00 +01:00
Dr. Matthias St. Pierre
a71779dee6 Add a GitHub issue template for questions
Actually, we would rather see general questions posted to the
openssl-users mailing list. But habits have changed and more and
more users ask questions on GitHub. Many of them are currently tagged
as bug reports or feature requests, because there is no appropriate
template for questions. This commit adds the missing template.

This template automatically adds the [issue: question] label.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
2019-10-30 17:46:00 +01:00
Kelvin Lee
f702256d55 Fix undefined array OPENSSL_ia32cap_P.
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10274)
2019-10-30 10:45:40 +01:00
Pavel Karagodin
7c2d95d47c apps/dgst.c: allocate a new signature buffer
... if the fixed-size buffer is too small.

Fixes #9732

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10276)
2019-10-30 10:20:31 +01:00
Dr. David von Oheimb
4dde554c6a chunk 5 of CMP contribution to OpenSSL
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10036)
2019-10-29 14:17:39 +00:00
Matt Caswell
0a4d6c6748 Fix an s_server arbitrary file read issue on Windows
Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.

GET /..\myfile.txt HTTP/1.0

There exists a check for this for Unix paths but it is not sufficient
for Windows.

Since s_server is a test tool no CVE is assigned.

Thanks to Jobert Abma for reporting this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10215)
2019-10-28 13:11:15 +00:00
Matt Caswell
c549cb46e0 Fix a copy&paste error in the TLSv1.3 server side PSK documentation
The introductory paragraph for the TLSv1.3 server side PSK documentation
is a copy & paste of the client side documentation which has not been
updated with the server side equivalent information.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10245)
2019-10-28 13:07:42 +00:00
Pauli
2d3c5ee161 Clarify the description of the NULL argument in SSL_set1_host().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10253)
2019-10-28 22:16:50 +10:00
Tobias Nießen
465a58b117 Allow EVP_PKEY_get0_RSA for RSA-PSS keys
RSA-PSS keys use the same internal structure as RSA keys but do not
allow accessing it through EVP_PKEY_get0_RSA. This commit changes that
behavior.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10217)
2019-10-28 11:07:10 +00:00
Johannes Bauer
aed8c47cbc Cleanup hardcoded cipher suite codepoints in s_server
The hardcoded code points for TLSv1.3 cipher suites are used in the TLS
PSK server callback. However, they seem to have been refactored a while
ago to use tls13_aes128gcmsha256_id, so these defines are not necessary
within the s_server code anymore.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10243)
2019-10-28 10:57:44 +00:00
Dr. Matthias St. Pierre
cfa71c5dc8 github: switch issue templates to new labels
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10266)
2019-10-26 00:12:23 +02:00
Dmitry Belyavskiy
7c43eb5dcf Strip BOM on loading PEM files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
2019-10-25 18:04:35 +02:00
Rich Salz
1b0d1bf7f1 Fix broken links, mainly typo's
Also tweak find-doc-nits while fixing a bug (don't need .in files)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)
2019-10-24 08:45:25 -04:00
Tomas Mraz
40dfb8c705 20-test_enc_more.t: Replace deprecated -ciphers option with -list
[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10242)
2019-10-24 12:23:34 +02:00
Rich Salz
d318389eff Document "get/set-app-data" macros.
Documenting the macros removes 14 undocumented items.
Merged three separate manpages into one.
Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one
for API compatibility.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10216)
2019-10-23 08:31:21 -04:00
Cesar Pereida Garcia
c89799605b Enable runtime testing of no-deprecated builds in Travis
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)
2019-10-23 12:06:02 +03:00
Cesar Pereida Garcia
8aca4bfe82 Update control logic for BN_gcd
PR https://github.com/openssl/openssl/pull/10122 introduced changes to
the BN_gcd function and the control logic inside it accessed `g->d[0]`
irrespective of `g->top`.

When BN_add is called, in case the result is zero, `BN_zero` is called.
The latter behaves differently depending on the API compatibility level
flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only
`g->top` is set to zero.

This commit uses bitwise logic to ensure that `g` is treated as zero if
`g->top` is zero, irrespective of `g->d[0]`.

Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)
2019-10-23 12:06:02 +03:00
Rich Salz
777182a0c7 Document the -inform, etc., in openssl.pod
Add P12 format description.
Remove PEM NOTES sections; it's in openssl.pod

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10142)
2019-10-23 10:53:03 +02:00
Rich Salz
3c77a41b30 Fix some wording and markup
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10214)
2019-10-23 10:24:57 +02:00
Simo Sorce
33f54da3dd Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
2019-10-23 08:32:48 +02:00
Nicola Tuveri
eb2ff0408a Fix doc for EC_GROUP_set_curve()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:50:01 +03:00
Nicola Tuveri
4fc55c1da9 Improve formatting for man3/EC_GROUP_new.pod
- Use `()` to qualify function names, consistently
- Limit line width to 80 chars

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:49:46 +03:00
Nicola Tuveri
4a7a497229 Deprecate EC_GROUP_clear_free()
There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.

See https://github.com/openssl/openssl/issues/9822

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:49:46 +03:00
Nicola Tuveri
cdf8d0db79 Avoid using EC_GROUP_clear_free() internally
There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.

See https://github.com/openssl/openssl/issues/9822

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:49:46 +03:00
jayaram
df3d1e84b3 fixed the RETURN VALUES section in the EC_GROUP documentation
for the following functions.

EC_GROUP_get_order
EC_GROUP_get_cofactor
EC_GROUP_get_curve_name
EC_GROUP_get_asn1_flag
EC_GROUP_get_point_conversion_form
EC_GROUP_get_degree

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9664)
2019-10-22 13:45:42 +03:00
Rich Salz
dbb1dc1e97 Add/remove things from .gitignore
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10220)
2019-10-21 18:12:31 +02:00
Richard Levitte
5768804d5a crypto/s390xcap.c: Add guards around the GETAUXVAL checks
HWCAP_S390_VX is missing on SUSE Linux Enterprise Server 12 SP1, so we
add a guard that checks the present of that macro.  While we're at it,
we do the same with HWCAP_S390_STFLE, for consistency.

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9892)
2019-10-21 15:14:09 +02:00