Commit Graph

25126 Commits

Author SHA1 Message Date
Shane Lontis
169e422edd Remove asn1 module dependency from RSASSA-PKCS1-v1_5 implementation.
Replace use of the asn1 module (X509_SIG, X509_ALGOR, ASN1_TYPE,
ASN1_OCTET_STRING, i2d_X509_SIG(), etc.) as well as OID lookups using
OBJ_nid2obj() with pre-generated DigestInfo encodings for MD2, MD5, MDC-2,
SHA-1, SHA-2 and SHA-3; the encoding is selected based on the NID. This is
similar to the approach used by the old FOM.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9138)
2019-12-22 09:37:17 +10:00
Richard Levitte
365955fb27 Rename doc/man7/provider-asymcipher.pod
The correct name is doc/man7/provider-asym_cipher.pod, to match the
name in the NAME section.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)
2019-12-21 22:53:54 +01:00
Richard Levitte
b525a7586d doc/man1/openssl-cmds.pod: Add invisble name 'openssl-cmds'
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)
2019-12-21 22:53:54 +01:00
Richard Levitte
8b849cca31 OpenSSL::Util::extract_pod_info(): Allow invisible names
This should be very unusual, but we do have a case of a name we don't
want to display.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)
2019-12-21 22:53:54 +01:00
Richard Levitte
dfb45dc824 OpenSSL::Util::extract_pod_info(): Read the POD one paragraph at a time
POD files should always be treated this way

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)
2019-12-21 22:53:54 +01:00
Richard Levitte
ccfce835e0 Adjust all util/missing*.txt to include the section number
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)
2019-12-21 22:53:54 +01:00
Richard Levitte
b4350db5a7 util/find-doc-nits: Better checking of missing documentation
The names collected in util/missing*.txt are not file names, but
symbol names, and to compare properly with script data, the section
name must be included.

All symbols found in util/lib*.num are library functions, so we know
that they are in manual section 3 and can simply add that info.  The
same goes for all macros found in C headers.

Finally, we get rid of getdocced() and its associated hash table
%docced.  We already have the appropriate information in %name_map.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)
2019-12-21 22:53:54 +01:00
Richard Levitte
5423cabb50 perl: OpenSSL::Util::Pod::extract_pod_info() now saves the file contents
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)
2019-12-21 22:53:54 +01:00
Bernd Edlinger
b0d3442efc Add some missing cfi frame info in aesni-sha and sha-x86_64.pl
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10655)
2019-12-20 23:14:37 +01:00
Bernd Edlinger
95bbe6eff7 Add some missing cfi frame info in keccak1600-x86_64.pl
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10654)
2019-12-20 23:12:00 +01:00
Bernd Edlinger
a5fe7825b9 Add some missing cfi frame info in aesni-x86_64.pl
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10653)
2019-12-20 23:08:57 +01:00
Bernd Edlinger
013c2e8d1a Add some missing cfi frame info in rsaz-x86_64
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10652)
2019-12-20 23:05:42 +01:00
Bernd Edlinger
0190c52ab8 Add some missing cfi frame info in x86_64-mont5.pl
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10651)
2019-12-20 22:56:00 +01:00
Bernd Edlinger
4a0b7ffcc0 Add some missing cfi frame info in aes-x86_64.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10650)
2019-12-20 22:46:20 +01:00
Bernd Edlinger
6b913be708 Add some missing cfi frame info in camellia-x86_64.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10642)
2019-12-20 22:41:32 +01:00
Bernd Edlinger
74a5808b3b Fix no-des build
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10643)
2019-12-20 22:37:17 +01:00
Richard Levitte
cc731bc3f6 EVP & PROV: Fix all platform inclusions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10662)
2019-12-19 13:33:35 +01:00
Richard Levitte
c0d47492a7 CRYPTO: split cipher_platform.h into algorithm specific headers
aes_platform.h
cmll_platform.h
des_platform.h

To make this possible, we must also define DES_ASM and CMLL_ASM to
indicate that we have the necessary internal support.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10662)
2019-12-19 13:31:29 +01:00
Jussi Keranen
0ab6fc79a9 Fix regression on x509 keyform argument
In OpenSSL pre 1.1.0, 'openssl x509 -keyform engine' was possible
and supported.  In 1.1.0, type of keyform argument is OPT_FMT_PEMDER
which doesn't support engine. This changes type of keyform argument
to OPT_FMT_PDE which means PEM, DER or engine and updates the manpage
including keyform and CAkeyform.

This restores the pre 1.1.0 behavior.

This issue is very similar than https://github.com/openssl/openssl/issues/4366

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10609)
2019-12-19 09:58:51 +01:00
Rich Salz
625c781dc7 Use a function to generate do-not-edit comment
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10316)
2019-12-19 09:48:53 +01:00
Haohui Mai
b575608507 Make Windows build more robust
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10586)
2019-12-19 09:47:27 +01:00
Shane Lontis
3ce3866389 Fix travis timeout by excluding arm64 gcc -fsanitize=address build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10639)
2019-12-19 17:50:50 +10:00
Fangming.Fang
31b59078c8 Optimize AES-GCM implementation on aarch64
Comparing to current implementation, this change can get more
performance improved by tunning the loop-unrolling factor in
interleave implementation as well as by enabling high level parallelism.

Performance(A72)

new
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   16384 bytes
aes-128-gcm     113065.51k   375743.00k   848359.51k  1517865.98k  1964040.19k  1986663.77k
aes-192-gcm     110679.32k   364470.63k   799322.88k  1428084.05k  1826917.03k  1848967.17k
aes-256-gcm     104919.86k   352939.29k   759477.76k  1330683.56k  1663175.34k  1670430.72k

old
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   16384 bytes
aes-128-gcm     115595.32k   382348.65k   855891.29k  1236452.35k  1425670.14k  1429793.45k
aes-192-gcm     112227.02k   369543.47k   810046.55k  1147948.37k  1286288.73k  1296941.06k
aes-256-gcm     111543.90k   361902.36k   769543.59k  1070693.03k  1208576.68k  1207511.72k

Change-Id: I28a2dca85c001a63a2a942e80c7c64f7a4fdfcf7

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9818)
2019-12-19 12:36:07 +10:00
Richard Levitte
51a7c4b5f2 TEST: Add test recipe and help program to test BIO_f_prefix()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)
2019-12-18 19:42:44 +01:00
Richard Levitte
f1299839b7 EVP: Adapt EVP_PKEY_print_ routines to use BIO_f_prefix()
We take the opportunity to refactor EVP_PKEY_print_public,
EVP_PKEY_print_private, EVP_PKEY_print_params to lessen the amount of
code copying.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)
2019-12-18 19:42:44 +01:00
Richard Levitte
0e79d20f1e ASN1: Adapt ASN.1 output routines to use BIO_f_prefix()
We modify asn1_print_info() to print the full line.  It pushes a
BIO_f_prefix() BIO to the given |bp| if it can't detect that it's
already present, then uses both the prefix and indent settings to get
formatting right.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)
2019-12-18 19:42:44 +01:00
Richard Levitte
e79ae962fb APPS & TEST: Adapt to use the new BIO_f_prefix()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)
2019-12-18 19:42:44 +01:00
Richard Levitte
319cee9e2f BIO: Add BIO_f_prefix(), a text line prefixing filter
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)
2019-12-18 19:42:44 +01:00
Richard Levitte
a0848daee5 crypto/bio/build.info: split the source files in categories
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)
2019-12-18 19:42:44 +01:00
Bernd Edlinger
8913378a55 Fix unwind info for some trivial functions
While stack unwinding works with gdb here, the
function _Unwind_Backtrace gives up when something outside
.cfi_startproc/.cfi_endproc is found in the call stack, like
OPENSSL_cleanse, OPENSSL_atomic_add, OPENSSL_rdtsc, CRYPTO_memcmp
and other trivial functions which don't save anything in the stack.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10635)
2019-12-18 14:26:50 +01:00
Rich Salz
f64f262204 Fix build when enabling mdebug options.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10629)
2019-12-18 15:06:15 +10:00
Shane Lontis
b2055d67f0 Cleanup legacy digest methods.
Macros have been added to generate the simple legacy methods.
Engines and EVP_MD_METH_get methods still require access to the old legacy methods,
so they needed to be added back in.
They may only be removed after engines are deprecated and removed.
Removed some unnecessary #includes and #ifndef guards (which are done in build.info instead).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10602)
2019-12-18 14:46:01 +10:00
Saritha
1ac7e15375 apps/speed.c: Fix eddsa sign and verify output with -multi option
Fixes #10261
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10285)
2019-12-17 19:14:23 +01:00
Richard Levitte
982efd7765 EVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY
The case when EVP_PKEY_CTX_new() is called with a provided EVP_PKEY
(no legacy data) wasn't handled properly.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10618)
2019-12-17 08:13:13 +01:00
Matt Caswell
19f909856d Update the HISTORY entry for RSA_get0_pss_params()
Make a note of when this function was first introduced

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10568)

(cherry picked from commit e2af84bd45)
2019-12-16 14:55:30 +00:00
Matt Caswell
e295de1d84 Test that EVP_PKEY_set1_DH() correctly identifies the DH type
Provide a test to check tat when we assign a DH object we know whether
we are dealing with PKCS#3 or X9.42 DH keys.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)
2019-12-16 14:27:26 +00:00
Matt Caswell
32c869ffab Ensure EVP_PKEY_set1_DH detects X9.42 keys
OpenSSL supports both PKCS#3 and X9.42 DH keys. By default we use PKCS#3
keys. The function `EVP_PKEY_set1_DH` was assuming that the supplied DH
key was a PKCS#3 key. It should detect what type of key it is and assign
the correct type as appropriate.

Fixes #10592

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)
2019-12-16 14:27:16 +00:00
kinichiro
1aeec3dbc2 Return 1 when openssl req -addext kv is duplicated
CLA: trivial

Fixes #10273

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10578)
2019-12-16 15:05:35 +01:00
Rich Salz
1461138271 Deprecated crypto-mdebug-backtrace
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)
2019-12-14 20:57:35 +01:00
Rich Salz
742ccab318 Deprecate most of debug-memory
Fixes #8322

The leak-checking (and backtrace option, on some platforms) provided
by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered;
only the "make malloc fail" capability remains.  OpenSSL recommends using
the compiler's leak-detection instead.

The OPENSSL_DEBUG_MEMORY environment variable is no longer used.
CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(),
CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code.
CRYPTO_mem_debug_{malloc,realloc,free}() have been removed.  All of the
above are now deprecated.

Merge (now really small) mem_dbg.c into mem.c

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)
2019-12-14 20:57:35 +01:00
Dmitry Belyavskiy
4e3ee452d0 Parse large GOST ClientKeyExchange messages
Large GOST ClientKeyExchange messages are sent by VipNet CSP, one of
Russian certified products implementing GOST TLS, when a server
certificate contains 512-bit keys.

This behaviour was present in 1.0.2 branch and needs to be restored.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10376)
2019-12-13 17:43:33 +03:00
Richard Levitte
2e16439786 Remove CRYPTO_secure_allocated from util/missingcrypto111.txt
Followup on #10523

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10611)
2019-12-13 10:15:55 +01:00
Richard Levitte
46994f7163 Add better support for using deprecated symbols internally
OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the
deprecation macros not to add the warning attribute.  However, with
'no-deprecated', the symbols are still removed entirely, while we
might still want to use them internally.

The solution is to permit <openssl/opensslconf.h> macros to be
modified internally, such as undefining OPENSSL_NO_DEPRECATED in this
case.

However, with the way <openssl/opensslconf.h> includes
<openssl/macros.h>, that's easier said than done.  That's solved by
generating <openssl/configuration.h> instead, and add a new
<openssl/opensslconf.h> that includes <openssl/configuration.h> as
well as <openssl/macros.h>, thus allowing to replace an inclusion of
<openssl/opensslconf.h> with this:

    #include <openssl/configuration.h>

    #undef OPENSSL_NO_DEPRECATED
    #define OPENSSL_SUPPRESS_DEPRECATED

    #include <openssl/macros.h>

Or simply add the following prior to any other openssl inclusion:

    #include <openssl/configuration.h>

    #undef OPENSSL_NO_DEPRECATED
    #define OPENSSL_SUPPRESS_DEPRECATED

Note that undefining OPENSSL_NO_DEPRECATED must never be done by
applications, since the symbols must still be exported by the
library.  Internal test programs are excempt of this rule, though.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10608)
2019-12-13 10:09:49 +01:00
Richard Levitte
97ba39547d test/namemap_internal_test.c: use "cookie" instead of "foo"...
... in test_namemap()

Because tests may sometimes run in random order (subject of the
environment variable OPENSSL_TEST_RAND_ORDER being defined), and we're
dealing with the global namemap, each test must use names that are
globally unique for that test.  Unfortunately, we used "foo" in two of
them, which might lead to surprising results.

Fixes #10401

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10601)
2019-12-13 10:03:57 +01:00
kinichiro
dd0139f416 Check return value after loading config file
CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10607)
2019-12-13 13:39:31 +10:00
Pauli
ebe19ab86c mac poly1305: add missing NULL check in new function.
Bug reported by Kihong Heo.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10613)
2019-12-13 10:31:28 +10:00
Pauli
41a6d557b9 mac siphash: add missing NULL check on context creation
Bug reported by Kihong Heo.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10613)
2019-12-13 10:31:28 +10:00
Rich Salz
d2b194d78f Various missing-link fixes
Also, turn missing L<foo(3)> into foo(3)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10104)
2019-12-12 16:55:02 +01:00
Richard Levitte
dc7aa02900 PROV: Move AES_GCM specialisation away from common cipher header
The AES_GCM specialisation was defined in the common cipher header
providers/implementations/include/prov/ciphercommon_gcm.h, when it
should in fact be in a local providers/implementations/ciphers/
header.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10606)
2019-12-12 14:59:24 +01:00
Richard Levitte
e85f3a14f8 PROV: Move AES_CCM specialisation away from common cipher header
The AES_CCM specialisation was defined in the common cipher header
providers/implementations/include/prov/ciphercommon_ccm.h, when it
should in fact be in a local providers/implementations/ciphers/
header.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10606)
2019-12-12 14:59:24 +01:00