Commit Graph

791 Commits

Author SHA1 Message Date
Tomas Mraz
0800318a0c Deprecate old style BIO callback calls
New style BIO_debug_callback_ex() function added to provide
replacement for BIO_debug_callback().

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15440)
2021-05-26 17:18:34 +02:00
Pauli
b93f6c2db9 err: rename err_load_xxx_strings_int functions
The new names are ossl_err_load_xxx_strings.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15446)
2021-05-26 13:01:47 +10:00
Matt Caswell
0789c7d834 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15381)
2021-05-20 14:22:33 +01:00
Richard Levitte
857cbe176f Fix crypto/bio/b_sock.c for VMS
Current VMS C-RTL does not have <sys/select.h>.  <sys/socket.h> is
a good enough replacement to get fd_set.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)
2021-05-19 12:41:34 +02:00
Dr. David von Oheimb
184238794f bio_lib: Add BIO_get_line, correct doc of BIO_gets
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)
2021-05-19 09:23:30 +02:00
Dr. David von Oheimb
9be5f9a869 Move ossl_sleep() to e_os.h and use it in apps
Fixes #15304

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15308)
2021-05-18 14:49:33 +02:00
Tomas Mraz
afecd85db1 Replace some of the ERR_clear_error() calls with mark calls
Fixes #15219

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15253)
2021-05-13 19:26:06 +02:00
Matt Caswell
a16d21744d Add the ability for ex_data to have a priority
Where an object has multiple ex_data associated with it, then we free that
ex_data in order of priority (high priority first).

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
2021-05-11 14:56:55 +01:00
David Carlier
f7f0632b01 BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15015)
2021-05-09 09:31:35 -07:00
Matt Caswell
aff636a489 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15181)
2021-05-06 13:03:23 +01:00
Matt Caswell
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an
internal only concept for our own providers. Since this is likely to be
generally useful, we make it a part of the public API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15072)
2021-05-04 12:00:21 +01:00
Tomas Mraz
59088414bc Removed dead code in linebuffer_ctrl()
Fixes Coverity CID 1476284

Also add possible number truncation check.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14928)
2021-04-22 16:45:57 +02:00
Matt Caswell
f5afac4bda Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14986)
2021-04-22 14:38:44 +01:00
Tanzinul Islam
daf98015aa Link with uplink module
The Clang-based `bcc32c.exe` expects AT&T syntax for inline assembly.
References:
 - http://docwiki.embarcadero.com/RADStudio/Sydney/en/Differences_Between_Clang-enhanced_C%2B%2B_Compilers_and_Previous-Generation_C%2B%2B_Compilers#Inline_Assembly
 - https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html
 - https://sourceware.org/binutils/docs/as/i386_002dVariations.html

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)
2021-04-19 11:05:55 +02:00
Shane Lontis
42e7d2f10e Add more negative checks for integers passed to OPENSSL_malloc().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14830)
2021-04-16 12:10:08 +10:00
Pauli
d32fc2c51b bio_printf: add \0 terminators for error returns in floating point conversions.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14829)
2021-04-14 17:00:04 +10:00
Pauli
4e1ebda9d9 bio: add a malloc failed error to BIO_print
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14829)
2021-04-14 17:00:04 +10:00
Matt Caswell
3c2bdd7df9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)
2021-04-08 13:04:41 +01:00
Shane Lontis
251c48183b Fix DER reading from stdin for BIO_f_readbuffer
Fixes #14559

The intitial implementation of the gets() function tried using the next bio's gets() function.
For a file BIO this returned incorrect data for binary data containing 0x00.
Just buffering all data during gets() did not work however since some
applications open and close the bio multiple times when dealing with pem
files containing multiple entries.. This does not work
when reading from stdin unless the data if buffered one byte at a time.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14599)
2021-03-22 09:07:36 +10:00
Rich Salz
cd3f8c1b11 Always check CRYPTO_LOCK_{read,write}_lock
Some functions that lock things are void, so we just return early.

Also make ossl_namemap_empty return 0 on error.  Updated the docs, and added
some code to ossl_namemap_stored() to handle the failure, and updated the
tests to allow for failure.

Fixes: #14230

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14238)
2021-03-14 15:33:34 +10:00
Tomas Mraz
12b4e5821d Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto
Calling OPENSSL_init_crypto(0, NULL) is a no-op and will
not properly initialize thread local handling.

Only the calls that are needed to initialize thread locals
are kept, the rest of the no-op calls are removed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14497)
2021-03-12 15:11:21 +01:00
Matt Caswell
8020d79b40 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
2021-03-11 13:27:36 +00:00
Pauli
141cc94e44 Add a real type for OSSL_CORE_BIO which is distinct from and not castable to BIO
Providers (particularly the FIPS provider) needs access to BIOs from libcrypto.
Libcrypto is allowed to change the internal format of the BIO structure and it
is still expected to work with providers that were already built.  This means
that the libcrypto BIO must be distinct from and not castable to the provider
side OSSL_CORE_BIO.

Unfortunately, this requirement was broken in both directions.  This fixes
things by forcing the two to be different and any casts break loudly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)
2021-03-11 09:25:57 +10:00
Shane Lontis
a30823c80f Add new filter BIO BIO_f_readbuffer()
This allows BIO_tell() and BIO_seek() to work for BIO's that do
not support these methods. The main use case for this is file/fd BIO's
that use stdin.

This works for stdin taken from input redirection (command < file),
and stdin via pipe (cat file | command).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
2021-03-11 07:57:31 +10:00
Dr. David von Oheimb
7f90026b3f Handle NULL result of ERR_reason_error_string() in some apps
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13920)
2021-02-22 08:49:52 +01:00
John Baldwin
f16e52b67c Correct the return value of BIO_get_ktls_*().
BIO_get_ktls_send() and BIO_get_ktls_recv() are documented as
returning either 0 or 1.  However, they were actually returning the
internal value of the associated BIO flag for the true case instead of
1.

Also trim redundant ternary operators.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14023)
2021-02-19 18:04:35 +01:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
zsugabubus
daa86f9e6b Check input size before NULL pointer test inside mem_write()
Checking is performed after the read-only test so it catches such errors
earlier.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13786)
2021-01-21 18:35:43 +01:00
Dr. David von Oheimb
ed4a9b15d9 replace all BIO_R_NULL_PARAMETER by ERR_R_PASSED_NULL_PARAMETER
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13713)
2021-01-16 11:29:43 +01:00
Dr. David von Oheimb
dc88a03906 bio_lib.c: Fix error queue entries and return codes on NULL args etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13713)
2021-01-16 11:29:43 +01:00
Pauli
7b42408756 remove unused assignments
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13577)
2020-12-03 11:21:33 +10:00
Matt Caswell
a07dc8167b Fix instances of pointer addition with the NULL pointer
Addition using the NULL pointer (even when adding 0) is undefined
behaviour. Recent versions of ubsan are now complaining about this, so
we fix various instances.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13513)
2020-11-30 10:37:14 +00:00
Matt Caswell
605856d72c Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13533)
2020-11-26 14:18:57 +00:00
Richard Levitte
14a6c6a4e1 ERR: Rebuild all generated error headers and source files
This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13390)
2020-11-24 15:22:33 +01:00
Richard Levitte
256d41d437 BIO: Undefine UNICODE in b_addr.c to get POSIX declaration of gai_strerror()
When UNICODE is defined, Windows headers push for WCHAR implementations,
which aren't compatible with POSIX declarations.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-13 09:35:31 +01:00
Richard Levitte
a150f8e1fc CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()
This is not done absolutely everywhere, as there are places where
the use of ERR_add_error_data() is quite complex, but at least the
simple cases are done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-13 09:35:31 +01:00
Richard Levitte
9311d0c471 Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-13 09:35:02 +01:00
Matt Caswell
29d3af0404 Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13324)
2020-11-05 13:37:26 +00:00
Richard Levitte
8300a8742b Work around Windows ftell() bug as per Microsoft engineering's suggestion
See
https://developercommunity.visualstudio.com/content/problem/425878/fseek-ftell-fail-in-text-mode-for-unix-style-text.html

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13190)
2020-10-21 08:02:55 +02:00
Matt Caswell
eec0ad10b9 Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13144)
2020-10-15 14:10:06 +01:00
drgler
99501e817c Ensure that _GNU_SOURCE is defined for NI_MAXHOST and NI_MAXSERV
Since glibc 2.8, these defines like `NI_MAXHOST` are exposed only
if suitable feature test macros are defined, namely: _GNU_SOURCE,
_DEFAULT_SOURCE (since glibc 2.19), or _BSD_SOURCE or _SVID_SOURCE
(before glibc 2.19), see GETNAMEINFO(3).

CLA: trivial
Fixes #13049

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13054)
2020-10-03 16:01:53 +02:00
Randall S. Becker
08073700cc NonStop port updates for 3.0.0.
HPE NonStop Port Changes for 3.0.0  Includes unthreaded, PUT, and SPT for OSS.

The port changes include wrapping where necessary for FLOSS and
appropriate configuration changes to support that. Two tests
are excluded as being inappropriate for the platform.

The changes are:
* Added /usr/local/include to nonstop-nsx_spt_floss to load floss.h
* Added SPT Floss variant for NonStop
* Wrapped FLOSS definitions in OPENSSL_TANDEM_FLOSS to allow selective enablement.
* SPT build configuration for NonStop
* Skip tests not relevant for NonStop
* PUT configuration changes required for NonStop platforms
* Configurations/50-nonstop.conf: updates for TNS/X platform.
* FLOSS instrumentation for HPE NonStop TNS/X and TNS/E platforms.
* Configurations/50-nonstop.conf: modifications for non-PUT TNS/E platform b
* Fix use of DELAY in ssltestlib.c for HPNS.
* Fixed commit merge issues and added floss to http_server.c

CLA: Permission is granted by the author to the OpenSSL team to use these modifications.
Fixes #5087.

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12800)
2020-09-12 20:32:11 +02:00
John Baldwin
7f0f88240e Slightly abstract ktls_start() to reduce OS-specific #ifdefs.
Instead of passing the length in from the caller, compute the length
to pass to setsockopt() inside of ktls_start().  This isolates the
OS-specific behavior to ktls.h and removes it from the socket BIO
implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)
2020-09-05 20:11:50 -07:00
John Baldwin
4b09e19216 Fix the socket BIO control methods to use ktls_crypto_info_t.
This is mostly a cosmetic cleanup I missed when adding the
ktls_crypto_info_t type.  However, while fixing this I noticed that
the changes to extract the size from crypto_info from the wrapper
structure for Linux KTLS had not been propagated from bss_sock.c to
bss_conn.c, so I've fixed that to use the correct length.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)
2020-09-05 20:11:50 -07:00
Matt Caswell
0f84cbc3e2 Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12595)
2020-08-06 13:22:30 +01:00
Richard Levitte
1dbf453773 DESERIALIZER: Make OSSL_DESERIALIZER_from_{bio,fp} use BIO_tell() / BIO_seek()
Depending on the BIO used, using BIO_reset() may lead to "interesting"
results.  For example, a BIO_f_buffer() on top of another BIO that
handles BIO_reset() as a BIO_seek(bio, 0), the deserialization process
may find itself with a file that's rewound more than expected.

Therefore, OSSL_DESERIALIZER_from_{bio,fp}'s behaviour is changed to
rely purely on BIO_tell() / BIO_seek(), and since BIO_s_mem() is used
internally, it's changed to handle BIO_tell() and BIO_seek() better.

This does currently mean that OSSL_DESERIALIZER can't be easily used
with streams that don't support BIO_tell() / BIO_seek().

Fixes #12541

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12544)
2020-08-01 11:51:20 +10:00
Dr. David von Oheimb
e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs
Add/extend range check for 'fd' argument of BIO_socket_wait() and bio_wait()
Correct nap time calculations in bio_wait(), thus correcting also BIO_wait()
Update a type cast from 'unsigned long' to 'unsigned int'
Extend the comments and documentation of BIO_wait()

Rename BIO_connect_retry() to BIO_do_connect_retry()
Make its 'timeout' argument < 0 lead to BIO_do_connect() tried only once
Add optional 'nap_milliseconds' parameter determining the polling granularity
Correct and generalize the retry case checking
Extend the comments and documentation of BIO_do_connect_retry()

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11986)
2020-06-16 18:51:39 +02:00
Dr. David von Oheimb
3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11986)
2020-06-16 18:51:39 +02:00
Dr. David von Oheimb
c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11986)
2020-06-16 18:51:39 +02:00
Vadim Fedorenko
4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256
The support of new algos is added by converting code to use
helper functions found in ktls.h.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
2020-06-08 11:13:52 +01:00