Commit Graph

26561 Commits

Author SHA1 Message Date
Daniel Bevenius
d35bab46c9 Configurations: make Makefile tmpl files non-links
This commit updates Configurations/README.md and turns the Makefile
templates into non-links.

The motivation for this is that not all template exist in the directory
leading to 404 Not found errors when accessed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12401)
2020-07-14 14:31:43 +10:00
Billy Brumley
a01cae99ac [test] ectest: check custom generators
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12096)
2020-07-12 11:03:56 +03:00
Benjamin Kaduk
661595ca09 Providerized libssl fallout: cleanup init
Since libssl is entirely using fetched cipher/digest implementations
from providers, we don't need to register the libcrypto cipher/digest
implementations in ossl_init_ssl_base().

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12418)
2020-07-11 15:13:09 -07:00
Richard Levitte
310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad()
The code relied on B_ENDIAN being defined on all big-endian platform,
which turned out to not always be the case.

Fixes #12387

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12390)
2020-07-11 10:00:33 +02:00
Richard Levitte
e23d850ff3 Add and use internal header that implements endianness check
This moves test/ossl_test_endian.h to include/internal/endian.h and
thereby makes the macros in there our standard way to check endianness
in run-time.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12390)
2020-07-11 10:00:33 +02:00
Richard Levitte
d685fc7a59 DOC: install documentation without execution permissions.
Fixes #12350

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12373)
2020-07-11 09:57:56 +02:00
Dr. David von Oheimb
851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h
Fixes #12386

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12399)
2020-07-10 09:14:54 +02:00
Shane Lontis
2957150478 Fix wrong fipsinstall key used in test
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12402)
2020-07-09 16:43:18 +01:00
Richard Levitte
f6f159e7a1 Makefile template: fix incorrect treatment of produced document files
Documentation files were treated as programs when assigning to the
make variables HTMLDOCS{1,3,5,7} and MANDOCS{1,3,5,7}, which is is
incorrect on POSIX sub-systems where executables have an extension
(.exe).

Fixes #11937

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12374)
2020-07-09 06:56:44 +02:00
Shane Lontis
63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters.
Fixes #11864

- The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is
  possible that dsa keygen can either hang or segfault.
  The fix was to do a partial validation of p, q, and g inside the keygen.
- Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!).
  It freed internal object members without setting them to NULL.
- Changed the FFC key validation to accept 1024 bit keys in non fips mode.
- Added tests that use both the default provider & fips provider to test these cases.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12176)
2020-07-09 13:43:10 +10:00
Shane Lontis
eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode())
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
2020-07-08 11:19:08 +03:00
Shane Lontis
c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
2020-07-08 11:19:08 +03:00
Shane Lontis
e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
2020-07-08 11:19:08 +03:00
Shane Lontis
5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2())
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
2020-07-08 11:19:08 +03:00
Shane Lontis
821278a885 Fix CID 1465214 Resource leak (in file_load.c)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
2020-07-08 11:19:08 +03:00
Shane Lontis
fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
2020-07-08 11:19:08 +03:00
Shane Lontis
84ba665d72 Fix CID #1465216 Resource leak in property_fetch
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
2020-07-08 11:19:08 +03:00
Matt Caswell
2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
2020-07-08 08:55:56 +01:00
Matt Caswell
146aebc6a0 Add a test to check having a provider loaded without a groups still works
As long as we have at least one provider loaded which offers some
groups, it doesn't matter if we have others loaded that don't.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
2020-07-08 08:55:56 +01:00
Matt Caswell
90a74d8c43 Fix an incorrect error flow in add_provider_groups
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
2020-07-08 08:55:56 +01:00
Matt Caswell
08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities()
It is not a failure to call OSSL_PROVIDER_get_capabilities() with a
provider loaded that has no capabilities.

Fixes #12286

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
2020-07-08 08:55:56 +01:00
Martin Elshuber
163b801616 Add support to zeroize plaintext in S3 record layer
Some applications want even all plaintext copies beeing
zeroized. However, currently plaintext residuals are kept in rbuf
within the s3 record layer.

This patch add the option SSL_OP_CLEANSE_PLAINTEXT to its friends to
optionally enable cleansing of decrypted plaintext data.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12251)
2020-07-07 12:07:47 +03:00
Nicola Tuveri
1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey
Test separately EC parameters and EC key generation.

Some curves only support explicit params encoding.

For some curves we have had cases in which generating the parameters
under certain conditions failed, while generating and serializing a key
under the same conditions did not.
See <https://github.com/openssl/openssl/issues/12306> for more details.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12307)
2020-07-06 19:15:36 +03:00
Nicola Tuveri
466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors
If the key is to be serialized or printed as text and the framework
returns an error, the app should signal the failure to the user using
a non-zero exit status.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12305)
2020-07-06 19:15:36 +03:00
Nicola Tuveri
e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys
The following built-in curves do not have an assigned OID:

- Oakley-EC2N-3
- Oakley-EC2N-4

In general we shouldn't assume that an OID is always available.

This commit detects such cases, raises an error and returns appropriate
return values so that the condition can be detected and correctly
handled by the callers, when serializing EC parameters or EC keys with
the default `ec_param_enc:named_curve`.

Fixes #12306

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12313)
2020-07-06 19:15:36 +03:00
Glenn Strauss
8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl
improve reference implementation code in
  SSL_CTX_set_tlsext_ticket_key_cb man page

change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication
of requiring longer keys.  Updating this code brings the reference
implementation in line with implementation in openssl committed in 2016:
commit 05df5c20
Use AES256 for the default encryption algoritm for TLS session tickets

add comments where user-implementation is needed to complete code

CLA: trivial

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12063)
2020-07-06 14:48:12 +01:00
Matt Caswell
2d9f56e999 Ensure TLS padding is added during encryption on the provider side
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
63ee6ec177 Ensure any allocated MAC is freed in the provider code
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
f29dbb0866 Decreate the length after decryption for the stitched ciphers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue
sslcorrupttest was looking for a "decryption failed or bad record mac"
error in the queue. However if there were multiple errors on the queue
then it would fail to find it. We modify the test to check all errors.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
ee0c849e5a Ensure GCM "update" failures return 0 on error
EVP_CipherUpdate is supposed to return 1 for success or 0 for error.
However for GCM ciphers it was sometimes returning -1 for error.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx
We were not correctly passing the provider ctx down the chain during
initialisation of a new cipher ctx. Instead the provider ctx got set to
NULL.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
1ae7354c04 Make the NULL cipher TLS aware
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers
Other ciphers return the length of the Payload for TLS as a result of an
EVP_DecryptUpdate() operation - but  ChaCha20-Poly1305 did not. We change
it so that it does.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
524cb684ac Make libssl start using the TLS provider CBC support
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
e71fd827bc Add provider support for TLS CBC padding and MAC removal
The previous commits separated out the TLS CBC padding code in libssl.
Now we can use that code to directly support TLS CBC padding and MAC
removal in provided ciphers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
f0237a6c62 Remove SSL dependencies from tls_pad.c
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
ebacd57bee Split the padding/mac removal functions out into a separate file
We split these functions out into a separate file because we are
preparing to make this file shared between libssl and providers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:00 +01:00
Matt Caswell
ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions
For CBC ciphersuites using Mac-then-encrypt we have to be careful about
removing the MAC from the record in constant time. Currently that happens
immediately before MAC verification. Instead we move this responsibility
to the various protocol "enc" functions so that MAC removal is handled at
the same time as padding removal.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:00 +01:00
Richard Levitte
1b726e9b91 TEST: update 02-test_errstr.t to have better tests
We now check that if libcrypto hasn't loaded the string for some particular
system error, it gives us "reason(nnn)" instead, where 'nnn' is the system
error number in decimal.

We go through all possible error macros that perl serves us, not only the
POSIX ones.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)
2020-07-05 21:13:42 +02:00
Richard Levitte
fa7a807435 SSL: fix misuse of ERR_LIB_SYS
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)
2020-07-05 21:13:42 +02:00
Richard Levitte
17b7f89684 TEST: fix test/errtest.c
test/errtest.c used the system error code 1 for EPERM.  However, EPERM
may be coded differently on different systems, so we switch to using
EPERM instead.  However, because we know that the ERR sub-system
truncates system error codes that occupy more than 24 bits, we check
that the reason code in the recorded error matches our EPERM, and skip
the test if not.

To be safe (even though the error string for that code is well defined
in POSIX), we also use strerror() to retrieve the string for that
error code instead of using a hard coded value.

Fixes #12276
Fixes #12217
Fixes #12354

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)
2020-07-05 21:13:25 +02:00
Richard Levitte
71f2994b15 ERR: special case system errors
Because system errors can be any positive number that fits in an 'int'
according to POSIX, we can't reasonably expect them to be in the 1..127
range, even though that's the most usual.

Instead of packing them into the OpenSSL error code structure, we
recognise them as a special case and mark them as such by storing them
in our error queue with the highest bit set.  We make OpenSSL specific
error records have their highest bit cleared, and in doing so, we
shift down the library section of the code by one bit.  This still
leaves a very large section for the reason codes.

Of course, we must adapt the error code and reason string extraction
and printing functions accordingly.

With this, we also thrown away the pre-loaded array of system error
strings, and extract them from the system when needed instead, i.e.
when we create error strings.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)
2020-07-05 21:13:03 +02:00
Richard Levitte
163b2bcd8b ERR: refactor global error codes
Some ERR_R_ codes overlapped other ERR_R_ codes:

- ERR_R_BUF_LIB vs ERR_R_PASSED_INVALID_ARGUMENT
- ERR_R_DSA_LIB vs ERR_R_INTERRUPTED_OR_CANCELLED

Looking back at history, this was originally not an issue, because
the ERR_R_ codes that weren't ERR_LIB_ aliases had bit 2**6 set.
However, new codes without that bit came in, and we got the overlap
that is mentioned above.

To get rid of the overlap, we repartition the codes as follows:

- ERR_R_{name}_LIB that are aliases for ERR_LIB_{name} are confined to
  the range 1..63.
- Other ERR_R_ codes are confined to 64..99

We also expand the reason codes to 24 bits of data, where the 4 top
bits are for reason code flags.  We also allocate a "fatal" flag
ERR_RFLAG_FATAL.  The reason code ERR_R_FATAL stops acting as a flag,
but is coded in such a way that it still serves as one for code that
happens to use it as such.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)
2020-07-05 21:13:03 +02:00
Richard Levitte
dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances
When ossl_provider_query_operation() returned NULL, the post-condition
callback wasn't called, and could make algorithm_do_this() falsely
tell the caller that there was an error.  Because of this, a provider
that answered with NULL for a particular operation identity would
effectively block the same query on all following providers.

Fixes #12293

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12365)
2020-07-05 14:07:14 +02:00
Dr. David von Oheimb
1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12109)
2020-07-05 11:29:43 +02:00
Dr. David von Oheimb
036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12109)
2020-07-05 11:29:43 +02:00
Dr. David von Oheimb
915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026
exclude_rule 'MD023' # Headers must start at the beginning of the line
exclude_rule 'MD026' # Trailing punctuation in header

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12109)
2020-07-05 11:29:43 +02:00
Pauli
c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
2020-07-05 13:20:09 +10:00