Commit Graph

26561 Commits

Author SHA1 Message Date
Pauli
4bffc025fd CRNGT: continuous DRBG tests for providers
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:05:41 +10:00
Pauli
bcc4ae675e provider: add RAND algorithm tables
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:05:41 +10:00
Pauli
2dee33dfb3 app/list: add RNG list option
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:05:41 +10:00
Pauli
714a1bb380 rand: set up EVP and DRBG infrastructure for RAND from providers.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:05:41 +10:00
Pauli
94478bd8d7 Move CRNG test to providers
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:05:41 +10:00
Pauli
c3fc2c53fb core: add OSSL_INOUT_CALLBACK
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:05:41 +10:00
Pauli
15dfa092d0 rand: core APIs for provider friendly random.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:05:41 +10:00
Dmitry Belyavskiy
922f156545 CMS print should support string conversion: docs
Documentation for -nameopt option

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12206)
2020-06-24 09:56:50 +03:00
Dmitry Belyavskiy
6ec351f449 CMS print should support string conversion
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12206)
2020-06-24 09:56:50 +03:00
Matt Caswell
49a36a528a Add an SSL_dup test
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12180)
2020-06-23 12:46:47 +01:00
Matt Caswell
7cccecc0b6 Don't attempt to duplicate the BIO state in SSL_dup
SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs
configured for it. This did not work.

Firstly the SSL_dup code was passing a BIO ** as the destination
argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that
parameter. Any attempt to use this will either (1) fail silently, (2) crash
or fail in some other strange way.

Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make
this work.

Thirdly, if rbio == wbio in the original SSL object, then an attempt is made
to up-ref the BIO in the new SSL object - even though it hasn't been set
yet and is NULL. This results in a crash.

This appears to have been broken for a very long time with at least some of
the problems described above coming from SSLeay. The simplest approach is
to just remove this capability from the function.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12180)
2020-06-23 12:46:47 +01:00
Matt Caswell
457751fb48 Update the SSL_dup documentation to match reality
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12180)
2020-06-23 12:46:47 +01:00
Matt Caswell
f12dd99170 Ensure that SSL_dup copies the min/max protocol version
With thanks to Rebekah Johnson for reporting this issue.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12180)
2020-06-23 12:46:47 +01:00
Pauli
e3d6dc59fb property: correctly set the has optional flag when merging property lists
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12123)
2020-06-23 21:44:47 +10:00
Pauli
f9e504e8b1 property: Move global default properties to the library context.
Fixes a problem where global properties don't work with a NULL query.
Specifying an algorithm with a NULL query ignores the default properties.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12123)
2020-06-23 21:44:47 +10:00
Jean-Christophe Fillion-Robin
1b49520043 DOC: Fix link to test/README.external in INSTALL.md
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12198)
2020-06-23 12:30:38 +02:00
Shane Lontis
7905806c94 Fix potential double free in rsa_keygen pairwise test.
It should never hit this branch of code, so there is no feasible test.
Found due to a similar issue in PR #12176.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12177)
2020-06-23 12:28:48 +02:00
Sebastian Andrzej Siewior
a4e440d647 TEST: Pass -no-CAstore in 80-test_ocsp.t
Without passing -no-CAstore the default CAstore will be used and the
testsuite will fail the system has certificates installed.

Fixes: #11645

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12171)
2020-06-23 12:25:48 +02:00
Sebastian Andrzej Siewior
00493490dd APPS: Properly pass -no-CAstore
Since its introduction the option no-CAstore maps to OPT_NOCAPATH and so
behaves like -no-CApath.

Map no-CAstore to OPT_NOCASTORE.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12171)
2020-06-23 12:25:48 +02:00
Sebastian Andrzej Siewior
96786ad123 APPS: Fix invoking openssl without a command
Invoking help with "empty" argc leads to a segfault.
Invoke do_cmd() with help as argument which invokes help_main() with
proper argv.

Fixes #12069

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12070)
2020-06-23 12:23:02 +02:00
Pauli
90cf3099df serialization: break the provider locating code to avoid deadlock.
Find all the suitable implementation names and later decide which is best.
This avoids a lock order inversion.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12173)
2020-06-23 19:46:57 +10:00
Richard Levitte
2206385058 DOCS: Add documentation for EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name()
At the same, align documentation markup to be closer to man-pages(7)
recommendations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12188)
2020-06-23 11:30:11 +02:00
Tristan Bauer
1d78129dd2 Fix wrong return value check of mmap function
The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED.

CLA: trivial

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12187)
2020-06-23 10:08:28 +10:00
Richard Levitte
3fd16304f4 Missing documentation missing, let's note that down
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12125)
2020-06-22 23:47:12 +02:00
Richard Levitte
c4de5d22aa util/find-doc-nits: Modernise printem()
It wasn't up to date with the new variables used to track information
on what's documented, what's in the .num files and what's in the
"missing" files.

Fixes #12117

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12125)
2020-06-22 23:47:11 +02:00
Richard Levitte
e3ce33b3b5 util/find-doc-nits: Do not read "missing" files when -u is given
Fixes #12117

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12125)
2020-06-22 23:47:11 +02:00
Dr. David von Oheimb
b0d5c1cb07 test/run_tests.pl: Document new VFO and VFP modes in INSTALL.md
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:41:24 +02:00
Dr. David von Oheimb
93a7d24179 test/run_tests.pl: Improve indentation parsing workaround for VFO and VFP mode
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:41:24 +02:00
Dr. David von Oheimb
6bb74ecb87 test/run_tests.pl: Improve newline output for VFO and VFP mode
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:41:24 +02:00
Dr. David von Oheimb
1e24c82435 Speed-up for tests in 81-test_cmp_cli_data/test_connection.csv
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:41:24 +02:00
Dr. David von Oheimb
be7f84e2e2 Disable tests in cmp_vfy_test.c that make no sense if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:41:24 +02:00
Dr. David von Oheimb
713b3f76a7 81-test_cmp_cli.t: Disable CLI-based tests in case fuzzing is enabled
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:41:24 +02:00
Dr. David von Oheimb
7d40faca54 81-test_cmp_cli.t: Do connections to 127.0.0.1 (e.g., Mock server) without proxy
Fixes #12156

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:39:26 +02:00
Dr. David von Oheimb
11baa470a2 Fix CMP -days option range checking and test failing with enable-ubsan
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:39:26 +02:00
Dr. David von Oheimb
e197158bd5 Add documentation of OSSL_CRMF_CERTID_dup()
Fixes #12190

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12208)
2020-06-22 16:36:20 +02:00
Patrick Steuer
b55a0b0ff2 Print CPUINFO also for s390 processors
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12216)
2020-06-22 02:35:01 +02:00
Billy Brumley
13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation
https://github.com/openssl/openssl/pull/11928 documented
`EC_GROUP_get_field_type` behavior in the `man` page but did not add the
name to the function list.

Fixes #12189.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12214)
2020-06-21 15:35:54 +03:00
Nicola Tuveri
d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks
<https://github.com/openssl/openssl/pull/11765> switched the default
code path for keygen.

External testing through TriggerFlow highlighted that in several places
we failed (once more!) to set the `BN_FLG_CONSTTIME` flag on critical
secret values (either long term or temporary values).

This commit tries to make sure that the secret BN values inside the
`rsa struct` are always flagged on creation, and that temporary values
derived from these secrets are flagged when allocated from a BN_CTX.

Acknowledgments
---------------

Thanks to @Voker57, @bbbrumley, @sohhas, @cpereida for the
[OpenSSL Triggerflow CI] ([paper]) through which this defect was detected and
tested, and for providing early feedback to fix the issue!

[OpenSSL Triggerflow CI]: https://gitlab.com/nisec/openssl-triggerflow-ci
[paper]: https://eprint.iacr.org/2019/366

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12167)
2020-06-21 13:45:27 +03:00
FdaSilvaYY
200ae2ee8e Fix one typo in a comment.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12209)
2020-06-21 10:09:48 +02:00
FdaSilvaYY
75e35c9ad1 Fix no-ts builds.
`ess_lib.c` is called from `cms` and `ts` modules.

Fixes #12155

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12209)
2020-06-21 10:09:48 +02:00
Pauli
c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says.
The function is documented as returning 1 when passed a NULL argument.
Instead it core dumps.  Added a unit test for this.

Additionally, a performance improvement is incorporated.  The namemap
max_number field is only ever compared against zero and incremented.
The zero comparison grabs a lock specifically for this check.  This change
uses TSAN operations instead if they are available.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12181)
2020-06-21 16:49:51 +10:00
Benjamin Kaduk
7cc5e0d283 Allow oversized buffers for provider cipher IV fetch
When we're fetching an IV, there's no need to enforce that the
provided buffer is exactly the same size as the IV we want to
write into it.  This might happen, for example, when
EVP_CIPHER_CTX_iv_noconst() passes sizeof(ctx->iv) (that is,
EVP_MAX_IV_LENGTH) for an AES-GCM cipher that uses a shorter IV.
AES-OCB and CCM were also affected.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12039)
2020-06-20 09:46:41 -07:00
Benjamin Kaduk
320d96a32c Set cipher IV as octet string and pointer from providers
OSSL_CIPHER_PARAM_IV can be accessed both as an octet string and as
an octet pointer (for routines like EVP_CIPHER_CTX_iv() that are
in a nebulous undocumented-and-might-go-away-eventually state),
the latter for when there is need to modify the actual value in
the provider.

Make sure that we consistently try to set it as both the string and pointer
forms (not just octet string) and only fail if neither version succeeds.  The
generic cipher get_ctx_params routine was already doing so, but the
AES-variant-, GCM-, and CCM-specific ones were not.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12039)
2020-06-20 09:46:30 -07:00
Richard Levitte
5797e309fc Build: Remove faulty DES assembler spec
crypto/des/build.info had a faulty spec that ghash-ia64 should be
compiled for DES.  Removed.

Fixes #12197

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12203)
2020-06-20 11:02:18 +02:00
Pauli
760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12200)
2020-06-20 17:16:23 +10:00
Matt Caswell
f36c3885b5 Return the cookie_len value from generate_cookie_callback
The generate_cookie_callback was failing to pass back the generated
cookie length to the caller. This results in DTLS connection failures
from s_server.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12179)
2020-06-19 11:25:56 +01:00
Matt Caswell
cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value
The DTLS1_COOKIE_LENGTH value was incorrect in the header files. We
couldn't change it before due to ABI concerns. However 3.0 is not ABI
compatible so we can now fix it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12179)
2020-06-19 11:25:35 +01:00
Matt Caswell
989a85774b Add evp_extra_test2 to .gitignore
This is a test executable which should not be added to the repository

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)
2020-06-19 10:34:58 +01:00
Matt Caswell
9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx
Really this test should go in evp_extra_test. However that doesn't
currently support a non-default libctx (with the "null" provider in the
default libctx). So (for now) we create evp_extra_test2.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)
2020-06-19 10:34:58 +01:00
Matt Caswell
febe6bb727 Ensure creating an EC public key uses the libctx
Creating an EC public key from the private key uses random numbers
internally, which require use of the proper libtx. Therefore we make
sure the libctx is used during this operation.

Fixes #12150

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)
2020-06-19 10:34:58 +01:00