Commit Graph

29793 Commits

Author SHA1 Message Date
Matt Caswell
5a5d90ffac Clean up the encoder/decoder/loader stores before providers
We already had the evp method store being cleaned up before the provider
store was. This prevents issues where the method clean up functions cause
providers to clean up, which then needs access to the provider store. We
extend the same thinking to the encoder/decoder/loader stores.

Fixes #15727

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)
2021-06-16 11:06:30 +01:00
Pauli
f7d2427ac3 apps: remove AEAD/mode checks that are now redundant
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
2021-06-16 18:32:30 +10:00
Pauli
a89835f7e0 apps: use get_cipher_any() instead of get_cipher() for commands that support these ciphers/modes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
2021-06-16 18:32:30 +10:00
Pauli
fa8ff9e4e8 apps: limit get_cipher() to not return AEAD or XTS ciphers
Add a get_cipher_any() function to access these in addition to more normal ciphers

Fixes #7720

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
2021-06-16 18:32:30 +10:00
Pauli
6920055ec3 doc: document the various get_cipher functions in the commands lib.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
2021-06-16 18:32:30 +10:00
Pauli
43ba1573ce test: add test cases for SHAxxx helper functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15752)
2021-06-16 18:30:28 +10:00
Pauli
987d7da327 Include a local static buffer for the SHA helper functions
This functionality existed in 1.1.1 but was lost.

Fixes #15718

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15752)
2021-06-16 18:30:28 +10:00
Dmitry Belyavskiy
f763e13514 Correct processing of AES-SHA stitched ciphers
Fixes: #15706

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15740)
2021-06-16 17:05:46 +10:00
Shane Lontis
1941684daf Add missing migration_guide API mappings.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15732)
2021-06-16 15:06:45 +10:00
Matt Caswell
599429e09a Add documentation for the newly added OBJ up calls
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)
2021-06-16 15:04:50 +10:00
Matt Caswell
87e60f09aa Add a test for the newly added OBJ upcalls
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)
2021-06-16 15:04:50 +10:00
Matt Caswell
97abae6a9d Add various OBJ functions as callbacks
This enables providers to register new OIDs in the same libcrypto instance
as is used by the application.

Fixes #15624

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)
2021-06-16 15:04:50 +10:00
Pauli
b88a3b1016 doc: finish the provider child up call documentation
The bulk of the documentation was there but it wasn't quite complete.

Fixes #15678

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15734)
2021-06-16 14:51:27 +10:00
Richard Levitte
cb37af461d TEST: Skip test/recipes/01-test_symbol_presence.t on MacOS
It renames symbols, so we can a false negative

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15776)
2021-06-16 09:09:21 +10:00
Richard Levitte
07b8c0a186 TEST: Display the correct shared library name
In test/recipes/01-test_symbol_presence.t

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15776)
2021-06-16 09:09:21 +10:00
Pauli
42cf25fcb6 new: update NEWS.md so it is correct.
- Removing the deprecation note for public key commands.
- Fixing the note about ECX and SHAKE in the FIPS provider.
- Noting which KDFs are included.
- Noting which MACs are included.

Fixes #15743

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15746)
2021-06-16 08:49:17 +10:00
Pauli
8b29badad1 new: update NEWS.md so it is correct.
- Removing the deprecation note for public key commands.
- Fixing the note about ECX and SHAKE in the FIPS provider.
- Noting which KDFs are included.
- Noting which MACs are included.

Fixes #15743

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15746)
2021-06-16 08:49:17 +10:00
Dmitry Belyavskiy
4832560be3 Disabling Encrypt-then-MAC extension in s_client/s_server
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15735)
2021-06-15 22:14:34 +02:00
Richard Levitte
835dd706d3 TEST: Make test/recipes/01-test_symbol_presence.t more platform agnostic
Assuming ".so" as shared library ending is faulty on MacOS, where the
normal shared library extension is ".dylib".

We use the platform module to get the same extension as the build process.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15771)
2021-06-15 17:49:58 +02:00
Richard Levitte
29b3fdad2b Refactor OSSL_STORE_LOADER_do_all_provided() to behave like OSSL_STORE_LOADER_fetch()
This is refactored to use inner_loader_fetch() without any given name,
which is just there to ensure all decoder implementations are made
into methods, and then use ossl_method_store_do_all() to list them
all.

This also adds the internal ossl_store_loader_do_all_prefetched(),
which can be used if pre-fetching needs to be done separately from
listing all the decoder implementations, or if listing may happen
multiple times.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
2021-06-15 16:23:24 +02:00
Richard Levitte
5d8ad7d385 test/evp_extra_test.c: Peek at the error instead of getting it.
If there is an error report, we want to get it printed too.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
2021-06-15 16:21:32 +02:00
Richard Levitte
27fb7a0a27 DECODER & ENCODER: Add better tracing
Now that we have functions to get the name and properties of the
diverse implementations, we can as well display them for clarity.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
2021-06-15 16:21:32 +02:00
Richard Levitte
cd77073879 Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all()
Fixes #15538
Fixes #14837

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
2021-06-15 16:21:32 +02:00
Richard Levitte
793b05865a Refactor evp_generic_do_all() to behave like evp_generic_fetch()
This is refactored to use inner_evp_generic_fetch() without any given
name, which is just there to ensure all decoder implementations are
made into methods, and then use ossl_method_store_do_all() to list
them all.

This also adds the internal evp_generic_do_all_prefetched(), which
can be used if pre-fetching needs to be done separately from listing
all the decoder implementations, or if listing may happen multiple
times.

Fixes #15538
Fixes #14837

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
2021-06-15 16:21:32 +02:00
Richard Levitte
b3f5d5d368 Refactor OSSL_ENCODER_do_all_provided() to behave like OSSL_ENCODER_fetch()
This is refactored to use inner_ossl_encoder_fetch() without any given
name, which is just there to ensure all encoder implementations are
made into methods, and then use ossl_method_store_do_all() to list
them all.

This also adds the internal ossl_encoder_do_all_prefetched(), which
can be used if pre-fetching needs to be done separately from listing
all the encoder implementations, or if listing may happen multiple
times.

Fixes #15538
Fixes #14837

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
2021-06-15 16:21:32 +02:00
Richard Levitte
0756282830 Refactor OSSL_DECODER_do_all_provided() to behave like OSSL_DECODER_fetch()
This is refactored to use inner_ossl_decoder_fetch() without any given
name, which is just there to ensure all decoder implementations are
made into methods, and then use ossl_method_store_do_all() to list
them all.

This also adds the internal ossl_decoder_do_all_prefetched(), which
can be used if pre-fetching needs to be done separately from listing
all the decoder implementations, or if listing may happen multiple
times.

Fixes #15538
Fixes #14837

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
2021-06-15 16:21:31 +02:00
Richard Levitte
f0191d0b13 Add the internal function ossl_method_store_do_all()
It will simply call the given callback for every method found in the
given store.

Fixes #15538
Fixes #14837

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
2021-06-15 16:21:31 +02:00
Hubert Kario
04fb4ec8fa s_server: make -rev option easier to find (mention echo)
Since the service is echo-like (see TCP port 7 from RFC 862 or
gnutls-serv --echo), make it easier to find by mentioning "echo" in
the description of it in the help message an man page

Also fixes the man page inconsistency ("sends it back to the server")

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15739)
2021-06-15 15:16:15 +02:00
Richard Levitte
9067cf6ccd CORE: Move away the allocation of the temporary no_cache method store
The responsibility for managing the temporary store for methods from
algorithm implementations flaged "no_store" is moved up to the diverse
method fetching functions.  This allows them to allocate it "just in
time", or in other words not at all if there is not such algorithm
implementation.

This makes this temporary store more flexible if it's needed outside
of the core fetching functionality, and slightly faster when this
temporary store isn't necessary at all.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15737)
2021-06-15 15:06:04 +02:00
Dr. David von Oheimb
515480be79 ASN1_parse_dump(): allow NULL BIO input, to simplify applications not needing output
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
2021-06-15 14:23:29 +02:00
Dr. David von Oheimb
bb19b9d456 BIO_write_ex(): Make handing of BIO b == NULL and dlen == 0 less redundant
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
2021-06-15 14:23:29 +02:00
Dr. David von Oheimb
1d8897176d BIO: Make source file names in crypto/bio/ consistent
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
2021-06-15 14:23:29 +02:00
Dr. David von Oheimb
3b66592490 BIO_dum_indent_cb(): Fix handling of cb return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
2021-06-15 14:23:29 +02:00
Dr. David von Oheimb
f42b3b70d8 fuzz/asn1parse.c: Clean up non-portable code and catch malloc failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
2021-06-15 14:23:29 +02:00
Dr. David von Oheimb
9d9691f78a BIO: prevent crash on NULL BIO for prefix_ctrl() and thus for BIO_set_prefix(), BIO_set_indent(), etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
2021-06-15 14:23:21 +02:00
Dr. David von Oheimb
4439a6483e ASN1: rename asn1_par.c to asn1_parse.c for clarity; simplify asn1_parse2()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
2021-06-15 14:23:21 +02:00
Lars Immisch
a5d250e57e Use getauxval on Android with API level > 18
We received analytics that devices of the device family Oppo A37x
are crashing with SIGILL when trying to load libcrypto.so.
These crashes were fixed by using the system-supplied getauxval function.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11257)
2021-06-15 12:53:26 +02:00
Rich Salz
5bbe213418 Remove "-immedate_renegotiation" option
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15415)
2021-06-15 12:36:51 +02:00
Rich Salz
f4752e8827 Move AllowClientRenegotiation tests
Move them from test_renegotiation to renegotiation in ssl_new

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15415)
2021-06-15 12:36:51 +02:00
Pauli
60d13c8ff8 remove end of line whitespace
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
2021-06-15 19:01:00 +10:00
Pauli
dfb0b8d63a cms: free PKEY_CTX
Preventing a memory leak.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15731)
2021-06-15 18:59:44 +10:00
Pauli
8dff167dfe cms: fix coverity 1485981: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15731)
2021-06-15 18:59:22 +10:00
Pauli
a1fb5eb920 apps: move global libctx and property query into their own file
The header has been split out so the functions should be as well.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00
Pauli
c696f4bfc3 speed: make sure to free any allocated EVP_MAC structures
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00
Pauli
09495e4301 pkcs12: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00
Pauli
4d574312db speed: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00
Pauli
f147fa3e7d list: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00
Pauli
f64851c5b3 kdf: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00
Pauli
c8dd887d3c fipsinstall: use the app's libctx and property query when searching for algorithms
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00
Pauli
3334e039cf add libctx and property query to fetch functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00