Commit Graph

24891 Commits

Author SHA1 Message Date
Richard Levitte
6af1b11848 test/recipes/02-test_ordinals.t: Take '?' and '?+' into account
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Richard Levitte
b6fc6620cf util/mknum.pl: output stats on unassigned symbols
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Richard Levitte
8635730333 util/mknum.pl: Call OpenSSL::Ordinals::renumber() for real releases
When the source isn't in development any more (the version number
doesn't the tags 'dev' or 'alpha'), we renumber the unassigned symbols
to ensure that we have fixed numbers on all.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Richard Levitte
e4f2d539f6 util/mkdef.pl: writer_VMS(): handle symbols with no assigned number
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Richard Levitte
a4aab78719 OpenSSL::Ordinals: when validating, collect statistics on unassigned syms
If a script wants to display how many symbols have assigned numbers
and how many don't, this gives them those numbers.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Richard Levitte
81ddd952ea OpenSSL::Ordinals: add a renumber() function, to assign unassigned symbols
This should be used when it's time to assign constant numbers to the
unassigned symbols.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Richard Levitte
3da95f3c51 OpenSSL::Ordinals: Handle symbols with unassigned ordinal numbers
We preserve the number or '?' or '?+', but assign numbers internally
on the latter, to ensure we keep the order of the input.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Richard Levitte
5d61758ee7 util/*.num: deassign ordinal numbers from new symbols
Symbols that have appeared since 1.1.1 was released are considered
unassigned in the development branch.   This is marked by having a
question mark as its ordinal number.

This introduces two new markers to be used instead of ordinal numbers:

    ?   signifying it gets the previous symbol's number plus one
    ?+  signifying it gets the same number as the previous symbol

'?+' should remain rare, but is useful to create aliases when needed
(for example when two different symbols clash because they only differ
in character case, see include/openssl/symhacks.h)

The intention is that a development branch won't have set numbers for
new symbols, and that the final numbers will only get allocated when
making beta or final releases.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
2019-11-05 22:44:21 +01:00
Richard Levitte
c9c4a356b7 Minimal adaptation of tests back to how it was before
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
2019-11-05 22:22:29 +01:00
Richard Levitte
0e52100400 EVP: Make the SIGNATURE implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the SIGNATURE method explicitly, and rather
always have it be fetched implicitly.

This means fewer changes for applications that want to use new
signature algorithms / implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
2019-11-05 22:22:29 +01:00
Richard Levitte
c0e0984f12 EVP: Make the KEYEXCH implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the KEYEXCH method explicitly, and rather
always have it be fetched implicitly.

This means fewer changes for applications that want to use new key
exchange algorithms / implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10305)
2019-11-05 22:20:06 +01:00
Patrick Steuer
677c4a012a s390x assembly pack: process x25519 and x448 non-canonical values
...in constant time.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
2019-11-05 13:53:04 +01:00
Patrick Steuer
6376c229c4 Add self-generated test vector for x448 non-canonical values
x25519 has such a test vector obtained from wycheproof but wycheproof
does not have a corresponding x448 test vector.
So add a self-generated test vector for that case.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
2019-11-05 13:51:41 +01:00
Patrick Steuer
58738b1cad s390x assembly pack: fix x448 handling of non-canonical values
The s390x x448 implementation does not correctly reduce non-canonical
values i.e., u-coordinates >= p = 2^448 - 2^224 - 1.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
2019-11-05 13:51:41 +01:00
Patrick Steuer
826112295a s390x assembly pack: perlasm module update
- add instructions: clfi, stck, stckf, kdsa
- clfi and clgfi belong to extended-immediate (not long-displacement)
- some cleanup

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10346)
2019-11-05 10:05:27 +01:00
Matt Caswell
aec9667bd1 Don't assume the type we read was the type we expected
i2v_GENERAL_NAME and GENERAL_NAME_print were assuming that the type of
of a GENERAL_NAME (OTHERNAME) that we read in was the type we expected
it to be. If its something else then this can cause unexpected
behaviour. In the added fuzz test case an OOB read was occurring.

This issue was recently added by commit 4baee2d.

Credit to OSSFuzz for finding this issue.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
2019-11-04 12:49:19 +00:00
Matt Caswell
45b244620a Don't leak memory in the event of a failure in i2v_GENERAL_NAMES
i2v_GENERAL_NAMES call i2v_GENERAL_NAME repeatedly as required. Each
time i2v_GENERAL_NAME gets called it allocates adds data to the passed in
stack and then returns a pointer to the stack, or NULL on failure. If
the passed in stack is itself NULL then it allocates one.

i2v_GENERAL_NAMES was not correctly handling the case where a NULL gets
returned from i2v_GENERAL_NAME. If a stack had already been allocated then
it just leaked it.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
2019-11-04 12:49:18 +00:00
Paul Yang
dcea51afe9 Fix no-sm2 issue
Some code is not covered by the macros.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10319)
2019-11-04 11:49:35 +08:00
Richard Levitte
bdb0e04fd0 Document added SSL functions related to X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:40:17 +01:00
Richard Levitte
e90f08fb46 X509_LOOKUP_store: Add CHANGES note
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:40:17 +01:00
Richard Levitte
849d91a62c Document X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
573e4bf0ba Adapt two test programs that were using now deprecated functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
f4aa6222bb Add a basic test of -CAstore
This code is mainly copied from test_ssl_old

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
2897b00905 OSSL_STORE: add tracing
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
fd3397fc47 Add -CAstore and similar to all openssl commands that have -CApath
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
6dcb100f89 X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI
This is a wrapper around OSSL_STORE.

This also adds necessary support functions:

- X509_STORE_load_file
- X509_STORE_load_path
- X509_STORE_load_store
- SSL_add_store_cert_subjects_to_stack
- SSL_CTX_set_default_verify_store
- SSL_CTX_load_verify_file
- SSL_CTX_load_verify_dir
- SSL_CTX_load_verify_store

and deprecates X509_STORE_load_locations and SSL_CTX_load_verify_locations,
as they aren't extensible.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
e3c4ad283b OSSL_STORE: constify the criterion parameter a bit more
For some reason, OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_find()
accepted a non-const OSSL_STORE_SEARCH criterion, which isn't at all
necessary.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
3ee348b0dc Change EVP_PKEY_CTX_new_provided() to take a library context too.
With provided algorithms, the library context is ever present, so of
course it should be specified alongside the algorithm name and
property query string.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
2019-11-03 18:33:43 +01:00
Richard Levitte
60653e5b25 Make EVP_PKEY_CTX initialization more precise
There is a vagueness around how the provider data (algorithm name and
property query string) is initialized in the presence of an engine.
This change modifies this slightly so that the algorithm name for use
with providers is never set if the initilization was given an engine.

This makes it easier for other functions to simply check ctx->algorithm
to see if the context is meant to be used for strictly legacy stuff or
not.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
2019-11-03 18:33:43 +01:00
Patrick Steuer
e774adb593 Fix --strict-warnings build
The %zd format corresponds to ssize_t which is used for
function to either return a valid size or a negative value
to indicate an error. Since size_t is in [-1,SSIZE_MAX] it
is not a portable way to represent a pointer diff. For
the %td format which corresponds to ptrdiff_t is C11,
we chose to cast to long instead as it is already done
in other places.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10335)
2019-11-03 16:38:56 +01:00
Patrick Steuer
6f93f06135 s390x assembly pack: enable clang build
clang imposes some restrictions on the assembler code that
gcc does not.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10330)
2019-11-03 11:25:31 +01:00
Richard Levitte
909ef4de31 doc/man3/OSSL_PARAM.pod: Clarify return_size with integer types
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
2019-11-03 11:19:04 +01:00
Richard Levitte
2c99372dbd test/params_api_test.c: Correct the checks of OSSL_PARAM_set_BN()
Now, the returned size check matches the check made for all other
integer types.

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
2019-11-03 11:19:04 +01:00
Richard Levitte
0f73e719c6 Fix OSSL_PARAM_set_BN() to fill the given buffer correctly.
OSSL_PARAM_set_BN() filled the buffer from the left with as many bytes
as that the BIGNUM takes, regardless of buffer size or native
endianness.  This was due to BN_bn2nativepad() being given the size of
the BIGNUM rather than the size of the buffer (which meant it never
had to pad anything).

The fix is to given BN_bn2nativepad() the size of the buffer instead.
This aligns well with the corresponding _set_ functions for native
integer types work.

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
2019-11-03 11:19:04 +01:00
Richard Levitte
2321c25dec test/build.info: add missing inclusion for ssl_ctx_test
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10334)
2019-11-03 11:12:14 +01:00
Richard Levitte
8b9896eb29 VMS: Added new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
This system services is based on FreeBSD 12's getentropy(), and is
therefore treated the same way as getentropy() with regards to amount
of entropy bits per data bit.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8926)
2019-11-02 11:25:21 +01:00
Christian Heimes
132b5facf8 Add test cases for min/max protocol API
Signed-off-by: Christian Heimes <christian@python.org>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6553)
2019-11-02 11:06:45 +01:00
Richard Levitte
b4a7b4ec4a Configure: Make --strict-warnings meaningful with MSVC cl
We also add this to our x86_64 builds on appveyor

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10287)
2019-11-02 11:00:13 +01:00
Richard Levitte
181f5185ee BIO_s_connect: add an error state and use it
If no connection could be made, addr_iter will eventually end up being
NULL, and if the user didn't check the returned error value, the
BIO_CONN_S_CONNECT code will be performed again and will crash.

So instead, we add a state BIO_CONN_S_CONNECT_ERROR that we enter into
when we run out of addresses to try.  That state will just simply say
"error" back, until the user does something better with the BIO, such
as free it or reset it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7630)
2019-11-02 10:44:27 +01:00
Pauli
5d0cf102e0 DRBG: add check for XOF so these can be disallowed by the DRBGs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
2019-11-02 15:10:54 +10:00
Pauli
9fff0a4b0d DRBG: weaken the restriction on allowed digests.
The artificial restriction of digests for the HMAC and HASH DRBGs is lifted.
Any fetchable digest is acceptable except XOF ones (such as SHAKE).

In FIPS mode, the fetch remains internal to the provider so only a FIPS
validated digest will be located.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
2019-11-02 15:10:54 +10:00
Patrick Steuer
c47a56d615 s390x: fix build errors
ecp_s390x_nistp.c and ecx_meth.c need to include s390x_arch.h.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10317)
2019-11-01 17:24:52 +01:00
jayaram
fefe3169bb fix for Missing null check after OPENSSL_zalloc
Fixes #10283

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10296)
2019-11-01 16:13:15 +01:00
Patrick Steuer
351ba5bd27 md4/md5: macros should not include the line following them
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10311)
2019-11-01 15:58:00 +01:00
Scott Wilson
6624e1f7b6 Fix potential memory leak in dh_ameth.c
Free dukm in error handling of dh_cms_encrypt()

Fixes #10294

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10310)
2019-11-01 12:39:46 +01:00
Rich Salz
6e4618a0d7 Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226

Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
2019-10-31 14:26:34 +01:00
Rich Salz
9fcb9702fb Infrastructure for templated doc in POD files
Use new doc-build capabilities
Add -i flag to dofile.
Add doc/man1 to SUBDIRS for the new templated doc files
Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff.
Put template references in common place
Template options and text come at the end of command-specific options:
opt_x, opt_trust, opt_r (in that order).
Refactor xchain options.
Do doc-nits after building generated sources.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10159)
2019-10-31 14:19:29 +01:00
Richard Levitte
fb1ecf85c9 evp_pkey_ctx_free_old_ops(): Make sure to assign NULL to freed pointers
Otherwise, should this function be called more than once on the same
EVP_PKEY_CTX, we get double free issues.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10292)
2019-10-31 12:26:59 +01:00
Jakub Zelenka
2aa28a1abc Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9823)
2019-10-31 11:15:31 +00:00
Billy Brumley
305bf9c866 [crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10209)
2019-10-31 11:05:04 +00:00