Commit Graph

24645 Commits

Author SHA1 Message Date
Dr. Matthias St. Pierre
8c78f0ec63 Reorganize public header files (part 2)
Add an <openssl/ossl_typ.h> compatibility header.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:36 +02:00
Dr. Matthias St. Pierre
50cd4768c6 Reorganize public header files (part 1)
Rename <openssl/ossl_typ.h> to <openssl/types.h>.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:36 +02:00
Dr. Matthias St. Pierre
706457b7bd Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

  '*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:35 +02:00
Dr. Matthias St. Pierre
25f2138b0a Reorganize private crypto header files
Currently, there are two different directories which contain internal
header files of libcrypto which are meant to be shared internally:

While header files in 'include/internal' are intended to be shared
between libcrypto and libssl, the files in 'crypto/include/internal'
are intended to be shared inside libcrypto only.

To make things complicated, the include search path is set up in such
a way that the directive #include "internal/file.h" could refer to
a file in either of these two directoroes. This makes it necessary
in some cases to add a '_int.h' suffix to some files to resolve this
ambiguity:

  #include "internal/file.h"      # located in 'include/internal'
  #include "internal/file_int.h"  # located in 'crypto/include/internal'

This commit moves the private crypto headers from

  'crypto/include/internal'  to  'include/crypto'

As a result, the include directives become unambiguous

  #include "internal/file.h"       # located in 'include/internal'
  #include "crypto/file.h"         # located in 'include/crypto'

hence the superfluous '_int.h' suffixes can be stripped.

The files 'store_int.h' and 'store.h' need to be treated specially;
they are joined into a single file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:34 +02:00
Dr. Matthias St. Pierre
ea8e1fe55b Add legacy include guard manually to opensslconf.h.in
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:24:22 +02:00
Richard Levitte
c18d2d94c8 Funtion name with variable part in doc/man7/ and doc/internal/man3/
We have a few pages where part of function names can be considered
variable.  There are no normative guidelines for such a case, but if
we draw from the formatting convention of variable and argument names,
we can draw the conclusion that this variable part should be italized,
within already given conventions.  In other words, we need to help the
POD processor along in cases like these:

    SPARSE_ARRAY_OF(TYPE)
    ossl_sa_TYPE_num()

These need explicit formatting:

    B<SPARSE_ARRAY_OF>(I<TYPE>)
    B<ossl_sa_I<TYPE>_num>()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10034)
2019-09-28 06:33:16 +02:00
Richard Levitte
dfabee82be Make doc/man7/ and doc/internal/man3/ conform with man-pages(7)
It's all in the details, from man-pages(7):

    Formatting conventions for manual pages describing functions

        ...
        Variable names should, like argument names, be specified in italics.
        ...

    Formatting conventions (general)

        ...
        Special macros, which are usually in uppercase, are in bold.
        Exception: don't boldface NULL.
        ...

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10034)
2019-09-28 06:33:16 +02:00
Robbie Harwood
a39bc4404b [KDF] Add KBKDF implementation for counter-mode HMAC
Implement SP800-108 section 5.1 with HMAC intended for use in Kerberos.
Add test vectors from RFC 8009.

Adds error codes PROV_R_INVALID_MAC and PROV_R_MISSING_MAC.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9924)
2019-09-27 23:17:26 +02:00
Richard Levitte
8f3b8fd6f4 OSSL_PARAM functions: change to allow the data field to be NULL
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10025)
2019-09-27 19:03:34 +02:00
Richard Levitte
d4d2878347 OSSL_PARAM.pod: document the mechanism to figure out buffer sizes
When requesting parameters, it's acceptable to make a first pass with
the |data| field of some parameters being NULL.  That can be used to
help the requestor to figure out dynamically what buffer size is
needed.  For variable size parameters, there's no other way to find
out.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10025)
2019-09-27 19:03:33 +02:00
Dr. David von Oheimb
7960dbec68 Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712)

    CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI.
        Adds extensive man pages and tests.  Integration into build scripts.

    Incremental pull request based on OpenSSL commit 8869ad4a39 of 2019-04-02

    4th chunk: CMP context/parameters and utilities
    in crypto/cmp/cmp_ctx.c, crypto/cmp/cmp_util.c, and related files

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9107)
2019-09-27 10:53:11 +01:00
Pauli
0c452a51a5 Reformat param description lines
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10024)
2019-09-27 16:21:51 +10:00
Pauli
d56eba1fd1 Make OSSL_PARAM descriptions uniformly formatted.
=item B<MACRO> ("name") <type>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10024)
2019-09-27 16:21:51 +10:00
Richard Levitte
318e074e1f When building of modules is disabled, build the legacy provider into libcrypto
This makes the legacy provider available regardless of building conditions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9637)
2019-09-26 22:41:47 +02:00
Richard Levitte
03f30c552a Configure, build.info: make it possible to use variables in indexes
That will make it possible to assign different goals for translation
units depending on need.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9637)
2019-09-26 22:41:47 +02:00
Rich Salz
a6dd3a3aa2 Ensure man1 POD files start with openssl-
Commit b6b66573 (PR #9679) renamed most POD files. This change causes
find-doc-nits to flag misnamed files.
Also fix the two misnamed files that it found.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10000)
2019-09-26 08:10:47 +02:00
Fangming.Fang
0dceb3f5d8 Missing else in cipher_hw_aes_ocb_generic_initkey
This came from commit 3837c202 "Add aes_ocb cipher to providers". It
causes the default non-hardware accelerated AES implementation to be
used even if HWAES_CAPABLE is set. Affects all platforms except X86 and
SPARC.

Patch by: Nick Gasson <Nick.Gasson@arm.com>
Change-Id: I26001a3a922ff23f6090fdcefefaecf68e92e2a6

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10012)
2019-09-26 12:14:54 +10:00
Pauli
42462e4016 Use OSSL_PARAM types. Limits are explained in the description where appropriate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Pauli
72c162abb0 Use OSSL_PARAM types. Limits are explained in the description where appropriate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Pauli
560ac83b0b KDF section 3 clean up
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Pauli
f49a65d09c Use OSSL_PARAM types for MAC documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Pauli
e7f2dac968 Use OSSL_PARAM types for KDF documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Patrick Steuer
19bd1fa1ef s390x assembly pack: accelerate X25519, X448, Ed25519 and Ed448
using PCC and KDSA instructions.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
2019-09-25 15:53:53 +02:00
Patrick Steuer
2281be2ed4 s390x assembly pack: cleanse only sensitive fields
of instruction parameter blocks.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
2019-09-25 15:53:53 +02:00
Patrick Steuer
ac037dc874 s390x assembly pack: fix OPENSSL_s390xcap z15 cpu mask
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
2019-09-25 15:53:53 +02:00
Patrick Steuer
b3681e2641 s390x assembly pack: fix msa3 stfle bit detection
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
2019-09-25 15:53:52 +02:00
Matt Caswell
e6879a31ef Make EVP_MD_CTX_[gettable|settable]_params() take an EVP_MD_CTX
EVP_MD_CTX_gettable_params() and EVP_MD_CTX_settable_params() were
confusingly named because they did not take an EVP_MD_CTX parameter.

In addition we add the functions EVP_MD_gettable_ctx_params() and
EVP_MD_settable_ctx_params() which do the same thing but are passed
an EVP_MD object instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9998)
2019-09-25 12:06:21 +01:00
Pauli
5a2a2f66c5 Remove the engine parameter from the provider MAC documentations
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:42 +10:00
Pauli
8d1502da1e Remove the engine parameter from the individual MAC documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:42 +10:00
Pauli
9bd9c440c1 Remove engine param from EVP_KDF and EVP_MAC documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:42 +10:00
Pauli
5053a3766a Remove engine param from the settable list
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:41 +10:00
Pauli
69db30449e Remove engine param macros from wrapper APIs
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:41 +10:00
Pauli
38cfb11d47 Make the "engine" parameter to some provider algorithms (KDF/PRF) hidden.
This parameter will disappear once engines are wrapped by a provider so
it shouldn't ever be visible to the public.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:41 +10:00
Shane Lontis
bafde18324 Add rc4 cipher to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9992)
2019-09-25 10:46:39 +10:00
Richard Levitte
7c2a981ff7 DOC: fix documentation of som EVP_MD_CTX functions
They were documented to take an EVP_MD pointer, when they really take
an EVP_MD_CTX pointer.

Fixes #9993

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9996)
2019-09-24 14:42:14 +02:00
Rich Salz
0773687a24 Fix bugs in "info" commands flags
Remove -c/-e/-m aliases, OpenSSL commands don't do that.
Fix typo's in the documentation.
Fix -module flag to print the right thing.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9986)
2019-09-24 14:22:43 +02:00
jayaram
aecf529b05 fix for dsa key size feature request issue: pkey -text or -text_pub should show dsa key size
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9983)
2019-09-24 14:24:32 +03:00
Dmitry Belyavskiy
4baee2d72e Support printing out some otherName variants
The supported variants are
- SmtpUTF8Name
- xmppAddr
- MS UPN
- SRVName

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9965)
2019-09-24 10:27:09 +03:00
Simo Sorce
6922740fac Add SSKDF test vectors from RFC 8636
RFC 8636 defines the Pkinit Agility KDF, which turns out to be just a
standard SSKDF with the Info built out of the ASN.1 option of SP 800 56A
(See 5.8.2.1.2 of NIST SP 800-56A Rev. 3)

RFC 8636 Also defines test vectors, so let's add them in addition to the
tests from "non-official" test vectors.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9957)
2019-09-23 09:10:11 -04:00
raja-ashok
f9e57a2888 Update new TLS version options to s_time man page
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9947)
2019-09-23 08:16:15 +01:00
raja-ashok
7757a90e26 Add TLS version options to s_time
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9947)
2019-09-23 08:16:15 +01:00
Richard Levitte
3204083820 Rework cipher / digest fetching for legacy nids with multiple name support
With multiple names, it's no longer viable to just grab the "first" in
the set and use that to find the legacy NID.  Instead, all names for
an algorithm must be checked, and if we encounter more than one NID
asssociated with those names, we consider it an error and make that
method unloadable.

This ensures that all methods that do have an internal NID associated
will get that NID in their structure, thereby ensuring that other
parts of libcrypto that haven't gone away from using NIDs for
comparison will continue to work as expected.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9969)
2019-09-23 09:13:25 +02:00
Richard Levitte
15dbf3a5a1 include/openssl/macros.h: better OPENSSL_FUNC fallback
Make sure OPENSSL_FUNC gets defined to something, no matter what.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9976)
2019-09-23 06:46:18 +02:00
Shane Lontis
e3f3ee448f Add des ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9954)
2019-09-23 14:35:16 +10:00
Pauli
a941054ad7 Note that the mac command is preferrable to the MAC command line options.
The dgst command allows MACs to be calculated, the mac command is the more
recent interface for doing the same and provides better access to a wider
range of MACs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9962)
2019-09-21 21:20:18 +10:00
Dr. Matthias St. Pierre
387bbce45b Configure: add missing dependency to fix parallel builds on Windows
The issue was encountered when testing parallel builds of OpenSSL on
Windows using `jom` instead of `nmake`. The builds persistently failed
with the following error message because the generated file "buildinf.h"
did not exist yet.

crypto\info.c(15): fatal error C1083:
    cannot open include file: "buildinf.h": No such file or directory

Apparently this error does not occur on Linux because `make` parallelizes
the builds differently such that `crypto\cversion.c`, which has an
explicit dependency on `buildinf.h`, gets compiled first. Also, the
include dependency was added only recently in commit 096978f099.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9960)
2019-09-21 11:35:02 +02:00
Kurt Roeckx
a6105ef40d Use the correct maximum indent
Found by OSS-Fuzz

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>

GH: #9959
2019-09-21 10:57:08 +02:00
Richard Levitte
ec87a649dd include/openssl/macros.h: Rework OPENSSL_FUNC for div C standards
OPENSSL_FUNC was defined as an alias for __FUNCTION__ with new enough
GNU C, regardless of the language standard used.  We change this
slightly, so this won't happen unless __STDC_VERSION is defined.

Fixes #9911

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9913)
2019-09-20 12:16:48 +02:00
Richard Levitte
6061cd5413 Remove name string from PROV_CIPHER and PROV_DIGEST
It was short lived, as it's not necessary any more.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9946)
2019-09-20 08:28:47 +02:00
Richard Levitte
d3386f770a Refactor SSKDF to create the MAC contexts early
The SSKDF implementation fetched the digest(s) for the underlying MAC,
just to get their names and pass those down to the MAC, which in turn
would fetch those same digests again.

This change circumvents this by fetching the MAC and create the MAC
contexts for them directly when this PRF receives the relevant
parameters, thus only having to pass EVP_MAC_CTX pointers around.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9946)
2019-09-20 08:28:47 +02:00