Commit Graph

24289 Commits

Author SHA1 Message Date
Bernd Edlinger
291f616ced Fix an endless loop in BN_generate_prime_ex
Happens when trying to generate 4 or 5 bit safe primes.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9311)
2019-07-07 08:05:33 +02:00
Matt Caswell
2a1e2fe145 Prevent the use of RUN_ONCE inside the FIPS module
FIPS module code *always* runs within the scope of an associated
OPENSSL_CTX. When the module is loaded the OPENSSL_CTX gets created, and
when the module is unloaded the OPENSSL_CX gets freed. A module may be
loaded multiple times within the scope of different OPENSSL_CTX objects.
"Global" data should always be stored within the OPENSSL_CTX. In this
way it will always get cleaned up properly when the module is unloaded.

All current code within the FIPS module works this way. To avoid
"accidents" we disabled the RUN_ONCE code inside the FIPS module.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9308)
2019-07-04 17:11:07 +01:00
Tomas Mraz
e6716f2bb4 Clarify documentation of SSL_CTX_set_verify client side behavior
Fixes #9259

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9291)
2019-07-04 17:01:27 +02:00
Bernd Edlinger
2b43b747d6 Fix a typo and a syntax error in opensslconf.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9298)
2019-07-04 15:57:05 +02:00
Richard Levitte
7e47db5b56 test/recipes/02_test_errstr.t: Make it less fragile
Change it to split the error string returned by `openssl errstr` in a
more robust manner, and ensure it's the reason code we look at.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9304)
2019-07-04 12:06:43 +02:00
Martin Peylo
7a2027240e Adding Test.pm with workaround for Perl abs2rel bug
If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g.
"./config ../openssl", then a bug in Perl's abs2rel may trigger that directory-
rewriting in __cwd results in wrong entries in %directories under certain
circumstances, e.g. when a test executes run(app(["openssl"]) after indir.

There should not be any need to go to a higher directory from BLDDIR or SRCDIR,
so it should be OK to use them in their absolute form, also resolving all
possible symlinks, right from the start.

Following the File::Spec::Functions bug description (reported to perl.org):

When abs2rel gets a path argument with ..s that are crossing over the ..s
trailing the base argument, the result is wrong.

Example
PATH: /home/goal/test/..
BASE: /home/goal/test/../../base
Good result: ../goal
Bad  result: ../..

Bug verified with File::Spec versions
- 3.6301
- 3.74 (latest)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7031)
2019-07-02 20:10:57 +02:00
Rich Salz
bd01733fdd Fix comment; unchecked->checked
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9292)
2019-07-02 20:09:27 +02:00
Matt Caswell
eba3ebd7be Add a dummy call to BN_rand_ex() in the FIPS provider
The previous commit made BIGNUM RAND operations available from within
the FIPS provider. We test this out by making a dummy call to check it
completes successfully.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
2019-07-02 16:49:18 +01:00
Matt Caswell
ee1d4f3db4 Make BIGNUM rand functions available within the FIPS module
The BIGNUM rand functions were previously disabled for the FIPS module.
We can now re-enable them.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
2019-07-02 16:49:18 +01:00
Matt Caswell
6694e51dba Provide rand_bytes_ex and rand_priv_bytes_ex
We provider internal versions of RAND_bytes() and RAND_priv_bytes() which
have the addition of taking an OPENSSL_CTX as a parameter.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
2019-07-02 16:49:18 +01:00
Patrick Steuer
f690ef151c s390x assembly pack: fix various aes modes performance regression
which was introduced with 64adf9aac7.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9271)
2019-07-02 17:33:29 +02:00
Richard Levitte
6592ab81d2 FIPS module: adapt for the changed error reporting methods
The FIPS module inner provider doesn't need to deal with error reason
strings or error library number, since it uses the outer provider's
error reporting upcalls.  We therefore disable that code in
crypto/provider_core.c when building the FIPS module.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9174)
2019-07-02 17:02:02 +02:00
Richard Levitte
6ebc2f56f0 Replumbing: re-implement error reporting for providers
The idea is that providers should only have to report a reason code.
The library code is considered to be libcrypto internal, and are
allocated dynamically and automatically for providers on creation.

We reserve the upper 8 bits of the reason code for internal OpenSSL
use.  This allows our own providers to report errors in form of a
packed number that includes library number, function number and
reason number.

With this, a provider can potentially use any reason number it wants
from 1 to 16777216, although the current error semantics really only
allow 1 to 4095 (because only the lower 12 bits are currently
considered an actual reason code by the ERR subsystem).

A provider can provide a reason string table in form of an array of
ERR_STRING_DATA, with each item containing just the reason code and
the associated string, with the dispatch function numbered
OSSL_FUNC_PROVIDER_GET_REASON_STRINGS matching the type
OSSL_provider_get_reason_strings_fn.
If available, libcrypto will call that function on provider
activation.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9174)
2019-07-02 17:02:02 +02:00
Richard Levitte
7c95390ef0 ossl_provider_upref to ossl_provider_up_ref
Common pattern is that the routines to increment the reference count
are called something_up_ref, not something_upref.  Adapt
ossl_provider_upref() accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9293)
2019-07-02 16:30:56 +02:00
Bernd Edlinger
94f4d58a87 Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data
The member value.ptr is undefined for those ASN1 types.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9278)
2019-07-02 16:22:02 +02:00
Bernd Edlinger
6335f837cf Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN
BOOLEAN does not have valid data in the value.ptr member,
thus don't use it here.

Fixes #9276

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9278)
2019-07-02 16:22:02 +02:00
Antoine Cœur
c2969ff6e7 Fix Typos
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9288)
2019-07-02 14:22:29 +02:00
Patrick Steuer
f663ddc7b0 test/p_test.c: silence -Wstringop-overflow
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9282)
2019-07-02 13:14:42 +02:00
Rich Salz
211da00b79 Remove EXPORT_VAR_AS_FUNC
We only export functions, not global, so remove the config option
and some of the #ifdef stuff.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9285)
2019-07-01 20:13:03 -04:00
Rich Salz
66e2dbc01c Remove global-var/function macros
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9284)
2019-07-01 19:42:12 -04:00
Rich Salz
b66a481888 Remove DES_check_key global
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9284)
2019-07-01 19:42:12 -04:00
Rich Salz
6b10d29c1a Remove NextStep support
Because of that we can remove OPENSSL_UNISTD and some other
macros from e_os2.h and opensslconf.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9204)
2019-07-01 13:32:46 -04:00
Matt Caswell
19ea6b2b37 Fix a leak in evp_test
If evp_test fails to load the legacy provider then it leaks a reference
to the default provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9270)
2019-07-01 10:30:49 +01:00
Matt Caswell
9a131ad747 Change RC5_32_set_key to return an int type
If the key is too long we now return an error.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)
2019-07-01 10:18:37 +01:00
Matt Caswell
792cb4ee8d Ensure that rc5 doesn't try to use a key longer than 2040 bits
The maximum key length for rc5 is 2040 bits so we should not attempt to
use keys longer than this.

Issue found by OSS-Fuzz and Guido Vranken.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)
2019-07-01 10:18:37 +01:00
Matt Caswell
08607613d5 Only cache a method if we actually created one
We were attempting to cache a method after we failed to create it
which leads to an assertion failure.

Fixes #9264

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9269)
2019-07-01 10:07:52 +01:00
Antoine Cœur
68756b12f5 Fix Typos
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9275)
2019-07-01 10:09:22 +02:00
Pauli
3f1679b261 Add OIDs for kmac128, kmac256 and blake2.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9277)
2019-07-01 17:41:31 +10:00
Pauli
e955edcda6 Add a note in the contributing file about trivial commits.
A better explanation of where the "CLA: trivial" line goes and how to add
it post hoc.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9265)
2019-06-27 23:23:17 +10:00
Patrick Steuer
da93b5cc2b s390x assembly pack: update OPENSSL_s390xcap(3)
Add description of capability vector's pcc and kma parts.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)
2019-06-29 23:13:45 +02:00
Patrick Steuer
e382f507fb s390x assembly pack: add support for pcc and kma instructions
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)
2019-06-29 23:13:45 +02:00
Paul Yang
bc42bd6298
Support SM2 certificate signing
SM2 certificate signing request can be created and signed by OpenSSL
now, both in library and apps.

Documentation and test cases are added.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9085)
2019-06-28 18:58:19 +08:00
Matt Caswell
53a11c6da0 Change the DRBG HMAC implementation to lookup allowed digest names
As per the previous commit we make the same change for DRBG HMAC and
more closely align the FIPS_MODE and non FIPS_MODE implementations.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
2019-06-28 10:22:21 +01:00
Matt Caswell
671aaecd36 Change the DRBG HASH implementation to lookup all allowed algorithm names
We use the new function ossl_prov_util_nid_to_name() to look up the
algorithm and unify the FIPS_MODE and non-FIPS_MODE handling.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
2019-06-28 10:22:21 +01:00
Matt Caswell
4cecf7a127 Add a nid 2 algorithm name mapping capability
Providers that link against libcrypto can just use OBJ_nid2sn() to look
up the name of an algorithm given a NID. However that doesn't work for the
FIPS provider because OBJ_nid2sn() is not available there (due to the
reliance of the code on ASN.1 types). Therefore we provider a new function
to do this mapping. For providers linking against libcrypto the new function
just wraps OBJ_nid2sn(). For the FIPS provider it has a look up for all the
NIDs known there.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
2019-06-28 10:22:21 +01:00
Matt Caswell
45c54042d0 Call RAND_DRBG_bytes from inside the FIPS provider
Insert a dummy call to RAND_DRBG_bytes from inside the FIPS provider to
demonstrate that it is possible to use the RAND code from inside the
module. This is temporary and will be removed once real uses of the RAND
code are available inside the module.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
2019-06-28 10:22:21 +01:00
Matt Caswell
f2d20f0bb8 Fix NULL pointer dereference in the ex_data code
In some circumstances the global data held in the "global" variable can
be NULL, so we should error out in the circumstance instead of crashing.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
2019-06-28 10:22:21 +01:00
Matt Caswell
57ca171a13 Make the RAND code available from inside the FIPS module
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
2019-06-28 10:22:21 +01:00
Matt Caswell
0da1d43a94 Document EVP_CIPHER_up_ref()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)
2019-06-28 10:02:09 +01:00
Matt Caswell
70c35fd1f6 Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref
All the other upref functions are spelled as "up_ref". These new functions
should be consistent.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)
2019-06-28 10:02:09 +01:00
Matt Caswell
42738cdeaa Add documentation for EVP_CIPHER_fetch
We extend the EVP_MD_fetch documentation to be more generic and to also
cover EVP_CIPHER_fetch. We expect this to be further expanded with other
"fetch" functions in the future.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)
2019-06-28 10:02:09 +01:00
Dr. Matthias St. Pierre
262c00882a man: clarify the 'random number generator must be seeded' requirement
The manual pages require for some API functions that the 'random number
generator must be seeded' before calling the function.  Initially, this
was meant literally, i.e. the OpenSSL CSPRNG had to be seeded manually
before calling these functions.

Since version 1.1.1, the CSPRNG is seeded automatically on first use,
so it's not the responsibility of the programmer anymore.  Still, he
needs to be aware that the seeding might fail.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9257)
2019-06-27 14:39:07 +02:00
Dr. Matthias St. Pierre
0588be2e01 man: fix documentation for RSA_generate_key()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9260)
2019-06-27 12:53:30 +02:00
Matt Caswell
743694a6c2 Move the public SIV mode functions from public headers to internal ones
SIV mode is accessible via EVP. There should be no reason to make the low
level SIV functions from the modes directory part of the public API. Since
these functions do not exist in 1.1.1 we are still able to make this change.

This also reduces the list of newly added undocumented symbols from
issue #9095.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9232)
2019-06-27 09:47:23 +01:00
Benjamin Kaduk
29948ac80c Move 'shared_sigalgs' from cert_st to ssl_st
It was only ever in cert_st because ssl_st was a public structure
and could not be modified without breaking the API.  However, both
structures are now opaque, and thus we can freely change their layout
without breaking applications.  In this case, keeping the shared
sigalgs in the SSL object prevents complications wherein they would
inadvertently get cleared during SSL_set_SSL_CTX() (e.g., as run
during a cert_cb).

Fixes #9099

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)
2019-06-26 12:20:55 -05:00
Benjamin Kaduk
6f34d7bc7d Revert "Delay setting the sig algs until after the cert_cb has been called"
This reverts commit 524006dd1b.

While this change did prevent the sigalgs from getting inadvertently
clobbered by SSL_set_SSL_CTX(), it also caused the sigalgs to not be
set when the cert_cb runs.  This, in turn, caused significant breakage,
such as SSL_check_chain() failing to find any valid chain.  An alternate
approach to fixing the issue from #7244 will follow.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)
2019-06-26 12:20:55 -05:00
Benjamin Kaduk
7cb8fb07e8 Add regression test for #9099
Augment the cert_cb sslapitest to include a run that uses
SSL_check_chain() to inspect the certificate prior to installing
it on the SSL object.  If the check shows the certificate as not
valid in that context, we do not install a certificate at all, so
the handshake will fail later on in processing (tls_choose_sigalg()),
exposing the indicated regression.

Currently it fails, since we have not yet set the shared sigalgs
by the time the cert_cb runs.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)
2019-06-26 12:20:55 -05:00
Bernd Edlinger
b113279292 Keep the externally visible macro BIO_FLAGS_UPLINK in bio.h
and rename the internally used macro to BIO_FLAGS_UPLINK_INTERNAL.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7307)
2019-06-26 18:31:48 +02:00
Paul Yang
4b931252be Fix incorrect usage of a test case
test/x509_check_cert_pkey_test.c has incorrect usage description.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9250)
2019-06-26 17:36:56 +08:00
Pauli
edc6235648 The params_test uses wrong size for BN check.
Before the return size was included in the OSSL_PARAM structure, the size
global was updated via a pointer.  The size global variable has been removed
and the in structure return size used instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9248)
2019-06-26 16:33:41 +10:00