Commit Graph

27999 Commits

Author SHA1 Message Date
Dr. Matthias St. Pierre
b209835364 v3_ocsp.c: fix indentation of include directives
Fixes #13820

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13822)
2021-01-12 11:19:04 +01:00
John Baldwin
3ddf44ea5a Close /dev/crypto file descriptor after CRIOGET ioctl().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13807)
2021-01-11 14:10:36 -08:00
Dr. David von Oheimb
678cae0295 APPS: Print help also on -h and --h; print high-level help when no cmd given
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13799)
2021-01-11 19:39:49 +01:00
Dr. David von Oheimb
3372039252 APPS: Fix confusion between program and app/command name used in diagnostic/help output
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13799)
2021-01-11 19:39:49 +01:00
Dr. David von Oheimb
046a7aaa5e apps/pkey.c: Forther improve user guidance, also on non-sensical option combinations
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)
2021-01-11 19:35:34 +01:00
Dr. David von Oheimb
1f7643e86e apps/pkey.c: Re-order help output and option documentation
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)
2021-01-11 19:35:34 +01:00
Dr. David von Oheimb
475d10028e apps/pkey.c: Make clear that -passout is not supported for DER output
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)
2021-01-11 19:35:34 +01:00
Dr. David von Oheimb
400e2acfe0 apps.c: Fix crash in case uri arg of IS_HTTP or IS_HTTPS is NULL
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)
2021-01-11 19:35:34 +01:00
Sahana Prasad
e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free()
instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.

Signed-off-by: Sahana Prasad <sahana@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13814)
2021-01-09 18:22:49 +01:00
anupamam13
42141197a1 Fix for negative return value from SSL_CTX_sess_accept()
Fixes #13183

From the original issue report, before this commit, on master and on
1.1.1, the issue can be detected with the following steps:

- Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI,
  "Accept" count of default context gets incremented
- After servername lookup, "Accept" count of default context gets
  decremented and that of SNI context is incremented
- Server sends a "Hello Retry Request"
- Client sends the second "Client Hello", now again "Accept" count of
  default context is decremented. Hence giving a negative value.

This commit fixes it by adding a check on `s->hello_retry_request` in
addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved
only on the first ClientHello.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13297)
2021-01-09 00:55:02 +02:00
Romain Geissler
732e24bb14 Fix simpledynamic test compilation when condigured without DSO support.
This fixes this compilation error:
In file included from test/simpledynamic.c:13:
test/simpledynamic.h:39:35: error: unknown type name 'SD'
   39 | int sd_load(const char *filename, SD *sd, int type);
      |                                   ^~
test/simpledynamic.h:40:12: error: unknown type name 'SD'
   40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
      |            ^~
test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
   40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
      |                                        ^~~~~~
test/simpledynamic.h:41:14: error: unknown type name 'SD'
   41 | int sd_close(SD lib);
      |              ^~
make[1]: *** [Makefile:24670: test/moduleloadtest-bin-simpledynamic.o] Error 1
make[1]: *** Waiting for unfinished jobs....
In file included from test/moduleloadtest.c:19:
test/simpledynamic.h:39:35: error: unknown type name 'SD'
   39 | int sd_load(const char *filename, SD *sd, int type);
      |                                   ^~
test/simpledynamic.h:40:12: error: unknown type name 'SD'
   40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
      |            ^~
test/simpledynamic.h:40:40: error: unknown type name 'SD_SYM'
   40 | int sd_sym(SD sd, const char *symname, SD_SYM *sym);
      |                                        ^~~~~~
test/simpledynamic.h:41:14: error: unknown type name 'SD'
   41 | int sd_close(SD lib);
      |              ^~

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13802)
2021-01-09 00:38:48 +02:00
Thomas De Schampheleire
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
The openssl code base has only a few occurrences of 'unsigned const char'
(15 occurrences), compared to the more common 'const unsigned char' (4420
occurrences).

While the former is not illegal C, mixing the 'const' keyword (a 'type
qualifier') in between 'unsigned' and 'char' (both 'type specifiers') is a
bit odd.

The background for writing this patch is not to be pedantic, but because
the 'opmock' program (used to mock headers for unit tests) does not accept
the 'unsigned const char' construct. While this definitely is a bug in
opmock or one of its dependencies, openssl is the only piece of software we
are using in combination with opmock that has this construct.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13722)
2021-01-09 00:20:16 +02:00
Nicola Tuveri
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
2021-01-08 23:59:02 +02:00
Nicola Tuveri
9e49aff2aa Add SM2 private key range validation
According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.

For this reason we cannot reuse the EC validation function as it is, and
we introduce a new internal function `sm2_key_private_check()`.

Partially fixes https://github.com/openssl/openssl/issues/8435

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
2021-01-08 23:59:02 +02:00
Nicola Tuveri
4554988e58 [test][pkey_check] Add invalid SM2 key test
SM2 private keys have different validation requirements than EC keys:
this test checks one corner case highlighted in
https://github.com/openssl/openssl/issues/8435

As @bbbrumley mentioned in
https://github.com/openssl/openssl/issues/8435#issuecomment-720504282
this only fixes the absence of a regression test for validation of this
kind of boundary issues for decoded SM2 keys.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
2021-01-08 23:59:02 +02:00
Nicola Tuveri
ed37336b63 [apps/pkey] Return error on failed -[pub]check
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
2021-01-08 23:59:02 +02:00
Nicola Tuveri
c5bc5ec849 [test] Add pkey -check validation tests
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
2021-01-08 23:50:42 +02:00
Michael Baentsch
becbacd705 Adding TLS group name retrieval
Function SSL_group_to_name() added, together with documentation and tests.
This now permits displaying names of internal and external
provider-implemented groups.

Partial fix of #13767

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13785)
2021-01-08 17:04:46 +00:00
Billy Brumley
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13783)
2021-01-08 12:12:03 +01:00
Matt Caswell
d0afb30ef3 Ensure DTLS free functions can handle NULL
Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
related objects.

Fixes #13649

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13655)
2021-01-08 10:26:26 +00:00
Otto Hollmann
3d0b6494d5 Remove extra space.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)
2021-01-07 17:38:56 +01:00
Otto Hollmann
981b4b9572 Fixed error and return code.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)
2021-01-07 17:38:56 +01:00
Otto Hollmann
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)
2021-01-07 17:38:56 +01:00
Otto Hollmann
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)
2021-01-07 17:38:56 +01:00
Matt Caswell
a86add03ab Prepare for 3.0 alpha 11
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2021-01-07 13:48:32 +00:00
Matt Caswell
cae118f938 Prepare for release of 3.0 alpha 10
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2021-01-07 13:48:10 +00:00
Matt Caswell
bd0c71298a Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13800)
2021-01-07 13:38:50 +00:00
Matt Caswell
e260bee0a9 Only perform special TLS handling if TLS has been configured
Skip over special TLS steps for stream ciphers if we haven't been
configured for TLS.

Fixes #12528

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13774)
2021-01-06 11:08:35 +00:00
David CARLIER
7c0e98a5c4 Mac M1 setting change proposal.
Running tests takes very long with the current setting while it takes a
lot shorter time with this change.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13771)
2021-01-06 11:06:32 +01:00
John Baldwin
7fd1ca723a Support session information on FreeBSD.
FreeBSD's /dev/crypto does not provide a CIOCGSESSINFO ioctl, but it
does provide other ioctls that can be used to provide similar
functionality.

First, FreeBSD's /dev/crypto defines a CIOCGESSION2 ioctl which accepts
a 'struct session2_op'.  This structure extends 'struct session_op'
with a 'crid' member which can be used to either request an individual
driver by id, or a class of drivers via flags.

To determine if the available drivers for a given algorithm are
accelerated or not, use CIOCGESSION2 to first attempt to create an
accelerated (hardware) session.  If that fails, fall back to
attempting a software session.  In addition, when requesting a new
cipher session, use the current setting of the 'use_softdrivers' flag
to determine the value assigned to 'crid' when invoking CIOCGSESSION2.

Finally, use the returned 'crid' value from CIOCGSESSION2 to look up
the name of the associated driver via the CIOCFINDDEV ioctl.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13468)
2021-01-05 15:16:16 -08:00
John Baldwin
b39c215dec Use CRIOGET to fetch a crypto descriptor when present.
FreeBSD's current /dev/crypto implementation requires that consumers
clone a separate file descriptor via the CRIOGET ioctl that can then
be used with other ioctls such as CIOCGSESSION.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13468)
2021-01-05 15:16:16 -08:00
bazmoz
3497cc8776 Updated SSL_CTX_new doc
Fixes #13703

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13741)
2021-01-05 18:09:11 +00:00
Etienne Millon
b043c41c00 28-seclevel.cnf.in: fix typo in algo name
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13768)
2021-01-05 16:44:09 +01:00
Etienne Millon
b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13768)
2021-01-05 16:44:09 +01:00
Nirbheek Chauhan
2c61a670eb win-onecore: Build with /APPCONTAINER for UWP compat
When targeting the win-onecore configuration, we must link with
/APPCONTAINER which is a requirement for submitting apps to the
Windows Store.

Without this, the Windows App Certificate Kit will reject the app:
https://docs.microsoft.com/en-us/cpp/build/reference/appcontainer-windows-store-app

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12400)
2021-01-04 12:01:55 +00:00
Nirbheek Chauhan
ce11192650 crypto/win: Don't use disallowed APIs on UWP
CreateFiber and ConvertThreadToFiber are not allowed in Windows Store
(Universal Windows Platform) apps since they have been replaced by
their Ex variants which have a new dwFlags parameter.

This flag allows the fiber to do floating-point arithmetic in the
fiber on x86, which would silently cause corruption otherwise since
the floating-point state is not switched by default.

Switch to these "new" APIs which were added in Vista.

See: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfiberex#parameters

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12400)
2021-01-04 12:01:44 +00:00
Dr. David von Oheimb
38b57c4c52 Update copyright years of auto-generated headers (make update)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13764)
2021-01-04 07:15:24 +01:00
Matt Caswell
ea08f8b294 Add a test for the new CRYPTO_atomic_* functions
Also tests the older CRYPTO_atomic_add() which was without a test

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)
2020-12-31 13:14:38 +01:00
Matt Caswell
49fff26d67 Add documentation for CRYPTO_atomic_or and CRYPTO_atomic_load
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)
2020-12-31 13:14:38 +01:00
Matt Caswell
db6bcc81ab Optimise OPENSSL_init_crypto
If everything has already been initialised we can check this with a
single test at the beginning of OPENSSL_init_crypto() and therefore
reduce the amount of time spent in this function. Since this is called
via very many codepaths this should have significant performance benefits.

Partially fixes #13725 and #13578

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)
2020-12-31 13:14:38 +01:00
Matt Caswell
d5e742de65 Add some more CRYPTO_atomic functions
We add an implementation for CRYPTO_atomic_or() and CRYPTO_atomic_load()

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13733)
2020-12-31 13:14:38 +01:00
Matt Caswell
30af356df4 Don't call EVP_CIPHER_CTX_block_size() to find the block size
The EVP lib was calling EVP_CIPHER_CTX_block_size(), which in turn calls
EVP_CIPHER_block_size() in order to find the block_size in every
EVP_EncryptUpdate() call. This adds a surprising amount of overhead when
using speed to test aes-128-cbc. Since we're in the EVP lib itself, we can
just directly access this value.

To test performance I ran the command:
openssl speed -evp aes-128-cbc -bytes 16 -seconds 30

For the before and after, I ran this twice and discarded the first result
to "warm up" my machine.

Before:
aes-128-cbc     716949.71k

After:
aes-128-cbc     742807.11k

This represents a performance improvement of about 4%

Partially fixes #13407

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13734)
2020-12-30 09:32:14 +01:00
Matt Caswell
ae031148fd Optimise OPENSSL_init_crypto to not need a lock when loading config
Most of the time we don't have any explicit settings when loading a
config file. Therefore we optimise things so that we don't need to use
a lock in that instance.

Partially addresses performance issues in #13725

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13731)
2020-12-24 12:36:40 +01:00
Matt Caswell
38f7931429 Cache Digest constants
EVP_CIPHER already caches certain constants so that we don't have to
query the provider every time. We do the same thing with EVP_MD constants.
Without this we can get performance issues, e.g. running "speed" with
small blocks of data to digest can spend a long time in EVP_MD_size(),
which should be quick.

Partialy fixes #13578

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13730)
2020-12-23 21:12:18 +01:00
Matt Caswell
ae69da05a7 Move the caching of cipher constants into evp_cipher_from_dispatch
Previously we cached the cipher constants in EVP_CIPHER_fetch(). However,
this means we do the caching every time we call that function, even if
the core has previusly fetched the cipher and cached it already. This
means we can end up re-caching the constants even though they are already
present. This also means we could be updating these constants from
multiple threads at the same time.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13730)
2020-12-23 21:12:18 +01:00
Dmitry Belyavskiy
fdf05eb761 Fix doc-nits for list command
Bug was introduced in #13669

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13728)
2020-12-23 11:15:12 +01:00
Dmitry Belyavskiy
128d25ba6a Fetch provided algorithm once per benchmark
Partially fixes #13578

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13721)
2020-12-23 11:10:16 +01:00
Ingo Schwarze
c4b2c53fad Fix NULL pointer access caused by X509_ATTRIBUTE_create()
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return
failure rather than silently constructing a broken X509_ATTRIBUTE object
that might cause NULL pointer accesses later on.  This matters because
X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3)
and the NID comes straight from the user.

This bug was found while working on LibreSSL documentation.

Reviewed-by: Theo Buehler <tb@openbsd.org>

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12052)
2020-12-21 15:25:59 +01:00
jwalch
7a7ed5fc79 Restore v2i_AUTHORITY_INFO_ACCESS() behavior
Fixes #13636

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13683)
2020-12-21 14:38:37 +01:00
Richard Levitte
3a1ee3c199 Drop OPENSSL_NO_RSA everywhere
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
2020-12-20 12:19:42 +01:00