Commit Graph

29842 Commits

Author SHA1 Message Date
杨明君
c3708f9f7a test: add sm3 low level test case to test suite.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14271)
2021-06-21 11:34:16 +10:00
Richard Levitte
ecd699b6da STORE: Fix OSSL_STORE_open_ex() error reporting
OSSL_STORE_open_ex() could result in reports like this:

    80722AA3927F0000:error:80000002:system library:file_open_ex:No such file or directory:engines/e_loader_attic.c:1016:calling stat(file:test/blahdibleh.der)
    80722AA3927F0000:error:41800069:lib(131)::path must be absolute:engines/e_loader_attic.c:1010:test/blahdibleh.der
    80722AA3927F0000:error:1600007B:STORE routines:OSSL_STORE_open_ex:no loaders found:crypto/store/store_lib.c:148:No store loaders were found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them?

The last one turns out to be a bit too generically reported.  It
should only be reported when no loader were loaded at all, not when
loader_ctx happens to be NULL (which may happen for other reasons).

We also move the helpful message to the OSSL_STORE_LOADER fetcher.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15820)
2021-06-20 19:59:40 +02:00
Richard Levitte
a1a62437e9 TESTS: drop explicit quotes from empty command line arguments
Depending on circumstances, something like this:

    ok(run(app(['openssl', 'whatever', '-config', '""', ...])))

might end up with a command like this:

    ./util/wrap.pl apps/openssl whatever -config '""'

Simply use an empty string (i.e. '' instead of '""') and let the
command line fixup functions do their job.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15822)
2021-06-20 12:53:43 +10:00
Tomas Mraz
f53c079fa5 evp_test: Support testing of stitched TLS ciphers
Add a few testcases.

Fixes #15749

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15827)
2021-06-20 12:52:36 +10:00
Tomas Mraz
f7e2e513d1 Replace non-ASCII character in source file
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15803)
2021-06-19 22:04:34 +10:00
Pauli
c602fadc44 test: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:54:06 +10:00
Pauli
555fea854d rsa: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:54:06 +10:00
Pauli
bb82ef1115 asn1: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:54:06 +10:00
Pauli
2d6f72aa03 ssl: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:54:06 +10:00
Pauli
f6f3a5d34a ssl: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:54:06 +10:00
Pauli
43c02d9ce2 punycode: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:54:06 +10:00
Pauli
d05bfc1254 crypto: repalce tabs with spaces
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:54:06 +10:00
Pauli
a0430488c1 test: replace tabs with spaces in test recipes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:54:06 +10:00
Pauli
5ea4d7648c ssl: replace tabs with spaces
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:51:12 +10:00
Pauli
e69bde88e4 include: replace tabs with spaces in headers
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
2021-06-19 15:51:12 +10:00
Pauli
d0e5230dce test: add test for auto DH security level meets the minimum
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)
2021-06-19 15:49:46 +10:00
Pauli
d7b5c648d6 ssl: do not choose auto DH groups that are weaker than the security level
Fixes #15808

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)
2021-06-19 15:49:46 +10:00
Pauli
b9d022d78f params: fix range check when converting double to uint64_t.
Found in #15815

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15819)
2021-06-19 15:47:57 +10:00
Pauli
d7c88f7600 params: avoid using intmax_t since it's not well supported
Converting doubles to integers used to go via intmax_t which isn't properly
defined on some platforms.  The alternative is to go via int64_t.

Fixes #15815
Alternative to #15816

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15817)
2021-06-19 15:45:25 +10:00
Tomas Mraz
d9ee027e89 aix64-gcc target: Fix build breakage with enable-fips
Fixes #15804

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15807)
2021-06-18 18:21:49 +02:00
Dr. David von Oheimb
47bb597b4f http_client.c: fix HTTP_VERSION_STR_LEN and make it more efficient
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
2021-06-18 14:29:19 +02:00
Dr. David von Oheimb
765860a3ce http_client.c: make HTTP_LINE1_MINLEN more efficient
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
2021-06-18 14:29:19 +02:00
Dr. David von Oheimb
b6fec9658b http_client.c: make prefix checking more readable and more efficient
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
2021-06-18 14:29:19 +02:00
Dr. David von Oheimb
552aeaef0d http_client.c: fix error reporting (a char was missing; improve style)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
2021-06-18 14:29:19 +02:00
Dr. David von Oheimb
8df299d63d http_client.c: fix OSSL_HTTP_proxy_connect() for HTTPS proxy use
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15796)
2021-06-18 14:29:13 +02:00
Richard Levitte
0eed845ce2 Make util/wrap.pl work better on VMS
Perl's system() on VMS needs to have the command line properly fixed
up, even with arguments passed in list form.  We arrange that by
having util/wrap.pl use the same command line fixups as OpenSSL::Test.

As a consequence, util/wrap.pl needs to be generated, to easily pick
up data from configdata.pm.  This also removes yet another file
copying hack from the build file templates.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15791)
2021-06-18 09:08:16 +02:00
Richard Levitte
1abcd1e858 OpenSSL::Test: Move the command line quotifier
The command line quotifier is more useful as a common utility, so it
gets moved to OpenSSL::Util, as the following two functions:

fixup_cmd_elements(), which is the generic command line reformatter
fixup_cmd(), which is like fixup_cmd_elements(), but treats the first
element specially where necessary (such as on VMS).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15791)
2021-06-18 09:08:16 +02:00
Marek
a205860404 Add demo for HKDF
Fixes #14120

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15784)
2021-06-18 17:06:31 +10:00
Matt Caswell
52e6c77ebc Prepare for 3.0 beta 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2021-06-17 14:03:53 +01:00
Matt Caswell
f9bfdc3aa9 Prepare for release of 3.0 beta 1
Reviewed-by: Richard Levitte <levitte@openssl.org>
2021-06-17 14:03:42 +01:00
Matt Caswell
8af25d0a3b make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2021-06-17 14:03:41 +01:00
Matt Caswell
38fc02a708 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
2021-06-17 13:24:59 +01:00
Richard Levitte
e23206ae56 test/recipes/80-test_cmp_http.t: Kill the mock server brutally
To kill a subprocess with the KILL signal is pretty brutal.  However,
it doesn't seem to be killed completely on some platforms, which makes
this test recipe hang indefinitely when (implicitly) closing the file
handle for this server ($server_fh).  A brutal KILL resolves this
problem.

Fixes #15781

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15797)
2021-06-17 10:38:48 +01:00
Pauli
98dc656e5f gost: remove the internal GOST test.
The external GOST test is sufficient according @beldmit.  This avoids having
to manually update and build the GOST engine when something changes.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15795)
2021-06-17 08:26:17 +01:00
Richard Levitte
a515c8256e Fix exit code for VMS in util/wrap.pl and test/run_tests.pl
The exit code for VMS is a bit tricky, and while perl translates the
VMS status code from a typical C program to posix terms, it doesn't
automatically translate its exit code into the typical C program VMS
status code.  Perl scripts are recommended to do so explicitly.

Therefore, we make util/wrap.pl and test/run_tests.pl simulate the
typical C program VMS status code for all non-zero exit codes, except
we give them all the error severity (according to the VMS C library
reference manual, exit codes 2 and above are treated as success...).

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15787)
2021-06-17 08:24:13 +01:00
Richard Levitte
fd6d0c5ac4 Fix small typo in test/recipes/05-test_pbe.t
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15786)
2021-06-17 08:20:49 +01:00
Shane Lontis
d84c368b60 Add self test for ECDSA using curve with a binary field
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15794)
2021-06-17 08:14:36 +01:00
Rich Salz
c3932c34cd Always wait for both threads to finish
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15708)
2021-06-16 15:43:48 +01:00
Richard Levitte
218e9969fd DSO: Fix the VMS DSO name converter to actually do something
This function has never before actually done its work.  This wasn't
discovered before, because its output wasn't important before the FIPS
provider self test started using its value.

This function is now made to insert the VMS DSO extension (".EXE") at
the end of the filename, being careful to make sure what can be a
typical VMS generation number (separated from the file name with a
';') remains at the end.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15765)
2021-06-16 15:31:08 +01:00
Richard Levitte
afb254d02b TEST: Change 'catdir' to 'catfile' when dealing with files, in run_tests.pl
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15767)
2021-06-16 15:20:05 +01:00
Richard Levitte
079f8d36ff Build file templates: Fix in2script dependencies
The in2script functions generates the build file rules for generating
scripts from .in files.  A dependency on configdata.pm is needed,
since it's being used for this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15792)
2021-06-16 14:51:40 +01:00
Richard Levitte
3c121b986c Configuration: Fix incorrect $unified_info{attributes} references
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15758)
2021-06-16 14:47:39 +01:00
Pauli
a6f8e131f4 prov: tag SM2 encoders and decoders as non-FIPS
They're impossible to use in a FIPS environment, so they shouldn't be flagged
as compatible.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15782)
2021-06-16 14:42:38 +01:00
Richard Levitte
62636db634 VMS build: drop a spurious debug print
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15758)
2021-06-16 14:40:03 +01:00
Dr. David von Oheimb
ab9d67efa4 HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c
For this reason, export this function, which allows removing http_local.h

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15764)
2021-06-16 14:36:01 +01:00
Dr. David von Oheimb
eefdb8e013 X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15762)
2021-06-16 14:30:35 +01:00
Richard Levitte
6882652e65 CORE: Do a bit of cleanup of core fetching
Some data, like the library context, were passed both through higher
level callback structures and through arguments to those same higher
level callbacks.  This is a bit unnecessary, so we rearrange the
callback arguments to simply pass that callback structure and rely on
the higher level fetching functionality to pick out what data they
need from that structure.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15750)
2021-06-16 12:32:53 +01:00
Shane Lontis
9932585220 Fix DH private key check.
A recent addition removed setting the dh private key length when
a safe prime group is used. The private key validation check was relying on this
being set for safe primes. Setting the upper bound no longer checks the
length if the value is zero.

This caused a failure in the daily build of acvp_tests.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15760)
2021-06-16 11:25:24 +01:00
Matt Caswell
d66ff761d2 Add a test for fetching various non-evp objects
We fetch an Encoder, Decoder and Loader.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)
2021-06-16 11:07:25 +01:00
Matt Caswell
5a5d90ffac Clean up the encoder/decoder/loader stores before providers
We already had the evp method store being cleaned up before the provider
store was. This prevents issues where the method clean up functions cause
providers to clean up, which then needs access to the provider store. We
extend the same thinking to the encoder/decoder/loader stores.

Fixes #15727

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)
2021-06-16 11:06:30 +01:00