Commit Graph

30426 Commits

Author SHA1 Message Date
Matt Caswell
a983764e17 Add a test for custom EVP_PKEY_METHODs
Adds a test for using custom EVP_PKEY_METHODs without an ENGINE. As part
of this we also test having a custom EVP_PKEY_METHOD that wraps a built-in
EVP_PKEY_METHOD. We do this for both legacy and provided keys.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)
2021-07-22 13:52:54 +02:00
Matt Caswell
929f651eaa Fix custom EVP_PKEY_METHOD implementations where no engine is present
It is possible to have a custom EVP_PKEY_METHOD implementation without
having an engine. In those cases we were failing to use that custom
implementation.

Fixes #16088

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)
2021-07-22 13:52:46 +02:00
Matt Caswell
5dc6489bb6 Update our EVP_PKEY_METHODs to get low level keys via public APIs
It is possible to call built-in EVP_PKEY_METHOD functions with a provided
key. For example this might occur if a custom EVP_PKEY_METHOD is in use
that wraps a built-in EVP_PKEY_METHOD. Therefore our EVP_PKEY_METHOD
functions should not assume that we are using a legacy key. Instead we
get the low level key using EVP_PKEY_get0_RSA() or other similar functions.
This "does the right thing" if the key is actually provided.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)
2021-07-22 13:52:46 +02:00
Dr. David von Oheimb
981a5b7ce3 OSSL_HTTP_open(): Fix memory leak on TLS connect failure via proxy
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16119)
2021-07-22 10:14:47 +02:00
Pauli
c74188e86c ci: omit tests that consume too much memory
The SSL API tests and the passwd command test trigger memory leakage in the
address sanitizer.

Fixes #16116

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16125)
2021-07-21 20:04:36 +10:00
Dr. David von Oheimb
4672e5de9e tls_process_{client,server}_certificate(): allow verify_callback return > 1
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13937)
2021-07-21 11:46:18 +02:00
Dr. David von Oheimb
ee11462d31 SSL_CTX_set_cert_verify_callback.pod: various corrections and clarifications
- Make clear the callback is called whenever a peer certificate has been received,
  which is independent of the verification mode.
- Make clear that a return value > 1 always leads to handshake failure.
- Make clear that in server mode also return values <= 0 lead to handshake failure.
- For client mode replace the incorrect formulation "if B<SSL_VERIFY_PEER> is set"
  by what is actually implemented: "if the verification mode is not B<SSL_VERIFY_NONE>".
- Refer to X509_STORE_CTX_set_error() rather than to internal error variable.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13937)
2021-07-21 11:44:14 +02:00
yangyangtiantianlonglong
0c48fda8d3 Add testcases for SSL_key_update() corner case calls
Test that SSL_key_update() is not allowed if there are writes pending.
Test that there is no reset of the packet pointer in ssl3_setup_read_buffer().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16085)
2021-07-21 14:11:56 +10:00
Pauli
fd76ee47b9 test: include all DRBG tests in FIPS mode
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)
2021-07-20 18:34:07 +10:00
Pauli
9989a746eb docs: update CTR DRBG documentation to not mention the lack of a derivation function in FIPS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)
2021-07-20 18:34:07 +10:00
Pauli
4e6fa8014f err: remove the derivation function is mandatory for FIPS error message since it's no longer used and newly introduced
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)
2021-07-20 18:34:07 +10:00
Pauli
00f5f3cd00 drbg: allow the ctr derivation function to be disabled in FIPS mode
Word from the lab is:

    The use of the derivation function is optional if either an approved
    RBG or an entropy source provides full entropy output when entropy
    input is requested by the DRBG mechanism. Otherwise, the derivation
    function shall be used.

So our disallowing it's use was more than required.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)
2021-07-20 18:34:07 +10:00
Ingo Schwarze
c5dc9ab965 Fix a read buffer overrun in X509_aux_print().
The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in any
way either, so we must assume the return value from X509_alias_get0(3)
is merely a byte array and not necessarily a string in the sense
of the C language.

I found this bug while writing manual pages for X509_print_ex(3)
and related functions.  Theo Buehler <tb@openbsd.org> checked my
patch to fix the same bug in LibreSSL, see

http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9

As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others.  But let's stay focussed.  Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16108)
2021-07-20 09:40:56 +02:00
Petr Gotthard
718d55f43f doc: fix OPENSSL_VERSION_NUMBER length in the synopsis
The number has 8 digits (not 9). It is a single integer `0xMNN00PP0L`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16106)
2021-07-20 10:19:05 +10:00
Pauli
b8ffcd8715 demos: update readme file with pbkdf2 and scrypt examples.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)
2021-07-20 10:14:42 +10:00
Pauli
9dbb4dac09 demos: add Makefile support for pbkdf2 and scrypt KDF demos
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)
2021-07-20 10:14:42 +10:00
Pauli
73a3b967e9 demo: add scrypt demonstration program
Using test vector from RTC 7914

Fixes #14108

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)
2021-07-20 10:14:42 +10:00
Pauli
d2f25d5c0a demo: add pbkdf2 demonstration program
Using test vector from RTC 7914

Fixes #14107

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)
2021-07-20 10:14:42 +10:00
Pauli
d9c29baf1a test: fix use after scope problem in ACVP test
Repeat after me:
    thou shall not use an auto scope variable as a parameter
    that is used out of scope.

Fixes GitHub CI #6305

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16103)
2021-07-19 13:08:17 +10:00
Matt Caswell
ca00152497 Fix some minor record layer issues
Various comments referred to s->packet and s->packet_length instead of
s->rlayer.packet and s->rlayer.packet_length. Also fixed is a spot where
RECORD_LAYER_write_pending() should have been used. Based on the review
comments in #16077.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16086)
2021-07-17 08:50:55 -07:00
Matt Caswell
2cff17fdb8 Fix signed/unsigned comparison warnings in sslapitest
Fixes build failures if using enable-ktls in conjunction with --strict-warnings

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16090)
2021-07-17 17:52:48 +10:00
Pauli
c3c00c7acd config: enable ACVP test case if FIPS is enabled.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16095)
2021-07-17 17:51:08 +10:00
Tomas Mraz
24f84b4e4d doc: It is not possible to use SSL_OP_* value in preprocessor conditions
Fixes #16082

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16084)
2021-07-16 14:37:18 +02:00
Matt Caswell
3bec485153 Disallow SSL_key_update() if there are writes pending
If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.

Fixes #12485

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16077)
2021-07-16 12:20:20 +02:00
Matt Caswell
21ba77cad6 Don't reset the packet pointer in ssl3_setup_read_buffer
Sometimes this function gets called when the buffers have already been
set up. If there is already a partial packet in the read buffer then the
packet pointer will be set to an incorrect value. The packet pointer already
gets reset to the correct value when we first read a packet anyway, so we
don't also need to do it in ssl3_setup_read_buffer.

Fixes #13729

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16077)
2021-07-16 12:20:20 +02:00
Tomas Mraz
e0ad156d22 RSA_public_decrypt is equivalent to a verify recover operation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068)
2021-07-16 11:29:34 +02:00
Tomas Mraz
02d63fe999 evp_test: Add tests for rsa_padding_mode:none
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068)
2021-07-16 11:29:33 +02:00
Tomas Mraz
07d189cee4 Allow RSA signature operations with RSA_NO_PADDING
When no md is set, the raw operations should be allowed.

Fixes #16056

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068)
2021-07-16 11:29:26 +02:00
Tomas Mraz
ca638147c8 Drop daily run-checker build with just enable-acvp-tests
Having just enable-acvp-tests without enable-fips does not make
much sense as this just builds the test but it is skipped.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
2021-07-16 11:23:18 +02:00
Tomas Mraz
f096691b91 CI: have enable-acvp-tests in some CI build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
2021-07-16 11:23:18 +02:00
Tomas Mraz
033e987c03 Signature algos: allow having identical digest in params
The flag_allow_md prevents setting a digest in params however
this is unnecessarily strict. If the digest is the same as the
one already set, we do not return an error.

Fixes #16071

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
2021-07-16 11:23:18 +02:00
Tomas Mraz
59f66d8cf9 acvp_test: Fix incorrect parenthesis
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
2021-07-16 11:23:17 +02:00
Daiki Ueno
09c1db3399 apps: Use the first detected address family if IPv6 is not available
This is a follow up of 15729bef38.  Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.

After eee8a40aa5, the do_server function
prefers the IPv6 address and fails on the BIO_socket call.  This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.

The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface.  However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16074)
2021-07-16 08:58:06 +02:00
Tomas Mraz
52f7e44ec8 Split bignum code out of the sparcv9cap.c
Fixes #15978

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16019)
2021-07-15 09:33:04 +02:00
Pauli
8e94c51b32 doc: document the params arguments to the initialisation functions.
These were accidentally omitted when the arguments were added globally.

Fixes #16067

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16072)
2021-07-15 16:46:18 +10:00
Pauli
56fdb70796 evp: constify some OSSL_PARAM arguments
These were missed when the initialisation params were added

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16072)
2021-07-15 16:46:18 +10:00
Tomas Mraz
11f18ef1f5 Make EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check()
The implementation of EVP_PKEY_pairwise_check() is also changed
to handle the legacy keys.

Fixes #16046

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16069)
2021-07-15 10:54:25 +10:00
Tomas Mraz
54c0480dac doc: Document that incomplete certificates return error
Fixes #16065

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16070)
2021-07-15 10:23:41 +10:00
Pauli
e77be2e201 test: add single byte IV AES GCM tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16064)
2021-07-14 12:02:03 +02:00
Pauli
c55c7d0292 Remove lower limit on GCM mode ciphers
Fixes #16057

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16064)
2021-07-14 12:02:03 +02:00
Pauli
2f0a53816b apps: avoid using POSIX IO macros and functions when built without them.
Fall back to stdio functions if not available.

Fixes a daily run-checker failure (no-posix-io)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16073)
2021-07-14 09:17:45 +02:00
Syrone Wong
4e0383d851 Fix OSSL_TRACE9 missing arg9
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16060)
2021-07-14 14:57:03 +10:00
Richard Levitte
53111a88ce Avoid empty lines in nmake rule bodies
nmake is tolerant of those empty lines, but jom isn't.  That tolerance
isn't standard make behaviour, so we lean towards avoiding them.

We simply use '@rem' instead.

Fixes #16014

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16048)
2021-07-13 10:08:33 +02:00
Tianjia Zhang
db226bf20f Remove executable mode attributes of non-executable files
Remove the executable attributes of some C code files and key files,
change the file mode from 0755 to 0644.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16045)
2021-07-13 16:04:32 +10:00
Pauli
a773e67b89 asn.1: fix Coverity 1487104 Logically dead code
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16042)
2021-07-13 09:24:04 +10:00
Pauli
d19dacd55f doc: document the new opt_legacy_okay() function's behaviour
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
2021-07-12 09:13:41 +10:00
Pauli
09b430cd87 app: add library context and propq arguments to opt_md() and opt_cipher()
Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
2021-07-12 09:13:41 +10:00
Pauli
ff21571365 apps: add a function opt_legacy_okay() that indicates if legacy paths are permitted or not
By default they are.  However, if a provider, provider path or a property query has been specified
they are not.  Likewise, if a library context or a property query has been
specified by the command, they are not.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
2021-07-12 09:13:41 +10:00
Pauli
242dfd8a1b apps: add query to allow a command to know of a provider command line option was processed
Better fixing:
Fixing #15683
Fixing #15686

Replacing rather than fixing:
Fixing #15414

Since that claims to fix another:
Fixing #15372

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
2021-07-12 09:13:41 +10:00
Pauli
ac1e85f464 test: make build descriptions more consistent
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
2021-07-12 09:13:20 +10:00