Commit Graph

28994 Commits

Author SHA1 Message Date
Matt Caswell
f42e68dc47 Defer Finished MAC handling until after state transition
In TLS we process received messages like this:

1) Read Message Header
2) Validate and transition state based on received message type
3) Read Message Body
4) Process Message

In DTLS we read messages like this:

1) Read Message Header and Body
2) Validate and transition state based on received message type
3) Process Message

The difference is because of the stream vs datagram semantics of the
underlying transport.

In both TLS and DTLS we were doing finished MAC processing as part of
reading the message body. This means that in DTLS this was occurring
*before* the state transition has been validated. A crash was occurring
in DTLS if a Finished message was sent in an invalid state due to
assumptions in the code that certain variables would have been setup by
the time a Finished message arrives.

To avoid this problem we shift the finished MAC processing to be after
the state transition in DTLS.

Thanks to github user @bathooman for reporting this issue.

Fixes #14906

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14930)
2021-04-28 16:23:08 +01:00
Matt Caswell
460d2fbcd7 Store the list of activated providers in the libctx
The provider config module was storing the list of activated providers
in a global variable. However, because different libctxs can each load
providers via config files we need to keep the list of activated providers
separate and in the libctx.

Partially fixes #15030

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15033)
2021-04-28 16:04:25 +01:00
Matt Caswell
2d5695016d Properly protect access to the provider flag_activated field
This was not always locked when it should be.

Fixes #15005

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15010)
2021-04-28 15:51:10 +01:00
Matt Caswell
98369ef25f Add a threading test for loading/unloading providers
Check that we don't see any threading issues when loading/unloading a
provider from multiple threads.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15010)
2021-04-28 15:51:10 +01:00
Dr. David von Oheimb
4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms
Also constify and slightly refactor them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
2021-04-28 14:10:47 +02:00
Dr. David von Oheimb
176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts
Also constify and slightly refactor them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
2021-04-28 14:10:47 +02:00
Dr. David von Oheimb
1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
2021-04-28 14:10:45 +02:00
Tomas Mraz
624359374b Skip test_fipsload when fips is disabled.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15027)
2021-04-28 12:06:08 +02:00
Tomas Mraz
50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15027)
2021-04-28 12:06:08 +02:00
David Benjamin
cdf63a3736 Add X509 version constants.
The X509 version APIs return the numerical values of the version
numbers, which are one off from the names. This is a bit confusing.
Where they don't get it wrong (accidentally making an "X509v4"
certificate), callers tend to try commenting every call site to explain
the mismatch, including in OpenSSL itself.

Define constants for these values, so code can be self-documenting and
callers are nudged towards the right values.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14549)
2021-04-28 11:40:06 +02:00
Kevin Cadieux
d97adfda28 memleaktest with MSVC's AddressSanitizer
Disabling memleaktest under MSVC because leak detection is not a supported feature with MSVC's AddressSanitizer. Leaving ASan enabled in this case causes a test failure because the test suite is expecting the leak to be detected.

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14581)
2021-04-28 11:37:32 +02:00
Tomas Mraz
67ea4beb94 OPENSSL_sk functions are effectively already documented
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14728)
2021-04-28 11:19:34 +02:00
Tomas Mraz
5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer()
It is possible for the stack of X509_OBJECTs held in an X509_STORE_CTX to
have a custom compare function associated with it. Normally (by default)
this uses X509_NAME_cmp(). The X509_STORE_CTX_get1_issuer() function
assumed that it would always be X509_NAME_cmp().

By implementing OPENSSL_sk_find_all() function we can avoid explicitly
using X509_NAME_cmp() in X509_STORE_CTX_get1_issuer().

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14728)
2021-04-28 11:19:34 +02:00
Jon Spillett
e1491a2f15 Add testing for updated cipher IV
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15041)
2021-04-28 10:01:12 +02:00
Tomas Mraz
8365652287 Use "canonical" names when matching the output of the commands
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)
2021-04-28 09:38:31 +02:00
Tomas Mraz
680dbd16dc Skip GOST engine tests in out of tree builds
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)
2021-04-28 09:38:31 +02:00
Tomas Mraz
eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby
Fixes #14198

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)
2021-04-28 09:38:31 +02:00
Rich Salz
c0a79e9836 Rename some globals, add ossl prefix.
Fixes: 13562

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15035)
2021-04-28 10:16:32 +10:00
Andreas Schwab
e6760e3e84 Add system guessing for linux64-riscv64 target
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15023)
2021-04-27 17:05:20 +02:00
Shane Lontis
e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT.
Fixes #14667

Reworked test supplied by @smcpeak into a unit test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14938)

(cherry picked from commit 7c65179ad9)
2021-04-27 12:43:52 +02:00
Richard Levitte
1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
The 'sn' and 'ln' strings may be dynamically allocated, and the
ASN1_OBJECT flags have a bit set to say this.  If an ASN1_OBJECT with
such strings is passed to d2i_ASN1_OBJECT() for reuse, the strings
must be freed, or there is a memory leak.

Fixes #14667

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14938)

(cherry picked from commit 65b88a7592)
2021-04-27 12:43:52 +02:00
Paul Kehrer
94471ccfda add verbosity for pyca job
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)
2021-04-27 19:09:03 +10:00
Paul Kehrer
a938f0045e re-add pyca/cryptography testing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)
2021-04-27 19:09:03 +10:00
Paul Kehrer
a09fb26ba9 add wycheproof submodule
This is used with the pyca/cryptography test suite

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)
2021-04-27 19:09:03 +10:00
Paul Kehrer
f2561fa566 updated pyca/cryptography submodule version
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)
2021-04-27 19:09:03 +10:00
Tanzinul Islam
3e4981dd59 Avoid #include with inline function on C++Builder
Commit 6b2978406 exposed a bug with C++Builder's Clang-based compilers,
which cause inline function definitions in C translation units to not
be found by the linker. Disable the inclusion of the triggering header.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15025)
2021-04-27 10:09:26 +02:00
Shane Lontis
c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq()
already exist.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14997)
2021-04-27 09:45:53 +10:00
Shane Lontis
990aa405db Doc updates for DH/DSA examples
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14936)
2021-04-27 09:36:49 +10:00
Shane Lontis
f1ffaaeece Fixes related to separation of DH and DHX types
Fix dh_rfc5114 option in genpkey.

Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444

Updated documentation for app to indicate what options are available for
DH and DHX keys.

DH and DHX now have different keymanager gen_set_params() methods.

Added CHANGES entry to indicate the breaking change.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14883)
2021-04-26 19:52:11 +02:00
Tomas Mraz
6c9bc258d2 Add type_name member to provided methods and use it
Fixes #14701

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14898)
2021-04-26 12:05:05 +02:00
Klaas van Schelven
d21224f1ad Documentation fix for openssl-verify certificates
`openssl verify` silently ignores any but the first certificate in the
`certificates` argument.

See #14675

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14754)
2021-04-26 11:38:22 +02:00
Dr. David von Oheimb
d830526c71 APPS: Improve diagnostics for string options and options expecting int >= 0
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)
2021-04-24 18:54:32 +02:00
Dr. David von Oheimb
1ae33400bf APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)
2021-04-24 18:54:32 +02:00
Richard Levitte
a70936a845 TEST: correct test/recipes/30-test_evp_data/evppkey_ecdh.txt
Some keys with groups that aren't supported by FIPS were still used
for Derive stanzas, even when testing with the FIPS provider.
This was due to the flaw in evp_keymgmt_util_try_import() that meant
that even though the key was invalid for FIPS, it could still come
through, because the imported keydata wasn't cleared on import error.
With that flaw corrected, these few Derive stanzas start failing.

We mitigate this by making of "offending" Derive stanzas only
available with the default provider.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)
2021-04-23 20:22:49 +02:00
Richard Levitte
3d80b5e611 STORE: Simplify error filtering in der2obj_decode()
We do here like in all other decoder implementations, drop all errors
that were caused by a failing asn1_d2i_read_bio(), as it's most likely
to mean that the input isn't DER, and another decoder implementation,
if there is any left, should have a go.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)
2021-04-23 20:22:49 +02:00
Richard Levitte
521a0bf6a1 crypto/store/ossl_result.c: Better filtering of errors
The diverse variants of try_XXX() were filtering errors independently
of each other.  It's better done in ossl_store_handle_load_result()
itself, where we have control over the overall success and failure of
the attempts.

Fixes #14973

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)
2021-04-23 20:22:49 +02:00
Richard Levitte
e36a4dc476 EVP: evp_keymgmt_util_try_import() should clean up on failed import
If evp_keymgmt_util_try_import() allocated keydata, and the import
itself fails, it should deallocate keydata.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)
2021-04-23 20:22:49 +02:00
Richard Levitte
f58f7ec939 Don't remove $(TARFILE) when cleaning
This file is outside the source tree, so we have no business removing
it.  This is especially concerning if that was the tarball the user
had to create the source tree.

Fixes #14981

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14985)
2021-04-23 16:27:56 +02:00
Pauli
45e72d1f27 test: separate some DES based tests out to permit a no-des build to work
One of the KDFs and one of the MACs use DES as an underlying algorithm in some
tests.  Separate these out into their own files which are conditionally excluded.

Fixes #14958

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14975)
2021-04-23 11:27:58 +02:00
Pauli
e98a182e51 test: fix test_evp_kdf when DES is disabled.
Fixes #14958

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14975)
2021-04-23 11:27:58 +02:00
Pauli
582043dae7 Runchecker fix for the no-autoerrinit build
In this case, there was a slight different error output format that wasn't
being accounted for in the error test.

Fixes #14961

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14976)
2021-04-23 11:25:25 +02:00
Pauli
9c11e8ec1f Runchecker: fix failure with no-autoalginit option by disabling FIPS
With this option, the openssl command line tool is not created.  Without that
it is impossible to create the fipsmodule.cnf file that the tests would
otherwise depend upon.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14979)
2021-04-23 11:23:37 +02:00
Pauli
94dc4282c3 Runchecker: fix TLS curves test failure with no-tls1_3 option
The TLS curves test strong assumes that TLS 1.2 and TLS 1.3 are present.
It is only conditioned out if TLS 1.2 isn't.  This changes also conditions
it out if TLS 1.3 isn't present.

Fixes ##14965

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14978)
2021-04-23 11:13:30 +02:00
Pauli
da671c4184 Runchecker: fix no-ec2m build which was trying to validate the e2cm curves
The evp_extra_test program was trying to validate these curves when they were
not build.

Fixes #14959

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14977)
2021-04-23 11:11:03 +02:00
Tomas Mraz
5af6e154d0 Trivial shortcuts for EVP_PKEY_eq()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14942)
2021-04-23 10:48:20 +02:00
Dr. Matthias St. Pierre
0ba8bc0583 Remove obsolete comment
Fixes #14968

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14969)
2021-04-22 21:32:50 +02:00
Randall S. Becker
2de02e7dca Added Perl installation instructions to NOTES-PERL.md for HPE NonStop.
Fixes #14931.

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14932)
2021-04-22 21:28:08 +02:00
Dr. David von Oheimb
75f036c6c5 BIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14967)
2021-04-22 20:40:24 +02:00
Dr. David von Oheimb
ef203432f7 apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() function
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14971)
2021-04-22 20:39:00 +02:00
Rich Salz
078fa35c7b Remove an unused parameter
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14943)
2021-04-22 18:11:18 +02:00