Commit Graph

28931 Commits

Author SHA1 Message Date
Matt Caswell
7008df2ba5 Add additional glossary entries
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)
2021-04-08 12:20:21 +01:00
Matt Caswell
0666d5318e Expand the libcrypto documentation
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)
2021-04-08 12:20:21 +01:00
Amitay Isaacs
27947123c9 curve448: Integrate 64-bit reference implementation
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:10 +01:00
Amitay Isaacs
a72da9eceb Configure: Check if 128-bit integers are supported by compiler
Add a config variable "use_int128" to indicate if 128-bit integers are
supported or not at the configure time.  This makes it easier to
automatically select 64-bit versus 32-bit implementation for curve448.

Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:10 +01:00
Amitay Isaacs
f684a2d783 curve448: Use constant time zero check function
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:10 +01:00
Amitay Isaacs
ceaa6b319e Add a constant time zero check function for 64-bit integers
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:10 +01:00
Amitay Isaacs
eb7bcff67c curve448: Remove the unrolled loop version
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:10 +01:00
Amitay Isaacs
eacc18069b curve448: Use NLIMBS where appropriate to simplify the code
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:10 +01:00
Amitay Isaacs
70fd511026 curve448: Modernise reference 64-bit code
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:10 +01:00
Amitay Isaacs
136f96a5d7 curve448: Rename arch_ref64 to arch_64
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:09 +01:00
Amitay Isaacs
927e704e8c Partially Revert "Remove curve448 architecture specific files"
This reverts commit 7e492f3372.

This brings back the 64-bit reference implementation for curve448.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:09 +01:00
Amitay Isaacs
0f4286c78a curve448: Use relative includes to avoid explicit dependencies
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:09 +01:00
Amitay Isaacs
5de32f22e7 Use numbers definition of int128_t and uint128_t
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:09 +01:00
Amitay Isaacs
bbed0d1cbd numbers: Define 128-bit integers if compiler supports
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:09 +01:00
Pauli
b7dedba8b1 test: add extra secure memory test case.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14782)
2021-04-08 18:31:10 +10:00
Pauli
b6b55ad91a param_build: check for the usage of secure memory better.
The param build now checks the string types and locates them in secure memory
if the original string is.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14782)
2021-04-08 18:31:10 +10:00
Pauli
bf477a40d7 Revert "Fix AES-CBC perf test failure issue"
This reverts commit bec9289143.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14796)
2021-04-08 17:49:46 +10:00
Pauli
4b1f34f11f property: lock the lib ctx when updating the property definition cache
Although the store being used is adequately and properly locked, the library
context is not.  Due to the mechanisms used for fetching, it is possible for
multiple stores to live within the same library context for short periods.
This fix prevents threading issues resulting from such coincidences.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14773)
2021-04-08 17:46:35 +10:00
Pauli
a135dea4e0 test: fix problem with threads test using default library context.
Also add a new test that deliberately tests the default library context.

Fixes #14720

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14773)
2021-04-08 17:46:35 +10:00
Pauli
860ecfd700 property: check return values from the property locking calls.
A failure to obtain a lock would have resulted in much badness, now it results
in a failure return.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14773)
2021-04-08 17:46:35 +10:00
Pauli
9695f6de15 apps: fix AES CBC performance loop
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14778)
2021-04-08 12:24:37 +10:00
Shane Lontis
e6c2f96489 Fix more certificate related lib_ctx settings.
Fixes #13732

Fix a few places that were not using the '_ex' variants of
ASN1_item_sign/verify.

Added X509_CRL_new_ex().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14752)
2021-04-08 11:30:44 +10:00
Pauli
09fba0b440 fix coverity 1466710: resource leak
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
fd0a9ff7ef dh: fix coverity 1473238: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
c12bf35026 evp: fix coverity 1473631: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
3bbc7b562a evp: fix coverity 1451509: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
48b05bb617 evp: fix coverity 1451510: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
1002bb9ff0 evp: fix coverity 1472682: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
89f7ea045b test: fix coverity 1473234 & 1473239: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Richard Levitte
41385f2708 test/recipes/02-test_errstr.t: Do not test negative system error codes
It's been deemed unlikely that these will end up in OpenSSL error
records, so we simply don't test them if they happen to be among the
error codes that perl has support for.

Fixes #14763

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14779)
2021-04-07 22:09:58 +02:00
Pauli
014498fff9 test: fix coverity 1475940: negative return
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14769)
2021-04-07 23:30:42 +10:00
Pauli
97ef45ea13 test: fix coverity 1475941: resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14769)
2021-04-07 23:30:42 +10:00
Pauli
ccf19c23c0 Disallow ASN.1 enumerated types to be treated as strings.
They are actually integers.

Problem reported by: Scott McPeak <scott.g.mcpeak@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14774)
2021-04-07 23:29:10 +10:00
Pauli
44e82b813f Remove locking in CRYPTO_secure_allocated()
The check for being in secure memory is against the arena.  The arena is only
ever modified by sh_init() and sh_done() and in both cases, it is done without
locking.  Thus, it is safe for the CRYPTO_secure_allocated() to not lock.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14775)
2021-04-07 23:28:07 +10:00
Pauli
0bc27f7203 Make the lock in CRYPTO_secure_allocated() a read lock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14775)
2021-04-07 23:28:07 +10:00
Fangming.Fang
bec9289143 Fix AES-CBC perf test failure issue
As ossl_cipher_generic dosen't support to set key length, and
"openssl speed aes-(128|192|256)-cbc" tests fail. A small fix by
adding OSSL_CIPHER_PARAM_KEYLEN params.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14777)
2021-04-07 23:27:03 +10:00
Nan Xiao
30573117bb Fix typo in store_meth.c
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14776)
2021-04-07 22:39:35 +10:00
Nan Xiao
1ac64327df Remove unnecessary setting SSL_MODE_AUTO_RETRY
Since SSL_MODE_AUTO_RETRY is enabled by default, no need to set
it explicitly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14742)
2021-04-07 13:02:37 +02:00
Sahana Prasad
86522324d2 Adds a new lock to read default_path and uses a strdup() on default_path before using it
Fixes #14483
Signed-off-by: Sahana Prasad <sahana@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14650)
2021-04-07 18:08:14 +10:00
Pauli
581c4b1d53 Ensure that the negative flag is correct set for ASN1 integer types.
Reported by: Scott McPeak <scott.g.mcpeak@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14768)
2021-04-07 18:06:06 +10:00
Pauli
0806698047 Check for integer overflow in i2a_ASN1_OBJECT and error out if found.
Problem reported by Scott McPeak <scott.g.mcpeak@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14768)
2021-04-07 18:06:06 +10:00
Nan Xiao
493e78986f Fix potential double free in sslapitest.c
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14758)
2021-04-07 09:08:19 +10:00
Tomas Mraz
0cfbc828e0 Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.

Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.

Fixes #14276

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
2021-04-06 09:10:11 +02:00
Richard Levitte
5ad3e6c56e Include BN assembler alongside CPUID code
It turns out that some CPUID code requires the presence of some BN
assembler code, so we make sure it's included in the same manner as
the CPUID code itself.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14755)
2021-04-02 16:39:13 +02:00
Richard Levitte
ef83daf4da Refactor CPUID code
We were using CPUID coded in several modules, but it was unclear how
it actually got there, and could fail randomly.

To remedy that, this change separates the CPUID C code from the rest
of cryptlib.c, and ensures the right modules get both that and the
assembler sources explicitly.

Fixes #11281

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14755)
2021-04-02 16:39:13 +02:00
Richard Levitte
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
With new provided algorithms added, we'd rather rely on the names and
descriptions that we get from the providers.

Specifically with the 'openssl list' command, we now display the
description of all algorithms.  For '-public-key-algorithms', we
additionally print key type information a bit more like we do for
legacy methods.

We also add descriptions to all our keymgmt functions, because the
built in EVP_PKEY_ASN1_METHODs had them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:57:47 +02:00
Richard Levitte
0388823329 EVP: Add EVP_<TYPE>_description()
The following operation types are covered:

EVP_MD, EVP_CIPHER, EVP_MAC, EVP_RAND, EVP_KEYMGMT, EVP_SIGNATURE,
EVP_ASYM_CIPHER, EVP_KEM, EVP_KEYEXCH, EVP_KDF.  Also EVP_PKEY.

For EVP_MD and EVP_CIPHER, OBJ_nid2ln() is used as a fallback for
legacy implementations.

For EVP_PKEY, the info field of the EVP_PKEY_ASN1_METHOD is used as a
fallback for legacy implementations.

Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:57:47 +02:00
Richard Levitte
b638dad970 Add OSSL_STORE_LOADER_description()
Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:57:47 +02:00
Richard Levitte
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:57:47 +02:00
Richard Levitte
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well
as the generic use of OBJ_nid2ln() as a one line description.

We also add the base functionality to make use of this field.

Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:52:37 +02:00