Tomas Mraz [Thu, 3 Jun 2021 13:22:05 +0000 (15:22 +0200)]
Move libssl related defines used by fips provider to prov_ssl.h
This nicely reduces the number of files considered as fips
provider sources.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15609)
Pauli [Thu, 3 Jun 2021 04:27:28 +0000 (14:27 +1000)]
req: detect a bad choice of digest early
This is a regression against 1.1.1 when an unknown digest was detected
early.
Fixes #15285
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15602)
Tomas Mraz [Wed, 2 Jun 2021 07:35:44 +0000 (09:35 +0200)]
req: fix default bits handling for -newkey
Fixes #15569
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15582)
Dr. David von Oheimb [Wed, 2 Jun 2021 14:47:58 +0000 (16:47 +0200)]
80-test_http.t: Rename to 79-test_http.t, add basic HTTP server ACCEPT test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15592)
Dr. David von Oheimb [Wed, 2 Jun 2021 13:52:26 +0000 (15:52 +0200)]
80-test_cmp_http.t: Improve comparison on server_port variable
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15592)
Rich Salz [Wed, 2 Jun 2021 13:38:01 +0000 (09:38 -0400)]
Add md-nits task
Assumes that Ruby is installed
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15590)
Matt Caswell [Wed, 2 Jun 2021 16:19:23 +0000 (17:19 +0100)]
Only call dtls1_start_timer() once
The function dtls1_handle_timeout() calls dtls1_double_timeout() which
was calling dtls1_start_timer(). However dtls1_start_timer() is also
called directly by dtls1_handle_timeout(). We only need to start the timer
once.
Fixes #15561
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15595)
Dr. David von Oheimb [Wed, 2 Jun 2021 15:26:02 +0000 (17:26 +0200)]
CI windows.yml: Silence 'nmake' builds except 'minimal'; ci.yml: make 'minimal' build verbose
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15594)
Matt Caswell [Tue, 25 May 2021 11:38:19 +0000 (12:38 +0100)]
Teach ASN1_item_verify_ctx() how to handle provided keys
We need to special case RSA-PSS because that uses X509_ALGOR style
parameters and we have no support for this on the provider side at this
stage.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15527)
Tomas Mraz [Wed, 2 Jun 2021 15:01:41 +0000 (17:01 +0200)]
openssl spkac: Fix reading SPKAC data from stdin
Fixes #15367
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15593)
Tomas Mraz [Wed, 2 Jun 2021 13:15:45 +0000 (15:15 +0200)]
OPENSSL_init_crypto must return 0 when cleanup was done
Fixes #15581
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15589)
bonniegong [Wed, 2 Jun 2021 07:35:18 +0000 (15:35 +0800)]
Check the return value of ASN1_STRING_length
ASN1_STRING_length gets the field 'length' of msg, which
can be manipulated through a crafted input.
Add a check to avoid error execution of OPENSSL_malloc().
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15583)
Jon Spillett [Wed, 2 Jun 2021 01:20:25 +0000 (11:20 +1000)]
80-test_cmp_http.t: Re-enable CMP tests for AIX, removing some inessential test cases
Remove negative test cases which simulate an attempt to write file contents to a directory
using a path ending in '/' as this is not compatible with fopen on all platforms, e.g., AIX.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15575)
Richard Levitte [Wed, 2 Jun 2021 09:07:20 +0000 (11:07 +0200)]
Deprecate EVP_CIPHER_impl_ctx_size and EVP_CIPHER_CTX_buf_noconst
Fixes #15519
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15584)
Richard Levitte [Wed, 2 Jun 2021 06:45:28 +0000 (08:45 +0200)]
Restore all the ? in util/libcrypto.num
They will become numbers again when beta1 is actually released.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15578)
Richard Levitte [Wed, 2 Jun 2021 04:20:05 +0000 (06:20 +0200)]
util/mknum.pl: Really allow unset ordinals in development
Any pre-release tag that includes '-dev' is development. The ordinals
don't need to be finalized before '-dev' is removed (i.e. a release is
made).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15578)
Shane Lontis [Wed, 2 Jun 2021 04:42:56 +0000 (14:42 +1000)]
Fix errors found by parfait static analyser.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15579)
Pauli [Tue, 1 Jun 2021 08:35:15 +0000 (18:35 +1000)]
rsa: make the maximum key strength check FIPS only.
To be reverted once key generation checks are added everywhere and a way to
disable them implemented.
Fixes #15502
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15560)
yuechen-chen [Mon, 24 May 2021 06:33:55 +0000 (23:33 -0700)]
Add an EVP demo for signatures using EC
Fixes #14115
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15429)
Pauli [Wed, 2 Jun 2021 00:54:56 +0000 (10:54 +1000)]
update checksums
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15574)
Pauli [Wed, 2 Jun 2021 00:37:10 +0000 (10:37 +1000)]
util: update FIPS checksumming script to be more aggressive with whitespace
Fixes #15562
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15574)
Jon Spillett [Mon, 31 May 2021 03:50:02 +0000 (13:50 +1000)]
Add enable-fips to CI configuration
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15537)
Jon Spillett [Mon, 31 May 2021 03:14:24 +0000 (13:14 +1000)]
Disable tracing within the FIPS module
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15537)
Tomas Mraz [Tue, 1 Jun 2021 12:54:43 +0000 (14:54 +0200)]
ed25519 and ed448: fix incorrect OSSL_PKEY_PARAM_MAX_SIZE
Fixes #15552
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15566)
Dr. David von Oheimb [Thu, 27 May 2021 13:11:31 +0000 (15:11 +0200)]
80-test_cms.t: Replace use of ee-self-signed.pem by more suitable smrsa1.pem
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15499)
Dr. David von Oheimb [Thu, 27 May 2021 12:10:58 +0000 (14:10 +0200)]
ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15499)
Pauli [Tue, 1 Jun 2021 11:48:29 +0000 (21:48 +1000)]
list: update to not use XXX_get_number() calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
Pauli [Tue, 1 Jun 2021 11:48:11 +0000 (21:48 +1000)]
store: include internal header
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
Pauli [Tue, 1 Jun 2021 11:19:39 +0000 (21:19 +1000)]
doc: fix OSSL_(EN|DE)CODER_get0_name function names
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
Pauli [Tue, 1 Jun 2021 11:18:04 +0000 (21:18 +1000)]
libcrypto: make XXX_get_number() internal
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
Pauli [Tue, 1 Jun 2021 11:17:47 +0000 (21:17 +1000)]
doc: make XXX_get_number() internal
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
Pauli [Tue, 1 Jun 2021 02:53:31 +0000 (12:53 +1000)]
Add internal get_number functions to internal headers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
Pauli [Tue, 1 Jun 2021 02:51:45 +0000 (12:51 +1000)]
add internal get_number functons to crypto/evp.h
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
Pauli [Tue, 1 Jun 2021 02:44:26 +0000 (12:44 +1000)]
doc: move XXX_get_number() documentation to internal
These functions are effectively useless for users outside of libcrypto.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
Pauli [Mon, 31 May 2021 04:37:37 +0000 (14:37 +1000)]
utils: remove TODO
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:30:07 +0000 (14:30 +1000)]
crypto: remove TODOs
Fixes #15451
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:55 +0000 (14:29 +1000)]
http: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:55 +0000 (14:29 +1000)]
evp: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:55 +0000 (14:29 +1000)]
err: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:55 +0000 (14:29 +1000)]
ec: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:55 +0000 (14:29 +1000)]
dso: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:55 +0000 (14:29 +1000)]
bn: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:34 +0000 (14:29 +1000)]
rsa: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:34 +0000 (14:29 +1000)]
store: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:34 +0000 (14:29 +1000)]
pem: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:34 +0000 (14:29 +1000)]
ocsp: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:33 +0000 (14:29 +1000)]
ct: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:33 +0000 (14:29 +1000)]
crmf: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:33 +0000 (14:29 +1000)]
comp: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:33 +0000 (14:29 +1000)]
cms: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:29:33 +0000 (14:29 +1000)]
cmp: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:28:45 +0000 (14:28 +1000)]
x509: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:28:32 +0000 (14:28 +1000)]
bio: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:28:15 +0000 (14:28 +1000)]
asn.1: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:27:58 +0000 (14:27 +1000)]
providers: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:27:48 +0000 (14:27 +1000)]
tls: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:27:31 +0000 (14:27 +1000)]
test: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:27:18 +0000 (14:27 +1000)]
fuzz: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:27:04 +0000 (14:27 +1000)]
apps: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Richard Levitte [Tue, 1 Jun 2021 05:49:56 +0000 (07:49 +0200)]
providers/common/der/build.info: make a variable for ../include/prov
This is a proof of concept for GENERATE variable expansion.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15554)
Richard Levitte [Tue, 1 Jun 2021 05:45:54 +0000 (07:45 +0200)]
Configure: variable expand GENERATE values too
Internal documentation doesn't allow for any exception... Therefore,
even GENERATE values should be variable expanded.
(there are historical reasons why GENERATE was excepted from variable
expansion, that aren't applicable any more)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15554)
Jon Spillett [Wed, 2 Jun 2021 03:04:04 +0000 (13:04 +1000)]
Fix up bad libcrypto.num
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15576)
Tomas Mraz [Thu, 27 May 2021 09:00:35 +0000 (11:00 +0200)]
Add NCONF_get_section_names()
And a few additional fixups to make the no-deprecated configuration
to build.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)
Rich Salz [Tue, 25 May 2021 18:48:41 +0000 (14:48 -0400)]
Add NCONF_get0_libctx()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)
Rich Salz [Tue, 25 May 2021 16:57:06 +0000 (12:57 -0400)]
Make conf_method_st and conf_st deprecated
So they can be made opaque in a future release.
Fixes #15101
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)
Trev Larock [Fri, 28 May 2021 12:54:44 +0000 (12:54 +0000)]
Modify ssl_handshake_hash to call SSLfatal
When EVP_MD_CTX_new fails call SSLfatal before the goto err.
This resolves a state machine issue on the out of memory condition.
Fixes #15491.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15520)
Tomas Mraz [Mon, 31 May 2021 15:00:38 +0000 (17:00 +0200)]
Make the 00-prep_*.t recipe truly mandatory
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
Tomas Mraz [Mon, 31 May 2021 12:22:35 +0000 (14:22 +0200)]
Windows CI: enable fips on shared 64 bit build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
Tomas Mraz [Mon, 31 May 2021 12:18:56 +0000 (14:18 +0200)]
Fix enable-fips builds on Windows
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
Tomas Mraz [Fri, 28 May 2021 15:36:16 +0000 (17:36 +0200)]
Add documentation of the old names kept as alias macros
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
Tomas Mraz [Fri, 28 May 2021 14:57:22 +0000 (16:57 +0200)]
Rename also the OSSL_PROVIDER_name() function
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
Tomas Mraz [Fri, 21 May 2021 14:58:08 +0000 (16:58 +0200)]
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
Jon Spillett [Tue, 18 May 2021 03:37:35 +0000 (13:37 +1000)]
Pass library context and property query into private key decoders
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
Jon Spillett [Thu, 6 May 2021 01:55:42 +0000 (11:55 +1000)]
Fix up encoder/decoder issues caused by not passing a library context to the PKCS8 encrypt/decrypt
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
Jon Spillett [Mon, 15 Mar 2021 04:26:09 +0000 (14:26 +1000)]
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
Pauli [Sun, 30 May 2021 23:26:05 +0000 (09:26 +1000)]
req: fix Coverity
1485137 Explicit null dereference
Add a check for a non-existent file name when specifying params via file.
Add a check for a failure to determine key type.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15534)
Pauli [Mon, 31 May 2021 06:31:18 +0000 (16:31 +1000)]
crypto: updates to pass size_t to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
Pauli [Mon, 31 May 2021 06:31:04 +0000 (16:31 +1000)]
ssl: ass size_t to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
Pauli [Mon, 31 May 2021 06:30:50 +0000 (16:30 +1000)]
rand: use size_t for size argument to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
Shane Lontis [Mon, 31 May 2021 08:45:44 +0000 (18:45 +1000)]
Move provider der_XXX.h.in files to the include directory.
Fixes #15506
The .in and generated .h files are now in the same directory.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15544)
Shane Lontis [Sat, 29 May 2021 07:16:22 +0000 (17:16 +1000)]
Fix error stack for some fetch calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15532)
Shane Lontis [Sat, 29 May 2021 02:47:19 +0000 (12:47 +1000)]
Migration guide updates for flags and controls.
Provided a section that links to the ctrl/flags mappings to parameters
for digests and ciphers.
Added "EVP_CIPHER_CTX_set_flags() ordering" to changes section.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Shane Lontis [Sat, 29 May 2021 02:41:43 +0000 (12:41 +1000)]
Document Settable EVP_CIPHER_CTX parameter "use-bits"
Added docs for EVP_CIPHER_CTX_set_flags(),
EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags().
Added section for "FLAGS" to show parameter mappings.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Shane Lontis [Thu, 27 May 2021 08:13:24 +0000 (18:13 +1000)]
Fix param indentation in ciphercommon_hw.c
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Shane Lontis [Thu, 27 May 2021 08:08:53 +0000 (18:08 +1000)]
Fix aes cfb1 so that it can operate in bit mode.
The code to handle the cipher operation was already in the provider.
It just needed a OSSL_PARAM in order to set this into the algorithm.
EVP_CIPHER_CTX_set_flags() has been modified to pass the OSSL_PARAM.
Issue reported by Mark Powers from Acumen.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Pauli [Mon, 31 May 2021 00:29:55 +0000 (10:29 +1000)]
add some cross compilation builds
Add some cross compiling builds to test things aren't broken.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
Pauli [Mon, 31 May 2021 05:33:22 +0000 (15:33 +1000)]
sparc: fix cross compile build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
Pauli [Mon, 31 May 2021 05:16:16 +0000 (15:16 +1000)]
ppc: fix ambiguous if if else statement
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
Richard Levitte [Sat, 29 May 2021 09:15:40 +0000 (11:15 +0200)]
Add .asn1 dependencies for files generated from providers/common/der/*.in
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15533)
Jan Lana [Thu, 27 May 2021 21:27:58 +0000 (23:27 +0200)]
Update solaris64-sparcv9-cc build target cflags
Fixes #15507
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15509)
Matt Caswell [Fri, 21 May 2021 15:45:58 +0000 (16:45 +0100)]
Fix cert creation in the store
When we create a cert in the store, make sure we do so with the libctx
and propq associated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15523)
Richard Levitte [Fri, 28 May 2021 16:09:51 +0000 (18:09 +0200)]
Add the usual autowarn perl snippet in providers/common/der/*.in
We have this in all other .in files, so these should have that as well.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15524)
Matt Caswell [Mon, 24 May 2021 10:40:34 +0000 (11:40 +0100)]
Teach EVP_PKEYs to say whether they were decoded from explicit params
Currently we explicitly downgrade an EVP_PKEY to an EC_KEY and ask
the EC_KEY directly whether it was decoded from explicit parameters or not.
Instead we teach EVP_PKEYs to respond to a new parameter for this purpose.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15526)
Matt Caswell [Tue, 25 May 2021 13:39:29 +0000 (14:39 +0100)]
Update check_sig_alg_match() to work with provided keys
Use EVP_PKEY_is_a() to check whether an EVP_PKEY is compatible with the
given signature.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15528)
Matt Caswell [Fri, 21 May 2021 10:55:33 +0000 (11:55 +0100)]
Special case SM2 when decoding
SM2 abuses the EC oid by reusing it - but an EC key is different to an SM2
key. Therefore we have to special case SM2 during decoding. If we encounter
the EC OID then we have to try both algorithms.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15522)
Jon Spillett [Thu, 29 Apr 2021 01:08:10 +0000 (11:08 +1000)]
Fixes #14103 & #14102. Update AES demos with error handling and EVP fetch
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15081)
Shane Lontis [Fri, 28 May 2021 01:42:41 +0000 (11:42 +1000)]
Fix PKCS7_verify to not have an error stack if it succeeds.
Revert a change in behavior to BIO_write(). If a NULL BIO
is passed, no error is raised and the return value is 0. There are
many places where the return code from the write was not checked,
resulting in an error stack with no error status being returned.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15493)
Pauli [Fri, 28 May 2021 00:25:55 +0000 (10:25 +1000)]
fips: set the library context and handle later
They need to be set once the provider will definitely be loading. If they
are set earlier, a double free results on a failure.
Fixes #15452
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15492)
Richard Levitte [Sat, 29 May 2021 09:06:44 +0000 (11:06 +0200)]
make update-fips-checksums
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15514)
Richard Levitte [Fri, 28 May 2021 05:54:04 +0000 (07:54 +0200)]
Rearrange the check of providers/fips.so dependencies
The mechanism had special cases to guess when something was generated
from a .in file. It's better, though, to use the knowledge in
configdata.pm, especially when the generated file is in a different
location than its source.
Cleanups are added, and we change the use of sed to a use of perl
when cleaning up paths with 'something/../' in them, since perl has
more powerful tools for this sort of thing.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15514)