openssl.git
8 months agoFix sha512_block_data_order_avx2 backtrace info
Bernd Edlinger [Sat, 17 Aug 2019 23:54:41 +0000 (01:54 +0200)]
Fix sha512_block_data_order_avx2 backtrace info

We store a secondary frame pointer info for the debugger
in the red zone.

Fixes #8853

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9624)

8 months agoAllow specifying the tag after AAD in CCM mode (2)
Patrick Steuer [Fri, 1 Nov 2019 23:02:47 +0000 (00:02 +0100)]
Allow specifying the tag after AAD in CCM mode (2)

In addition to 67c81ec3 which introduced this behavior in CCM mode
docs but only implemented it for AES-CCM.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10331)

8 months agoDont pass zero length input to asm modules for ciphers
Patrick Steuer [Fri, 1 Nov 2019 13:58:36 +0000 (14:58 +0100)]
Dont pass zero length input to asm modules for ciphers

The asm modules may assume an input length > 0.

Fixes: #9262

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10323)

8 months agoDocument command parameters.
Rich Salz [Fri, 20 Sep 2019 01:33:17 +0000 (21:33 -0400)]
Document command parameters.

Add documentation for all commands that have parameters.
Fix a couple of minor doc and programming bugs, too.

Fixes #10313

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10371)

8 months agoAdd test for non-default sized keys in variable key size ciphers
Matt Caswell [Fri, 15 Nov 2019 14:15:09 +0000 (14:15 +0000)]
Add test for non-default sized keys in variable key size ciphers

Various ciphers have the ability to support varaible length keys.
This adds some test cases for algorithms where we did not test a key
length other than the default size.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10449)

8 months agoEVP_CIPHER_CTX_set_keylen should not succeed if a bad keylen is passed
Matt Caswell [Thu, 14 Nov 2019 16:05:19 +0000 (16:05 +0000)]
EVP_CIPHER_CTX_set_keylen should not succeed if a bad keylen is passed

EVP_CIPHER_CTX_set_keylen() was succeeding even though a bad key length
is passed to it. This is because the set_ctx_params() were all accepting
this parameter and blindly changing the keylen even though the cipher did
not accept a variable key length. Even removing this didn't entirely
resolve the issue because set_ctx_params() functions succeed even if
passed a parameter they do not recognise.

This should fix various issues found by OSSfuzz/Cryptofuzz.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10449)

8 months agofix s390 compile error due to missing comma.
Shane Lontis [Mon, 18 Nov 2019 22:38:19 +0000 (08:38 +1000)]
fix s390 compile error due to missing comma.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10467)

8 months agoFix the issue that aes-xxx-siv algorithms failed in OpenSSL speed test
Xiaokang Qian [Tue, 12 Nov 2019 08:48:27 +0000 (08:48 +0000)]
Fix the issue that aes-xxx-siv algorithms failed in OpenSSL speed test

Speed test, aes-siv related cases fail on both x86 and arm.
The return value of siv_init() causes this problem, remove
the iv check to fix it.
Verify it locally, the result is pass.

Fixes #10416

Change-Id: If1a18599f3d0f56f22a1ce4f8f114b8db0f68cca

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10419)

8 months agoProperties: make query cache reference count aware.
Pauli [Mon, 11 Nov 2019 01:17:32 +0000 (11:17 +1000)]
Properties: make query cache reference count aware.

The property query cache was not reference count aware and this could cause
problems if the property store removes an algorithm while it is being returned
from an asynchronous query.  This change makes the cache reference count aware
and avoids disappearing algorithms.

A side effect of this change is that the reference counts are now owned by the
cache and store.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10408)

8 months agoFix Use after free when copying cipher ctx
Shane Lontis [Mon, 18 Nov 2019 03:13:05 +0000 (13:13 +1000)]
Fix Use after free when copying cipher ctx

Fixes #10438
issue found by clusterfuzz/ossfuzz

The dest was getting a copy of the src structure which contained a pointer that should point to an offset inside itself - because of the copy it was pointing to the original structure.

The setup for a ctx is mainly done by the initkey method in the PROV_CIPHER_HW structure. Because of this it makes sense that the structure should also contain a copyctx method that is use to resolve any pointers that need to be setup.

A dup_ctx has been added to the cipher_enc tests in evp_test. It does a dup after setup and then frees the original ctx. This detects any floating pointers in the duplicated context that were pointing back to the freed ctx.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10443)

8 months agoPEM: constify PEM_write_ routines
Richard Levitte [Fri, 15 Nov 2019 07:54:17 +0000 (08:54 +0100)]
PEM: constify PEM_write_ routines

There's no reason why the object to be written, or the key string
given by the caller should be non-const.

This makes the IMPLEMENT_PEM_..._const and  DECLARE_PEM_..._const
macros superfluous, so we keep them around but mark them deprecated.

In all places where IMPLEMENT_PEM_..._const and  DECLARE_PEM_..._const
are used, they are replaced with the corresponding macros without
'_const'.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10452)

8 months agos390x assembly pack: fix bn_mul_comba4
Patrick Steuer [Fri, 15 Nov 2019 09:52:03 +0000 (10:52 +0100)]
s390x assembly pack: fix bn_mul_comba4

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10454)

8 months agoAdd missing EVP_PKEY_METHOD accessors for digestsign and digestverify
Anthony Hu [Fri, 8 Nov 2019 02:47:53 +0000 (21:47 -0500)]
Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10388)

8 months agocommit a6efbe123af3d98b4d10d4fcdfe68dc5303212f8
raniervf [Fri, 15 Nov 2019 22:28:00 +0000 (08:28 +1000)]
commit a6efbe123af3d98b4d10d4fcdfe68dc5303212f8
Author: raniervf <ranier_gyn@hotmail.com>
Date:   Thu Nov 7 18:59:11 2019 -0300

Avoid calling strlen repeatedly in loops.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10380)

8 months agoFix some broken doc links
Rich Salz [Thu, 22 Aug 2019 05:21:25 +0000 (10:51 +0530)]
Fix some broken doc links

Replace L<> link to header-file with a C<> reference.
Change some broken L<provider(3)> links to L<provider(7)>.
For consistency, rename four cipher pages to have a specific mode.
Fix up all references to any "generic" names to point to specific names.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10100)

8 months agoMake sure we free the CONF structure allocated by confdump
Matt Caswell [Tue, 12 Nov 2019 17:37:11 +0000 (17:37 +0000)]
Make sure we free the CONF structure allocated by confdump

A travis build was failing because of a memory leak in confdump due to
us not freeing an allocated CONF structure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10429)

8 months agotravis.yml: add arch s390x target
Patrick Steuer [Thu, 14 Nov 2019 09:34:02 +0000 (10:34 +0100)]
travis.yml: add arch s390x target

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10446)

8 months agotestutil/init.c rename to testutil/testutil_init.c
Patrick Steuer [Wed, 13 Nov 2019 17:39:51 +0000 (18:39 +0100)]
testutil/init.c rename to testutil/testutil_init.c

Avoid conflicts with some linkers.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10439)

8 months agoA few fixes in the EVP_KDF-KB and EVP_KDF-KRB5KDF manpages
Tomas Mraz [Tue, 12 Nov 2019 15:59:23 +0000 (16:59 +0100)]
A few fixes in the EVP_KDF-KB and EVP_KDF-KRB5KDF manpages

The context and label is info and salt respectively - fix
the example in KB manpage for that.

There are some typos and bug in EVP_KDF_derive call in the
KRB5KDF example.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10426)

8 months agoDelete recently documented functions from missingcrypto
Tomas Mraz [Wed, 13 Nov 2019 10:10:51 +0000 (11:10 +0100)]
Delete recently documented functions from missingcrypto

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10432)

8 months agoFix an uninitialised read in conf_def.c
Matt Caswell [Tue, 12 Nov 2019 17:16:14 +0000 (17:16 +0000)]
Fix an uninitialised read in conf_def.c

PR 8882 added a new field to the CONF structure. Unfortunately this
structure was created using OPENSSL_malloc() and the new field was not
explicitly initialised in the "init" function. Therefore when we came to
read it for the first time we got an uninitialised read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10428)

8 months agoFix no-blake2
Matt Caswell [Tue, 12 Nov 2019 16:02:24 +0000 (16:02 +0000)]
Fix no-blake2

We modify the build.info file to exclude the legacy_blake2.c file in
the event that blake2 support has been disabled.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10425)

8 months agoFix no-engine
Matt Caswell [Tue, 12 Nov 2019 15:26:15 +0000 (15:26 +0000)]
Fix no-engine

Fix a misplaced "#endif" which was disabling a little too much code.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10423)

8 months agoCORE & PROV: make export of key data leaner through callback
Richard Levitte [Fri, 8 Nov 2019 14:24:42 +0000 (15:24 +0100)]
CORE & PROV: make export of key data leaner through callback

Exporting data from a provider owned domainparams or key is quite an
ordeal, with having to figure out what parameter keys an
implementation supports, call the export function a first time to find
out how large each parameter buffer must be, allocate the necessary
space for it, and call the export function again.

So how about letting the export function build up the key data params
and call back with that?  This change implements exactly such a
mechanism.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10414)

8 months agoFix no-cmac and no-camellia
Matt Caswell [Tue, 12 Nov 2019 15:51:00 +0000 (15:51 +0000)]
Fix no-cmac and no-camellia

Guard two tests that depend on CMAC and Camellia so that we don't fail
if those algorithms are not available.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10424)

8 months agoAdd confdump to .gitignore
Matt Caswell [Tue, 12 Nov 2019 17:41:29 +0000 (17:41 +0000)]
Add confdump to .gitignore

We added a new executable to the test directory which didn't match the
existing gitignore rules, so we add it explicitly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10430)

8 months agoDocument various new/changes EVP_PKEY_CTX_* functions
Matt Caswell [Wed, 6 Nov 2019 13:39:21 +0000 (13:39 +0000)]
Document various new/changes EVP_PKEY_CTX_* functions

We have converted a number of macros to functions and made them work
with providers. We've also added some *_ex() variants that needed
documenting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

8 months agoDocument the public EVP_ASYM_CIPHER releated functions
Matt Caswell [Wed, 6 Nov 2019 11:03:12 +0000 (11:03 +0000)]
Document the public EVP_ASYM_CIPHER releated functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

8 months agoAdd documentation for the Asymmetric Cipher Operation
Matt Caswell [Tue, 29 Oct 2019 09:24:24 +0000 (09:24 +0000)]
Add documentation for the Asymmetric Cipher Operation

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

8 months agoMove RSA Asym cipher code to the default provider
Matt Caswell [Mon, 28 Oct 2019 13:40:39 +0000 (13:40 +0000)]
Move RSA Asym cipher code to the default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

8 months agoIncrease OSSL_PARAM_BLD_MAX for multi-prime RSA
Matt Caswell [Mon, 28 Oct 2019 14:43:42 +0000 (14:43 +0000)]
Increase OSSL_PARAM_BLD_MAX for multi-prime RSA

The old value of 10 for OSSL_PARAM_BLD_MAX is insufficient for multi-prime
RSA. That code has this assert:

        if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1
                         + numprimes + numexps + numcoeffs
                         <= OSSL_PARAM_BLD_MAX))
            goto err;

So we increase OSSL_PARAM_BLD_MAX which would be enough for 7 primes
(more than you would ever reasonably want).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

8 months agoImplement provider support for Asym Ciphers
Matt Caswell [Tue, 1 Oct 2019 08:40:57 +0000 (09:40 +0100)]
Implement provider support for Asym Ciphers

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

8 months agoAllow strings in params to be of zero length
Matt Caswell [Thu, 17 Oct 2019 16:19:21 +0000 (17:19 +0100)]
Allow strings in params to be of zero length

Sometimes it is useful to be able to pass NULL/zero length strings

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

8 months agoAllow setting a NULL pointer in a params structure
Matt Caswell [Fri, 11 Oct 2019 16:42:19 +0000 (17:42 +0100)]
Allow setting a NULL pointer in a params structure

Sometimes it is valid to send a NULL pointer in params.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

8 months agoCORE: Add a generic callback function type
Richard Levitte [Mon, 11 Nov 2019 17:38:57 +0000 (18:38 +0100)]
CORE: Add a generic callback function type

This offers a very generic way to define a callback as well as calling
it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10412)

8 months agochacha_enc.c: fix for EBCDIC platforms
Joerg Schmidbauer [Tue, 12 Nov 2019 09:26:47 +0000 (10:26 +0100)]
chacha_enc.c: fix for EBCDIC platforms

Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10417)

8 months agoExtend docs for EC_POINT conversion functions
Nicola Tuveri [Mon, 11 Nov 2019 22:52:00 +0000 (00:52 +0200)]
Extend docs for EC_POINT conversion functions

Add more explicit documentation about the relation between
EC_POINT_point2oct(), EC_POINT_point2hex(), EC_POINT_point2bn() and
their reverse.

In particular highlight that EC_POINT_point2oct() and
EC_POINT_oct2point() conform to, respectively, Sec. 2.3.3 and Sec. 2.3.4
of the SECG SEC 1 standard (which is the normative reference for the
already mentioned RFC 5480), highlighting with a note how this affect
the encoding/decoding of the point at infinity (which in contrast with
any other valid generic point of a curve is assigned an exceptional
fixed octet string encoding, i.e., 0x00).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10329)

8 months agoAdd self-test for EC_POINT_hex2point
Nicola Tuveri [Fri, 1 Nov 2019 20:09:40 +0000 (22:09 +0200)]
Add self-test for EC_POINT_hex2point

Adds tests for each curve to ensure that encodings obtained through
EC_POINT_hex2point() can be fed to EC_POINT_point2hex() yielding a point
identical to the one from which the encoding is generated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10329)

8 months agoFix EC_POINT_bn2point() for BN_zero()
Nicola Tuveri [Fri, 1 Nov 2019 20:38:21 +0000 (22:38 +0200)]
Fix EC_POINT_bn2point() for BN_zero()

EC_POINT_bn2point() rejected BIGNUMs with a zero value.

This behavior indirectly caused failures when converting a point
at infinity through EC_POINT_point2hex() and then back to a point with
EC_POINT_hex2point().

With this change such BIGNUMs are treated like any other and exported to
an octet buffer filled with zero.
It is then EC_POINT_oct2point() (either the default implementation or
the custom one in group->meth->oct2point) to determine if such encoding
maps to a valid point (generally the point at infinity is encoded as
0x00).

Fixes #10258

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10329)

8 months agolibcrypto.num: remove some unused EVP_MAC symbols
Dr. Matthias St. Pierre [Tue, 12 Nov 2019 11:48:15 +0000 (12:48 +0100)]
libcrypto.num: remove some unused EVP_MAC symbols

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10421)

8 months agoAdd more tests for apps/req
Nicola Tuveri [Thu, 31 Oct 2019 15:17:31 +0000 (17:17 +0200)]
Add more tests for apps/req

https://github.com/openssl/openssl/issues/10224#issuecomment-546593113
highlighted that existing testing infrastructure is not covering common
usage patterns of the `req` app.

This commit explicitly adds request generations thorugh the CLI using
RSA, DSA and ECDSA (P-256) keys.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/pr-10312)

8 months agoAdd missing docs for some PKCS12 functions
Jon Spillett [Mon, 2 Sep 2019 04:51:05 +0000 (14:51 +1000)]
Add missing docs for some PKCS12 functions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9752)

8 months agoadd OPENSSL_FUNC.pod documenting OPENSSL_MSTR, OPENSSL_FUNC, and friends
Dr. David von Oheimb [Tue, 5 Nov 2019 10:43:52 +0000 (11:43 +0100)]
add OPENSSL_FUNC.pod documenting OPENSSL_MSTR, OPENSSL_FUNC, and friends

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10236)

8 months agore-add definition of OPENSSL_MSTR deleted from opensslv.h in macros.h
Dr. David von Oheimb [Tue, 22 Oct 2019 11:38:16 +0000 (13:38 +0200)]
re-add definition of OPENSSL_MSTR deleted from opensslv.h in macros.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10236)

8 months agoSSL: Document SSL_add_{file,dir,store}_cert_subjects_to_stack()
Richard Levitte [Sun, 10 Nov 2019 14:36:24 +0000 (15:36 +0100)]
SSL: Document SSL_add_{file,dir,store}_cert_subjects_to_stack()

This also removes the incorrect documentation comments by those
functions, and fixes a bug in SSL_add_store_cert_subjects_to_stack(),
where the condition for recursive addition was 'depth == 0' when it
should be 'depth > 0'.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10402)

8 months agoAdd a tester of OpenSSL config files and test the current .pragma
Richard Levitte [Mon, 19 Aug 2019 04:35:54 +0000 (06:35 +0200)]
Add a tester of OpenSSL config files and test the current .pragma

test/confdump.c reads an OpenSSL config file and prints out the
processed result.  This can be used to check that a config file is
processed correctly.

We add a test recipe and the necessary data to test the dollarid
pragma.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8882)

8 months agoAdd a .pragma directive for configuration files
Richard Levitte [Mon, 6 May 2019 08:50:35 +0000 (10:50 +0200)]
Add a .pragma directive for configuration files

Currently added pragma:

.pragma dollarid:on

This allows dollar signs to be a keyword character unless it's
followed by a opening brace or parenthesis.

Fixes #8207

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8882)

8 months agoMake sure KDF reason codes are conserved in their current state
Richard Levitte [Sun, 10 Nov 2019 12:07:46 +0000 (13:07 +0100)]
Make sure KDF reason codes are conserved in their current state

Because KDF errors are deprecated and only conserved for backward
compatibilty, we must make sure that they remain untouched.  A simple
way to signal that is by modifying crypto/err/openssl.ec and replace
the main header file (include/openssl/kdf.h in this case) with 'NONE',
while retaining the error table file (crypto/kdf/kdf_err.c).

util/mkerr.pl is modified to silently ignore anything surrounding a
conserved lib when such a .ec line is found.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)

8 months agoDeprecate ERR_load_KDF_strings()
Richard Levitte [Sun, 10 Nov 2019 12:06:48 +0000 (13:06 +0100)]
Deprecate ERR_load_KDF_strings()

Not only deprecate, but also remove the reason strings and make
ERR_load_KDF_strings() do nothing.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)

8 months agoutil/perl/OpenSSL/ParseC.pm: Fix 'extern "C" DEPRECATEDIN_x_y(...)'
Richard Levitte [Sun, 10 Nov 2019 12:03:15 +0000 (13:03 +0100)]
util/perl/OpenSSL/ParseC.pm: Fix 'extern "C" DEPRECATEDIN_x_y(...)'

The parser expected an 'extern "C"' followed by a single declaration
to always end with a semicolon.  Then came along something like this:

    extern "C" DEPRECATEDIN_3_0(int ERR_load_KDF_strings(void))

This change adjusts the detector of 'extern "C"' to also take in
accound a declaration that ends with a parenthesis.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)

8 months agoReinstate the KDF error macros
Richard Levitte [Sun, 10 Nov 2019 04:16:36 +0000 (05:16 +0100)]
Reinstate the KDF error macros

For minimum breakage with existing applications that might use them.

This reverts commit fe6ec26b204a056aee2a24b79df09a45b2308603 and
37ed62107112d95f7b7c9bf75602a6ac40883a89.

Fixes #10340

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)

8 months agoFix cut'n'paste typos in the provider-digest pod
Dmitry Belyavskiy [Sat, 9 Nov 2019 20:25:32 +0000 (23:25 +0300)]
Fix cut'n'paste typos in the provider-digest pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10398)

8 months agoFix misspelled resumption_label for CHARSET_EBCDIC
Ido Ben-Natan [Sat, 9 Nov 2019 13:04:39 +0000 (15:04 +0200)]
Fix misspelled resumption_label for CHARSET_EBCDIC

The resumption_label variable when CHARSET_EBCDIC was enabled, was misspelled.
Instead of evaluating to 'res binder' as expected, it evaluated to 'red binder'.

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10396)

8 months agoFix no-dsa
Matt Caswell [Thu, 7 Nov 2019 09:24:18 +0000 (09:24 +0000)]
Fix no-dsa

Make sure we don't try and load a DSA key in the tests if DSA has been
disabled.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10375)

8 months agoAdd rc4_hmac_md5 cipher to default provider
Shane Lontis [Thu, 10 Oct 2019 06:42:20 +0000 (16:42 +1000)]
Add rc4_hmac_md5 cipher to default provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10179)

8 months agoFix L<xxx(1)> links to be L<openssl-xxx(1)>
Rich Salz [Fri, 1 Nov 2019 20:26:05 +0000 (16:26 -0400)]
Fix L<xxx(1)> links to be L<openssl-xxx(1)>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10328)

8 months agoWorkaround for Windows-based GOST implementations
Dmitry Belyavskiy [Thu, 7 Nov 2019 14:58:15 +0000 (17:58 +0300)]
Workaround for Windows-based GOST implementations

Many Windows-based GOST TLS implementations are unable to extend the
list of supported SignatureAlgorithms because of lack of the necessary
callback in Windows. So for TLS 1.2 it makes sense to imply the support
of GOST algorithms in case when the GOST ciphersuites are present.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10377)

8 months agoRename providers/common/provlib.c to nid_to_name.c
Richard Levitte [Fri, 8 Nov 2019 09:29:24 +0000 (10:29 +0100)]
Rename providers/common/provlib.c to nid_to_name.c

It contains only one function, which should only get added to non-FIPS
providers.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10389)

8 months agoFinal cleanup after move to leaner EVP_PKEY methods
Richard Levitte [Thu, 31 Oct 2019 11:10:01 +0000 (12:10 +0100)]
Final cleanup after move to leaner EVP_PKEY methods

Now that KEYMGMT method pointers have moved away from the diverse
methods that are used with EVP_PKEY_CTX, we no longer need to pass
special argument to evp_generic_fetch() and evp_generic_do_all().

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10309)

8 months agoConfiguration: make Solaris builds with gcc recognise GNU ld
Richard Levitte [Thu, 21 Mar 2019 06:51:43 +0000 (07:51 +0100)]
Configuration: make Solaris builds with gcc recognise GNU ld

The solaris config targets assumed that GNU cc used Sun ld at all
times.  However, there are setups where GNU ld is used instead, so we
adapt the Solaris gcc config targets to use the mechanism introduced
with Configurations/shared_info.pl to try to detect what ld flavor is
being used and set the diverse ld flags accordingly.

Fixes #8547

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8548)

8 months agobss_dgram.c: fix unaligned access
Patrick Steuer [Sat, 2 Nov 2019 15:31:28 +0000 (16:31 +0100)]
bss_dgram.c: fix unaligned access

char (alignment 1) casted to union sctp_notification (alignment > 1).

Fixes: #9538

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10336)

8 months agoRSA generation: Use more bits of 1/sqrt(2)
Kurt Roeckx [Wed, 23 Oct 2019 20:10:54 +0000 (22:10 +0200)]
RSA generation: Use more bits of 1/sqrt(2)

The old version always sets the top 2 bits, so the most significate byte
of the primes was always >= 0xC0. We now use 256 bits to represent
1/sqrt(2) = 0x0.B504F333F9DE64845...

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #10246

8 months agoFix a -Warray-bounds gcc warning in OPENSSL_DIR_read
Bernd Edlinger [Sun, 3 Nov 2019 16:34:23 +0000 (17:34 +0100)]
Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read

'__builtin_strncpy' offset [275, 4095] from the object at
'direntry' is out of the bounds of referenced subobject 'd_name'
with type 'char[256]' at offset 19

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10343)

8 months agoconf_def.c: Avoid calling strlen() in a loop
raniervf [Tue, 5 Nov 2019 01:32:43 +0000 (22:32 -0300)]
conf_def.c: Avoid calling strlen() in a loop

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10361)

9 months agoCleanup include/openssl/opensslv.h.in
Richard Levitte [Thu, 17 Oct 2019 16:40:47 +0000 (18:40 +0200)]
Cleanup include/openssl/opensslv.h.in

Now that we generate include/openssl/opensslv.h, there's no point
keeping some macross around, we can just set a simpler set to their
respective value and be done with it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10218)

9 months agoAdd ssl_ctx_test to test suite.
Rich Salz [Sat, 2 Nov 2019 17:02:37 +0000 (13:02 -0400)]
Add ssl_ctx_test to test suite.

Also fix the test as min version > max version is allowed because
the API calls to set min and max versions are separate and there
can be legitimately a temporary situation when the condition is
true even with correctly working application.

The failure in this condition will be detected only during
a handshake attempt.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10337)

9 months agoAdd AES SIV ciphers to default provider
Shane Lontis [Fri, 8 Nov 2019 02:14:44 +0000 (12:14 +1000)]
Add AES SIV ciphers to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10120)

9 months agoRefactor PEM_read_bio_{PrivateKey,Parameters,DHparams}
Richard Levitte [Sat, 25 Feb 2017 22:38:46 +0000 (23:38 +0100)]
Refactor PEM_read_bio_{PrivateKey,Parameters,DHparams}

They now go through internal STORE routines to do their job.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2746)

9 months agoAdd "sections" to -help output
Rich Salz [Thu, 7 Nov 2019 20:08:30 +0000 (06:08 +1000)]
Add "sections" to -help output

Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore section headers
Reformat ts's additional help

Add output section

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9953)

9 months agoAdd a test for EVP_PKEY_keymake() and EVP_PKEY_make()
Richard Levitte [Thu, 17 Oct 2019 21:53:44 +0000 (23:53 +0200)]
Add a test for EVP_PKEY_keymake() and EVP_PKEY_make()

This test is a bit lame, but will either be completed as functionality
is added in the default provider, or the new functions may start
getting used in evp_test.c and this program will disappear.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10187)

9 months agoAdd EVP functionality to create domain params and keys by user data
Richard Levitte [Tue, 15 Oct 2019 12:50:35 +0000 (14:50 +0200)]
Add EVP functionality to create domain params and keys by user data

This is the EVP operation that corresponds to creating direct RSA, DH
and DSA keys and set their numbers, to then assign them to an EVP_PKEY,
but done entirely using an algorithm agnostic EVP interface.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10187)

9 months agoUpdate INSTALL to document the changed '--api' and 'no-deprecated'
Richard Levitte [Tue, 5 Nov 2019 16:48:33 +0000 (17:48 +0100)]
Update INSTALL to document the changed '--api' and 'no-deprecated'

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

9 months agoinclude/openssl/asn1.h: Remove version dependent inclusion of <openssl/bn.h>
Richard Levitte [Tue, 5 Nov 2019 16:38:24 +0000 (17:38 +0100)]
include/openssl/asn1.h: Remove version dependent inclusion of <openssl/bn.h>

It's unclear if this dependency was because ASN1 functions that use
BIGNUM didn't exist before 1.1.0, or if it was a mistaken attempt at
deprecation.  Since there exist ASN1 functions using BIGNUM now, it
seems pointless to keep that check, and unnecessarily including
<openssl/bn.h> should be harmless either way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

9 months agoUpdate the check surround the BN_zero() implementation
Richard Levitte [Tue, 5 Nov 2019 16:37:17 +0000 (17:37 +0100)]
Update the check surround the BN_zero() implementation

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

9 months agoUpdate some inclusions of <openssl/macros.h>
Richard Levitte [Tue, 5 Nov 2019 16:36:44 +0000 (17:36 +0100)]
Update some inclusions of <openssl/macros.h>

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

9 months agoinclude/openssl/opensslconf.h.in: remove spurious HEADER_FILE_H definition
Richard Levitte [Tue, 5 Nov 2019 16:35:12 +0000 (17:35 +0100)]
include/openssl/opensslconf.h.in: remove spurious HEADER_FILE_H definition

This macro was never defined in existing releases, there's no reason
for us to create a macro that we immediately deprecate.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

9 months agoUpdate source files for pre-3.0 deprecation
Richard Levitte [Tue, 5 Nov 2019 16:34:09 +0000 (17:34 +0100)]
Update source files for pre-3.0 deprecation

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

9 months agoUpdate source files for deprecation at 3.0
Richard Levitte [Tue, 5 Nov 2019 16:28:50 +0000 (17:28 +0100)]
Update source files for deprecation at 3.0

Previous macros suggested that from 3.0, we're only allowed to
deprecate things at a major version.  However, there's no policy
stating this, but there is for removal, saying that to remove
something, it must have been deprecated for 5 years, and that removal
can only happen at a major version.

Meanwhile, the semantic versioning rule is that deprecation should
trigger a MINOR version update, which is reflected in the macro names
as of this change.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

9 months agoChange the logic and behaviour surrounding '--api' and 'no-deprecated'
Richard Levitte [Tue, 5 Nov 2019 16:00:33 +0000 (17:00 +0100)]
Change the logic and behaviour surrounding '--api' and 'no-deprecated'

At some point in time, there was a 'no-deprecated' configuration
option, which had the effect of hiding all declarations of deprecated
stuff, i.e. make the public API look like they were all removed.

At some point in time, there was a '--api' configuration option, which
had the effect of having the public API look like it did in the version
given as value, on a best effort basis.  In practice, this was used to
get different implementations of BN_zero(), depending on the desired
API compatibility level.

At some later point in time, '--api' was changed to mean the same as
'no-deprecated', but only for the deprecations up to and including the
desired API compatibility level.  BN_zero() has been set to the
pre-1.0.0 implementation ever since, unless 'no-deprecation' has been
given.

This change turns these options back to their original meaning, but
with the slight twist that when combined, i.e. both '--api' and
'no-deprecated' is given, the declarations that are marked deprecated
up to an including the desired API compatibility level are hidden,
simulating that they have been removed.

If no desired API compatibility level has been given, then
configuration sets the current OpenSSL version by default.

Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to
check what API compatibility level is desired.  For checking in code
if `no-deprecated` has been configured for the desired API
compatibility level, macros for each supported level is generated,
such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of
DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1().

Just like before, to set an API compatibility level when building an
application, define OPENSSL_API_COMPAT with an appropriate value.  If
it's desirable to hide deprecated functions up to and including that
level, additionally define OPENSSL_NO_DEPRECATED (the value is
ignored).

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

9 months agoStrip much out of ssl.pod
Rich Salz [Fri, 1 Nov 2019 16:29:34 +0000 (12:29 -0400)]
Strip much out of ssl.pod

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)

9 months agoAdd L<ssl(7)> to all SSL pages
Rich Salz [Fri, 1 Nov 2019 16:27:29 +0000 (12:27 -0400)]
Add L<ssl(7)> to all SSL pages

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)

9 months agoRemove outdated info from man7/ssl
Rich Salz [Thu, 17 Oct 2019 20:06:15 +0000 (16:06 -0400)]
Remove outdated info from man7/ssl

There were two paragraphs of useful information about SSL_dup, so
copy that to the right manpage.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)

9 months agoTest EVP_get_[digest|cipher]byname() use the namemap
Matt Caswell [Fri, 1 Nov 2019 16:09:21 +0000 (16:09 +0000)]
Test EVP_get_[digest|cipher]byname() use the namemap

Following on from the previous commit, we test that if an algorithm has
a provider supplied alias in the namemap then EVP_get_digestbyname() and
EVP_get_cipherbyname() can still find it.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10324)

9 months agoEnsure EVP_get_digestbyname() and EVP_get_cipherbyname() know all aliases
Matt Caswell [Fri, 1 Nov 2019 14:13:49 +0000 (14:13 +0000)]
Ensure EVP_get_digestbyname() and EVP_get_cipherbyname() know all aliases

Now that we have an EVP namemap containing all aliases that providers
know about for any given algorithm, it is possible that an application
attempts to look up a digest or a cipher via EVP_get_digestbyname() or
EVP_get_cipherbyname() with an algorithm name that is unknown to the
legacy method database. Therefore we extend those functions to
additionally check the aliases in the namemap when searching for a
method in the event that our initial lookup attempt fails.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10324)

9 months agotest/recipes/02-test_ordinals.t: Take '?' and '?+' into account
Richard Levitte [Mon, 4 Nov 2019 10:41:01 +0000 (11:41 +0100)]
test/recipes/02-test_ordinals.t: Take '?' and '?+' into account

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)

9 months agoutil/mknum.pl: output stats on unassigned symbols
Richard Levitte [Mon, 4 Nov 2019 09:36:54 +0000 (10:36 +0100)]
util/mknum.pl: output stats on unassigned symbols

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)

9 months agoutil/mknum.pl: Call OpenSSL::Ordinals::renumber() for real releases
Richard Levitte [Mon, 4 Nov 2019 09:34:10 +0000 (10:34 +0100)]
util/mknum.pl: Call OpenSSL::Ordinals::renumber() for real releases

When the source isn't in development any more (the version number
doesn't the tags 'dev' or 'alpha'), we renumber the unassigned symbols
to ensure that we have fixed numbers on all.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)

9 months agoutil/mkdef.pl: writer_VMS(): handle symbols with no assigned number
Richard Levitte [Mon, 4 Nov 2019 09:33:10 +0000 (10:33 +0100)]
util/mkdef.pl: writer_VMS(): handle symbols with no assigned number

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)

9 months agoOpenSSL::Ordinals: when validating, collect statistics on unassigned syms
Richard Levitte [Mon, 4 Nov 2019 09:31:04 +0000 (10:31 +0100)]
OpenSSL::Ordinals: when validating, collect statistics on unassigned syms

If a script wants to display how many symbols have assigned numbers
and how many don't, this gives them those numbers.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)

9 months agoOpenSSL::Ordinals: add a renumber() function, to assign unassigned symbols
Richard Levitte [Mon, 4 Nov 2019 09:29:53 +0000 (10:29 +0100)]
OpenSSL::Ordinals: add a renumber() function, to assign unassigned symbols

This should be used when it's time to assign constant numbers to the
unassigned symbols.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)

9 months agoOpenSSL::Ordinals: Handle symbols with unassigned ordinal numbers
Richard Levitte [Mon, 4 Nov 2019 09:28:00 +0000 (10:28 +0100)]
OpenSSL::Ordinals: Handle symbols with unassigned ordinal numbers

We preserve the number or '?' or '?+', but assign numbers internally
on the latter, to ensure we keep the order of the input.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)

9 months agoutil/*.num: deassign ordinal numbers from new symbols
Richard Levitte [Mon, 4 Nov 2019 08:02:28 +0000 (09:02 +0100)]
util/*.num: deassign ordinal numbers from new symbols

Symbols that have appeared since 1.1.1 was released are considered
unassigned in the development branch.   This is marked by having a
question mark as its ordinal number.

This introduces two new markers to be used instead of ordinal numbers:

    ?   signifying it gets the previous symbol's number plus one
    ?+  signifying it gets the same number as the previous symbol

'?+' should remain rare, but is useful to create aliases when needed
(for example when two different symbols clash because they only differ
in character case, see include/openssl/symhacks.h)

The intention is that a development branch won't have set numbers for
new symbols, and that the final numbers will only get allocated when
making beta or final releases.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)

9 months agoMinimal adaptation of tests back to how it was before
Richard Levitte [Wed, 30 Oct 2019 16:06:48 +0000 (17:06 +0100)]
Minimal adaptation of tests back to how it was before

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)

9 months agoEVP: Make the SIGNATURE implementation leaner
Richard Levitte [Wed, 30 Oct 2019 15:59:34 +0000 (16:59 +0100)]
EVP: Make the SIGNATURE implementation leaner

Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the SIGNATURE method explicitly, and rather
always have it be fetched implicitly.

This means fewer changes for applications that want to use new
signature algorithms / implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)

9 months agoEVP: Make the KEYEXCH implementation leaner
Richard Levitte [Wed, 30 Oct 2019 17:03:07 +0000 (18:03 +0100)]
EVP: Make the KEYEXCH implementation leaner

Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the KEYEXCH method explicitly, and rather
always have it be fetched implicitly.

This means fewer changes for applications that want to use new key
exchange algorithms / implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10305)

9 months agos390x assembly pack: process x25519 and x448 non-canonical values
Patrick Steuer [Sat, 2 Nov 2019 23:32:04 +0000 (00:32 +0100)]
s390x assembly pack: process x25519 and x448 non-canonical values

...in constant time.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)

9 months agoAdd self-generated test vector for x448 non-canonical values
Patrick Steuer [Sat, 2 Nov 2019 23:01:20 +0000 (00:01 +0100)]
Add self-generated test vector for x448 non-canonical values

x25519 has such a test vector obtained from wycheproof but wycheproof
does not have a corresponding x448 test vector.
So add a self-generated test vector for that case.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)

9 months agos390x assembly pack: fix x448 handling of non-canonical values
Patrick Steuer [Sat, 2 Nov 2019 22:50:26 +0000 (23:50 +0100)]
s390x assembly pack: fix x448 handling of non-canonical values

The s390x x448 implementation does not correctly reduce non-canonical
values i.e., u-coordinates >= p = 2^448 - 2^224 - 1.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)

9 months agos390x assembly pack: perlasm module update
Patrick Steuer [Sun, 3 Nov 2019 21:44:28 +0000 (22:44 +0100)]
s390x assembly pack: perlasm module update

- add instructions: clfi, stck, stckf, kdsa
- clfi and clgfi belong to extended-immediate (not long-displacement)
- some cleanup

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10346)

9 months agoDon't assume the type we read was the type we expected
Matt Caswell [Wed, 30 Oct 2019 13:23:18 +0000 (13:23 +0000)]
Don't assume the type we read was the type we expected

i2v_GENERAL_NAME and GENERAL_NAME_print were assuming that the type of
of a GENERAL_NAME (OTHERNAME) that we read in was the type we expected
it to be. If its something else then this can cause unexpected
behaviour. In the added fuzz test case an OOB read was occurring.

This issue was recently added by commit 4baee2d.

Credit to OSSFuzz for finding this issue.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)