openssl.git
2 months agoDOCS: Move the description of EVP_PKEY_get0_description()
Richard Levitte [Tue, 13 Jul 2021 09:15:29 +0000 (11:15 +0200)]
DOCS: Move the description of EVP_PKEY_get0_description()

It appears to have been misplaced

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16063)

2 months agoEVP: Add EVP_PKEY_get0_provider() and EVP_PKEY_CTX_get0_provider()
Richard Levitte [Tue, 13 Jul 2021 08:40:45 +0000 (10:40 +0200)]
EVP: Add EVP_PKEY_get0_provider() and EVP_PKEY_CTX_get0_provider()

Fixes #16058

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16063)

3 months agoFix potential problems with EVP_PKEY_CTX_new() with engine set
Tomas Mraz [Thu, 22 Jul 2021 13:01:53 +0000 (15:01 +0200)]
Fix potential problems with EVP_PKEY_CTX_new() with engine set

If an engine is non-NULL in EVP_PKEY_CTX_new() call an assert might
have been incorrectly triggered or the engine might be finished
without being inited.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16137)

3 months agodo_sigver_init: Add missing ERR_clear_last_mark()
Tomas Mraz [Thu, 22 Jul 2021 13:25:32 +0000 (15:25 +0200)]
do_sigver_init: Add missing ERR_clear_last_mark()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16138)

3 months agoci: QEMU based cross compiled testing
Pauli [Thu, 22 Jul 2021 09:13:41 +0000 (19:13 +1000)]
ci: QEMU based cross compiled testing

With a little set up, Debian provides an ability to use QEMU to execute
programs compiled for other architectures. Using this, most of our cross
compilation CI builds can be executed.

This PR does this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16133)

3 months agoci: reinstate the passwd tests for the no-cached-fetch run.
Pauli [Thu, 22 Jul 2021 00:56:29 +0000 (10:56 +1000)]
ci: reinstate the passwd tests for the no-cached-fetch run.

By selectively skipping the high round test cases, the out of memory problem
can be avoided.

partially fixes #16127

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16132)

3 months agoMakefile: Avoid changing LIBDIR based on whether it already exists
jenda1 [Tue, 20 Jul 2021 14:32:49 +0000 (16:32 +0200)]
Makefile: Avoid changing LIBDIR based on whether it already exists

unix-Makefile.tmpl checks if the target LIBDIR exists on the build
machine or not and based on the result modify the final LIBDIR.
This should be avoided, build results should not depend on the build
machine root filesystem layout. It makes the build results unstable.

The fix simply removes the dir existence test from the unix-Makefile.tmpl.

Fixes: openssl#16121

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16122)

3 months agoDSA/RSA_print(): Fix potential memory leak
Tomas Mraz [Wed, 21 Jul 2021 16:45:01 +0000 (18:45 +0200)]
DSA/RSA_print(): Fix potential memory leak

Fixes #10777

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16130)

3 months agoAdd a test for custom EVP_PKEY_METHODs
Matt Caswell [Tue, 20 Jul 2021 15:18:58 +0000 (16:18 +0100)]
Add a test for custom EVP_PKEY_METHODs

Adds a test for using custom EVP_PKEY_METHODs without an ENGINE. As part
of this we also test having a custom EVP_PKEY_METHOD that wraps a built-in
EVP_PKEY_METHOD. We do this for both legacy and provided keys.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)

3 months agoFix custom EVP_PKEY_METHOD implementations where no engine is present
Matt Caswell [Mon, 19 Jul 2021 15:17:50 +0000 (16:17 +0100)]
Fix custom EVP_PKEY_METHOD implementations where no engine is present

It is possible to have a custom EVP_PKEY_METHOD implementation without
having an engine. In those cases we were failing to use that custom
implementation.

Fixes #16088

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)

3 months agoUpdate our EVP_PKEY_METHODs to get low level keys via public APIs
Matt Caswell [Tue, 20 Jul 2021 08:58:53 +0000 (09:58 +0100)]
Update our EVP_PKEY_METHODs to get low level keys via public APIs

It is possible to call built-in EVP_PKEY_METHOD functions with a provided
key. For example this might occur if a custom EVP_PKEY_METHOD is in use
that wraps a built-in EVP_PKEY_METHOD. Therefore our EVP_PKEY_METHOD
functions should not assume that we are using a legacy key. Instead we
get the low level key using EVP_PKEY_get0_RSA() or other similar functions.
This "does the right thing" if the key is actually provided.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)

3 months agoOSSL_HTTP_open(): Fix memory leak on TLS connect failure via proxy
Dr. David von Oheimb [Tue, 20 Jul 2021 09:19:39 +0000 (11:19 +0200)]
OSSL_HTTP_open(): Fix memory leak on TLS connect failure via proxy

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16119)

3 months agoci: omit tests that consume too much memory
Pauli [Wed, 21 Jul 2021 09:25:22 +0000 (19:25 +1000)]
ci: omit tests that consume too much memory

The SSL API tests and the passwd command test trigger memory leakage in the
address sanitizer.

Fixes #16116

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16125)

3 months agotls_process_{client,server}_certificate(): allow verify_callback return > 1
Dr. David von Oheimb [Wed, 27 Jan 2021 21:13:30 +0000 (22:13 +0100)]
tls_process_{client,server}_certificate(): allow verify_callback return > 1

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13937)

3 months agoSSL_CTX_set_cert_verify_callback.pod: various corrections and clarifications
Dr. David von Oheimb [Fri, 22 Jan 2021 21:34:56 +0000 (22:34 +0100)]
SSL_CTX_set_cert_verify_callback.pod: various corrections and clarifications

- Make clear the callback is called whenever a peer certificate has been received,
  which is independent of the verification mode.
- Make clear that a return value > 1 always leads to handshake failure.
- Make clear that in server mode also return values <= 0 lead to handshake failure.
- For client mode replace the incorrect formulation "if B<SSL_VERIFY_PEER> is set"
  by what is actually implemented: "if the verification mode is not B<SSL_VERIFY_NONE>".
- Refer to X509_STORE_CTX_set_error() rather than to internal error variable.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13937)

3 months agoAdd testcases for SSL_key_update() corner case calls
yangyangtiantianlonglong [Thu, 15 Jul 2021 12:15:36 +0000 (20:15 +0800)]
Add testcases for SSL_key_update() corner case calls

Test that SSL_key_update() is not allowed if there are writes pending.
Test that there is no reset of the packet pointer in ssl3_setup_read_buffer().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16085)

3 months agotest: include all DRBG tests in FIPS mode
Pauli [Fri, 16 Jul 2021 01:58:46 +0000 (11:58 +1000)]
test: include all DRBG tests in FIPS mode

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)

3 months agodocs: update CTR DRBG documentation to not mention the lack of a derivation function...
Pauli [Fri, 16 Jul 2021 01:54:14 +0000 (11:54 +1000)]
docs: update CTR DRBG documentation to not mention the lack of a derivation function in FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)

3 months agoerr: remove the derivation function is mandatory for FIPS error message since it...
Pauli [Fri, 16 Jul 2021 01:52:30 +0000 (11:52 +1000)]
err: remove the derivation function is mandatory for FIPS error message since it's no longer used and newly introduced

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)

3 months agodrbg: allow the ctr derivation function to be disabled in FIPS mode
Pauli [Fri, 16 Jul 2021 01:38:23 +0000 (11:38 +1000)]
drbg: allow the ctr derivation function to be disabled in FIPS mode

Word from the lab is:

    The use of the derivation function is optional if either an approved
    RBG or an entropy source provides full entropy output when entropy
    input is requested by the DRBG mechanism. Otherwise, the derivation
    function shall be used.

So our disallowing it's use was more than required.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)

3 months agoFix a read buffer overrun in X509_aux_print().
Ingo Schwarze [Sun, 18 Jul 2021 15:48:06 +0000 (17:48 +0200)]
Fix a read buffer overrun in X509_aux_print().

The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in any
way either, so we must assume the return value from X509_alias_get0(3)
is merely a byte array and not necessarily a string in the sense
of the C language.

I found this bug while writing manual pages for X509_print_ex(3)
and related functions.  Theo Buehler <tb@openbsd.org> checked my
patch to fix the same bug in LibreSSL, see

http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9

As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others.  But let's stay focussed.  Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16108)

3 months agodoc: fix OPENSSL_VERSION_NUMBER length in the synopsis
Petr Gotthard [Sun, 18 Jul 2021 12:19:11 +0000 (14:19 +0200)]
doc: fix OPENSSL_VERSION_NUMBER length in the synopsis

The number has 8 digits (not 9). It is a single integer `0xMNN00PP0L`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16106)

3 months agodemos: update readme file with pbkdf2 and scrypt examples.
Pauli [Mon, 19 Jul 2021 03:17:02 +0000 (13:17 +1000)]
demos: update readme file with pbkdf2 and scrypt examples.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)

3 months agodemos: add Makefile support for pbkdf2 and scrypt KDF demos
Pauli [Mon, 19 Jul 2021 03:00:38 +0000 (13:00 +1000)]
demos: add Makefile support for pbkdf2 and scrypt KDF demos

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)

3 months agodemo: add scrypt demonstration program
Pauli [Mon, 19 Jul 2021 03:00:23 +0000 (13:00 +1000)]
demo: add scrypt demonstration program

Using test vector from RTC 7914

Fixes #14108

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)

3 months agodemo: add pbkdf2 demonstration program
Pauli [Mon, 19 Jul 2021 03:00:06 +0000 (13:00 +1000)]
demo: add pbkdf2 demonstration program

Using test vector from RTC 7914

Fixes #14107

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)

3 months agotest: fix use after scope problem in ACVP test
Pauli [Sat, 17 Jul 2021 14:47:09 +0000 (00:47 +1000)]
test: fix use after scope problem in ACVP test

Repeat after me:
    thou shall not use an auto scope variable as a parameter
    that is used out of scope.

Fixes GitHub CI #6305

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16103)

3 months agoFix some minor record layer issues
Matt Caswell [Thu, 15 Jul 2021 13:08:56 +0000 (14:08 +0100)]
Fix some minor record layer issues

Various comments referred to s->packet and s->packet_length instead of
s->rlayer.packet and s->rlayer.packet_length. Also fixed is a spot where
RECORD_LAYER_write_pending() should have been used. Based on the review
comments in #16077.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16086)

3 months agoFix signed/unsigned comparison warnings in sslapitest
Matt Caswell [Wed, 14 Jul 2021 14:36:12 +0000 (15:36 +0100)]
Fix signed/unsigned comparison warnings in sslapitest

Fixes build failures if using enable-ktls in conjunction with --strict-warnings

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16090)

3 months agoconfig: enable ACVP test case if FIPS is enabled.
Pauli [Fri, 16 Jul 2021 00:31:41 +0000 (10:31 +1000)]
config: enable ACVP test case if FIPS is enabled.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16095)

3 months agodoc: It is not possible to use SSL_OP_* value in preprocessor conditions
Tomas Mraz [Thu, 15 Jul 2021 11:37:26 +0000 (13:37 +0200)]
doc: It is not possible to use SSL_OP_* value in preprocessor conditions

Fixes #16082

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16084)

3 months agoDisallow SSL_key_update() if there are writes pending
Matt Caswell [Tue, 13 Jul 2021 16:44:44 +0000 (17:44 +0100)]
Disallow SSL_key_update() if there are writes pending

If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.

Fixes #12485

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16077)

3 months agoDon't reset the packet pointer in ssl3_setup_read_buffer
Matt Caswell [Tue, 13 Jul 2021 16:19:12 +0000 (17:19 +0100)]
Don't reset the packet pointer in ssl3_setup_read_buffer

Sometimes this function gets called when the buffers have already been
set up. If there is already a partial packet in the read buffer then the
packet pointer will be set to an incorrect value. The packet pointer already
gets reset to the correct value when we first read a packet anyway, so we
don't also need to do it in ssl3_setup_read_buffer.

Fixes #13729

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16077)

3 months agoRSA_public_decrypt is equivalent to a verify recover operation
Tomas Mraz [Thu, 15 Jul 2021 07:30:23 +0000 (09:30 +0200)]
RSA_public_decrypt is equivalent to a verify recover operation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068)

3 months agoevp_test: Add tests for rsa_padding_mode:none
Tomas Mraz [Wed, 14 Jul 2021 10:45:30 +0000 (12:45 +0200)]
evp_test: Add tests for rsa_padding_mode:none

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068)

3 months agoAllow RSA signature operations with RSA_NO_PADDING
Tomas Mraz [Tue, 13 Jul 2021 13:28:24 +0000 (15:28 +0200)]
Allow RSA signature operations with RSA_NO_PADDING

When no md is set, the raw operations should be allowed.

Fixes #16056

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16068)

3 months agoDrop daily run-checker build with just enable-acvp-tests
Tomas Mraz [Wed, 14 Jul 2021 13:51:29 +0000 (15:51 +0200)]
Drop daily run-checker build with just enable-acvp-tests

Having just enable-acvp-tests without enable-fips does not make
much sense as this just builds the test but it is skipped.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)

3 months agoCI: have enable-acvp-tests in some CI build
Tomas Mraz [Wed, 14 Jul 2021 13:49:31 +0000 (15:49 +0200)]
CI: have enable-acvp-tests in some CI build

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)

3 months agoSignature algos: allow having identical digest in params
Tomas Mraz [Wed, 14 Jul 2021 13:41:22 +0000 (15:41 +0200)]
Signature algos: allow having identical digest in params

The flag_allow_md prevents setting a digest in params however
this is unnecessarily strict. If the digest is the same as the
one already set, we do not return an error.

Fixes #16071

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)

3 months agoacvp_test: Fix incorrect parenthesis
Tomas Mraz [Wed, 14 Jul 2021 13:41:00 +0000 (15:41 +0200)]
acvp_test: Fix incorrect parenthesis

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)

3 months agoapps: Use the first detected address family if IPv6 is not available
Daiki Ueno [Wed, 14 Jul 2021 09:15:34 +0000 (11:15 +0200)]
apps: Use the first detected address family if IPv6 is not available

This is a follow up of 15729bef385211bc2a0497e2d53a45c45d677d2c.  Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.

After eee8a40aa5e06841eed6fa8eb4f6109238d59aea, the do_server function
prefers the IPv6 address and fails on the BIO_socket call.  This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.

The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface.  However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16074)

3 months agoSplit bignum code out of the sparcv9cap.c
Tomas Mraz [Wed, 7 Jul 2021 15:47:06 +0000 (17:47 +0200)]
Split bignum code out of the sparcv9cap.c

Fixes #15978

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16019)

3 months agodoc: document the params arguments to the initialisation functions.
Pauli [Wed, 14 Jul 2021 00:03:45 +0000 (10:03 +1000)]
doc: document the params arguments to the initialisation functions.

These were accidentally omitted when the arguments were added globally.

Fixes #16067

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16072)

3 months agoevp: constify some OSSL_PARAM arguments
Pauli [Wed, 14 Jul 2021 00:03:22 +0000 (10:03 +1000)]
evp: constify some OSSL_PARAM arguments

These were missed when the initialisation params were added

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16072)

3 months agoMake EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check()
Tomas Mraz [Tue, 13 Jul 2021 15:41:02 +0000 (17:41 +0200)]
Make EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check()

The implementation of EVP_PKEY_pairwise_check() is also changed
to handle the legacy keys.

Fixes #16046

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16069)

3 months agodoc: Document that incomplete certificates return error
Tomas Mraz [Tue, 13 Jul 2021 15:59:37 +0000 (17:59 +0200)]
doc: Document that incomplete certificates return error

Fixes #16065

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16070)

3 months agotest: add single byte IV AES GCM tests
Pauli [Tue, 13 Jul 2021 08:55:36 +0000 (18:55 +1000)]
test: add single byte IV AES GCM tests

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16064)

3 months agoRemove lower limit on GCM mode ciphers
Pauli [Tue, 13 Jul 2021 08:40:01 +0000 (18:40 +1000)]
Remove lower limit on GCM mode ciphers

Fixes #16057

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16064)

3 months agoapps: avoid using POSIX IO macros and functions when built without them.
Pauli [Wed, 14 Jul 2021 01:02:57 +0000 (11:02 +1000)]
apps: avoid using POSIX IO macros and functions when built without them.

Fall back to stdio functions if not available.

Fixes a daily run-checker failure (no-posix-io)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16073)

3 months agoFix OSSL_TRACE9 missing arg9
Syrone Wong [Tue, 13 Jul 2021 02:04:56 +0000 (10:04 +0800)]
Fix OSSL_TRACE9 missing arg9

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16060)

3 months agoAvoid empty lines in nmake rule bodies
Richard Levitte [Mon, 12 Jul 2021 05:29:02 +0000 (07:29 +0200)]
Avoid empty lines in nmake rule bodies

nmake is tolerant of those empty lines, but jom isn't.  That tolerance
isn't standard make behaviour, so we lean towards avoiding them.

We simply use '@rem' instead.

Fixes #16014

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16048)

3 months agoRemove executable mode attributes of non-executable files
Tianjia Zhang [Mon, 12 Jul 2021 03:22:59 +0000 (11:22 +0800)]
Remove executable mode attributes of non-executable files

Remove the executable attributes of some C code files and key files,
change the file mode from 0755 to 0644.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16045)

3 months agoasn.1: fix Coverity 1487104 Logically dead code
Pauli [Sun, 11 Jul 2021 10:53:43 +0000 (20:53 +1000)]
asn.1: fix Coverity 1487104 Logically dead code

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16042)

3 months agodoc: document the new opt_legacy_okay() function's behaviour
Pauli [Thu, 8 Jul 2021 01:38:06 +0000 (11:38 +1000)]
doc: document the new opt_legacy_okay() function's behaviour

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

3 months agoapp: add library context and propq arguments to opt_md() and opt_cipher()
Pauli [Thu, 8 Jul 2021 01:25:11 +0000 (11:25 +1000)]
app: add library context and propq arguments to opt_md() and opt_cipher()

Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

3 months agoapps: add a function opt_legacy_okay() that indicates if legacy paths are permitted...
Pauli [Thu, 8 Jul 2021 01:24:05 +0000 (11:24 +1000)]
apps: add a function opt_legacy_okay() that indicates if legacy paths are permitted or not

By default they are.  However, if a provider, provider path or a property query has been specified
they are not.  Likewise, if a library context or a property query has been
specified by the command, they are not.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

3 months agoapps: add query to allow a command to know of a provider command line option was...
Pauli [Thu, 8 Jul 2021 01:22:14 +0000 (11:22 +1000)]
apps: add query to allow a command to know of a provider command line option was processed

Better fixing:
Fixing #15683
Fixing #15686

Replacing rather than fixing:
Fixing #15414

Since that claims to fix another:
Fixing #15372

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

3 months agotest: make build descriptions more consistent
Pauli [Thu, 8 Jul 2021 01:09:39 +0000 (11:09 +1000)]
test: make build descriptions more consistent

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

3 months agotest: add a shim function for the apps's opt_legacy_okay() function
Pauli [Thu, 8 Jul 2021 00:55:01 +0000 (10:55 +1000)]
test: add a shim function for the apps's opt_legacy_okay() function

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

3 months agotest: rename apps_mem.c to be apps_shims.c in anticipation of additonal functions
Pauli [Thu, 8 Jul 2021 00:53:05 +0000 (10:53 +1000)]
test: rename apps_mem.c to be apps_shims.c in anticipation of additonal functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

3 months agoFix legacy OCSP_REQ_CTX_http() function to expect ASN.1 formatted input
Dr. David von Oheimb [Thu, 8 Jul 2021 17:44:47 +0000 (19:44 +0200)]
Fix legacy OCSP_REQ_CTX_http() function to expect ASN.1 formatted input

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16029)

3 months agoImprove doc of OSSL_HTTP_REQ_CTX_set_expected() on timeout param < 0
Dr. David von Oheimb [Thu, 8 Jul 2021 17:45:35 +0000 (19:45 +0200)]
Improve doc of OSSL_HTTP_REQ_CTX_set_expected() on timeout param < 0

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16029)

3 months agoBIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given
Daiki Ueno [Thu, 8 Jul 2021 17:22:36 +0000 (19:22 +0200)]
BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given

The flag only affects which record types are queried via DNS (A or
AAAA, or both).  When node is NULL and AF_UNSPEC is used, it prevents
getaddrinfo returning the right address associated with the loopback
interface.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16033)

3 months agotest_cmp_ctx: Avoid using empty X509 with i2d
Tomas Mraz [Fri, 9 Jul 2021 13:48:02 +0000 (15:48 +0200)]
test_cmp_ctx: Avoid using empty X509 with i2d

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16036)

3 months agoFix test/asn1_encode_test.c to handle encoding/decoding failure
Richard Levitte [Fri, 9 Jul 2021 06:51:55 +0000 (08:51 +0200)]
Fix test/asn1_encode_test.c to handle encoding/decoding failure

Make it only report (and fail on) encoding/decoding failures when success
is expected.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16036)

3 months agoFix test/asn1_encode_test.c to not use ASN1_FBOOLEAN
Richard Levitte [Fri, 9 Jul 2021 06:31:24 +0000 (08:31 +0200)]
Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN

ASN1_FBOOLEAN is designed to use as a default for optional ASN1 items.
This test program used it for non-optional items, which doesn't encode
well.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16036)

3 months agoASN.1: Refuse to encode to DER if non-optional items are missing
Richard Levitte [Thu, 8 Jul 2021 11:38:45 +0000 (13:38 +0200)]
ASN.1: Refuse to encode to DER if non-optional items are missing

Fixes #16026

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16036)

3 months agoTEST: Check that i2d refuses to encode non-optional items with no content
Richard Levitte [Thu, 8 Jul 2021 11:33:28 +0000 (13:33 +0200)]
TEST: Check that i2d refuses to encode non-optional items with no content

The test case creates an RSA public key and tries to pass it through
i2d_PrivateKey().  This SHOULD fail, since the private bits are missing.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16036)

3 months agoConfigurations/unix-Makefile.tmpl: use platform->sharedlib() as fallback
Richard Levitte [Thu, 8 Jul 2021 17:05:34 +0000 (19:05 +0200)]
Configurations/unix-Makefile.tmpl: use platform->sharedlib() as fallback

If platform->sharedlib_simple() and platform->sharedlib_import()
return undefined, try platform->sharedlib() as a fallback before
platform->staticlib().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16023)

3 months agoplatform->sharedlib_simple(): return undef when same as platform->sharedlib()
Richard Levitte [Thu, 8 Jul 2021 03:18:25 +0000 (05:18 +0200)]
platform->sharedlib_simple(): return undef when same as platform->sharedlib()

On some Unix-like platforms, there is no such thing as versioned shared
libraries.  In this case, platform->sharedlib_simple() should simply
return undef.  Among others, this avoids the shared libraries to be
installed as symlinks on themselves.

Fixes #16012

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16023)

3 months agoFix s_server PSK handling
Matt Caswell [Tue, 6 Jul 2021 15:24:07 +0000 (16:24 +0100)]
Fix s_server PSK handling

Issue #15951 describes a scenario which causes s_server to fail when using
a PSK. In the originally described issue this only impacted master and not
1.1.1. However, in fact this issue does also impact 1.1.1 - but only if you
additionally supply the option "-no_ticket" to the s_server command line.

The difference between the behaviour in master and 1.1.1 is due to 9c13b49,
which changed PSK_MAX_IDENTITY_LEN from 128 to 256. It just so happens that
a default OpenSSL TLSv1.3 ticket length happens to fall between those 2
values. Tickets are presented in TLSv1.3 as a PSK "identity". Passing
"no_ticket" doesn't actually stop TLSv1.3 tickets completely, it just
forces the use of "session ids as a ticket" instead. This significantly
reduces the ticket size to below 128 in 1.1.1.

The problem was due to s_server setting a TLSv1.2 PSK callback and a
TLSv1.3 PSK callback. For backwards compat reasons the TLSv1.2 PSK
callbacks also work in TLSv1.3 but are not preferred. In the described
scenario we use a PSK to create the initial connection. Subsequent to that
we attempt a resumption using a TLSv1.3 ticket (psk). If the psk length is
below PSK_MAX_IDENTITY_LEN then we first call the TLSv1.2 PSK callback.
Subsequently we call the TLSv1.3 PSK callback. Unfortunately s_server's
TLSv1.2 PSK callback accepts the identity regardless, even though it is an
unexpected value, and hence the binder subsequently fails to verify.

The fix is to bail early in the TLSv1.2 callback if we detect we are being
called from a TLSv1.3 connection.

Fixes #15951

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16008)

3 months agoAdd a PKCS12 test to check with one input cert we get one output cert
Matt Caswell [Tue, 6 Jul 2021 10:31:28 +0000 (11:31 +0100)]
Add a PKCS12 test to check with one input cert we get one output cert

Following on from the regression in issue #15983, add a test that with
one input cert, we get one cert in the pkcs12 file, and that it has the
expected friendlyName.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16001)

3 months agoDon't add the first pkcs12 certificate multiple times
Matt Caswell [Mon, 5 Jul 2021 16:19:59 +0000 (17:19 +0100)]
Don't add the first pkcs12 certificate multiple times

This fixes a regression introduced by commit 1d6c867. When exporting a set
of certificates to a PKCS12 file we shouldn't add the first one twice. Also
we restore historic behaviour with respect to the canames option where we
have no ee certificate with key.

Fixes #15983

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16001)

3 months agoapps: fix Coverity 1451531 Unchecked return value
Pauli [Mon, 5 Jul 2021 08:30:27 +0000 (18:30 +1000)]
apps: fix Coverity 1451531 Unchecked return value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15994)

3 months agoevp: detect and raise an error if no digest is found for a sign/verify operation
Pauli [Wed, 7 Jul 2021 06:32:16 +0000 (16:32 +1000)]
evp: detect and raise an error if no digest is found for a sign/verify operation

If no digest is specified, the code looks for a default digest per PKEY via the
evp_keymgmt_util_get_deflt_digest_name() call.  If this call returns NULL,
indicating no digest found, the code continues regardless.  If the verify/sign
init later fails, it returns an error without raising one.  This change raises
an error in this case.

Fixes #15372

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16015)

3 months agoFix compile warning with GCC 11.
Juergen Christ [Mon, 5 Jul 2021 07:48:53 +0000 (09:48 +0200)]
Fix compile warning with GCC 11.

When configured with strict warnings, GCC 11 complains about a possible
stringop-translation:

Config:

/usr/bin/perl ./Configure enable-asan enable-ubsan enable-zlib-dynamic \
enable-unit-test enable-md2 enable-rc5 enable-buildtest-c++ \
enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-fips -w \
--strict-warnings

Warning:

crypto/evp/ctrl_params_translate.c: In function 'fix_rsa_pss_saltlen':
crypto/evp/ctrl_params_translate.c:1356:13: error: 'strncpy' specified bound 50 equals destination size [-Werror=stringop-truncation]
 1356 |             strncpy(ctx->name_buf, str_value_map[i].ptr, sizeof(ctx->name_buf));
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix by copying one byte less than the buffer size.  We anyway overwrite the
last byte.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15993)

3 months agoMade foreign bit field unsigned in evp.h
Randall S. Becker [Tue, 6 Jul 2021 17:42:22 +0000 (12:42 -0500)]
Made foreign bit field unsigned in evp.h

Fixes #16010

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16011)

3 months agoFix bug in X509_print_ex
Rich Salz [Tue, 6 Jul 2021 16:00:19 +0000 (12:00 -0400)]
Fix bug in X509_print_ex

If the user set nmflags == XN_FLAG_COMPAT and X509_NAME_print_ex(3)
failed, the error return value of 0 was misinterpreted as an indicator
of success, causing X509_print_ex(3) to ignore the error, continue
printing, and potentially return successfully even though not all
the content of the certificate was printed.

The X509_NAME_print_ex(3) manual page explains that this function
indicates failure by returning 0 if nmflags == XN_FLAG_COMPAT
and by returning -1 if nmflags != XN_FLAG_COMPAT.

Note that just checking for <= 0 in all cases would not be correct
either because X509_NAME_print_ex(3) returns 0 to indicate that it
successfully printed zero bytes in some cases, for example when all
three of the following conditions hold:
1. nmflags != XN_FLAG_COMPAT
2. indent == 0 (which X509_print_ex(3) does use in some cases)
3. the name object is NULL or empty

Thanks to Ingo Schwarze <schwarze@openbsd.org> for finding the bug,
and Joel Sing <jsing@openbsd.org> for contributing an idea for the
fix.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16009)

3 months agoFix comment for test_negotiated_group() test order
Benjamin Kaduk [Tue, 6 Jul 2021 14:49:39 +0000 (07:49 -0700)]
Fix comment for test_negotiated_group() test order

Because of how the 'client_multi' variable is set, we end up
running the tests where the client configures multiple groups (and
the server only configures one) before the ones where the server configures
multiple groups (and the client only configures one).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16007)

3 months agoCRYPTO: Remove the check for built-in methods in the export_to function
Richard Levitte [Tue, 6 Jul 2021 06:44:37 +0000 (08:44 +0200)]
CRYPTO: Remove the check for built-in methods in the export_to function

That check was seen as necessary at the time, but other changes have
been made since, so we now have better control on when we're handling
legacy structures and methods, making it safe to run the export_to
function on keys with foreign methods.

The basic message is that foreign methods must set key structure
values according to our standards no matter what, or not set them at
all.  This has really always been the case, but was harder to see at
the time because of interaction with other bugs.

Fixes #15927

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15996)

3 months agobn: procduce correct sign for result of BN_mod()
Pauli [Mon, 5 Jul 2021 01:01:59 +0000 (11:01 +1000)]
bn: procduce correct sign for result of BN_mod()

There is a problem that appears when calling BN_div(a, c, a, b) with negative b.
In this case, the sign of the remainder c is incorrect.  The problem only
occurs if the dividend and the quotient are the same BIGNUM.

Fixes #15982

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15991)

3 months agochanges: add entry noting the removal of ERR_GET_FUNC()
Pauli [Tue, 6 Jul 2021 09:00:04 +0000 (19:00 +1000)]
changes: add entry noting the removal of ERR_GET_FUNC()

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16004)

3 months agodoc: update documentation to note removal of ERR_GET_FUNC()
Pauli [Tue, 6 Jul 2021 08:54:39 +0000 (18:54 +1000)]
doc: update documentation to note removal of ERR_GET_FUNC()

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16004)

3 months agoerr: remove ERR_GET_FUNC()
Pauli [Tue, 6 Jul 2021 08:50:11 +0000 (18:50 +1000)]
err: remove ERR_GET_FUNC()

This is problematic in 3.0 because the function codes are all defined as zero.
This leads to either every error matching or no error ever matching.  Both
are problematic for users.  The OTC vote resolved to remove this function
completely.

Fixes #15946

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16004)

3 months agotest: add some integral type size sanity checks
Pauli [Fri, 18 Jun 2021 23:54:55 +0000 (09:54 +1000)]
test: add some integral type size sanity checks

With the recent problem on VMS of maxint_t being defined as a 32 bit integer
despite OpenSSL mandating 64 bit integers being available, it seems prudent
to add some sanity checks for out integral types.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15830)

3 months agoutil: add -fips option to wrap.pl to make using the FIPS provider easier
Pauli [Thu, 1 Jul 2021 02:48:30 +0000 (12:48 +1000)]
util: add -fips option to wrap.pl to make using the FIPS provider easier

Without this option, I find I need to figure out which environment variables
point where which wastes effort.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15966)

3 months agoAdd HKDF negative tests
Shane Lontis [Fri, 2 Jul 2021 04:26:07 +0000 (14:26 +1000)]
Add HKDF negative tests

Fix memory leak if legacy test is skipped.
Using EVP_KDF_CTX_get_params() to get OSSL_KDF_PARAM_SIZE will now
return 0 if the returned size is 0.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15977)

3 months agoAdd test for provider gettables
Shane Lontis [Fri, 25 Jun 2021 02:01:13 +0000 (12:01 +1000)]
Add test for provider gettables

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15970)

3 months agoAvoid "excessive message size" for session tickets
Matt Caswell [Wed, 23 Jun 2021 07:54:12 +0000 (08:54 +0100)]
Avoid "excessive message size" for session tickets

We received a report of an "excessive message size" for a received
session ticket. Our maximum size was significantly less than the theoretical
maximum. The server may put any data it likes in the session ticket
including (for example) the full certificate chain so we should be able to
handle longer tickets. Update the value to the maximum allowed by the spec.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15877)

3 months agoupdate fips checksums
Tomas Mraz [Thu, 1 Jul 2021 15:41:47 +0000 (17:41 +0200)]
update fips checksums

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)

3 months agofips module header inclusion fine-tunning
Tomas Mraz [Thu, 1 Jul 2021 15:41:02 +0000 (17:41 +0200)]
fips module header inclusion fine-tunning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)

3 months agobn: Make fixed-length Montgomery Multiplication conditional on PPC64
Martin Schwenke [Thu, 1 Jul 2021 06:59:30 +0000 (16:59 +1000)]
bn: Make fixed-length Montgomery Multiplication conditional on PPC64

This code is currently unconditional even though build.info has:

  $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s

This causes a build failure on 32-bit systems.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

3 months agobn: Fix .size directive
Martin Schwenke [Thu, 1 Jul 2021 04:44:33 +0000 (14:44 +1000)]
bn: Fix .size directive

This requires the text address.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

3 months agobn: Use a basic branch-if-not-zero
Martin Schwenke [Thu, 1 Jul 2021 04:23:50 +0000 (14:23 +1000)]
bn: Use a basic branch-if-not-zero

Ancient toolchains fail the build because they don't like the hints,
newer ISAs recommend not using the hints and relying on dynamic branch
prediction.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

3 months agorsa_cms_verify: Avoid negative return with missing pss parameters
Tomas Mraz [Fri, 2 Jul 2021 13:29:13 +0000 (15:29 +0200)]
rsa_cms_verify: Avoid negative return with missing pss parameters

Fixes #15984

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15985)

3 months agoCoverity #1486687: fix potential dereference of NULL keymgmt
Tomas Mraz [Fri, 2 Jul 2021 13:45:09 +0000 (15:45 +0200)]
Coverity #1486687: fix potential dereference of NULL keymgmt

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15986)

3 months agodoc: include PBKDF1 documentation in build.info
Pauli [Thu, 1 Jul 2021 04:47:38 +0000 (14:47 +1000)]
doc: include PBKDF1 documentation in build.info

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

3 months agodoc: add PBKDF1 provider documentation
Pauli [Thu, 1 Jul 2021 04:46:39 +0000 (14:46 +1000)]
doc: add PBKDF1 provider documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

3 months agoprovider: use #define for PBKDF1 algorithm name
Pauli [Thu, 1 Jul 2021 04:00:03 +0000 (14:00 +1000)]
provider: use #define for PBKDF1 algorithm name

This seems to be standard practice so bringing PBKDF1 into line.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

3 months agoPROV & STORE: Make the 'file:' store loader understand more binary formats
Richard Levitte [Fri, 2 Jul 2021 10:38:18 +0000 (12:38 +0200)]
PROV & STORE: Make the 'file:' store loader understand more binary formats

The 'file:' store loader only understood DER natively.  With all the
whatever to key decoders gone, direct support for other binary file
formats are gone, and we need to recreate them for this store loader.

With these changes, it now also understands MSBLOB and PVK files.

As a consequence, any store loader that handles some form of open file
data (such as a PEM object) can now simply pass that data back via
OSSL_FUNC_store_load()'s object callback.  As long as libcrypto has
access to a decoder that can understand the data, the appropriate
OpenSSL object will be generated for it, even if the store loader sits
in a different provider than any decoder or keymgmt.
For example, an LDAP store loader, which typically finds diverse PEM
formatted blobs in the database, can simply pass those back via the
object callback, and let libcrypto do the rest of the work.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)