openssl.git
15 months agoAdd Restricted PSS certificate and key
Matt Caswell [Thu, 8 Aug 2019 10:08:14 +0000 (11:08 +0100)]
Add Restricted PSS certificate and key

Create a PSS certificate with parameter restrictions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)

15 months agoEnsure RSA PSS correctly returns the right default digest
Matt Caswell [Thu, 8 Aug 2019 08:13:51 +0000 (09:13 +0100)]
Ensure RSA PSS correctly returns the right default digest

A default digest of SHA256 was being returned for RSA PSS even if the
PSS parameters indicated a different digest must be used. We change this
so that the correct default digest is returned and additionally mark this
as mandatory for PSS.

This bug had an impact on sig alg selection in libssl. Due to this issue
an incorrect sig alg might be selected in the event that a server is
configured with an RSA-PSS cert with parameter restrictions.

Fixes #9545

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)

15 months agouse native atomic increment function on Solaris
Vladimir Kotal [Fri, 21 Jun 2019 08:31:05 +0000 (10:31 +0200)]
use native atomic increment function on Solaris

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9215)

15 months agoAdd missing SIZE_MAX define for windows
Shane Lontis [Fri, 9 Aug 2019 11:38:42 +0000 (21:38 +1000)]
Add missing SIZE_MAX define for windows

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9559)

15 months agoAdd a CHANGES entry for BN_generate_prime_ex
Bernd Edlinger [Mon, 15 Jul 2019 18:34:31 +0000 (20:34 +0200)]
Add a CHANGES entry for BN_generate_prime_ex

BN_generate_prime_ex no longer avoids factors 3..17863 in p-1
when not computing safe primes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)

15 months agoUpdate documentation of BN_generate_prime_ex
Bernd Edlinger [Wed, 10 Jul 2019 19:33:48 +0000 (21:33 +0200)]
Update documentation of BN_generate_prime_ex

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)

15 months agoMerge probable_prime_dh_safe with bn_probable_prime_dh
Bernd Edlinger [Fri, 5 Jul 2019 09:55:56 +0000 (11:55 +0200)]
Merge probable_prime_dh_safe with bn_probable_prime_dh

This should avoid half of the trial divisions in probable_prime_dh_safe
and avoid bn_probable_prime_dh generating primes with special properties.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)

15 months agoAdd a parameter to probable_prime if we look for a safe prime
Bernd Edlinger [Thu, 4 Jul 2019 12:52:41 +0000 (14:52 +0200)]
Add a parameter to probable_prime if we look for a safe prime

Currently probable_prime makes sure that p-1 does not have
any prime factors from 3..17863, which is useful for safe primes,
but not necessarily for the general case.

Issue was initially reported here:
MIRONOV, I. Factoring RSA Moduli II.
https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)

15 months agomention what happens if OPENSSL_NO_RC2 is defined
Vladimir Kotal [Fri, 19 Jul 2019 14:01:13 +0000 (16:01 +0200)]
mention what happens if OPENSSL_NO_RC2 is defined

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9415)

15 months agoRestrict usage of bio_dgram_sctp_data only to DGRAM SCTP methods
raja-ashok [Sat, 6 Jul 2019 16:27:53 +0000 (21:57 +0530)]
Restrict usage of bio_dgram_sctp_data only to DGRAM SCTP methods

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9216)

15 months agomake ecp_nistz256_point_add_vis3() local
Vladimir Kotal [Tue, 11 Jun 2019 14:21:00 +0000 (16:21 +0200)]
make ecp_nistz256_point_add_vis3() local

fixes #8936

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9132)

15 months agoFix reversed meaning of error codes
Martin Ukrop [Mon, 5 Aug 2019 12:14:54 +0000 (14:14 +0200)]
Fix reversed meaning of error codes

The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were still reversed in the X509_STORE_CTX_get_error function documentation.
This used to be the problem also in the verify application documentation, but was fixed on 2010-02-23 in 7d3d178.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9529)

15 months agoClarify the INSTALL instructions
Matt Caswell [Fri, 28 Jun 2019 11:07:55 +0000 (12:07 +0100)]
Clarify the INSTALL instructions

Ensure users understand that they need to have appropriate permissions
to write to the install location.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9268)

15 months agoAvoid holding a lock when calling OPENSSL_init_crypto
Matt Caswell [Wed, 7 Aug 2019 09:46:26 +0000 (10:46 +0100)]
Avoid holding a lock when calling OPENSSL_init_crypto

We move an OPENSSL_init_crypto call slightly earlier in the process to
avoid calling it while holding the store lock. This can lead to deadlocks.

Fixes the no-engine build.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9547)

15 months agoFix no-filenames
Matt Caswell [Wed, 7 Aug 2019 08:47:43 +0000 (09:47 +0100)]
Fix no-filenames

If built with no-filenames then we shouldn't test this functionality in
the test suite.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9544)

15 months agoFix no-ec
Matt Caswell [Wed, 7 Aug 2019 08:38:05 +0000 (09:38 +0100)]
Fix no-ec

Fix some unguarded references to EC code inside the FIPS provider.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9543)

15 months agoFix document nit in EVP_MAC.pod
Shane Lontis [Thu, 8 Aug 2019 04:23:52 +0000 (14:23 +1000)]
Fix document nit in EVP_MAC.pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9551)

15 months agoChange EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes
Shane Lontis [Thu, 8 Aug 2019 03:14:05 +0000 (13:14 +1000)]
Change EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9542)

15 months agoFix enable-ec_nistp_64_gcc_128
Matt Caswell [Wed, 7 Aug 2019 09:03:12 +0000 (10:03 +0100)]
Fix enable-ec_nistp_64_gcc_128

When creating a BN_CTX, make sure we store it in the right variable!

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9546)

15 months agoFix BN error reporting
Matt Caswell [Tue, 6 Aug 2019 12:39:00 +0000 (13:39 +0100)]
Fix BN error reporting

Commit ed57f7f935 implemented the macro ERR_raise and updated err.h to use
it. A typo in err.h means that errors in the BN library are mistakenly
attributed to the RSA library.

This was found due to the following error appearing in a travis log:

00:07:CB:13:05:7F:00:00:error:0400006C:rsa routines::data greater than mod
len:crypto/bn/bn_gcd.c:613:
00:07:CB:13:05:7F:00:00:error:04000003:rsa routines::BN
lib:crypto/rsa/rsa_gen.c:393:
/home/travis/build/openssl/openssl/util/shlib_wrap.sh
/home/travis/build/openssl/openssl/apps/openssl genrsa -out rsamptest.pem
-primes 5 8192 => 1
not ok 12 - genrsa 8192p5

The line in question (crypto/bn/bn_gcd.c:613) actually looks like this:

        BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);

The test was checking for that error being raised, but was instead seeing
a different error and thus failing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9539)

15 months agoRun evp_test in FIPS mode
Matt Caswell [Mon, 5 Aug 2019 12:38:25 +0000 (13:38 +0100)]
Run evp_test in FIPS mode

We run the cipher and digest evp_test test files in FIPS mode. Some
ciphers/digests aren't available in FIPS mode so we mark those as
only being available in the default provider.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9531)

15 months agoDon't set ctx->cipher until after a successful fetch
Matt Caswell [Mon, 5 Aug 2019 12:37:05 +0000 (13:37 +0100)]
Don't set ctx->cipher until after a successful fetch

If an implict EVP_CIPHER_fetch fails then ctx->cipher should not be set
otherwise strange things will happen when trying to free the ctx.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9531)

15 months agoGCM cipher in provider now fails if passed bad keylength
Shane Lontis [Wed, 7 Aug 2019 01:39:04 +0000 (11:39 +1000)]
GCM cipher in provider now fails if passed bad keylength

Fixes #9500

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9512)

15 months agoUpdate man page for new API SSL_get_negotiated_group()
raja-ashok [Mon, 8 Jul 2019 12:43:24 +0000 (18:13 +0530)]
Update man page for new API SSL_get_negotiated_group()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9323)

15 months agoTest SSL_get_negotiated_group() API
raja-ashok [Mon, 8 Jul 2019 12:16:50 +0000 (17:46 +0530)]
Test SSL_get_negotiated_group() API

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9323)

15 months agoAPI to get negotiated key exchange algorithm in TLS1.3
raja-ashok [Mon, 8 Jul 2019 09:20:59 +0000 (14:50 +0530)]
API to get negotiated key exchange algorithm in TLS1.3

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9323)

15 months agoFix ECDSA_SIG docs
Matt Caswell [Mon, 5 Aug 2019 15:13:24 +0000 (16:13 +0100)]
Fix ECDSA_SIG docs

They incorrectly said that i2d_ECDSA_SIG returns 0 on error. In fact it
returns a negative value on error.

We fix this by moving the i2d_ECDSA_SIG/d2i_ECDSA_SIG docs onto the same
page as all the other d2i/i2d docs.

Fixes #9517

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9533)

15 months agoAdd documentation for new EC functions
Matt Caswell [Mon, 15 Jul 2019 14:54:08 +0000 (15:54 +0100)]
Add documentation for new EC functions

Document the new EC functions that are OPENSSL_CTX aware.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)

15 months agoInsert a dummy call to EC code in the FIPS provider
Matt Caswell [Thu, 4 Jul 2019 14:01:48 +0000 (15:01 +0100)]
Insert a dummy call to EC code in the FIPS provider

Test that EC code works properly in the FIPS provider

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)

15 months agoMake the EC code available from inside the FIPS provider
Matt Caswell [Wed, 3 Jul 2019 16:30:03 +0000 (17:30 +0100)]
Make the EC code available from inside the FIPS provider

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)

15 months agoCorrect the Extended Master Secret string for EBCDIC
Matt Caswell [Mon, 22 Jul 2019 10:02:46 +0000 (11:02 +0100)]
Correct the Extended Master Secret string for EBCDIC

The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string
"extended master secret". On EBCDIC machines it actually contained the
value "extecded master secret"

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9430)

15 months agoFix SSL_MODE_RELEASE_BUFFERS functionality
Matt Caswell [Thu, 1 Aug 2019 13:55:25 +0000 (14:55 +0100)]
Fix SSL_MODE_RELEASE_BUFFERS functionality

At some point in the past do_ssl3_write() used to return the number of
bytes written, or a value <= 0 on error. It now just returns a success/
error code and writes the number of bytes written to |tmpwrit|.

The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code
for the number of bytes written rather than |tmpwrit|. This has the effect
that the buffers are not released when they are supposed to be.

Fixes #9490

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9505)

15 months agoDocumentation for the provider Key Exchange operation
Matt Caswell [Mon, 29 Jul 2019 09:24:44 +0000 (10:24 +0100)]
Documentation for the provider Key Exchange operation

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9506)

15 months agoFix deprecation inconsisteny w.r.t. CRYPTO_mem_debug_{push,pop}()
David von Oheimb [Tue, 30 Jul 2019 06:40:32 +0000 (08:40 +0200)]
Fix deprecation inconsisteny w.r.t. CRYPTO_mem_debug_{push,pop}()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9483)

16 months agoReplace FUNCerr with ERR_raise_data
Rich Salz [Wed, 31 Jul 2019 19:24:20 +0000 (15:24 -0400)]
Replace FUNCerr with ERR_raise_data

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9496)

16 months agoUse NULL as parameter when pointer can only be NULL.
Pauli [Fri, 2 Aug 2019 01:56:46 +0000 (11:56 +1000)]
Use NULL as parameter when pointer can only be NULL.

Code clarification.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9514)

16 months agoFix commit a672a02a s390x build breakage
Patrick Steuer [Thu, 1 Aug 2019 08:59:14 +0000 (10:59 +0200)]
Fix commit a672a02a s390x build breakage

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9501)

16 months agoAdd missing accessors for X509 AuthorityKeyIdentifier
Dr. Matthias St. Pierre [Wed, 31 Jul 2019 15:02:45 +0000 (17:02 +0200)]
Add missing accessors for X509 AuthorityKeyIdentifier

Complements commit b383aa208146, which added X509_get0_authority_key_id().

 const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
 const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);      [NEW]
 const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);       [NEW]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9493)

16 months agoAdd a CHANGES entry about loading the config file by default
Matt Caswell [Wed, 31 Jul 2019 13:12:15 +0000 (14:12 +0100)]
Add a CHANGES entry about loading the config file by default

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)

16 months agoFix the krb5 external test
Matt Caswell [Wed, 31 Jul 2019 10:54:34 +0000 (11:54 +0100)]
Fix the krb5 external test

The krb5 external test relies on legacy algorithms. Therefore we make
use of the capability to load a config file by default, and ensure that
the config file in use by the krb5 tests loads both the legacy and default
providers.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)

16 months agoLoad the config file by default
Matt Caswell [Tue, 30 Jul 2019 15:42:53 +0000 (16:42 +0100)]
Load the config file by default

Previously we only loaded the config file by default for libssl. Now we do
it for libcrypto too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)

16 months agoSuppress loading the FIPS module in evp_test
Matt Caswell [Wed, 31 Jul 2019 10:09:44 +0000 (11:09 +0100)]
Suppress loading the FIPS module in evp_test

Running evp_test with the FIPS module has never worked because the
config file was never loaded by default. Actually loading the FIPS module
reveals lots of failures in evp_test. The following commits will enable
loading the config file by default and so we temporarily disable running
the evp_test with the FIPS module until the tests can be fixed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)

16 months agoProperly process the "Availablein" keyword for evp_test
Matt Caswell [Tue, 30 Jul 2019 17:36:53 +0000 (18:36 +0100)]
Properly process the "Availablein" keyword for evp_test

The "Availablein" keyword is supposed to indicate which providers are
required in evp_test in order for a particular test to pass. Unfortunately
this didn't work. If the provider was available then the test failed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)

16 months agoPrevent an infinite recursion when the query cache is flushed.
Pauli [Wed, 31 Jul 2019 09:31:45 +0000 (19:31 +1000)]
Prevent an infinite recursion when the query cache is flushed.

The problem being that the "requires flush" flag was being cleared after the
the flush.  The fix is to clear it before.  This is a problem because the
cache flushing called RAND_bytes and if the DRBG hadn't been created yet, it
would be queried and added to the cache causing the flush code to repeat.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9477)

16 months agoThe query cache has been updated to not depend on RAND_bytes being available.
Pauli [Wed, 31 Jul 2019 09:31:21 +0000 (19:31 +1000)]
The query cache has been updated to not depend on RAND_bytes being available.

The alternative is to use a fast and small xorshift
random number generator.  The stochastic flushing doesn't require good
random numbers, just enough variety to avoid causing problems.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9477)

16 months agoUse allow_early_data_cb from SSL instead of SSL_CTX
raja-ashok [Sun, 28 Jul 2019 07:53:00 +0000 (13:23 +0530)]
Use allow_early_data_cb from SSL instead of SSL_CTX

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9471)

16 months agoFix warning C4164 in MSVC.
joe2018Outlookcom [Wed, 31 Jul 2019 05:46:02 +0000 (13:46 +0800)]
Fix warning C4164 in MSVC.

Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared.
Fixes #9487

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9488)

16 months agomake RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA
David von Oheimb [Fri, 26 Jul 2019 09:03:12 +0000 (11:03 +0200)]
make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9466)

16 months agoAdd gcm ciphers (aes and aria) to providers.
Shane Lontis [Wed, 31 Jul 2019 11:55:16 +0000 (21:55 +1000)]
Add gcm ciphers (aes and aria) to providers.

The code has been modularized so that it can be shared by algorithms.

A fixed size IV is now used instead of being allocated.
The IV is not set into the low level struct now until the update (it uses an
iv_state for this purpose).

Hardware specific methods have been added to a PROV_GCM_HW object.

The S390 code has been changed to just contain methods that can be accessed in
a modular way. There are equivalent generic methods also for the other
platforms.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9231)

16 months agoTemporary workaround for ectest.c for [extended tests]
Nicola Tuveri [Sun, 28 Jul 2019 13:13:30 +0000 (16:13 +0300)]
Temporary workaround for ectest.c for [extended tests]

[extended tests]

This is a temporary workaround for issue #9251, which contains a full
discussion of the real problem.

As a temporary workaround, we test `EC_GROUP_new_from_ecparameters()`
against a curve that does not currently have alternative
implementations.

The proper fix is dependant on resolution of issue #8615

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9474)

16 months agoERR: fix err_data_size inconsistencies
Richard Levitte [Wed, 31 Jul 2019 07:27:05 +0000 (09:27 +0200)]
ERR: fix err_data_size inconsistencies

In ERR_add_error_vdata(), the size of err_data had 1 added to it in
some spots, which could lead to buffer overflow.

In ERR_vset_error(), ERR_MAX_DATA_SIZE was used instead of buf_size in
the BIO_vsnprintf() call, which would lead to a buffer overflow if
such a large buffer couldn't be allocated.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9491)

16 months agoRename X509_STORE ptr stored in opaque struct X509_STORE_CTX
Shane Lontis [Wed, 31 Jul 2019 10:56:34 +0000 (20:56 +1000)]
Rename X509_STORE ptr stored in opaque struct X509_STORE_CTX

Change name from 'ctx' to 'store' to remove ctx->ctx from code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9405)

16 months agoAdd evp_util macros
Shane Lontis [Wed, 31 Jul 2019 10:34:26 +0000 (20:34 +1000)]
Add evp_util macros

Also added EVP_CTRL_RET_UNSUPPORTED define (so magic numbers can be removed)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9464)

16 months agoCAdES : lowercase name for now internal methods.
FdaSilvaYY [Wed, 31 Jul 2019 09:14:12 +0000 (19:14 +1000)]
CAdES : lowercase name for now internal methods.
CAdES : rework CAdES signing API.
Make it private, as it is unused outside library bounds.
Fix varous doc-nits.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
16 months agoDocument recent changes in NEWS and CHANGES
Richard Levitte [Wed, 31 Jul 2019 04:59:37 +0000 (06:59 +0200)]
Document recent changes in NEWS and CHANGES

More should be added there

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9486)

16 months agoCheck for NULL return from zalloc in dh_dupctx.
Pauli [Tue, 30 Jul 2019 21:19:33 +0000 (07:19 +1000)]
Check for NULL return from zalloc in dh_dupctx.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9485)

16 months agoAvoid using ERR_put_error() directly in OpenSSL code
Richard Levitte [Wed, 24 Jul 2019 14:55:32 +0000 (16:55 +0200)]
Avoid using ERR_put_error() directly in OpenSSL code

If compiled with 'no-deprecated', ERR_put_error() is undefined.  We
had one spot where we were using it directly, because the file and
line information was passed from elsewhere.

Fortunately, it's possible to use ERR_raise() for that situation, and
call ERR_set_debug() immediately after and thereby override the
information that ERR_raise() stored in the error record.

util/mkerr.pl needed a small adjustment to not generate code that
won't compile in a 'no-deprecated' configuration.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)

16 months agoAdapt the FIPS provider to use the new core error functions
Richard Levitte [Wed, 24 Jul 2019 12:00:39 +0000 (14:00 +0200)]
Adapt the FIPS provider to use the new core error functions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)

16 months agoRefactor provider support for reporting errors
Richard Levitte [Wed, 24 Jul 2019 11:37:42 +0000 (13:37 +0200)]
Refactor provider support for reporting errors

The core now supplies its own versions of ERR_new(), ERR_set_debug()
and ERR_vset_error().  This should suffice for a provider to have any
OpenSSL compatible functionlity it desires.

The main difference between the ERR functions and the core
counterparts is that the core counterparts take an OSSL_PROVIDER
parameter instead of the library number.  That way, providers do not
need to know what number they have been assigned, that information
stays in the core.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)

16 months agoERR: Remove ERR_put_func_error() and reimplement ERR_put_error() as a macro
Richard Levitte [Wed, 24 Jul 2019 11:25:56 +0000 (13:25 +0200)]
ERR: Remove ERR_put_func_error() and reimplement ERR_put_error() as a macro

Also, deprecate ERR_put_error()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)

16 months agoERR: Implement the macros ERR_raise() and ERR_raise_data() and use them
Richard Levitte [Wed, 24 Jul 2019 11:13:52 +0000 (13:13 +0200)]
ERR: Implement the macros ERR_raise() and ERR_raise_data() and use them

The ERR_raise() macro uses a trick in C.  The following is permitted:

    #include <stdio.h>

    void first(void)
    {
        printf("Hello! ");
    }

    void foo(const char *bar)
    {
        printf("%s", bar);
    }

    int main()
    {
        /* This */
        (first(),foo)("cookie");
    }

ERR_raise_data() can be used to implement FUNCerr() as well, which
takes away the need for the special function ERR_put_func_error().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)

16 months agoERR: Add new building blocks for reporting errors
Richard Levitte [Wed, 24 Jul 2019 11:03:32 +0000 (13:03 +0200)]
ERR: Add new building blocks for reporting errors

The new building block are ERR_new(), ERR_set_debug(),
ERR_set_error(), ERR_vset_error(), which allocate a new error record
and set the diverse data in them.  They are designed in such a way
that it's reasonably easy to create macros that use all of them but
then rely completely on the function signature of ERR_set_error() or
ERR_vset_error().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)

16 months agoERR: refactor useful inner macros to err_locl.h. Add function name field
Richard Levitte [Wed, 24 Jul 2019 10:56:58 +0000 (12:56 +0200)]
ERR: refactor useful inner macros to err_locl.h.  Add function name field

The useful inner macros are now static inline functions.  That will
make them easier to debug in the future.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)

16 months agoMove some macros from include/openssl/opensslconf.h.in, add OPENSSL_FUNC
Richard Levitte [Wed, 24 Jul 2019 10:53:36 +0000 (12:53 +0200)]
Move some macros from include/openssl/opensslconf.h.in, add OPENSSL_FUNC

New header file, include/openssl/macros.h, which contains diverse
useful macros that we use elsewhere.

We also add the new macro OPENSSL_FUNC, which is an alias for
__FUNC__, __FUNCTION__, __FUNCSIG or __func__, depending on what the
compiler supports.  In the worst case, it's an alias for the string
"(unknown function)".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)

16 months agoFix BIO_printf format warnings
Bernd Edlinger [Mon, 29 Jul 2019 10:26:06 +0000 (12:26 +0200)]
Fix BIO_printf format warnings

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9479)

16 months agoUse OPENSSL_strlcpy instead of strncpy in e_afalg.c
Bernd Edlinger [Mon, 29 Jul 2019 09:39:34 +0000 (11:39 +0200)]
Use OPENSSL_strlcpy instead of strncpy in e_afalg.c

This avoids a spurious gcc warning:
./config enable-asan --strict-warnings
=>
In function 'afalg_create_sk',
    inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11:
engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be
    truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation]
  376 |     strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
      |     ^~~~~~~

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9478)

16 months agoDocument the provider CIPHER operation
Matt Caswell [Thu, 25 Jul 2019 10:55:00 +0000 (11:55 +0100)]
Document the provider CIPHER operation

Extends the existing provider documentation with information about the
CIPHER operation. This is primarily for provider authors.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9473)

16 months agoFix coverity 1452084
Pauli [Sun, 28 Jul 2019 08:21:07 +0000 (18:21 +1000)]
Fix coverity 1452084
Fix coverity 1452083

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9470)

16 months agoERR: re-use the err_data field when possible
Richard Levitte [Thu, 25 Jul 2019 15:51:30 +0000 (17:51 +0200)]
ERR: re-use the err_data field when possible

To deallocate the err_data field and then allocating it again might be
a waste of processing, but may also be a source of errors when memory
is scarce.  While we normally tolerate that, the ERR sub-system is an
exception and we need to pay closer attention to how we handle memory.

This adds a new err_data flag, ERR_TXT_IGNORE, which means that even
if there is err_data memory allocated, its contents should be ignored.
Deallocation of the err_data field is much more selective, aand should
only happen when ERR_free_state() is called.

Fixes #9458

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9459)

16 months agoAdd weak platform independent PRNG to test framework.
Pauli [Fri, 26 Jul 2019 02:56:01 +0000 (12:56 +1000)]
Add weak platform independent PRNG to test framework.

Implement the GNU C library's random(3) pseudorandom number generator.
The algorithm is described: https://www.mscs.dal.ca/~selinger/random/

The rationale is to make the tests repeatable across differing platforms with
different underlying implementations of the random(3) library call.

More specifically: when executing tests with random ordering.

[extended tests]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9463)

16 months agos390x assembly pack: use getauxval to detect hw capabilities
Patrick Steuer [Thu, 18 Jul 2019 09:42:58 +0000 (11:42 +0200)]
s390x assembly pack: use getauxval to detect hw capabilities

if available.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9410)

16 months agotest/recipes/30-test_evp.t: Modify to test with different providers
Richard Levitte [Wed, 17 Jul 2019 12:26:26 +0000 (14:26 +0200)]
test/recipes/30-test_evp.t: Modify to test with different providers

Different providers will give different results, and we need to test
them all.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9398)

16 months agotest/evp_test.c: modify to use OSSL_PROVIDER_available()
Richard Levitte [Wed, 17 Jul 2019 09:34:14 +0000 (11:34 +0200)]
test/evp_test.c: modify to use OSSL_PROVIDER_available()

This changes the stanza format used so far.  Some test stanza had the
following line, only possible for digests:

    Legacy = 1

These have been traded for the following:

    Availablein = legacy

That line is globally available in all test stanza and can be used to
tell what providers a certain algorithm may be available in.  Only one
provider needs to match, so one might have something like this for
some tests:

    Availablein = default fips

This means that one of those providers must be available for the test
stanza to be performed.

If the providers mentioned for a stanza aren't available, the test is
skipped.
If this line isn't used in a stanza, the algorithm is assumed to be
available unconditionally (either by fallback providers, or providers
loaded by the config file).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9398)

16 months agoAdd functions to see if a provider is available for use.
Richard Levitte [Wed, 17 Jul 2019 09:29:04 +0000 (11:29 +0200)]
Add functions to see if a provider is available for use.

Public function OSSL_PROVIDER_available() takes a library context and
a provider name, and returns 1 if it's available for use, i.e. if it's
possible to fetch implementations from it, otherwise 0.

Internal function ossl_provider_activated() returns 1 if the given
OSSL_PROVIDER is activated, otherwise 0.

To make this possible, the activation of fallbacks got refactored out
to a separate function, which ended up simplifying the code.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9398)

16 months agoDon't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.
David Benjamin [Tue, 23 Jul 2019 18:14:48 +0000 (14:14 -0400)]
Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.

tls_parse_stoc_key_share was generating a new EVP_PKEY public/private
keypair and then overrides it with the server public key, so the
generation was a waste anyway. Instead, it should create a
parameters-only EVP_PKEY.

(This is a consequence of OpenSSL using the same type for empty key,
empty key with key type, empty key with key type + parameters, public
key, and private key. As a result, it's easy to mistakenly mix such
things up, as happened here.)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9445)

16 months agoDocument the provider DIGEST operation
Matt Caswell [Wed, 24 Jul 2019 14:24:01 +0000 (15:24 +0100)]
Document the provider DIGEST operation

Extends the existing provider documentation with information about the
DIGEST operation. This is primarily for provider authors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9453)

16 months agoRemove HEADER_X509_H and HEADER_SSL_H include detectors from apps
Dr. Matthias St. Pierre [Fri, 12 Jul 2019 20:49:42 +0000 (22:49 +0200)]
Remove HEADER_X509_H and HEADER_SSL_H include detectors from apps

The HEADER_X509_H check is redundant, because <openssl/x509.h>
is already included.

Instead of of checking for HEADER_SSL_H, include <openssl/ssl.h>
explicitly in "s_apps.h" and don't include "s_apps.h" where it's
not necessary.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9364)

16 months agoRemove OPENSSL_X509V3_H include detector from openssl/cms.h
Dr. Matthias St. Pierre [Fri, 5 Jul 2019 13:50:50 +0000 (15:50 +0200)]
Remove OPENSSL_X509V3_H include detector from openssl/cms.h

The check is redundant, because <openssl/x509v3.h> is included.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9364)

16 months agoRemove HEADER_BSS_FILE_C module include guard
Dr. Matthias St. Pierre [Thu, 4 Jul 2019 10:38:43 +0000 (12:38 +0200)]
Remove HEADER_BSS_FILE_C module include guard

This include guard inside an object file comes as a surprise and
serves no purpose anymore. It seems like this object file was
included by crypto/threads/mttest.c at some time, but the include
directive was removed in commit bb8abd6.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9364)

16 months agoEnforce a minimum DH modulus size of 512 bits
Bernd Edlinger [Mon, 22 Jul 2019 20:50:19 +0000 (22:50 +0200)]
Enforce a minimum DH modulus size of 512 bits

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9437)

16 months agoAdapt DH to use with KEYMGMT
Richard Levitte [Sun, 7 Jul 2019 08:56:46 +0000 (10:56 +0200)]
Adapt DH to use with KEYMGMT

The biggest part in this was to move the key->param builder from EVP
to the DH ASN.1 method, and to implement the KEYMGMT support in the
provider DH.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9394)

16 months agoRemove some utilities from the core to provider interface
Matt Caswell [Mon, 22 Jul 2019 14:19:02 +0000 (15:19 +0100)]
Remove some utilities from the core to provider interface

The core provides a number of essential functions as "upcalls" to
providers. Some of those were just utility functions that wrap other
upcalls - which don't seem essential and bloat the interface. We should
remove them in order to simplify the interface.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9432)

16 months agoDon't complain if function name doesn't match
Rich Salz [Thu, 18 Jul 2019 19:40:12 +0000 (15:40 -0400)]
Don't complain if function name doesn't match

The "function" argument is now unused in the XXXerr defines, so mkerr
doesn't need to check if the value/name match.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9413)

16 months agoMake rand_pool buffers more dynamic in their sizing.
Pauli [Tue, 23 Jul 2019 08:07:19 +0000 (18:07 +1000)]
Make rand_pool buffers more dynamic in their sizing.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9428)

16 months agoAvoid double clearing some BIGNUMs
Pauli [Tue, 23 Jul 2019 06:54:52 +0000 (16:54 +1000)]
Avoid double clearing some BIGNUMs

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9438)

16 months agoReplace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere
Richard Levitte [Thu, 11 Jul 2019 10:19:33 +0000 (12:19 +0200)]
Replace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9346)

16 months agoDescribe OSSL_PARAM as a parameter descriptor
Richard Levitte [Thu, 11 Jul 2019 10:18:42 +0000 (12:18 +0200)]
Describe OSSL_PARAM as a parameter descriptor

This affects doc/man3/OSSL_PARAM.pod and doc/man7/openssl-core.h.pod

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9346)

16 months agoRe-implement the cipher and digest listings for 'openssl list'
Richard Levitte [Sat, 13 Jul 2019 05:04:01 +0000 (07:04 +0200)]
Re-implement the cipher and digest listings for 'openssl list'

They now display both legacy and provided algorithms.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoAdd EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex()
Richard Levitte [Sat, 13 Jul 2019 05:02:54 +0000 (07:02 +0200)]
Add EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoAdd internal function evp_generic_do_all()
Richard Levitte [Sat, 13 Jul 2019 04:53:44 +0000 (06:53 +0200)]
Add internal function evp_generic_do_all()

This function is used to traverse all algorithm implementations for a
given operation type, and execute the given function for each of them.

For each algorithm implementation, a method is created and passed to
the given function, and then freed after that function's return.  If
the caller wishes to keep the method for longer, they must call the
appropriate up_ref function on the method, and they must also make
sure to free the passed methods at some point.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoRefactor ossl_method_construct() in terms of ossl_algorithm_do_all()
Richard Levitte [Wed, 10 Jul 2019 21:14:03 +0000 (23:14 +0200)]
Refactor ossl_method_construct() in terms of ossl_algorithm_do_all()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoAdd internal function ossl_algorithm_do_all()
Richard Levitte [Wed, 10 Jul 2019 21:11:27 +0000 (23:11 +0200)]
Add internal function ossl_algorithm_do_all()

This function is used to traverse all the implementations provided by
one provider, or all implementation for a specific operation across
all loaded providers, or both, and execute a given function for each
occurence.

This will be used by ossl_method_construct(), but also by information
processing functions.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoAdd OSSL_PROVIDER_name()
Richard Levitte [Wed, 10 Jul 2019 21:00:22 +0000 (23:00 +0200)]
Add OSSL_PROVIDER_name()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoAdd EVP_MD_provider() and EVP_CIPHER_provider()
Richard Levitte [Wed, 10 Jul 2019 20:59:07 +0000 (22:59 +0200)]
Add EVP_MD_provider() and EVP_CIPHER_provider()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoRe-implement EVP_MD_name() and EVP_CIPHER_name() as functions
Richard Levitte [Wed, 10 Jul 2019 20:24:00 +0000 (22:24 +0200)]
Re-implement EVP_MD_name() and EVP_CIPHER_name() as functions

They will do the same as usual for non-provider algorithms
implementations, but can handle provider implementations as well.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoAdd a mechnism to save the name of fetched methods
Richard Levitte [Wed, 10 Jul 2019 20:22:16 +0000 (22:22 +0200)]
Add a mechnism to save the name of fetched methods

This will be useful for information display, as well as for code that
want to check the name of an algorithm.  This can eventually replace
all NID checks.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

16 months agoprovider-keymgmt(7): Document the KEYMGMT interface
Richard Levitte [Mon, 22 Jul 2019 08:46:10 +0000 (10:46 +0200)]
provider-keymgmt(7): Document the KEYMGMT interface

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9429)

16 months agoRemove superfluous call to OPENSSL_cpuid_setup
Patrick Steuer [Fri, 19 Jul 2019 14:41:46 +0000 (16:41 +0200)]
Remove superfluous call to OPENSSL_cpuid_setup

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9417)

16 months agoChange DH parameters to generate the order q subgroup instead of 2q
Bernd Edlinger [Wed, 10 Jul 2019 13:52:36 +0000 (15:52 +0200)]
Change DH parameters to generate the order q subgroup instead of 2q

This avoids leaking bit 0 of the private key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9363)

16 months agoDocumentation: add provider-base(7), describing the base functions
Richard Levitte [Thu, 18 Jul 2019 13:07:13 +0000 (15:07 +0200)]
Documentation: add provider-base(7), describing the base functions

The base functions are the first tables of function pointers that
libcrypto and the provider pass to each other, thereby providing a
baseline with which they can communicate further with each other.

This also contains an example for a ficticious provider, providing an
implement of a fictitious algorithm for a fictitious operation.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9409)