Matt Caswell [Wed, 18 Aug 2021 16:58:23 +0000 (17:58 +0100)]
Fix append_ia5 function to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 16:37:41 +0000 (17:37 +0100)]
Fix test code to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 16:37:23 +0000 (17:37 +0100)]
Fix CMP code to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 16:08:58 +0000 (17:08 +0100)]
Fix the name constraints code to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 13:02:40 +0000 (14:02 +0100)]
Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 11:34:55 +0000 (12:34 +0100)]
Fix GENERAL_NAME_print to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 11:31:38 +0000 (12:31 +0100)]
Fix POLICYINFO printing to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Matt Caswell [Wed, 18 Aug 2021 11:24:22 +0000 (12:24 +0100)]
Fix i2v_GENERAL_NAME to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Zengit [Wed, 11 Aug 2021 14:21:03 +0000 (17:21 +0300)]
Add a clarification to NOTES-UNIX.md
I just wasted almost 2 hours troubleshooting, because lowercase L
and 1 look too similar, this should help some people save time.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16295)
Dmitry Belyavskiy [Fri, 20 Aug 2021 14:45:15 +0000 (16:45 +0200)]
Get rid of warn_binary
Current implementation of warn_binary introduces a regression
when the content is passed in /dev/stdin as an explicit file name
and reads the file to be processed twice otherwise.
I suggest to reimplement this functionality after 3.0 if necessary.
Fixes #16359
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16367)
Omair Majid [Wed, 18 Aug 2021 18:57:57 +0000 (14:57 -0400)]
Fix documentation referring to 'function code'
ERR_GET_FUNC was removed, so remove references to 'function code' as
well from docs.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16353)
Beat Bolli [Mon, 16 Aug 2021 20:37:41 +0000 (22:37 +0200)]
doc: fix a mistyped "=item" perldoc marker
Searching didn't reveal any other similar cases.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16354)
Rich Salz [Tue, 17 Aug 2021 15:42:21 +0000 (11:42 -0400)]
Replace CONFIG_NOWAIT env var with -w option
And document the -w option
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Rich Salz [Mon, 16 Aug 2021 20:29:09 +0000 (16:29 -0400)]
Set KERNEL_BITS, add CONFIG_NOWAIT
Avoid perl "undefined variable in regexp" message.
Not all uses were changed because I wasn't sure.
Add support for CONFIG_NOWAIT environment variable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Rich Salz [Mon, 16 Aug 2021 20:25:03 +0000 (16:25 -0400)]
Minor doc enhancements to INSTALL.md
Describe current relationship between config and Configure.
Put the environment variable list in alphabetical order.
Add description of KERNEL_BITS.
Add new variable CONFIG_NOWAIT.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Richard Levitte [Thu, 19 Aug 2021 18:45:00 +0000 (20:45 +0200)]
util/add-depends.pl: Rebuild the build file after reconfiguration
Reconfiguration is assumed if any dependency (.d) file is older than
configdata.pm.
Fixes #16364
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16365)
Richard Levitte [Thu, 19 Aug 2021 11:07:30 +0000 (13:07 +0200)]
util/add-depends.pl: Only add dependencies on existing or generated headers
Headers that fulfill neither of those conditions are skipped.
This avoids build breaks when development has removed a previously
existing header.
Fixes #16360
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16361)
Todd Short [Mon, 16 Aug 2021 20:37:10 +0000 (16:37 -0400)]
Fix state name abbreviation
The TRSCV state abbrev was used for two states:
* TLS_ST_CR_CERT_VRFY
* TLS_ST_SW_CERT_VRFY
The second one is wrong because it's a write operation.
The state for TLS_ST_SW_CERT_VRFY should be "TWSCV"
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16327)
Richard Levitte [Tue, 17 Aug 2021 12:32:35 +0000 (14:32 +0200)]
Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negative
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16334)
Richard Levitte [Tue, 17 Aug 2021 06:46:23 +0000 (08:46 +0200)]
EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated
A check is added to fail this function if the string buffer isn't
large enough to accomodate a terminating NUL byte.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16334)
Pauli [Mon, 16 Aug 2021 22:54:55 +0000 (08:54 +1000)]
doc: remove errant blank line to appease doc-nits
Fixes #16328
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/16330)
Pauli [Tue, 17 Aug 2021 03:17:17 +0000 (13:17 +1000)]
pkcs12: check for zero length digest to avoid division by zero
Fixes #16331
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/16332)
Shane Lontis [Fri, 13 Aug 2021 04:36:21 +0000 (14:36 +1000)]
Fix CTS cipher decrypt so that the updated IV is returned correctly.
Adding KRB5 test vector 'NextIV' values to evp_test data for AES CTS indicated that the CTS decrypt functions incorrectly returned the wrong IV. The returned IV should match the value returned by the encrypt methods.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Shane Lontis [Thu, 12 Aug 2021 09:20:05 +0000 (19:20 +1000)]
Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Shane Lontis [Thu, 12 Aug 2021 08:22:50 +0000 (18:22 +1000)]
Add support for camellia cbc cts mode
Fixes #16276
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Shane Lontis [Thu, 12 Aug 2021 08:20:48 +0000 (18:20 +1000)]
Refactor cipher aes_cts code so that it can be used by other 128bit ciphers
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Richard Levitte [Mon, 16 Aug 2021 10:14:30 +0000 (12:14 +0200)]
Correct UTF8 params documentation further
The latest change misdocumented OSSL_PARAM_get_utf8_string(), that
change should have been for OSSL_PARAM_set_utf8_string().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16318)
Ingo Franzki [Wed, 11 Aug 2021 11:04:52 +0000 (13:04 +0200)]
Test EVP Cipher updating the context's IV
Ensure that an EVP_CipherUpdate operation updates the context's
IV for AES CBC, CFB, OFB, and CTR. An application can get the
updated IV via EVP_CIPHER_CTX_iv().
The s390x implementation of the CFB and OFB ciphers in e_aes.c did not
update the IV in the context, but only within its s390x specific
context data.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16291)
Ingo Franzki [Wed, 11 Aug 2021 07:39:46 +0000 (09:39 +0200)]
s390x: AES OFB/CFB: Maintain running IV from cipher context
Copy the current IV from the cipher context into the kmo/kmf param before
the operation, and copy the modified IV back to the context afterwards.
Without this, an application that obtains the running IV from the context
would still get the original IV, but not the updated one.
This implementation in e_aes.c now matches the code in cipher_aes_hw_s390x.inc
that is used for the provider implementation.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16291)
Todd Short [Fri, 13 Aug 2021 13:59:59 +0000 (09:59 -0400)]
Fix potential double-free
The `sk` variable is assigned to `s->session->peer_chain`.
If `ssl3_digest_cached_records()` were to fail, then `sk` would still be
non-NULL, and subsequently freed on the error return. When the session
is freed, it will then attempt to free `s->session->peer_chain`,
resulting in a double-free (of `sk`).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16309)
Tomas Mraz [Fri, 6 Aug 2021 15:25:13 +0000 (17:25 +0200)]
Multiple fixes for getting pub key from legacy DH PKEY
There were multiple issues with getting OSSL_PKEY_PARAM_PUB_KEY
from a legacy EVP_PKEY DH and DHX keys.
Fixes #16247
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16253)
Tomas Mraz [Wed, 11 Aug 2021 16:46:07 +0000 (18:46 +0200)]
Correct documentation errors in regards to UTF8 params
This fixes numerous bugs in documentation in regards to UTF8
params and their sizes. The returned size should always be without the
terminating NUL byte. On the other hand on the requestor side
the size of the buffer should include the NUL byte if it expects it
being included in the returned string.
Also make this clear in the EVP_PKEY_get_group_name() documentation
which uses utf8 string params under the hood.
Fixes #16287
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16296)
Tomas Mraz [Tue, 10 Aug 2021 15:07:35 +0000 (17:07 +0200)]
Add documentation about the multilib postfix and libdir
Fixes #16244
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16281)
Shane Lontis [Wed, 11 Aug 2021 02:23:08 +0000 (12:23 +1000)]
Allow small RSA exponents in the default provider
Fixes #16255
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16285)
Dmitry Belyavskiy [Tue, 10 Aug 2021 13:04:37 +0000 (15:04 +0200)]
Disclaimer about the default provider activation added to config
Fixes #16249
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16280)
Pauli [Fri, 6 Aug 2021 00:01:15 +0000 (10:01 +1000)]
genpkey: -quiet doesn't take an argument
Fixes #16238
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16240)
Todd Short [Thu, 5 Aug 2021 20:38:47 +0000 (16:38 -0400)]
Sort SSL_OP names in documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16236)
Todd Short [Thu, 5 Aug 2021 20:29:37 +0000 (16:29 -0400)]
Add missing SSL_OP flags
Add missing SSL_OP flags. Correct the list of flags set by SSL_OP_ALL.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16236)
Tomas Mraz [Tue, 10 Aug 2021 12:51:21 +0000 (14:51 +0200)]
EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable
If key length is different from the existing key length and it is not
a settable parameter, raise an error.
Fixes #16277
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16279)
Tomas Mraz [Tue, 10 Aug 2021 07:18:19 +0000 (09:18 +0200)]
dsatest: Properly detect failure in generate/sign/verify
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16268)
Tomas Mraz [Mon, 9 Aug 2021 08:42:46 +0000 (10:42 +0200)]
Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen
Fixes #16261
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16268)
Tomas Mraz [Tue, 10 Aug 2021 07:00:22 +0000 (09:00 +0200)]
aes_v8_xts_encrypt is present only on 64bit arm builds
Fixes #16273
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16275)
Dmitry Belyavskiy [Wed, 4 Aug 2021 13:40:24 +0000 (15:40 +0200)]
Omitted signature_algorithms extension alerts updated
Fixes #15484
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16217)
David Bohman [Fri, 6 Aug 2021 22:23:00 +0000 (15:23 -0700)]
MacOS: Add an include of <CommonCrypto/CommonCryptoError.h>
The include is added before <CommonCrypto/CommonRandom.h>,
as required by older releases of the macOS developer tools.
Fixes #16248
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16258)
Pauli [Fri, 6 Aug 2021 01:17:03 +0000 (11:17 +1000)]
doc: remove errant claim that these are not FIPS okay
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16239)
Pauli [Thu, 5 Aug 2021 23:16:38 +0000 (09:16 +1000)]
doc: Fix ECX FIPS documentation
Both Ed448 and
Ed25519 were omitted from the signature list.
X448 and X25519 were flagged as not FIPS valid which wasn't correct.
Fixes #16234
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16239)
Tomas Mraz [Thu, 5 Aug 2021 10:44:58 +0000 (12:44 +0200)]
Avoid freeing the conf lhashes in X509_V3_EXT*_add_conf
Fixes #16226
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16227)
Dr. David von Oheimb [Thu, 5 Aug 2021 09:19:07 +0000 (11:19 +0200)]
Fix CMP app TLS connection not respecting vpm options like -crl_check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16225)
Amir Mohammadi [Wed, 4 Aug 2021 05:14:29 +0000 (09:44 +0430)]
Fix test case for a2i_IPADDRESS
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16201)
Christian Heimes [Sat, 15 Aug 2020 18:01:49 +0000 (20:01 +0200)]
Test case for a2i_IPADDRESS
Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores
trailing data.
See: https://github.com/openssl/openssl/issues/12649
See: https://bugs.python.org/issue41556
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16201)
Amir Mohammadi [Wed, 4 Aug 2021 05:13:49 +0000 (09:43 +0430)]
Fix ipv4_from_asc behavior on invalid Ip addresses
sscanf() call in ipv4_from_asc does not check that
the string is terminated immediately after the last digit.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16201)
Tomas Mraz [Wed, 4 Aug 2021 17:27:48 +0000 (19:27 +0200)]
X509_STORE_CTX_get_error: Fix some minor documentation issues
Original PR by Eric Valcik
(https://github.com/openssl/openssl/pull/12302)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16219)
Kelvin Lee [Thu, 10 Sep 2020 05:58:13 +0000 (15:58 +1000)]
Fix VS2019 compile error C4703: potentially uninitialized local pointer variable used.
encode_key2text.c(689): error C4703: potentially uninitialized local pointer variable 'modulus_label' used
encode_key2text.c(691): error C4703: potentially uninitialized local pointer variable 'exponent_label' used
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12845)
Tomas Mraz [Wed, 4 Aug 2021 12:55:30 +0000 (14:55 +0200)]
cms: Fix handling of -rctform option
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16216)
Tomas Mraz [Wed, 4 Aug 2021 12:51:49 +0000 (14:51 +0200)]
cms: Do not try to check binary format on stdin
Fixes #16195
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16216)
Tomas Mraz [Wed, 4 Aug 2021 09:36:24 +0000 (11:36 +0200)]
req: Avoid segfault when -modulus is used
Fixes #16196
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16215)
Billy Brumley [Wed, 4 Aug 2021 07:45:52 +0000 (10:45 +0300)]
[doc/man3] documentation: BN_cmp manpage updates
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16214)
Pauli [Wed, 4 Aug 2021 23:25:56 +0000 (09:25 +1000)]
test: add -macopt hexkey: to dgst command tests
Comparison checksum generated using 1.1.1f.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16212)
Pauli [Wed, 4 Aug 2021 03:30:44 +0000 (13:30 +1000)]
ctrls: add missing control string translation for key -> priv for HMAC
Fixes #16200
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16212)
Pauli [Wed, 4 Aug 2021 00:11:30 +0000 (10:11 +1000)]
evp_test: add TLS 1.3 KDF test suite
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 12:42:23 +0000 (22:42 +1000)]
test: add test cases for TLS 1.3 KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 01:33:38 +0000 (11:33 +1000)]
update doc/build.info
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 01:22:49 +0000 (11:22 +1000)]
fips: add power up test for TLS 1.3 KDF
The power up known answer test for the TLS 1.3 KDF does just the first step
to derive the "client_early_traffic_secret" using the two modes of the KDF.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 05:42:13 +0000 (15:42 +1000)]
doc: add TLS 1.3 KDF to the FIPS provider list of algorithms.
Fix link to TLS1 PRF.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 12:29:03 +0000 (22:29 +1000)]
doc: reorder the string and int extract/expand param values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 11:44:06 +0000 (21:44 +1000)]
doc: add links to new KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 11:44:38 +0000 (21:44 +1000)]
doc: add documentation for TLS13_KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 06:19:29 +0000 (16:19 +1000)]
provider: add TLS13_KDF to the default and FIPS providers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 06:16:35 +0000 (16:16 +1000)]
tls/prov: move the TLS 1.3 KDF code to providers
This function needs to be power up tested as part of the FIPS validation and
thus it needs to be inside the provider boundary. This is realised by
introducing a new KDF "TLS13-KDF" which does the required massaging of
parameters but is otherwise functionally equivalent to HKDF.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 02:18:42 +0000 (12:18 +1000)]
doc: add missing link directive in X942 KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Wed, 4 Aug 2021 01:06:44 +0000 (11:06 +1000)]
CI: remove spurious blank lines
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
Pauli [Thu, 29 Jul 2021 05:24:20 +0000 (15:24 +1000)]
ci: specific gcc explicitly on the basic-gcc CI build
GitHub Actions default to clang not gcc so this is necessary now.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
Pauli [Thu, 29 Jul 2021 03:37:30 +0000 (13:37 +1000)]
ci: separate the config dump from the configuration command
This avoids using the shell's `&&` and shortens the lines a bit.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
Dmitry Belyavskiy [Fri, 30 Jul 2021 14:03:55 +0000 (16:03 +0200)]
Document necessary error code processing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16187)
Tomas Mraz [Tue, 3 Aug 2021 16:00:02 +0000 (18:00 +0200)]
Add oid_section to sysdefault.cnf to test adding new oids
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16210)
Tomas Mraz [Tue, 3 Aug 2021 15:29:04 +0000 (17:29 +0200)]
Prevent recursive call of OPENSSL_INIT_LOAD_CONFIG
If objects are added in a config file the OPENSSL_INIT_LOAD_CONFIG
will be called recursively which results in hang in RUN_ONCE.
Fixes #16186
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16210)
Dr. David von Oheimb [Tue, 3 Aug 2021 12:40:08 +0000 (14:40 +0200)]
apps/pkeyutl.c: call ERR_print_errors() on all errors, including Signature Verification Failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16209)
Tomas Mraz [Tue, 3 Aug 2021 10:23:43 +0000 (12:23 +0200)]
Use copy.pl to install the fips module on Windows
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16208)
Tomas Mraz [Tue, 3 Aug 2021 09:35:58 +0000 (11:35 +0200)]
Windows, VMS: Do install_fips on install if fips is enabled
Also fix some inconsistencies and minor bugs related to the
install_fips target on Windows and VMS.
Fixes #16194
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16208)
Beat Bolli [Fri, 30 Jul 2021 16:40:27 +0000 (18:40 +0200)]
doc: replace markdown backticks with perlpod syntax
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16190)
Beat Bolli [Fri, 30 Jul 2021 16:39:51 +0000 (18:39 +0200)]
doc: use the documented =item markers
The generated lists[1] look weird when using a dash as the list item
character. Perlpod documents[2] '*' for unordered lists and '1.' (note
the period) for ordered lists. Use these characters instead.
[1] e.g. https://www.openssl.org/docs/manmaster/man7/migration_guide.html#New-Algorithms
[2] https://perldoc.perl.org/perlpod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16190)
Pauli [Wed, 28 Jul 2021 23:55:09 +0000 (09:55 +1000)]
Add config_diagnostics to our configuration files.
The change to a more configuration based approach to enable FIPS mode
operation highlights a shortcoming in the default should do something
approach we've taken for bad configuration files.
Currently, a bad configuration file will be automatically loaded and
once the badness is detected, it will silently stop processing the
configuration and continue normal operations. This is good for remote
servers, allowing changes to be made without bricking things. It's bad
when a user thinks they've configured what they want but got something
wrong and it still appears to work.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16171)
Dmitry Belyavskiy [Mon, 2 Aug 2021 15:00:51 +0000 (17:00 +0200)]
If we have passed the private key, don't copy it implicitly
Fixes #16197
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16199)
Tanzinul Islam [Sat, 31 Jul 2021 17:28:34 +0000 (18:28 +0100)]
Redefine getpid() -> _getpid() only for MSVC
This was introduced in
814b5133e for MSVC. C++Builder doesn't need it.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16192)
Pauli [Fri, 30 Jul 2021 00:38:33 +0000 (10:38 +1000)]
changes: remove duplicate entry
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16180)
Pauli [Thu, 29 Jul 2021 01:39:01 +0000 (11:39 +1000)]
doc: document that config_diagnostics is sensible but involves risk
Also:
- add this option to the sample configurations in the documentation.
- note that it is a sensible choice when using FIPS via config
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16172)
Pauli [Tue, 20 Jul 2021 05:04:49 +0000 (15:04 +1000)]
demo: add GMAC demonstration program
Test vector from NIST's GCM mode suite.
Fixes #14123
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16113)
yangyangtiantianlonglong [Sun, 25 Jul 2021 03:43:16 +0000 (11:43 +0800)]
Fix dtls timeout dead code
Delete dtls timeout dead code in dtls1_handle_timeout
Fix: #15559
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16151)
Matt Caswell [Thu, 29 Jul 2021 14:50:46 +0000 (15:50 +0100)]
Prepare for 3.0 beta 3
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 29 Jul 2021 14:50:29 +0000 (15:50 +0100)]
Prepare for release of 3.0 beta 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 29 Jul 2021 14:50:27 +0000 (15:50 +0100)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 29 Jul 2021 14:41:35 +0000 (15:41 +0100)]
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16176)
Matt Caswell [Thu, 29 Jul 2021 10:09:05 +0000 (11:09 +0100)]
Update fingerprints.txt
Add Paul Dale as an approved release signer.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16175)
Todd Short [Fri, 23 Jul 2021 13:25:09 +0000 (09:25 -0400)]
Add missing session timeout calc
Fixes #16142
Add missing session timeout calculation in `ssl_get_new_session()`
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16145)
Pauli [Tue, 27 Jul 2021 23:52:23 +0000 (09:52 +1000)]
test: add a comment indication that a bad MAC is intentional
This permits negative testing of FIPS module load failure.
Also changed the MAC to all zeros to make it even clearer.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16168)
Matt Caswell [Tue, 27 Jul 2021 15:36:41 +0000 (16:36 +0100)]
Add some testing for the case where the FIPS provider fails to load
Ensure we get correct behaviour in the event that an attempt is made
to load the fips provider but it fails to load.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16168)
Matt Caswell [Tue, 27 Jul 2021 15:59:59 +0000 (16:59 +0100)]
Don't try and load the config file while already loading the config file
Calls to the API function EVP_default_properties_enable_fips() will
automatically attempt to load the default config file if it is not
already loaded. Therefore this function should not be called from inside
code to process the config file.
Fixes #16165
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16168)
Matt Caswell [Tue, 27 Jul 2021 15:36:24 +0000 (16:36 +0100)]
Ensure any default_properties still apply even in the event of a provider load failure
We don't treat a failure to load a provider as a fatal error. If it is fatal then
we give up attempting to load the config file - including reading any default
properties. Additionally if an attempt has been made to load a provider then we
disable fallback loading.
Fixes #16166
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16168)
Matt Caswell [Tue, 27 Jul 2021 15:31:20 +0000 (16:31 +0100)]
Don't leak the OSSL_LIB_CTX in the event of a failure to load the FIPS module
Ensure we free the OSSL_LIB_CTX on the error path.
Fixes #16163
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16168)
Pauli [Mon, 26 Jul 2021 02:54:50 +0000 (12:54 +1000)]
ci: disable async for the SH4 build and reenable the associated test
The platform doesn't seem to have support for this.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)