Matt Caswell [Thu, 20 Aug 2020 14:54:01 +0000 (15:54 +0100)]
Enable PKEY MAC bridge signature algs to take ctx params
The underlying MAC implementations may take ctx params. Therefore we allow
the bridge to pass these through.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Thu, 20 Aug 2020 14:48:05 +0000 (15:48 +0100)]
Make ssl3_cbc_digest_record() use the real data_size
Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Thu, 30 Jul 2020 12:16:39 +0000 (13:16 +0100)]
Start using the provider side TLS HMAC implementation
This commit just moves the TLS1 and above implementation to use the TLS
HMAC implementation in the providers.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Thu, 30 Jul 2020 11:02:06 +0000 (12:02 +0100)]
Add an HMAC implementation that is TLS aware
The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable
amount of padding.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Jon Spillett [Wed, 2 Sep 2020 03:13:44 +0000 (13:13 +1000)]
Avoid AIX compiler issue by making the macro argument names not match any substring
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12767)
Daniel Bevenius [Mon, 31 Aug 2020 06:07:13 +0000 (08:07 +0200)]
Fix typo in FIPS_MODULE endif macro comment
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12755)
Todd Short [Tue, 1 Sep 2020 18:50:03 +0000 (14:50 -0400)]
Fix post-condition in algorithm_do_this
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12760)
Todd Short [Mon, 31 Aug 2020 23:59:43 +0000 (19:59 -0400)]
Fix use of OPENSSL_realloc in provider
Fix OPENSSL_realloc failure case; `provider->operation_bits` memory
is lost when `OPENSSL_realloc()` returns NULL.
`operation_bits_sz` is never set to the length of the allocated array.
This means that operation_bits is always reallocated in
`ossl_provider_set_operation_bit()`, possibly shrinking the array.
In addition, it means that the `memset()` always zeros out the
whole reallocated array, not just the new part. Also, because
`operation_bits_sz` is always zero, the value of `*result` in
`ossl_provider_test_operation_bit()` will always be zero.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12760)
Dr. David von Oheimb [Fri, 28 Aug 2020 13:30:23 +0000 (15:30 +0200)]
apps/cmp.c: Clean up loading of certificates and CRLs
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751)
Jon Spillett [Tue, 1 Sep 2020 03:13:09 +0000 (13:13 +1000)]
Avoid uninitialised variable warning for jobs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12762)
Dr. David von Oheimb [Wed, 26 Aug 2020 08:11:14 +0000 (10:11 +0200)]
Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)
Felix Monninger [Tue, 30 Jun 2020 20:57:36 +0000 (22:57 +0200)]
also zero pad DHE public key in ClientKeyExchange message for interop
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12331)
John Baldwin [Wed, 5 Aug 2020 23:24:24 +0000 (16:24 -0700)]
Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data.
While here, check for failure from RAND_bytes_ex as well.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
Vadim Fedorenko [Fri, 31 Jul 2020 18:21:36 +0000 (11:21 -0700)]
Fix two issues with AES-CCM KTLS tests.
- Apply the cipher list to the server context as well as the client
context. The tests still worked for AES-GCM cipher suites as those
are in the default list of ciphers. AES-CCM cipher suites are not
in the default list and require the cipher list to be set.
- Use the correct cipher name for AES-CCM.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Wed, 29 Jul 2020 22:08:54 +0000 (15:08 -0700)]
Skip tests using KTLS RX for TLS 1.3.
KTLS RX is not yet supported for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Wed, 29 Jul 2020 22:08:25 +0000 (15:08 -0700)]
Skip tests using KTLS RX if KTLS RX is not supported.
This skips tests using KTLS RX when run on systems that only support
KTLS TX.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Wed, 29 Jul 2020 21:56:58 +0000 (14:56 -0700)]
Refactor the KTLS tests to minimize code duplication.
Use the low 4 bits of the test number directly as flags for which of
the connection sides should use KTLS or not for each test instead of
having 16 nearly identical functions to do the same thing.
This makes it easier to skip tests that aren't supported (e.g. KTLS RX
on TLS 1.3).
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Mon, 27 Jul 2020 18:35:13 +0000 (11:35 -0700)]
Move KTLS inline functions only used by libssl into ssl/ktls.c.
These functions are a bit large to inline and are not usable outside
of libssl.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Thu, 5 Dec 2019 00:50:06 +0000 (16:50 -0800)]
Support for KTLS TX on FreeBSD for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Thu, 5 Mar 2020 19:26:06 +0000 (11:26 -0800)]
Don't check errno if ktls_read_record() returned 0.
errno is only valid if ktls_read_record() fails with a negative return
value.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Thu, 31 Oct 2019 23:49:40 +0000 (16:49 -0700)]
Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.
Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled
by passing a session key to the kernel via a new socket option. Once
KTLS receive is enabled on a socket, the socket returns records via
recvmsg(). A control message attached to each record supplies the
original TLS header, and the decrypted plaintext is returned in the
data buffer passed to recvmsg().
To support the case that the userland buffer may already contain
pending encrypted records (which is already handled by Linux's KTLS
receive), the socket option structure for FreeBSD has been extended to
include the initial sequence number.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Wed, 10 Jun 2020 20:36:38 +0000 (13:36 -0700)]
Add helper functions for FreeBSD KTLS.
These are similar to the helpers added in
95badfeb60. I've adjusted
the arguments passed to ktls_check_supported_cipher and
ktls_configure_crypto so that FreeBSD and Linux can both use the same
signature to avoid OS-specific #ifdef's in libssl. This also required
moving the check on valid TLS versions into
ktls_check_supported_cipher for Linux. This has largely removed
OS-specific code and OS-specific #ifdef's for KTLS outside of
<internal/ktls.h>.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Fri, 24 Jul 2020 20:47:35 +0000 (13:47 -0700)]
Add a ktls_crypto_info_t typedef.
This type is defined to hold the OS-specific structure passed to
BIO_set_ktls.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
Jon Spillett [Fri, 21 Aug 2020 04:18:59 +0000 (14:18 +1000)]
Update test data for DSA public key text
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12688)
Jon Spillett [Wed, 19 Aug 2020 23:13:28 +0000 (09:13 +1000)]
Add the correct enum value for DSA public key serialization
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12688)
Shane Lontis [Fri, 21 Aug 2020 01:15:59 +0000 (11:15 +1000)]
Fix ECX serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
Shane Lontis [Fri, 21 Aug 2020 01:15:10 +0000 (11:15 +1000)]
Fix RSA serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
Shane Lontis [Fri, 21 Aug 2020 01:14:34 +0000 (11:14 +1000)]
Fix DSA serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
Shane Lontis [Fri, 21 Aug 2020 01:13:09 +0000 (11:13 +1000)]
Fix DH serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
Dmitry Belyavskiy [Fri, 28 Aug 2020 13:39:16 +0000 (16:39 +0300)]
Fix PKCS#7 so that it still works with non fetchable cipher algorithms.
Fixes #12697
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12740)
Dmitry Belyavskiy [Fri, 28 Aug 2020 13:01:39 +0000 (16:01 +0300)]
Fix PKCS#7 so that it still works with non fetchable digest algorithms.
Fixes #12684
Partially fixes #12697
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12740)
Matt Caswell [Thu, 27 Aug 2020 16:03:13 +0000 (17:03 +0100)]
Check whether we have MD5-SHA1 and whether we need it
If we don't have MD5-SHA1 then we must be use (D)TLSv1.2 or above. We
check that this is consistent with the way we've been configured. We also
ensure that we never attempt to negotiate <(D)TLSv1.2 if MD5-SHA1 is not
available.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12733)
Matt Caswell [Thu, 27 Aug 2020 15:19:27 +0000 (16:19 +0100)]
Improve some error messages if a digest is not available
If a digest is not available we just get an "internal error" error
message - which isn't very helpful for diagnosing problems. Instead we
explicitly state that we couldn't find a suitable digest.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12733)
Matt Caswell [Wed, 19 Aug 2020 16:33:38 +0000 (17:33 +0100)]
Include "legacy" in the name of the various MAC bridge functions
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Mon, 17 Aug 2020 16:25:37 +0000 (17:25 +0100)]
Add some documentation about the EVP_PKEY MAC interface
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Mon, 17 Aug 2020 14:14:14 +0000 (15:14 +0100)]
Improve code reuse in the provider MAC bridge
We reuse concepts such as PROV_CIPHER, and make use of some common code
in provider_util.c
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Fri, 14 Aug 2020 16:01:00 +0000 (17:01 +0100)]
Document the EVP_PKEY_new_CMAC_key_with_libctx() function
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Wed, 12 Aug 2020 13:41:12 +0000 (14:41 +0100)]
Extend test_CMAC_keygen in evp_extra_test
The test only setup the generation of a key. It did not complete that
generation. We extend the test to complete the generation and to use the
generated key. We also compare the result with a key generated in a
different way.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Wed, 12 Aug 2020 12:41:59 +0000 (13:41 +0100)]
Delete unused PKEY MAC files
Now that the all the legacy PKEY MAC bridge code has been moved to the
providers we no longer need the old bridge and it can be removed.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Tue, 11 Aug 2020 15:17:00 +0000 (16:17 +0100)]
Extend the provider MAC bridge for CMAC
The previous commits added support for HMAC, SIPHASH and Poly1305 into
the provider MAC bridge. We now extend that for CMAC too.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Tue, 11 Aug 2020 14:28:07 +0000 (15:28 +0100)]
Extend the provider MAC bridge for Poly1305
The previous commits added support for HMAC and SIPHASH into the provider
MAC bridge. We now extend that for Poly1305 too.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Tue, 11 Aug 2020 13:55:04 +0000 (14:55 +0100)]
Don't require a default digest from signature algorithms
Some signature algorithms don't need a default digest, so don't fail if
we don't have one.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Tue, 11 Aug 2020 13:54:18 +0000 (14:54 +0100)]
Extend the provider MAC bridge for SIPHASH
The previous commits added support for HMAC into the provider MAC bridge.
We now extend that for SIPHASH too.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Tue, 11 Aug 2020 10:50:04 +0000 (11:50 +0100)]
Ensure libssl creates libctx aware MAC keys
Convert various mac key creation function calls to use the _with_libctx
variants.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Mon, 10 Aug 2020 16:11:39 +0000 (17:11 +0100)]
Fix some EVP_MD_CTX_* functions
Fixes some issues with EVP_MD_CTX_* functions when doing EVP_DigestSign*
and EVP_DigestVerify* functions.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Mon, 10 Aug 2020 08:16:01 +0000 (09:16 +0100)]
Convert EVP_PKEY_CTX_set_mac_key() into a function
Previously it was a macro. We now make it into a function that is params
aware.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Fri, 7 Aug 2020 16:20:18 +0000 (17:20 +0100)]
Fix evp_extra_test to not assume that HMAC is legacy
evp_extra_test had a test that checks whether an EVP_PKEY_CTX can still
be created for HMAC even though there are no providers loaded because it
is a legacy algorithm. However after the earlier commits this is no longer
the case. We swap the check to a different legacy algorithm (SM2).
Hopefully before too long there will be no legacy algorithms left and the
test can be deleted.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Fri, 7 Aug 2020 15:55:42 +0000 (16:55 +0100)]
Make the provider side EVP PKEY MAC bridge available in default and fips
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Fri, 7 Aug 2020 15:42:02 +0000 (16:42 +0100)]
Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge
Some MAC implementations were available before the current EVP_MAC API. They
were used via EVP_DigestSign*. There exists a bridge between the oldAPI and
the EVP_MAC API however this bridge itself uses a legacy EVP_PKEY_METHOD.
This commit implements the signature functions for the provider side bridge
without having to use any legacy code.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Matt Caswell [Fri, 7 Aug 2020 15:40:25 +0000 (16:40 +0100)]
Implement key management for the EVP_PKEY MAC to EVP_MAC provider bridge
Some MAC implementations were available before the current EVP_MAC API. They
were used via EVP_DigestSign*. There exists a bridge between the old API and
the EVP_MAC API however this bridge itself uses a legacy EVP_PKEY_METHOD.
This commit implements the key management for provider side bridge without
having to useany legacy code.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Richard Levitte [Thu, 27 Aug 2020 14:05:53 +0000 (16:05 +0200)]
TEST: Adapt some tests for a stricter PEM_write_bio_PrivateKey_traditional()
- test/endecode_test.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12728)
Richard Levitte [Thu, 27 Aug 2020 05:18:55 +0000 (07:18 +0200)]
Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8
PEM_write_bio_PrivateKey_traditional() uses i2d_PrivateKey() to do the
actual encoding to DER. However, i2d_PrivateKey() is a generic
function that will do what it can to produce output according to what
the associated EVP_PKEY_ASN1_METHOD offers. If that method offers a
function 'old_priv_encode', which is expected to produce the
"traditional" encoded form, then i2d_PrivateKey() uses that. If not,
i2d_PrivateKey() will go on and used more modern methods, which are
all expected to produce PKCS#8.
To ensure that PEM_write_bio_PrivateKey_traditional() never produces
more modern encoded forms, an extra check that 'old_priv_encode' is
non-NULL is added. If it is NULL, an error is returned.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12728)
T.Yanagisawa [Thu, 27 Aug 2020 02:11:23 +0000 (11:11 +0900)]
Correct description of BN_mask_bits
CLA: trivial
Correct right shift to left shift.
Pseudo code `a&=~((~0)>>n)` means "get higher n-bits of a", but actually crypto lib gives lower n-bits.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12727)
Pauli [Wed, 26 Aug 2020 03:41:30 +0000 (13:41 +1000)]
conf: add diagnostic option
Add an option to configuration files "config_diagnostics" that when set to a
non-zero value, overrides the error ignoring flags. The outcome is that
diagnostic option is produced when e.g. sections are missing.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12663)
Pauli [Wed, 19 Aug 2020 11:13:58 +0000 (21:13 +1000)]
provider_conf: report missing section on error
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12663)
Jung-uk Kim [Wed, 26 Aug 2020 18:00:56 +0000 (14:00 -0400)]
Ignore vendor name in Clang version number.
For example, FreeBSD prepends "FreeBSD" to version string, e.g.,
FreeBSD clang version 11.0.0 (git@github.com:llvm/llvm-project.git
llvmorg-11.0.0-rc2-0-g414f32a9e86)
Target: x86_64-unknown-freebsd13.0
Thread model: posix
InstalledDir: /usr/bin
This prevented us from properly detecting AVX support, etc.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12725)
Pauli [Wed, 26 Aug 2020 04:11:49 +0000 (14:11 +1000)]
rand: instantiate the DRBGs upon first use.
Fixes #12714
[skip ci]
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12717)
Pauli [Wed, 26 Aug 2020 13:56:55 +0000 (23:56 +1000)]
rand: add a note about a potentially misleading code analyzer warning.
When seeding from a parent DRBG, the pointer to the child is used as
additional data. This triggers static code analysers. Rearrange and
expand the comments to make this more obvious.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12724)
Dr. David von Oheimb [Mon, 10 Aug 2020 12:23:46 +0000 (14:23 +0200)]
apps/pkcs12.c: Add -untrusted option
Also improve EE cert selection, user guidance, and documentation.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12643)
Dr. David von Oheimb [Thu, 13 Aug 2020 11:52:29 +0000 (13:52 +0200)]
X509_add_certs(): Add to doc some warning notes on memory management
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12643)
Rich Salz [Mon, 17 Aug 2020 19:31:42 +0000 (15:31 -0400)]
Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify()
This adds a flag, OCSP_PARTIAL_CHAIN, to the OCSP_basic_verify()
function. This is equivlent to X509_V_FLAG_PARTIAL_CHAIN, in that
if any certificate in the OCSP response is in the trust store, then
trust it.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12666)
Marc [Sun, 28 Jun 2020 23:45:04 +0000 (00:45 +0100)]
apps: -msg flag enhancement 2/2
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12310)
Marc [Sun, 28 Jun 2020 23:43:37 +0000 (00:43 +0100)]
apps: -msg flag enhancement 1/2
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12310)
Pauli [Wed, 26 Aug 2020 04:36:50 +0000 (14:36 +1000)]
EVP: NULL pctx pointer after free.
Not doing so can result in a double free.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12718)
Dmitry Belyavskiy [Wed, 1 Jul 2020 07:24:51 +0000 (10:24 +0300)]
Replace hierogliphs with stub to pass tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9654)
Dmitry Belyavskiy [Mon, 14 Oct 2019 13:35:42 +0000 (16:35 +0300)]
Documentation for internal PUNYCODE-related functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9654)
Dmitry Belyavskiy [Wed, 18 Sep 2019 18:27:17 +0000 (21:27 +0300)]
EAI test script and data
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9654)
Dmitry Belyavskiy [Wed, 21 Aug 2019 15:36:10 +0000 (18:36 +0300)]
RFC 8398: documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9654)
Dmitry Belyavskiy [Wed, 21 Aug 2019 15:35:45 +0000 (18:35 +0300)]
Add NID_id_on_SmtpUTF8Mailbox to table of X.509 attributes
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9654)
Dmitry Belyavskiy [Wed, 21 Aug 2019 15:34:27 +0000 (18:34 +0300)]
RFC 8398: EAI comparison
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9654)
Dmitry Belyavskiy [Wed, 21 Aug 2019 15:33:14 +0000 (18:33 +0300)]
RFC 8398: Name constraints validation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9654)
Dmitry Belyavskiy [Wed, 21 Aug 2019 15:31:43 +0000 (18:31 +0300)]
Punycode decoding implementation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9654)
Richard Levitte [Thu, 20 Aug 2020 19:31:33 +0000 (21:31 +0200)]
crypto/x509/v3_utl.c: Fix IPv6 output in ipaddr_to_asc()
Fixes #12695
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12696)
Richard Levitte [Sun, 23 Aug 2020 08:06:06 +0000 (10:06 +0200)]
TEST: Fix CMP tests so they load keys in the current library context
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12705)
Nicola Tuveri [Fri, 26 Jun 2020 22:40:30 +0000 (01:40 +0300)]
Add CLI tests in FIPS configuration
Add positive and negative tests of CLI apps using configuration files
via environment variables to force FIPS mode.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12291)
Richard Levitte [Thu, 23 Jul 2020 14:12:10 +0000 (16:12 +0200)]
STORE: Change all error recording to use ERR_raise() / ERR_raise_data()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Richard Levitte [Wed, 22 Jul 2020 20:55:00 +0000 (22:55 +0200)]
STORE: Modify to support loading with provider based loaders
This adds the needed code to make the OSSL_STORE API functions handle
provided STORE implementations.
This also modifies OSSL_STORE_attach() for have the URI, the
library context and the properties in the same order as
OSSL_STORE_open_with_libctx().
The most notable change, though, is how this creates a division of
labor between libcrypto and any storemgmt implementation that wants to
pass X.509, X.509 CRL, etc structures back to libcrypto. Since those
structures aren't directly supported in the libcrypto <-> provider
interface (asymmetric keys being the only exception so far), we resort
to a libcrypto object callback that can handle passed data in DER form
and does its part of figuring out what the DER content actually is.
This also adds the internal x509_crl_set0_libctx(), which works just
like x509_set0_libctx(), but for X509_CRL.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Richard Levitte [Sun, 2 Aug 2020 12:29:33 +0000 (14:29 +0200)]
DECODER: Add function to set an OSSL_PASSPHRASE_CALLBACK type callback
This makes it possible to use OSSL_DECODER in functions that are passed
a OSSL_PASSPHRASE_CALLBACK already.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Richard Levitte [Tue, 28 Jul 2020 20:00:09 +0000 (22:00 +0200)]
OSSL_PARAM: Add string pointer getters
When some function receives an OSSL_PARAM array to pilfer for data,
and there is a string of some sort, and all the code needs is to get
the pointer to the data, rather than a copy, there is currently no
other way than to use |param->data| directly. This is of course a
valid method, but lacks any safety check (is |param->data_type|
correct, for example?).
OSSL_PARAM_get_utf8_string_ptr() and OSSL_PARAM_get_octet_string_ptr()
helps the programmer with such things, by setting the argument pointer
to |param->data|.
Additionally, the handle the data types OSSL_PARAM_UTF8_PTR and
OSSL_PARAM_OCTET_PTR as well.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Richard Levitte [Wed, 22 Jul 2020 20:54:54 +0000 (22:54 +0200)]
STORE: Add the base functions to support provider based loaders
This includes fixing a bug that could only be discovered when no
loaders were registered.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Richard Levitte [Wed, 22 Jul 2020 20:54:42 +0000 (22:54 +0200)]
STORE for providers: define libcrypto <-> provider interface
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Richard Levitte [Sun, 26 Jul 2020 07:21:29 +0000 (09:21 +0200)]
STORE: Add missing function OSSL_STORE_LOADER_set_open_with_libctx()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Richard Levitte [Sun, 2 Aug 2020 10:14:19 +0000 (12:14 +0200)]
CORE: Generalise internal pass phrase prompter
The pass phrase prompter that's part of OSSL_ENCODER and OSSL_DECODER
is really a passphrase callback bridge between the diverse forms of
prompters that exist within OpenSSL: pem_password_cb, ui_method and
OSSL_PASSPHRASE_CALLBACK.
This can be generalised, to be re-used by other parts of OpenSSL, and
to thereby allow the users to specify whatever form of pass phrase
callback they need, while being able to pass that on to other APIs
that are called internally, in the form that those APIs demand.
Additionally, we throw in the possibility to cache pass phrases during
a "session" (we leave it to each API to define what a "session" is).
This is useful for any API that implements discovery and therefore may
need to get the same password more than once, such as OSSL_DECODER and
OSSL_STORE.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Richard Levitte [Wed, 22 Jul 2020 13:34:25 +0000 (15:34 +0200)]
CORE: Define provider-native abstract objects
This is placed as CORE because the core of libcrypto is the authority
for what is possible to do and what's required to make these abstract
objects work.
In essence, an abstract object is an OSSL_PARAM array with well
defined parameter keys and values:
- an object type, which is a number indicating what kind of
libcrypto structure the object in question can be used with. The
currently possible numbers are defined in <openssl/core_object.h>.
- an object data type, which is a string that indicates more closely
what the contents of the object are.
- the object data, an octet string. The exact encoding used depends
on the context in which it's used. For example, the decoder
sub-system accepts any encoding, as long as there is a decoder
implementation that takes that as input. If central code is to
handle the data directly, DER encoding is assumed. (*)
- an object reference, also an octet string. This octet string is
not the object contents, just a mere reference to a provider-native
object. (**)
- an object description, which is a human readable text string that
can be displayed if some software desires to do so.
The intent is that certain provider-native operations (called X
here) are able to return any sort of object that belong with other
operations, or an object that has no provider support otherwise.
(*) A future extension might be to be able to specify encoding.
(**) The possible mechanisms for dealing with object references are:
- An object loading function in the target operation. The exact
target operation is determined by the object type (for example,
OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT)
and the implementation to be fetched by its object data type (for
an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched).
This loading function is only useful for this if the implementations
that are involved (X and KEYMGMT, for example) are from the same
provider.
- An object exporter function in the operation X implementation.
That exporter function can be used to export the object data in
OSSL_PARAM form that can be imported by a target operation's
import function. This can be used when it's not possible to fetch
the target operation implementation from the same provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Shane Lontis [Tue, 11 Aug 2020 07:50:13 +0000 (17:50 +1000)]
Fix coverity CID #
1452770 - Dereference before NULL check in CRYPTO_siv128_init()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 07:31:11 +0000 (17:31 +1000)]
Fix coverity CID #
1452773 - Dereference before NULL check in EVP_DigestFinal_ex()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 07:18:31 +0000 (17:18 +1000)]
Fix coverity CID #
1452775 & #
1452772- Dereference before NULL check in evp_lib.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 07:09:18 +0000 (17:09 +1000)]
Fix coverity CID #
1454638 - Dereference after NULL check in EVP_MD_CTX_gettable_params()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 07:01:07 +0000 (17:01 +1000)]
Fix coverity CID #
1455335 - Dereference after NULL check in fromdata_init()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 06:50:10 +0000 (16:50 +1000)]
Fix coverity CID #
1458641 - Dereference before NULL check when setting ctx->flag_allow_md in rsa.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 06:41:51 +0000 (16:41 +1000)]
Fix coverity CID #
1458644 - Negative return passed to function taking size_t in ecdh_cms_set_shared_info()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 06:33:19 +0000 (16:33 +1000)]
Fix coverity CID #
1458645 - Dereference before NULL check in rsa_digest_verify_final()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 06:28:00 +0000 (16:28 +1000)]
Fix coverity CID #
1458647 - Use after free in clean_tbuf() which uses ctx->rsa
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 06:23:28 +0000 (16:23 +1000)]
Fix coverity CID #
1458648 - Wrong sizeof() arg in rsa_freectx()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 05:56:17 +0000 (15:56 +1000)]
Fix coverity CID #
1465525 - NULL pointer dereference in OSSL_DECODER_CTX_new_by_EVP_PKEY()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 05:41:54 +0000 (15:41 +1000)]
Fix coverity CID #
1465531 - Negative return passed to a function param using size_t in asn1_item_digest_with_libctx()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 05:36:49 +0000 (15:36 +1000)]
Fix coverity CID #
1465790 - Dereference after NULL check in evp_test.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 05:24:52 +0000 (15:24 +1000)]
Fix coverity CID #
1465794 - Uninitialized pointer read in x942_encode_otherinfo()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 05:21:30 +0000 (15:21 +1000)]
Fix coverity CID #
1465795 - Incorrect free deallocator used in SSL_add1_host()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
Shane Lontis [Tue, 11 Aug 2020 05:17:17 +0000 (15:17 +1000)]
Fix coverity CID #
1465797 - Negative loop bound in collect_deserializer
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)