Richard Levitte [Tue, 22 Jun 2021 08:52:09 +0000 (10:52 +0200)]
apps/CA.pl.in: restore the quotes around -CAfile, they were there for a reason
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)
Richard Levitte [Tue, 22 Jun 2021 08:38:55 +0000 (10:38 +0200)]
test/recipes/80-test_ca.t: Don't force quotes around the config file in $cnf
However, when passing it through the OPENSSL_CONFIG environment
variable, we still need the quotes, just to make sure.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)
Richard Levitte [Tue, 22 Jun 2021 06:04:12 +0000 (08:04 +0200)]
test/recipes/66-test_ossl_store.t: ensure native paths
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)
Richard Levitte [Tue, 22 Jun 2021 06:03:47 +0000 (08:03 +0200)]
testutil: teach test_mk_file_path() how to merge VMS file specs
This isn't a full solution, it only handles current use cases.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)
Richard Levitte [Tue, 22 Jun 2021 05:28:26 +0000 (07:28 +0200)]
test/ossl_store_test.c: Adapt the use of datadir for VMS paths
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)
Richard Levitte [Wed, 16 Jun 2021 04:47:58 +0000 (06:47 +0200)]
UTF-8 not easily supported on VMS command line yet
Some tests are designed to test UTF-8 on the command line.
We simply disable those on VMS.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)
Richard Levitte [Wed, 16 Jun 2021 04:46:45 +0000 (06:46 +0200)]
Fix test_errstr for VMS
Occasionally, we get an error code on VMS that doesn't translate
into POSIX, and the error string reflects that
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)
Christian Heimes [Thu, 24 Jun 2021 15:47:30 +0000 (17:47 +0200)]
Fix segfault in openssl x509 -modulus
The command ``openssl x509 -noout -modulus -in cert.pem`` used to segfaults
sometimes because an uninitialized variable was passed to
``BN_lebin2bn``. The bug triggered an assertion in bn_expand_internal().
Fixes: https://github.com/openssl/openssl/issues/15899
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15900)
Matt Caswell [Thu, 24 Jun 2021 10:24:07 +0000 (11:24 +0100)]
Add wrap.pl to .gitignore
This file is now auto-generated from a template (wrap.pl.in). Therefore
it should be ignored by git.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15895)
Theo Buehler [Thu, 24 Jun 2021 09:37:04 +0000 (11:37 +0200)]
Fix two typos in OSSL_trace_enabled.pod
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15894)
Pauli [Fri, 25 Jun 2021 02:57:53 +0000 (12:57 +1000)]
test: check for NULL returns better
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
Pauli [Fri, 25 Jun 2021 02:57:37 +0000 (12:57 +1000)]
test: avoid memory leaks on errors
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
Pauli [Fri, 25 Jun 2021 02:56:57 +0000 (12:56 +1000)]
evp_test: address NULL pointer dereference and return failure better
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
Pauli [Fri, 25 Jun 2021 02:56:01 +0000 (12:56 +1000)]
ui: address potential memory leak
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
Pauli [Fri, 25 Jun 2021 02:55:28 +0000 (12:55 +1000)]
apps: address potential memory leaks
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
Pauli [Fri, 25 Jun 2021 02:54:43 +0000 (12:54 +1000)]
x509: address NULL dereference and memory leaks
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
Pauli [Thu, 24 Jun 2021 23:28:26 +0000 (09:28 +1000)]
apps: properly initialise arguments to EVP_PKEY_get_bn_param()
This avoids use of uninitialised memory.
Follow on to #15900
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15908)
Tomas Mraz [Thu, 24 Jun 2021 16:09:40 +0000 (18:09 +0200)]
Update fips sources and checksums
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15903)
Tomas Mraz [Thu, 24 Jun 2021 16:08:18 +0000 (18:08 +0200)]
Only the fips module dependencies are relevant for fips.module.sources
Fixes #15639
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15903)
Dr. David von Oheimb [Thu, 24 Jun 2021 09:08:10 +0000 (11:08 +0200)]
Fix file_name_check() in storemgmt/file_store.c and e_loader_attic.c
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15892)
yunh [Wed, 23 Jun 2021 01:46:42 +0000 (09:46 +0800)]
enable getauxval on android 10
Fixes #9498
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15870)
(cherry picked from commit
b2dea4d5f22ec146373324c282fb1bcecd5a7d90)
Tomas Mraz [Fri, 18 Jun 2021 15:35:40 +0000 (17:35 +0200)]
ppccap.c: Split out algorithm-specific functions
Fixes #13336
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15828)
Dr. David von Oheimb [Wed, 23 Jun 2021 12:47:57 +0000 (14:47 +0200)]
CMP: Improve reporting of error codes and related strings via 'error' msg
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)
Dr. David von Oheimb [Wed, 23 Jun 2021 12:26:22 +0000 (14:26 +0200)]
ossl_sk_ASN1_UTF8STRING2text(): Minor generalization and refactoring for readability
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)
Dr. David von Oheimb [Wed, 23 Jun 2021 11:40:50 +0000 (13:40 +0200)]
CMP: Clean up internal message creation API and its documentation
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)
Pauli [Thu, 24 Jun 2021 01:47:48 +0000 (11:47 +1000)]
test: add EVP_Q_mac tests to evp_test
Fixes #15837
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)
Pauli [Thu, 24 Jun 2021 01:32:50 +0000 (11:32 +1000)]
test: add EVP_Q_digest tests to evp_test
Fixes #15837
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)
Richard Levitte [Thu, 24 Jun 2021 04:54:14 +0000 (06:54 +0200)]
OpenSSL::Util::fixup_cmd_elements(): Include '!' among the VMS chars to process
! is the DCL character that starts a comment, and therefore acts as a
cut-off if not quoted.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15889)
Petr Gotthard [Wed, 5 May 2021 16:32:55 +0000 (18:32 +0200)]
BIO_new_from_core_bio: Fix heap-use-after-free after attach
The providers have to call up_ref to keep the cbio pointer, just like
the internal bio_prov.c does.
OSSL_STORE_attach passes a cbio pointer to the provider and then calls
ossl_core_bio_free(cbio). If up_ref is not called, the cbio gets
freed way too early.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15163)
Tomas Mraz [Wed, 23 Jun 2021 15:16:36 +0000 (17:16 +0200)]
trace: Do not produce dead code calling BIO_printf if disabled
Fixes #15880
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15882)
Matt Caswell [Tue, 22 Jun 2021 14:39:40 +0000 (15:39 +0100)]
Fix a race in ossl_provider_add_to_store()
If two threads both attempt to load the same provider at the same time,
they will first both check to see if the provider already exists. If it
doesn't then they will both then create new provider objects and call the
init function. However only one of the threads will be successful in adding
the provider to the store. For the "losing" thread we should still return
"success", but we should deinitialise and free the no longer required
provider object, and return the object that exists in the store.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Tue, 22 Jun 2021 11:07:48 +0000 (12:07 +0100)]
Move OPENSSL_add_builtin back into provider.c
An earlier stage of the refactor in the last few commits moved this
function out of provider.c because it needed access to the provider
structure internals. The final version however no longer needs this so
it is moved back again.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 16:09:32 +0000 (17:09 +0100)]
Update documentation following updates to the provider code
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 14:59:41 +0000 (15:59 +0100)]
make struct provider_info_st a full type
Create the OSSL_PROVIDER_INFO to replace struct provider_info_st.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 14:37:48 +0000 (15:37 +0100)]
Don't skip the current provider in ossl_provider_register_child_cb
This restriction was in place to avoid problems with recursive attempts
to aquire the flag lock/store lock from within a provider's init function.
Since those locks are no longer held when calling the init function there
is no reason for the restriction any more.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 12:01:57 +0000 (13:01 +0100)]
Add a test to check that RAND_bytes_ex() works with a child lib ctx
Previously, when locks were held while calling a provider init function,
then RAND_bytes_ex() would fail if called from the init function and
used in conjunction with a child lib ctx. We add an explicit test of that.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 11:49:59 +0000 (12:49 +0100)]
Don't hold any locks while calling the provider init function
Previously providers were added to the store first, and then subsequently
initialised. This meant that during initialisation the provider object
could be shared between multiple threads and hence the locks needed to be
held. However this causes problems because the provider init function is
essentially a user callback and could do virtually anything. There are
many API calls that could be invoked that could subsequently attempt to
acquire the locks. This will fail because the locks are already held.
However, now we have refactored things so that the provider is created and
initialised before being added to the store. Therefore at the point of
initialisation the provider object is not shared with other threads and so
no locks need to be held.
Fixes #15793
Fixes #15712
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 11:13:31 +0000 (12:13 +0100)]
Only associate a provider with a store once it has been added to it
This means we can distinguish providers that have been added to the
store, and those which haven't yet been.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 11:08:39 +0000 (12:08 +0100)]
Merge ossl_provider_activate() and ossl_provider_activate_child()
These 2 functions have become so close to each other that they may as well
be just one function.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 10:34:04 +0000 (11:34 +0100)]
Set use_fallbacks to zero when we add a provider to the store
Update use_fallbacks to zero when we add a provider to the store rather
than when we activate it. Its only at the point that we add it to the store
that it is actually usable and visible to other threads.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 10:06:12 +0000 (11:06 +0100)]
Remove flag_couldbechild
Now that a provider is no longer put into the store until after it has
been activated we don't need flag_couldbechild any more. This flag was
used to indicate whether a provider was eligible for conversion into a
child provider or not. This was only really interesting for predefined
providers that were automatically created.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 08:23:30 +0000 (09:23 +0100)]
Add a new provider to the store only after we activate it
Rather than creating the provider, adding to the store and then activating
it, we do things the other way around, i.e. activate first and then add to
the store. This means that the activation should occur before other threads
are aware of the provider.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Fri, 18 Jun 2021 14:56:54 +0000 (15:56 +0100)]
Instantiate configuration supplied providers when we need them
If provider specified in a config file are not "activated" then we defer
instantiating the provider object until it is actually needed.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Fri, 18 Jun 2021 11:28:40 +0000 (12:28 +0100)]
Instantiate user-added builtin providers when we need them
Previously we created the provider object for builtin providers at the
point that OPENSSL_add_builtin() was called. Instead we delay that until
the provider is actually loaded.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Fri, 18 Jun 2021 09:08:23 +0000 (10:08 +0100)]
Instantiate predefined providers just-in-time
Previously we instantiated all the predefined providers at the point that
we create the provider store. Instead we move them to be instantiated as we
need them.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Tomas Mraz [Wed, 23 Jun 2021 11:53:58 +0000 (13:53 +0200)]
OSSL_DECODER_from_bio: Avoid spurious decoder error
If there are any new errors reported we avoid raising the
OSSL_DECODER_from_bio:unsupported error.
Fixes #14566
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15878)
Tomas Mraz [Wed, 23 Jun 2021 11:53:53 +0000 (13:53 +0200)]
epki2pki_decode: passphrase callback failure is fatal error
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15878)
Tomas Mraz [Wed, 23 Jun 2021 11:52:10 +0000 (13:52 +0200)]
ossl_pw_get_passphrase: No ui method does not necessarily mean internal error
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15878)
Tomas Mraz [Wed, 23 Jun 2021 07:40:56 +0000 (09:40 +0200)]
Documentation: SM2 keys can use only the SM2 curve
Fixes #14411
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15875)
Tomas Mraz [Wed, 23 Jun 2021 07:23:53 +0000 (09:23 +0200)]
simpledynamic: Add missing include for AIX builds
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15874)
Richard Levitte [Wed, 23 Jun 2021 06:21:04 +0000 (08:21 +0200)]
TEST: Modify simpledynamic.[ch] to allow use on VMS as well
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15872)
Richard Levitte [Wed, 23 Jun 2021 06:10:37 +0000 (08:10 +0200)]
test/recipes/90-test_shlibload.t: Modify to work with known file names
Using File::Temp::tempfile() is admirable, but isn't necessary for the
sort of thing we use it for.
Furthermore, since tempfile() returns an opened file handle for
reading for the file in question, it may have effect that the file
becomes unwritable. This is the default on VMS, and since tempfile()
doesn't seem to have any option to affect this, it means that
test/shlibloadtest.c can't write the magic line to that file.
Also, if we consider forensics, to be able to see what a test produced
to determine what went wrong, it's better to use specific and known
file names.
Therefore, this test is modified to use well known file names, and to
open them for reading after the shlibloadtest program has been run
instead of before.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15872)
Pauli [Wed, 23 Jun 2021 04:18:25 +0000 (14:18 +1000)]
property: remove spurious incorrect comments
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15871)
Pauli [Wed, 23 Jun 2021 04:18:07 +0000 (14:18 +1000)]
property: add locking for the property string database
This previously relied on the caller locking the property store correctly.
This is no longer the case so the string database now requires locking.
Fixes #15866
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15871)
Pauli [Wed, 23 Jun 2021 04:17:59 +0000 (14:17 +1000)]
err: add unable to get lock errors
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15871)
Pauli [Tue, 22 Jun 2021 23:46:42 +0000 (09:46 +1000)]
doc: Document that the OBJ creation functions don't lock.
Neither OBJ_create() nor OBJ_add_sigid() use locks. They are not thread safe.
They can and will cause the other OBJ_ query functions to fail in mysterious
ways if called concurrently with them.
There is no problem calling multiple query functions concurrently.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15865)
Dmitry Belyavskiy [Tue, 22 Jun 2021 15:33:12 +0000 (17:33 +0200)]
Some clear guidelines for the legacy algs.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15860)
Richard Levitte [Tue, 22 Jun 2021 16:11:03 +0000 (18:11 +0200)]
Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()
Fixes #15839
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)
Richard Levitte [Tue, 22 Jun 2021 16:09:25 +0000 (18:09 +0200)]
EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac()
This makes them more consistent with other new interfaces.
Fixes #15839
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)
Richard Levitte [Tue, 22 Jun 2021 10:10:21 +0000 (12:10 +0200)]
Configure: Reflect that We don't build loader_attic when dynamic-engine is disabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15858)
Richard Levitte [Tue, 22 Jun 2021 09:56:18 +0000 (11:56 +0200)]
TEST: check 'loadereng' to determine if loader_attic should be tested
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15858)
Randall S. Becker [Thu, 17 Jun 2021 17:18:27 +0000 (12:18 -0500)]
Add assert.h to threads_pthread.c for NonStop thread compiles.
Fixes: #15809
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15812)
Dr. David von Oheimb [Mon, 21 Jun 2021 12:47:58 +0000 (14:47 +0200)]
cmp_server.c: Fix check: certConf not allowed after transaction is closed
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)
Dr. David von Oheimb [Mon, 21 Jun 2021 12:15:13 +0000 (14:15 +0200)]
cmp_client.c: Print checkAfter value from pollRep before it may get modified
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)
Dr. David von Oheimb [Mon, 21 Jun 2021 11:54:32 +0000 (13:54 +0200)]
cmp_mock_srv.c: Fix polling mode such that it can be done multiple times
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)
Robbie Harwood [Sat, 29 May 2021 16:02:28 +0000 (12:02 -0400)]
Update dependencies for krb5 external test
Dejagnu/TCL are no longer needed. Installing kdcproxy enables krb5's
proxying tests, which exercise the krb5 TLS integration.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15850)
Hubert Kario [Mon, 21 Jun 2021 14:52:14 +0000 (16:52 +0200)]
cross-reference the DH and RSA SECLEVEL to level of security mappings
Since the DH check is used only in DHE-PSK ciphersuites, it's
easy to miss it when updating the RSA mapping. Add cross-references
so that they remain consistent.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15853)
Richard Levitte [Mon, 21 Jun 2021 13:18:19 +0000 (15:18 +0200)]
test/recipes/81-test_cmp_cli.t: use app() rather than cmd()
Fixes #15833
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15846)
Richard Levitte [Mon, 21 Jun 2021 06:35:28 +0000 (08:35 +0200)]
test/recipes/80-test_cmp_http.t: use app() rather than cmd()
OpenSSL::Test::cmd() should be used with caution, as it is for special
cases only.
It's preferable to use OpenSSL::Test::app() or OpenSSL::Test::test().
Fixes #15833
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15846)
Richard Levitte [Mon, 21 Jun 2021 07:25:16 +0000 (09:25 +0200)]
APPS & TEST: Use ossl_[u]intmax_t rather than [u]intmax_t
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)
Richard Levitte [Fri, 18 Jun 2021 08:54:01 +0000 (10:54 +0200)]
APPS: Make fallback opt_[u]intmax() implementations based on long
Also ensure that opt_intmax() and opt_uintmax() does the right thing
if sizeof([u]intmax_t) is smaller than sizeof(ossl_[u]intmax_t).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)
Richard Levitte [Fri, 18 Jun 2021 08:32:32 +0000 (10:32 +0200)]
Fix definition of ossl_intmax_t and ossl_uintmax_t
These definitions were located away from our definitions of other
sized int and uint types. Also, the fallback typedef wasn't quite
correct, and this changes it to be aliases for int64_t and uint64_t,
since those are the largest integers we commonly handle.
We also make sure to define corresponding numbers: OSSL_INTMAX_MIN,
OSSL_INTMAX_MAX and OSSL_UINTMAX_MAX
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)
Martin Schwenke [Fri, 18 Jun 2021 01:10:16 +0000 (11:10 +1000)]
ec: Only build ecp_nistp521-ppc64.s if enable-ec_nistp_64_gcc_128
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
Martin Schwenke [Thu, 17 Jun 2021 02:20:15 +0000 (12:20 +1000)]
ec: Add alignment pseudo-op at beginning of function
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
Martin Schwenke [Thu, 17 Jun 2021 02:15:35 +0000 (12:15 +1000)]
ec: Drop uses of .cfi_startproc/.cfi_endproc pseudo-ops
These work fine on Linux but break the build on AIX.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
Martin Schwenke [Wed, 16 Jun 2021 06:54:26 +0000 (16:54 +1000)]
bn: save/restore registers to/from stack
mtvsrd/mfvsrd are ISA >= 2.07 only, so this won't work for older
CPUs.
It would be possible to use this scheme only in the ISA >= 3.0
implementation. However, in the future it may be possible for newer
ISAs to allow CPU implementations without a vector unit, so don't
bother. The performance improvement versus using the stack was small
anyway.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
Martin Schwenke [Wed, 16 Jun 2021 06:37:15 +0000 (16:37 +1000)]
bn: Switch $i to be unused r9
No need to save/restore because it is volatile.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
Martin Schwenke [Wed, 16 Jun 2021 04:58:08 +0000 (14:58 +1000)]
bn: Drop unnecessary use of r9
This is done in other versions due to the possibility of an early
return. However, there is no early return here.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
Martin Schwenke [Wed, 16 Jun 2021 07:29:52 +0000 (17:29 +1000)]
bn: Update .align pseudo-ops to match convention
64-bit alignment at the beginning of functions, 32-bit alignment for
loop targets.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
Martin Schwenke [Wed, 16 Jun 2021 06:39:11 +0000 (16:39 +1000)]
bn: Drop use of .p2align pseudo-op
This works on Linux but breaks the build on AIX.
Fixes #15748
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
Shane Lontis [Mon, 21 Jun 2021 03:41:28 +0000 (13:41 +1000)]
Add table entries for fips 186-5 related to RSA auxiliary probable
primes.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15845)
Martin Schwenke [Fri, 18 Jun 2021 06:35:16 +0000 (16:35 +1000)]
ec: Fail build on big-endian with enable-ec_nistp_64_gcc_128
I can't see way of making Configure fail but this at least makes the
build fail.
Fixes #15821
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15831)
Pauli [Sun, 20 Jun 2021 02:40:48 +0000 (12:40 +1000)]
testutil: preserve app_malloc()'s failure behaviour
app_malloc() terminates execution if the allocation fails. The tests implement
their own app_malloc() in an attempt to reduce the amount of code pulled in.
This version also needs to terminate on failed allocation. The alternative
would be adding failed allocation checks pervasively throughout the apps's
commands.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15836)
Shane Lontis [Mon, 21 Jun 2021 04:01:36 +0000 (14:01 +1000)]
Change self test for AES_CGM to perform both an encrypt and decrypt.
This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and
decrypt. (This makes no logical sense since this is not an inverse cipher).
I have left the AES_ECB decrypt test in (although it may not be needed)
since it is actually testing the inverse cipher case.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15844)
Shane Lontis [Mon, 21 Jun 2021 01:12:43 +0000 (11:12 +1000)]
Fix aes_core to use U64() macro..
AIX reported warnings of the form:
1506-207 (W) Integer constant 0x8080808080808080u out of range.
This truncation causes all startup self tests related to AES to fail.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15842)
Pauli [Mon, 21 Jun 2021 00:33:10 +0000 (10:33 +1000)]
asn1: properly clean up on failed BIO creation
Fixes coverity
1486070 through
1486077 and
1486079
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15841)
Pauli [Mon, 21 Jun 2021 00:06:50 +0000 (10:06 +1000)]
test: put the new DHE auto test in the correct place
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15840)
Matt Caswell [Wed, 16 Jun 2021 15:57:18 +0000 (16:57 +0100)]
Add a test for a custom rand provider
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15810)
Matt Caswell [Thu, 17 Jun 2021 10:44:10 +0000 (11:44 +0100)]
Ensure we remove libctx DRBG state before removing the provider store
Otherwise a heap use-after-free can result.
Fixes #15766
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15810)
John Baldwin [Thu, 24 Dec 2020 00:15:01 +0000 (16:15 -0800)]
Add tests for KTLS with Chacha20-Poly1035.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15814)
John Baldwin [Wed, 23 Dec 2020 23:28:34 +0000 (15:28 -0800)]
Refactor KTLS tests to better support TLS 1.3.
- Use SSL_set_ciphersuites for TLS 1.3 tests instead of using
SSL_set_cipher_list.
- Don't bother passing a sequence number size to KTLS test functions.
These functions always test TLS (and not DTLS) for which the
sequence size is always the same. In addition, even for DTLS the
check in question (verifying that the sequence number fields in SSL
do not change) should still pass when doing a before/after
comparison of the field.
- Define a helper structure to hold the TLS version and cipher name
for a single KTLS test.
- Define an array of such structures with valid KTLS ciphers and move
#ifdef's for TLS versions and supported ciphers out of test
functions and instead use them to define the valid members of this
array. This also permits using TLS 1.3 cipher suite names for
TLS 1.3 tests.
- Use separate tests per cipher for test_ktls to give more
fine-grained pass/fail results as is already done for
test_ktls_sendfile.
- While here, rename test_ktls_sendfile to execute_test_ktls_sendfile
and test_ktls_sendfile_anytls to test_ktls_sendfile. This is more
consistent with the naming used for test_ktls as well as other tests
in this file.
- Close the file descriptors used for temporary sockets in ktls tests.
- Don't assume that KTLS is supported for all compile-time supported
cipher suites at runtime. If the kernel fails to offload a given
cipher suite, skip the test rather than failing it. FreeBSD kernels
may not offload all of the cipher suites supported by its KTLS if a
suitable driver or KTLS backend is not present.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15814)
Pauli [Mon, 21 Jun 2021 02:14:14 +0000 (12:14 +1000)]
sm3: fix function names after the big ossl_ prefix addition.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15843)
杨明君 [Mon, 22 Feb 2021 06:50:11 +0000 (14:50 +0800)]
test: add sm3 low level test case to test suite.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14271)
Richard Levitte [Fri, 18 Jun 2021 05:09:25 +0000 (07:09 +0200)]
STORE: Fix OSSL_STORE_open_ex() error reporting
OSSL_STORE_open_ex() could result in reports like this:
80722AA3927F0000:error:
80000002:system library:file_open_ex:No such file or directory:engines/e_loader_attic.c:1016:calling stat(file:test/blahdibleh.der)
80722AA3927F0000:error:
41800069:lib(131)::path must be absolute:engines/e_loader_attic.c:1010:test/blahdibleh.der
80722AA3927F0000:error:
1600007B:STORE routines:OSSL_STORE_open_ex:no loaders found:crypto/store/store_lib.c:148:No store loaders were found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them?
The last one turns out to be a bit too generically reported. It
should only be reported when no loader were loaded at all, not when
loader_ctx happens to be NULL (which may happen for other reasons).
We also move the helpful message to the OSSL_STORE_LOADER fetcher.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15820)
Richard Levitte [Fri, 18 Jun 2021 06:16:13 +0000 (08:16 +0200)]
TESTS: drop explicit quotes from empty command line arguments
Depending on circumstances, something like this:
ok(run(app(['openssl', 'whatever', '-config', '""', ...])))
might end up with a command like this:
./util/wrap.pl apps/openssl whatever -config '""'
Simply use an empty string (i.e. '' instead of '""') and let the
command line fixup functions do their job.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15822)
Tomas Mraz [Fri, 18 Jun 2021 13:02:23 +0000 (15:02 +0200)]
evp_test: Support testing of stitched TLS ciphers
Add a few testcases.
Fixes #15749
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15827)
Tomas Mraz [Thu, 17 Jun 2021 13:48:35 +0000 (15:48 +0200)]
Replace non-ASCII character in source file
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15803)
Pauli [Fri, 18 Jun 2021 09:56:29 +0000 (19:56 +1000)]
test: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 09:47:06 +0000 (19:47 +1000)]
rsa: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
Pauli [Fri, 18 Jun 2021 09:46:50 +0000 (19:46 +1000)]
asn1: fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
projects / openssl.git / log