Pauli [Mon, 31 May 2021 04:27:18 +0000 (14:27 +1000)]
fuzz: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Pauli [Mon, 31 May 2021 04:27:04 +0000 (14:27 +1000)]
apps: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Richard Levitte [Tue, 1 Jun 2021 05:49:56 +0000 (07:49 +0200)]
providers/common/der/build.info: make a variable for ../include/prov
This is a proof of concept for GENERATE variable expansion.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15554)
Richard Levitte [Tue, 1 Jun 2021 05:45:54 +0000 (07:45 +0200)]
Configure: variable expand GENERATE values too
Internal documentation doesn't allow for any exception... Therefore,
even GENERATE values should be variable expanded.
(there are historical reasons why GENERATE was excepted from variable
expansion, that aren't applicable any more)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15554)
Jon Spillett [Wed, 2 Jun 2021 03:04:04 +0000 (13:04 +1000)]
Fix up bad libcrypto.num
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15576)
Tomas Mraz [Thu, 27 May 2021 09:00:35 +0000 (11:00 +0200)]
Add NCONF_get_section_names()
And a few additional fixups to make the no-deprecated configuration
to build.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)
Rich Salz [Tue, 25 May 2021 18:48:41 +0000 (14:48 -0400)]
Add NCONF_get0_libctx()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)
Rich Salz [Tue, 25 May 2021 16:57:06 +0000 (12:57 -0400)]
Make conf_method_st and conf_st deprecated
So they can be made opaque in a future release.
Fixes #15101
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)
Trev Larock [Fri, 28 May 2021 12:54:44 +0000 (12:54 +0000)]
Modify ssl_handshake_hash to call SSLfatal
When EVP_MD_CTX_new fails call SSLfatal before the goto err.
This resolves a state machine issue on the out of memory condition.
Fixes #15491.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15520)
Tomas Mraz [Mon, 31 May 2021 15:00:38 +0000 (17:00 +0200)]
Make the 00-prep_*.t recipe truly mandatory
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
Tomas Mraz [Mon, 31 May 2021 12:22:35 +0000 (14:22 +0200)]
Windows CI: enable fips on shared 64 bit build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
Tomas Mraz [Mon, 31 May 2021 12:18:56 +0000 (14:18 +0200)]
Fix enable-fips builds on Windows
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
Tomas Mraz [Fri, 28 May 2021 15:36:16 +0000 (17:36 +0200)]
Add documentation of the old names kept as alias macros
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
Tomas Mraz [Fri, 28 May 2021 14:57:22 +0000 (16:57 +0200)]
Rename also the OSSL_PROVIDER_name() function
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
Tomas Mraz [Fri, 21 May 2021 14:58:08 +0000 (16:58 +0200)]
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
Jon Spillett [Tue, 18 May 2021 03:37:35 +0000 (13:37 +1000)]
Pass library context and property query into private key decoders
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
Jon Spillett [Thu, 6 May 2021 01:55:42 +0000 (11:55 +1000)]
Fix up encoder/decoder issues caused by not passing a library context to the PKCS8 encrypt/decrypt
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
Jon Spillett [Mon, 15 Mar 2021 04:26:09 +0000 (14:26 +1000)]
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
Pauli [Sun, 30 May 2021 23:26:05 +0000 (09:26 +1000)]
req: fix Coverity
1485137 Explicit null dereference
Add a check for a non-existent file name when specifying params via file.
Add a check for a failure to determine key type.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15534)
Pauli [Mon, 31 May 2021 06:31:18 +0000 (16:31 +1000)]
crypto: updates to pass size_t to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
Pauli [Mon, 31 May 2021 06:31:04 +0000 (16:31 +1000)]
ssl: ass size_t to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
Pauli [Mon, 31 May 2021 06:30:50 +0000 (16:30 +1000)]
rand: use size_t for size argument to RAND_bytes_ex()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)
Shane Lontis [Mon, 31 May 2021 08:45:44 +0000 (18:45 +1000)]
Move provider der_XXX.h.in files to the include directory.
Fixes #15506
The .in and generated .h files are now in the same directory.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15544)
Shane Lontis [Sat, 29 May 2021 07:16:22 +0000 (17:16 +1000)]
Fix error stack for some fetch calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15532)
Shane Lontis [Sat, 29 May 2021 02:47:19 +0000 (12:47 +1000)]
Migration guide updates for flags and controls.
Provided a section that links to the ctrl/flags mappings to parameters
for digests and ciphers.
Added "EVP_CIPHER_CTX_set_flags() ordering" to changes section.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Shane Lontis [Sat, 29 May 2021 02:41:43 +0000 (12:41 +1000)]
Document Settable EVP_CIPHER_CTX parameter "use-bits"
Added docs for EVP_CIPHER_CTX_set_flags(),
EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags().
Added section for "FLAGS" to show parameter mappings.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Shane Lontis [Thu, 27 May 2021 08:13:24 +0000 (18:13 +1000)]
Fix param indentation in ciphercommon_hw.c
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Shane Lontis [Thu, 27 May 2021 08:08:53 +0000 (18:08 +1000)]
Fix aes cfb1 so that it can operate in bit mode.
The code to handle the cipher operation was already in the provider.
It just needed a OSSL_PARAM in order to set this into the algorithm.
EVP_CIPHER_CTX_set_flags() has been modified to pass the OSSL_PARAM.
Issue reported by Mark Powers from Acumen.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Pauli [Mon, 31 May 2021 00:29:55 +0000 (10:29 +1000)]
add some cross compilation builds
Add some cross compiling builds to test things aren't broken.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
Pauli [Mon, 31 May 2021 05:33:22 +0000 (15:33 +1000)]
sparc: fix cross compile build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
Pauli [Mon, 31 May 2021 05:16:16 +0000 (15:16 +1000)]
ppc: fix ambiguous if if else statement
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
Richard Levitte [Sat, 29 May 2021 09:15:40 +0000 (11:15 +0200)]
Add .asn1 dependencies for files generated from providers/common/der/*.in
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15533)
Jan Lana [Thu, 27 May 2021 21:27:58 +0000 (23:27 +0200)]
Update solaris64-sparcv9-cc build target cflags
Fixes #15507
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15509)
Matt Caswell [Fri, 21 May 2021 15:45:58 +0000 (16:45 +0100)]
Fix cert creation in the store
When we create a cert in the store, make sure we do so with the libctx
and propq associated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15523)
Richard Levitte [Fri, 28 May 2021 16:09:51 +0000 (18:09 +0200)]
Add the usual autowarn perl snippet in providers/common/der/*.in
We have this in all other .in files, so these should have that as well.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15524)
Matt Caswell [Mon, 24 May 2021 10:40:34 +0000 (11:40 +0100)]
Teach EVP_PKEYs to say whether they were decoded from explicit params
Currently we explicitly downgrade an EVP_PKEY to an EC_KEY and ask
the EC_KEY directly whether it was decoded from explicit parameters or not.
Instead we teach EVP_PKEYs to respond to a new parameter for this purpose.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15526)
Matt Caswell [Tue, 25 May 2021 13:39:29 +0000 (14:39 +0100)]
Update check_sig_alg_match() to work with provided keys
Use EVP_PKEY_is_a() to check whether an EVP_PKEY is compatible with the
given signature.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15528)
Matt Caswell [Fri, 21 May 2021 10:55:33 +0000 (11:55 +0100)]
Special case SM2 when decoding
SM2 abuses the EC oid by reusing it - but an EC key is different to an SM2
key. Therefore we have to special case SM2 during decoding. If we encounter
the EC OID then we have to try both algorithms.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15522)
Jon Spillett [Thu, 29 Apr 2021 01:08:10 +0000 (11:08 +1000)]
Fixes #14103 & #14102. Update AES demos with error handling and EVP fetch
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15081)
Shane Lontis [Fri, 28 May 2021 01:42:41 +0000 (11:42 +1000)]
Fix PKCS7_verify to not have an error stack if it succeeds.
Revert a change in behavior to BIO_write(). If a NULL BIO
is passed, no error is raised and the return value is 0. There are
many places where the return code from the write was not checked,
resulting in an error stack with no error status being returned.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15493)
Pauli [Fri, 28 May 2021 00:25:55 +0000 (10:25 +1000)]
fips: set the library context and handle later
They need to be set once the provider will definitely be loading. If they
are set earlier, a double free results on a failure.
Fixes #15452
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15492)
Richard Levitte [Sat, 29 May 2021 09:06:44 +0000 (11:06 +0200)]
make update-fips-checksums
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15514)
Richard Levitte [Fri, 28 May 2021 05:54:04 +0000 (07:54 +0200)]
Rearrange the check of providers/fips.so dependencies
The mechanism had special cases to guess when something was generated
from a .in file. It's better, though, to use the knowledge in
configdata.pm, especially when the generated file is in a different
location than its source.
Cleanups are added, and we change the use of sed to a use of perl
when cleaning up paths with 'something/../' in them, since perl has
more powerful tools for this sort of thing.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15514)
Richard Levitte [Fri, 28 May 2021 05:52:37 +0000 (07:52 +0200)]
Make providers/fips.module.sources.new depend on configdata.pm
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15514)
Richard Levitte [Fri, 28 May 2021 05:51:05 +0000 (07:51 +0200)]
configdata.pm: Allow extra arguments when --query is given.
That allows operations like this:
./configdata.pm --query 'get_sources(@ARGV)' file1 file2 file3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15514)
Pauli [Fri, 28 May 2021 04:46:40 +0000 (14:46 +1000)]
add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Pauli [Fri, 28 May 2021 04:46:17 +0000 (14:46 +1000)]
prov: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Pauli [Fri, 28 May 2021 04:45:57 +0000 (14:45 +1000)]
ssl: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Pauli [Fri, 28 May 2021 04:45:43 +0000 (14:45 +1000)]
test: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Pauli [Fri, 28 May 2021 04:45:06 +0000 (14:45 +1000)]
rand: add a strength argument to the BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Pauli [Fri, 28 May 2021 04:44:38 +0000 (14:44 +1000)]
doc: document the strength arugments to the RNG functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Rich Salz [Tue, 25 May 2021 17:42:45 +0000 (13:42 -0400)]
Make undef'd counts zero by default.
Fixes #15409
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15467)
Amitay Isaacs [Tue, 13 Oct 2020 09:11:40 +0000 (05:11 -0400)]
ec: Add PPC64 vector assembly version of p521 field operations
Only field multiplication and squaring (but not reduction) show a
significant improvement. This is enabled on Power ISA >= 3.0.
On a Power 9 CPU an average 10% performance improvement is seen (ECHDE:
14%, ECDSA sign: 6%, ECDSA verify 10%), compared to existing code.
On an upcoming Power 10 CPU we see an average performance improvement
of 26% (ECHDE: 38%, ECDSA sign: 16%, ECDSA verify 25%), compared to
existing code.
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15401)
Martin Schwenke [Wed, 12 May 2021 04:21:58 +0000 (14:21 +1000)]
ec: Add run time code selection for p521 field operations
This is only used if ECP_NISTP521_ASM is defined and this currently
only occurs on PPC64.
This simply chooses the C reference implementation, which will be the
default when custom code is available for certain CPUs.
Only the multiplication and squaring operations are handled, since the
upcoming assembly code only contains those. This scheme can be easily
extended to handle reduction too.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15401)
Martin Schwenke [Wed, 12 May 2021 01:47:55 +0000 (11:47 +1000)]
ec: Rename reference p521 field operations and use them via macros
This will allow clean addition of assembly versions of these operations.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15401)
Martin Schwenke [Wed, 2 Dec 2020 08:05:44 +0000 (19:05 +1100)]
perlasm/ppc-xlate.pl: Handle rewriting of vector registers
Power has 2 numbering systems for vector registers:
* VR: Vector Registers are numbered from 0 to 31
* VSR: Vector-Scalar registers are numbers from 32 to 63
These refer to the same registers. Some instructions use VR numbering
for their operands, while others use VSR numbering.
When using Perl to provide a meaningful name for a register it makes
sense to use the same variable for both VR and VSR instructions. This
makes the code more readable.
However, providing a VSR number (i.e. >=32) to an instruction that
expects a VR number will cause an assembler error.
So, for instructions that require VR numbering, map VSR numbers
(i.e. >=32) to VR numbers. This also allows existing code that uses
VR numbering to remain unchanged.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15401)
Dr. David von Oheimb [Tue, 25 May 2021 06:43:59 +0000 (08:43 +0200)]
BIO acpt_state(): Allow retrying addresses (e.g., using IPv6 vs. IPv4) on creating accept socket
Fixes #15386
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15417)
Dr. David von Oheimb [Mon, 24 May 2021 11:02:55 +0000 (13:02 +0200)]
BIO_s_accept.pod: Add missing documentation for BIO_{get,set}_accept_ip_family()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15417)
Dr. David von Oheimb [Sun, 23 May 2021 10:36:11 +0000 (12:36 +0200)]
apps/ocsp: Allow -port 0
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15417)
Dr. David von Oheimb [Sat, 22 May 2021 10:02:00 +0000 (12:02 +0200)]
DOC: Slightly improve the documentation of BIO_lookup() and related functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15417)
Dr. David von Oheimb [Sat, 22 May 2021 09:59:44 +0000 (11:59 +0200)]
apps/lib/s_socket.c and 80-test_cmp_http.t: Make ACCEPT port reporting more robust
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15417)
Shane Lontis [Fri, 28 May 2021 07:18:56 +0000 (17:18 +1000)]
Fix intermittent CI failure in evp_kdf_test for non_caching build.
Fixes #15515
Another case of the order that tests run in causes a failure.
A new test was loading "legacy" into the default lib ctx. If it
ran first then everything fails. The test now has its own lib ctx.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15516)
Shane Lontis [Sat, 22 May 2021 02:40:42 +0000 (12:40 +1000)]
Fix incorrect gettable OSSL_CIPHER_PARAM_TLS_MAC parameter
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15416)
Shane Lontis [Sat, 22 May 2021 02:39:39 +0000 (12:39 +1000)]
Fix incorrect OSSL_CIPHER_PARAM_SPEED get_ctx_params
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15416)
Shane Lontis [Sat, 22 May 2021 02:38:19 +0000 (12:38 +1000)]
Add missing EVP_CTRL_CCM_SET_L control
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15416)
Shane Lontis [Sat, 22 May 2021 02:37:11 +0000 (12:37 +1000)]
Add Docs for EVP_CIPHER-*
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15416)
Shane Lontis [Sat, 22 May 2021 02:29:18 +0000 (12:29 +1000)]
EVP_CIPHER Documentation updates
EVP_EncryptInit.pod now follows the pattern used in EVP_DigestInit.pod.
i.e.
'=item' is used for methods
PARAMETERS and CONTROLS sections have been added.
The PARAMETERS list has been moved from provider-cipher.pod (this file just
has a link now).
Missing fields were updated.
The CONTROLS shows the mappings to OSSL_PARAM keys.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15416)
Sven Schwermer [Thu, 27 May 2021 06:41:07 +0000 (08:41 +0200)]
ERR: Rebuild generated engine error files
CLA: trivial
Signed-off-by: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15495)
Sven Schwermer [Thu, 27 May 2021 06:33:08 +0000 (08:33 +0200)]
mkerr: Fix string literal conversion
This fixes a compiler warning on clang-1205.0.22.9 when compiling the
generated code as C++11:
ISO C++11 does not allow conversion from string literal to 'char *'
[-Wwritable-strings]
CLA: trivial
Signed-off-by: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15495)
Shane Lontis [Wed, 26 May 2021 00:26:27 +0000 (10:26 +1000)]
Fix PKCS12_create() so that a fetch error is not added to the error stack.
Fixes #15392
PBE algorithms such as NID_pbe_WithSHA1And3_Key_TripleDES_CBC will
currently always fail to the EVP_CIPHER_fetch() call, so the fallback to
a legacy algorithm always happens. In this case the error stack should
ignore the fetch error.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15473)
Tommy Chiang [Wed, 26 May 2021 18:46:13 +0000 (02:46 +0800)]
Fix typo about SSL_CONF_FLAG_CMDLINE
change SSL_CONF_CMDLINE to SSL_CONF_FLAG_CMDLINE
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15489)
Rich Salz [Tue, 25 May 2021 14:28:49 +0000 (10:28 -0400)]
Fix issues found by md-nits
Fixes #15460
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15461)
Petr Gotthard [Tue, 25 May 2021 13:39:01 +0000 (15:39 +0200)]
Fix memory leak in OSSL_CMP_CTX
The ctx->propq is strdup'ed, so it must be free'd too.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15458)
Rich Salz [Wed, 19 May 2021 15:09:49 +0000 (11:09 -0400)]
Rework and make DEBUG macros consistent.
Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG.
Rename REF_PRINT to REF_DEBUG for consistency, and add a new
tracing category and use it for printing reference counts.
Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG
Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to
be set also.
Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
Fixes #15357
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15353)
David Makepeace [Wed, 26 May 2021 13:07:38 +0000 (23:07 +1000)]
Fix doc typos.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15483)
Tom Cosgrove [Wed, 26 May 2021 15:46:00 +0000 (16:46 +0100)]
Initialise OPENSSL_armcap_P to 0 before setting it based on capabilities, not after
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15486)
Tomas Mraz [Thu, 27 May 2021 14:41:56 +0000 (16:41 +0200)]
FIPS Checksums: checkout the head of the base repo as pristine
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15503)
Todd Short [Wed, 26 May 2021 14:03:35 +0000 (10:03 -0400)]
Call SSLfatal when the generate_ticket_cb returns 0
Otherwise, the state machine ends up being in a bad state:
```
SSL routines:write_state_machine:missing fatal:ssl/statem/statem.c:XXX:
```
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15487)
Tomas Mraz [Wed, 26 May 2021 11:13:02 +0000 (13:13 +0200)]
FIPS Checksums CI: use separate directories for the checkouts
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15481)
Tomas Mraz [Tue, 25 May 2021 16:15:21 +0000 (18:15 +0200)]
generate_fips_sources: properly include providers/common/der/*.in
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15481)
Juergen Christ [Tue, 25 May 2021 16:03:06 +0000 (18:03 +0200)]
Fix compilation warning with GCC11.
Parameter "header" of ssl3_cbc_digest_record was fixed to a 13 bytes header
but used as a pointer. This caused a warning about out-of-bounds array access
with GCC 11.
Fixes #15462.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15463)
Pauli [Sun, 23 May 2021 23:35:08 +0000 (09:35 +1000)]
coverity
1484912: Null pointer dereferences (NULL_RETURNS)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15425)
Pauli [Sun, 23 May 2021 22:59:36 +0000 (08:59 +1000)]
coverity
1484913: Null pointer dereferences (REVERSE_INULL)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15425)
Dr. David von Oheimb [Sat, 12 Dec 2020 21:04:05 +0000 (22:04 +0100)]
TEST: Prefer using precomputed RSA and DH keys for more efficient tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
Dr. David von Oheimb [Wed, 26 May 2021 07:22:48 +0000 (09:22 +0200)]
APPS req: Extend the -keyout option to be respected also with -key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
Dr. David von Oheimb [Wed, 26 May 2021 07:08:14 +0000 (09:08 +0200)]
DOC: Improve description of 'req' app: -new, -newkey, and -keyout options
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
Shane Lontis [Sun, 23 May 2021 06:49:48 +0000 (16:49 +1000)]
Fix spelling mistake in d2i_PrivateKey.pod
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15423)
Shane Lontis [Sun, 23 May 2021 06:48:45 +0000 (16:48 +1000)]
Add demo for EC keygen
Fixes #14112
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15423)
jwalch [Tue, 25 May 2021 23:43:23 +0000 (19:43 -0400)]
Fix OCSP_sendreq_nbio arg order
Fixes #15470
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15471)
Pauli [Wed, 26 May 2021 00:24:40 +0000 (10:24 +1000)]
test: test MP genrsa in deprecated builds
These multi-prime tests were omitted when genrsa was deprecated but not
returned when it was restored.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
Pauli [Wed, 26 May 2021 00:11:29 +0000 (10:11 +1000)]
test: add test for key generation strength > RNG strength
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
Pauli [Wed, 26 May 2021 00:10:51 +0000 (10:10 +1000)]
test: test genrsa in deprecated builds
These tests were omitted when genrsa was deprecated but not returned when
it was restored.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
Pauli [Wed, 26 May 2021 00:02:09 +0000 (10:02 +1000)]
errors: update error message (to be squashed)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
Pauli [Wed, 26 May 2021 00:00:37 +0000 (10:00 +1000)]
rsa: check that the RNG is capable of producing a key of the specified size
During key generation, any sized key can be asked for. Attempting to generate
a key with a security strength larger than the RNG strength now fails.
Fixes #15421
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
Pauli [Tue, 25 May 2021 23:27:32 +0000 (09:27 +1000)]
rsa: remove the limit on the maximum key strength
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
Rich Salz [Tue, 25 May 2021 19:09:07 +0000 (15:09 -0400)]
Use "" for include crypto/xxx
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15468)
Rich Salz [Tue, 25 May 2021 19:08:03 +0000 (15:08 -0400)]
Use "" for include internal/xxx
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15468)
Rich Salz [Tue, 25 May 2021 19:06:22 +0000 (15:06 -0400)]
Use <> for #include openssl/xxx
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15468)
Pauli [Tue, 25 May 2021 01:15:38 +0000 (11:15 +1000)]
rsa: rename global rsaz_ sumbols so they are in namespace
The symbols renamed are:
RSAZ_amm52x20_x1_256
RSAZ_amm52x20_x2_256
rsaz_avx512ifma_eligible
RSAZ_mod_exp_avx512_x2
Additionally, RSAZ_exp52x20_x2_256 was made static
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15445)
Pauli [Tue, 25 May 2021 00:40:44 +0000 (10:40 +1000)]
aes: rename new bsaes_ symbols -> ossl_bsaes_ ones
bsaes_cbc_encrypt -> ossl_bsaes_cbc_encrypt
bsaes_ctr32_encrypt_blocks -> ossl_bsaes_ctr32_encrypt_blocks
bsaes_xts_decrypt -> ossl_bsaes_xts_decrypt
bsaes_xts_encrypt -> ossl_bsaes_xts_encrypt
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15445)
projects / openssl.git / log