Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11736)
Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11736)
As described in https://github.com/openssl/openssl/issues/9187, the
loading of PEM certificates sometimes fails if a line of base64
content has the length of a multiple of 254.
The problem is in get_header_and_data(). When such a line with a
length of 254 (or a multiple) has been read, the next read will
only read a newline. Due to this get_header_and_data() expects to be
in the header not in the data area. This commit fixes that by checking
if lines have been read completely or only partially. In case of a
previous partial read, a newline will be ignored.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11741)
Rich Salz [Thu, 7 May 2020 11:44:01 +0000 (13:44 +0200)]
Fix issues reported by markdownlint
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11739)
Rich Salz [Thu, 7 May 2020 11:42:14 +0000 (13:42 +0200)]
travis: enable markdownlint checks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11739)
Richard Levitte [Wed, 6 May 2020 18:48:25 +0000 (20:48 +0200)]
EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up!
There were a few instances where we set the EVP_PKEY_CTX operation to
EVP_PKEY_OP_UNDEFINED, but forgot to clean up first. After the
operation is made undefined, there's no way to know what should be
cleaned away, so that must be done first, in all spots.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11750)
Shane Lontis [Thu, 7 May 2020 06:08:18 +0000 (16:08 +1000)]
Remove legacy FIPS_mode functions
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11680)
Shane Lontis [Thu, 7 May 2020 05:31:05 +0000 (15:31 +1000)]
Remove gen_get_params & gen_gettable_params from keygen operation
EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation.
After adding it it was noticed that it is probably not required for this type, so instead
the gen_get_params and gen_gettable_params have been remnoved from the provider interface.
gen_get_params was only implemented for ec to get the curve name. This seems redundant
since normally you would set parameters into the keygen_init() and then generate a key.
Normally you would expect to extract data from the key - not the object that we just set up
to do the keygen.
Added a simple settable and gettable test into a test that does keygen.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11683)
Richard Levitte [Tue, 5 May 2020 14:53:43 +0000 (16:53 +0200)]
Configure: avoid perl regexp bugs
It seems that in older perl versions '(?P' doesn't interact very well
with '(?|' or '(?:'.
Since we make extensive use of '(?P' in build.info parsing, we avoid
combining that with '(?|' and '(?:' when parsing build.info variables,
and end up parsing variable modifier twice (first generally, and then
parse that result into the modifier components).
Fixes #11694
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11737)
Matt Caswell [Fri, 1 May 2020 11:24:57 +0000 (12:24 +0100)]
Extend test_ssl_get_shared_ciphers
Ensure we test scenarios where a FIPS peer is communication with a
non-FIPS peer. Check that a FIPS client doesn't offer ciphersuites it
doesn't have, and that a FIPS server only chooses ciphersuites it can
support.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11700)
Matt Caswell [Fri, 1 May 2020 08:17:40 +0000 (09:17 +0100)]
Don't offer or accept ciphersuites that we can't support
We were not correctly detecting whether TLSv1.3 ciphersuites could
actually be supported by the available provider implementations. For
example a FIPS client would still offer CHACHA20-POLY1305 based
ciphersuites even though it couldn't actually use them. Similarly on
the server would try to use CHACHA20-POLY1305 and then fail the
handshake.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11700)
Matt Caswell [Thu, 30 Apr 2020 15:08:57 +0000 (16:08 +0100)]
Centralise Environment Variables for the tests
The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to
be set in the user's environment. To ensure that no tests accidentally
use this or other enviroment variables from the user's environment we
automatically set them centrally for all tests.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11691)
Tomas Mraz [Tue, 5 May 2020 07:52:25 +0000 (09:52 +0200)]
The synthesized OPENSSL_VERSION_NUMBER must be long
(to keep API compatibility with older releases)
Fixes #11716
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11732)
The documentation for ``EVP_default_properties_is_fips_enabled()`` uses
``fips=yes`` in one place and ``fips=true`` in another place. Stick to
``fips=yes`` like everywhere else.
Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11723)
Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc.
Add X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
and X509_VERIFY_PARAM_get1_ip_asc() to support this,
as well as the internal helper function ipaddr_to_asc(), which
is used also for simplifying other IP address output functions.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11693)
Shane Lontis [Fri, 1 May 2020 07:09:01 +0000 (17:09 +1000)]
Fix aix compile error in cmp_ctx_test.c
Errors were of the form 1506-226 (S) The ":" operator is not allowed between "int" and "char*".
I think it is valid syntax the way it was written, But just rewrote so it compiled.
The aix compiler must be looking at the type of blah() when doing test ? (blah(), NULL) : X.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11698)
Shane Lontis [Sat, 2 May 2020 03:51:35 +0000 (13:51 +1000)]
Fix incorrect default keysize for CAST ofb and cfb modes.
Fixes #11459
It was incorrectly using 8 bytes instead of 16 as the default.
This was verified by expanding the macros used in e_cast.c.
The issue occurs if EVP_CIPHER_CTX_set_key_length() is not called.
evp_test.c hides this issue as it always calls EVP_CIPHER_CTX_set_key_length() before
using EVP_CipherInit_ex(...., key, ..).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11707)
Richard Levitte [Fri, 1 May 2020 16:06:18 +0000 (18:06 +0200)]
WPACKET: don't write DER length when we don't want to
With endfirst writing, it could be that we want to abandon any zero
length sub-packet. That's what WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH
was supposed to make happen, but the DER length writing code didn't
look at that flag. Now it does.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11703)
Shane Lontis [Fri, 1 May 2020 05:15:02 +0000 (15:15 +1000)]
Add solaris assembler fixes for legacy provider
The legacy provider contains assembler references. Most code is automagically pulled in from the libcrypto - but the platform specific assembler functions will not be visible in the symbol table. Copying BNASM and DESASM into liblegacy seems to be a better solution than exposing platform specific function in libcrypto.num.
Added a missing call in the des_cbc code for sparc.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11697)
Benjamin Kaduk [Tue, 17 Mar 2020 17:08:11 +0000 (10:08 -0700)]
Add test for SSL_new_session_ticket()
Run a normal handshake and then request some extra tickets,
checking that the new_session_cb is called the expected number of
times. Since the tickets are generated in the same way as other
tickets, there should not be a need to verify that these specific ones
can be used to resume.
Run the test with both zero and a non-zero number of tickets issued in the
initial handshake.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11416)
Benjamin Kaduk [Mon, 16 Mar 2020 18:25:58 +0000 (11:25 -0700)]
Add SSL_new_session_ticket() API
This API requests that the TLS stack generate a (TLS 1.3)
NewSessionTicket message the next time it is safe to do so (i.e., we do
not have other data pending write, which could be mid-record). For
efficiency, defer actually generating/writing the ticket until there
is other data to write, to avoid producing server-to-client traffic when
not needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11416)
Pauli [Sun, 26 Apr 2020 21:32:43 +0000 (07:32 +1000)]
param bld: avoid freeing the param builder structure on error paths.
The param builder was recently modified so that it doesn't free the passed in
param builder structure. Some of the error paths didn't get synced up with this
change and resulted in double frees.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11651)
A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend the occurences.
Fixes #11649
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11663)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11660)
It turned out that configuration options may affect the definition and
use of diverse stacks and how they relate to the underlying types.
For example, the configuration option 'no-rfc3779' results in a build
error around STACK_OF(IPAddressFamily) and related stacks.
Previously, STACK_OF definitions were located near the definition of
the underlying type, which are also affected by configuration options,
which made this easier to maintain. We relocate the new stack
definitions back to those locations for that reason.
We apply the same type of relocation in other header files as well, following
the general rule that it's better to use DEFINE_OR_DECLARE_STACK_OF after the
type it defines a stack for has been defined.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11655)
Configurations: Identify the shell variables around MANSUFFIX
With MANSUFFIX=A the statement '$$fn$(MANSUFFIX)' is reaplaces with
'$fnA' and left empty because the `fnA' variables is not recognized
within the shell.
With {} around fn it is then bocomes ${fn}A and works as expected.
While here, add the MANSUFFIX to the ECHO line so it is properly printed
during build.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11643)
Benjamin Kaduk [Wed, 1 Apr 2020 20:51:40 +0000 (13:51 -0700)]
sslapitest: only compile test when it will be used
The test_ccs_change_cipher() test routine is used only when TLS 1.2
is enabled; to fix the strict-warnings build we should not try to
compile it when TLS 1.2 is disabled, either.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11458)
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11644)
i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success
but in case of an error
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11380)
Arne Schwabe [Thu, 23 Apr 2020 10:42:51 +0000 (12:42 +0200)]
Fix type cast in SSL_CTX_set1_groups macro
The macro casts the glist parameter to char*
instead of (int *) like the documentation of the function suggest.
Also the function tls1_set_groups that is called from SSL_CTX_ctrl
takes an int * argument. This looks like a copy&paste error from
SSL_CTX_set1_groups_list function.
CLA: trivial Signed-off-by: Arne Schwabe <arne@rfc2549.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11614)