Matt Caswell [Thu, 19 Aug 2021 14:25:04 +0000 (15:25 +0100)]
Allow fuzz builds to detect string overruns
If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL
terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it
any for safety in normal builds.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
Zengit [Wed, 11 Aug 2021 14:21:03 +0000 (17:21 +0300)]
Add a clarification to NOTES-UNIX.md
I just wasted almost 2 hours troubleshooting, because lowercase L
and 1 look too similar, this should help some people save time.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16295)
Current implementation of warn_binary introduces a regression
when the content is passed in /dev/stdin as an explicit file name
and reads the file to be processed twice otherwise.
I suggest to reimplement this functionality after 3.0 if necessary.
Fixes #16359
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16367)
Omair Majid [Wed, 18 Aug 2021 18:57:57 +0000 (14:57 -0400)]
Fix documentation referring to 'function code'
ERR_GET_FUNC was removed, so remove references to 'function code' as
well from docs.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16353)
Beat Bolli [Mon, 16 Aug 2021 20:37:41 +0000 (22:37 +0200)]
doc: fix a mistyped "=item" perldoc marker
Searching didn't reveal any other similar cases.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16354)
Rich Salz [Tue, 17 Aug 2021 15:42:21 +0000 (11:42 -0400)]
Replace CONFIG_NOWAIT env var with -w option
And document the -w option
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Rich Salz [Mon, 16 Aug 2021 20:29:09 +0000 (16:29 -0400)]
Set KERNEL_BITS, add CONFIG_NOWAIT
Avoid perl "undefined variable in regexp" message.
Not all uses were changed because I wasn't sure.
Add support for CONFIG_NOWAIT environment variable.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Rich Salz [Mon, 16 Aug 2021 20:25:03 +0000 (16:25 -0400)]
Minor doc enhancements to INSTALL.md
Describe current relationship between config and Configure.
Put the environment variable list in alphabetical order.
Add description of KERNEL_BITS.
Add new variable CONFIG_NOWAIT.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Todd Short [Mon, 16 Aug 2021 20:37:10 +0000 (16:37 -0400)]
Fix state name abbreviation
The TRSCV state abbrev was used for two states:
* TLS_ST_CR_CERT_VRFY
* TLS_ST_SW_CERT_VRFY
The second one is wrong because it's a write operation.
The state for TLS_ST_SW_CERT_VRFY should be "TWSCV"
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16327)
Shane Lontis [Fri, 13 Aug 2021 04:36:21 +0000 (14:36 +1000)]
Fix CTS cipher decrypt so that the updated IV is returned correctly.
Adding KRB5 test vector 'NextIV' values to evp_test data for AES CTS indicated that the CTS decrypt functions incorrectly returned the wrong IV. The returned IV should match the value returned by the encrypt methods.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Ingo Franzki [Wed, 11 Aug 2021 11:04:52 +0000 (13:04 +0200)]
Test EVP Cipher updating the context's IV
Ensure that an EVP_CipherUpdate operation updates the context's
IV for AES CBC, CFB, OFB, and CTR. An application can get the
updated IV via EVP_CIPHER_CTX_iv().
The s390x implementation of the CFB and OFB ciphers in e_aes.c did not
update the IV in the context, but only within its s390x specific
context data.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16291)
Ingo Franzki [Wed, 11 Aug 2021 07:39:46 +0000 (09:39 +0200)]
s390x: AES OFB/CFB: Maintain running IV from cipher context
Copy the current IV from the cipher context into the kmo/kmf param before
the operation, and copy the modified IV back to the context afterwards.
Without this, an application that obtains the running IV from the context
would still get the original IV, but not the updated one.
This implementation in e_aes.c now matches the code in cipher_aes_hw_s390x.inc
that is used for the provider implementation.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16291)
Todd Short [Fri, 13 Aug 2021 13:59:59 +0000 (09:59 -0400)]
Fix potential double-free
The `sk` variable is assigned to `s->session->peer_chain`.
If `ssl3_digest_cached_records()` were to fail, then `sk` would still be
non-NULL, and subsequently freed on the error return. When the session
is freed, it will then attempt to free `s->session->peer_chain`,
resulting in a double-free (of `sk`).
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16309)
Tomas Mraz [Wed, 11 Aug 2021 16:46:07 +0000 (18:46 +0200)]
Correct documentation errors in regards to UTF8 params
This fixes numerous bugs in documentation in regards to UTF8
params and their sizes. The returned size should always be without the
terminating NUL byte. On the other hand on the requestor side
the size of the buffer should include the NUL byte if it expects it
being included in the returned string.
Also make this clear in the EVP_PKEY_get_group_name() documentation
which uses utf8 string params under the hood.
Fixes #16287
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16296)
Christian Heimes [Sat, 15 Aug 2020 18:01:49 +0000 (20:01 +0200)]
Test case for a2i_IPADDRESS
Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores
trailing data.
See: https://github.com/openssl/openssl/issues/12649
See: https://bugs.python.org/issue41556 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16201)
encode_key2text.c(689): error C4703: potentially uninitialized local pointer variable 'modulus_label' used
encode_key2text.c(691): error C4703: potentially uninitialized local pointer variable 'exponent_label' used
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12845)
Pauli [Wed, 4 Aug 2021 00:11:30 +0000 (10:11 +1000)]
evp_test: add TLS 1.3 KDF test suite
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 12:42:23 +0000 (22:42 +1000)]
test: add test cases for TLS 1.3 KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 01:33:38 +0000 (11:33 +1000)]
update doc/build.info
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 01:22:49 +0000 (11:22 +1000)]
fips: add power up test for TLS 1.3 KDF
The power up known answer test for the TLS 1.3 KDF does just the first step
to derive the "client_early_traffic_secret" using the two modes of the KDF.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 05:42:13 +0000 (15:42 +1000)]
doc: add TLS 1.3 KDF to the FIPS provider list of algorithms.
Fix link to TLS1 PRF.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Tue, 3 Aug 2021 12:29:03 +0000 (22:29 +1000)]
doc: reorder the string and int extract/expand param values
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 11:44:06 +0000 (21:44 +1000)]
doc: add links to new KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 11:44:38 +0000 (21:44 +1000)]
doc: add documentation for TLS13_KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 06:19:29 +0000 (16:19 +1000)]
provider: add TLS13_KDF to the default and FIPS providers
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 06:16:35 +0000 (16:16 +1000)]
tls/prov: move the TLS 1.3 KDF code to providers
This function needs to be power up tested as part of the FIPS validation and
thus it needs to be inside the provider boundary. This is realised by
introducing a new KDF "TLS13-KDF" which does the required massaging of
parameters but is otherwise functionally equivalent to HKDF.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Pauli [Mon, 2 Aug 2021 02:18:42 +0000 (12:18 +1000)]
doc: add missing link directive in X942 KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16187)
Tomas Mraz [Tue, 3 Aug 2021 10:23:43 +0000 (12:23 +0200)]
Use copy.pl to install the fips module on Windows
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16208)
Tomas Mraz [Tue, 3 Aug 2021 09:35:58 +0000 (11:35 +0200)]
Windows, VMS: Do install_fips on install if fips is enabled
Also fix some inconsistencies and minor bugs related to the
install_fips target on Windows and VMS.
Fixes #16194
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16208)
The generated lists[1] look weird when using a dash as the list item
character. Perlpod documents[2] '*' for unordered lists and '1.' (note
the period) for ordered lists. Use these characters instead.
[1] e.g. https://www.openssl.org/docs/manmaster/man7/migration_guide.html#New-Algorithms
[2] https://perldoc.perl.org/perlpod
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16190)
Pauli [Wed, 28 Jul 2021 23:55:09 +0000 (09:55 +1000)]
Add config_diagnostics to our configuration files.
The change to a more configuration based approach to enable FIPS mode
operation highlights a shortcoming in the default should do something
approach we've taken for bad configuration files.
Currently, a bad configuration file will be automatically loaded and
once the badness is detected, it will silently stop processing the
configuration and continue normal operations. This is good for remote
servers, allowing changes to be made without bricking things. It's bad
when a user thinks they've configured what they want but got something
wrong and it still appears to work.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16171)
If we have passed the private key, don't copy it implicitly
Fixes #16197
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16199)
Tanzinul Islam [Sat, 31 Jul 2021 17:28:34 +0000 (18:28 +0100)]
Redefine getpid() -> _getpid() only for MSVC
This was introduced in 814b5133e for MSVC. C++Builder doesn't need it.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16192)
Delete dtls timeout dead code in dtls1_handle_timeout
Fix: #15559
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16151)
Matt Caswell [Thu, 29 Jul 2021 10:09:05 +0000 (11:09 +0100)]
Update fingerprints.txt
Add Paul Dale as an approved release signer.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16175)
Matt Caswell [Tue, 27 Jul 2021 15:59:59 +0000 (16:59 +0100)]
Don't try and load the config file while already loading the config file
Calls to the API function EVP_default_properties_enable_fips() will
automatically attempt to load the default config file if it is not
already loaded. Therefore this function should not be called from inside
code to process the config file.
Fixes #16165
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16168)