Paul Yang [Mon, 13 Jan 2020 06:26:11 +0000 (14:26 +0800)]
Add duplication APIs to ASN1_TIME and related types
Fixes #10600.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10823)
Pauli [Fri, 10 Jan 2020 12:14:27 +0000 (22:14 +1000)]
Digest function deprecation CHANGES.
Add a changes entry to cover the deprecation of the low level digest functions:
MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and
Whirlpool
[skip ci]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10802)
Benjamin Kaduk [Wed, 15 Jan 2020 00:22:52 +0000 (16:22 -0800)]
Update SSL_CTX_sess_set_new_cb(3) docs for refcounts
The existing documentation for the new-session callback was unclear
about the requirements on the callback with respect to reference-handling
of the session object being created. Be more explicit about the
(non-)requirements on the callback code for "success" (1) and "ignore"
(0) return values.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10848)
Richard Levitte [Wed, 15 Jan 2020 00:10:42 +0000 (01:10 +0100)]
Move the stored namemap pre-population to namemap construction
Prepopulation of the stored namemap from the legacy method object
database happened on first EVP fetch. However, there are moments when
that prepopulation needs to happen even though no fetching has been
performed yet. We therefore move pre-population to happen when the
namemap is constructed.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10846)
Pauli [Tue, 14 Jan 2020 00:33:03 +0000 (10:33 +1000)]
Deprecate the low level RC5 functions
Use of the low level RC5 functions has been informally discouraged for a long
time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)
Pauli [Mon, 13 Jan 2020 23:38:09 +0000 (09:38 +1000)]
Deprecate the low level RC4 functions
Use of the low level RC4 functions has been informally discouraged for a long
time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)
Pauli [Mon, 13 Jan 2020 23:15:18 +0000 (09:15 +1000)]
Deprecate the low level RC2 functions
Use of the low level RC2 functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)
Pauli [Mon, 13 Jan 2020 22:35:12 +0000 (08:35 +1000)]
Deprecate the low level SEED functions
Use of the low level SEED functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10833)
Shane Lontis [Wed, 15 Jan 2020 00:48:01 +0000 (10:48 +1000)]
Add FIPS Self test kats for digests
Added an API to optionally set a self test callback.
The callback has the following 2 purposes
(1) Output information about the KAT tests.
(2) Allow the ability to corrupt one of the KAT's
The fipsinstall program uses the API.
Some KATS are not included in this PR since the required functionality did not yet exist in the provider.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10374)
Richard Levitte [Sun, 12 Jan 2020 00:05:01 +0000 (01:05 +0100)]
Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()
The returned -2 was to mark when these operations are unsupported.
However, that breaks away from the previous API and expectations, and
there's not enough justification for that not being zero.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10815)
kinichiro [Thu, 9 Jan 2020 14:22:25 +0000 (23:22 +0900)]
Avoid leak in error path of asn1_parse2
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10794)
Richard Levitte [Wed, 8 Jan 2020 13:58:34 +0000 (14:58 +0100)]
PROV: Fix mixup between general and specialized GCM implementations
providers/implementations/ciphers/ciphercommon_gcm_hw.c had an AES
specific GCM update function, while
providers/implementations/ciphers/cipher_aria_gcm_hw.c had the more
general implementation.
This moves them around to have the more general implementation in the
common source, and place the AES specialiation where it belongs.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10783)
Richard Levitte [Fri, 10 Jan 2020 19:40:11 +0000 (20:40 +0100)]
Fix EVP_Digest{Sign,Verify}Final() and EVP_Digest{Sign,Verify}() for provider only keys
For provider only keys where the initialization didn't catch, we may
end up crashing because the legacy code path didn't check that it had
support carefully enough. This only happens if the caller didn't
check if initialization worked or not.
For the one-shot case, it's very simply handling the case where the
key has no legacy implementation an fall back to the standard
init+update+final mechanism.
While at it, EVP_DigestSignFinal() and EVP_DigestVerifyFinal() got a
slight code cleanup.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10806)
Matt Caswell [Thu, 9 Jan 2020 15:58:19 +0000 (15:58 +0000)]
Always go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set
If we're using an explicitly fetched digest in an EVP_DigestUpdate
operation, then we should still go the legacy route if
EVP_MD_CTX_FLAG_NO_INIT has been set because we are being used in the
context of a legacy signature algorithm and EVP_DigestInit has not been
called.
This fixes a seg fault in EVP_DigestSignUpdate()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10796)
handle new findings of find-doc-nits on fn typedefs w/ extra space
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10673)
make find-doc-nits report function typedef w/ space before arg list
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10673)
handle new findings of find-doc-nits for certain typedefs
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10673)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10673)
Richard Levitte [Wed, 8 Jan 2020 10:52:38 +0000 (11:52 +0100)]
When deprecated symbols are removed, ensure liblegacy has WHIRLPOOL
The legacy module implements WHIRLPOOL, so we must ensure it has the
full functionality, even when libcrypto stops exporting the symbols.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10779)
Pauli [Wed, 8 Jan 2020 05:13:11 +0000 (15:13 +1000)]
Deprecate the low level Whirlpool functions.
Use of the low level Whirlpool functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_Digest,
EVP_DigestInit_ex, EVP_DigestUpdate and EVP_DigestFinal_ex.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10779)
Pauli [Wed, 8 Jan 2020 02:50:56 +0000 (12:50 +1000)]
whirlpool: fix preprocessor indentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10779)
Pauli [Thu, 9 Jan 2020 01:18:58 +0000 (11:18 +1000)]
Deprecate the low level MDC2 functions.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)
Pauli [Thu, 9 Jan 2020 00:48:01 +0000 (10:48 +1000)]
mdc2: fix preprocessor indentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)
Pauli [Thu, 9 Jan 2020 00:37:28 +0000 (10:37 +1000)]
Deprecate the low level MD4 functions.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)
Pauli [Thu, 9 Jan 2020 00:30:54 +0000 (10:30 +1000)]
md4: fix preprocessor indentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)
Pauli [Thu, 9 Jan 2020 00:16:21 +0000 (10:16 +1000)]
Deprecate the low level MD2 functions.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)
Pauli [Wed, 8 Jan 2020 23:46:13 +0000 (09:46 +1000)]
md2: fix preprocessor indentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)
Pauli [Wed, 8 Jan 2020 23:08:31 +0000 (09:08 +1000)]
Deprecate the low level RIPEMD160 functions.
Use of the low level RIPEMD160 functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_Digest,
EVP_DigestInit_ex, EVP_DigestUpdate and EVP_DigestFinal_ex.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10789)
Pauli [Wed, 8 Jan 2020 22:20:30 +0000 (08:20 +1000)]
ripemd: fix preprocessor indentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10789)
Rich Salz [Tue, 7 Jan 2020 17:44:25 +0000 (12:44 -0500)]
Tweak option error messages
Better messages for unknown option, unknown cipher, unknown digest.
Fixes #10773
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10774)
testutil_init.c: fix compilation error with enable-trace
In commit e79ae962fbed the tests were adapted to use the
new BIO_f_prefix() API which was introduced in 319cee9e2fc6.
This location was missed, because it is compiled only when
tracing is enabled.
Fixes #10731
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10732)
This commit adds said binary to .gitignore to avoid cluttering of the
worktree.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10768)
Richard Levitte [Wed, 18 Dec 2019 12:24:27 +0000 (13:24 +0100)]
EVP: Adapt KEYEXCH, SIGNATURE and ASYM_CIPHER to handle key types better
The adaptation is to handle the case when key types and operations
that use these keys have different names. For example, EC keys can be
used for ECDSA and ECDH.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10647)
Richard Levitte [Wed, 18 Dec 2019 12:20:55 +0000 (13:20 +0100)]
CORE & EVP: Specify OP_query_operation_name() for KEYMGMT
This will allow keymgmt implementation for key types that need it to
specify the names of the diverse operation algorithms it can be used
with. Currently, only one name per key type and operation is allowed.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10647)
Richard Levitte [Mon, 6 Jan 2020 18:49:26 +0000 (19:49 +0100)]
DOCS: The interpretation of OPENSSL_API_COMPAT has changed, update docs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/10765)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)
fix dependencies of cmp_{msg,protect}_test.c in test/build.info
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)
Richard Levitte [Tue, 7 Jan 2020 10:49:08 +0000 (11:49 +0100)]
EVP: If a key can't be exported to provider, fallback to legacy
Currently, the operations that do try to export a legacy key to
providers will fail if the export failed. It makes more sense to
simply use the legacy method instead, as a fallback for things not
being implemented (yet) in a provider.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10771)
1. The $< target[1] does not work for regular rules and is
expanded to an empty string after issuing the warning
NMAKE : warning U4006: special macro undefined : '$<"'
Solution: replace $< by $?
2. The substitution regex is not quoted correctly, which leads
to the following error message by cmd.exe:
'href' is not recognized as an internal or external command,
operable program or batch file.
Solution: Quoting arguments for cmd.exe is really a nightmare,
but with the help of the excellent description [2] I was able to
properly quote the regex. Things were complicated by the fact that
a lot of levels of unquoting needed to be considered:
* perl (windows-makefile.tmpl -> makefile)
* make (reading the makefile)
* cmd.exe (executed by make)
* perl (scanning command line using CommandLineToArgvW())
The fix works, but the regex has become unmaintainable. It would actually
be better to wrap the entire command (including the regex) into a little
perl script which can be called by make directly.
Matt Caswell [Thu, 2 Jan 2020 14:25:27 +0000 (14:25 +0000)]
Deprecate Low Level Blowfish APIs
Applications should instead use the higher level EVP APIs, e.g.
EVP_Encrypt*() and EVP_Decrypt*().
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10740)
Rich Salz [Tue, 7 Jan 2020 20:50:20 +0000 (15:50 -0500)]
Make generated copyright year be "now"
Always use the current year in generating output files, rather than
trying to base is on the modtime of the script or input, as that can
vary depending on the ability of the local OS to keep those accurate.
Fixes #10744
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10776)
Modify the add_seeds_stringlist() macro to fix a preprocessor error
When OpenSSL is configured using `--with-rand-seed=devrandom`, the preprocessor
reports the following error
crypto/info.c:104:66: error:
macro "add_seeds_stringlist" passed 3 arguments, but takes just 2
add_seeds_stringlist("random-device", { DEVRANDOM, NULL });
The reason why the preprocessor complains about three arguments being passed
is that according to [1], balanced braces in macro arguments don't prevent the
comma from acting as an argument separator:
3.3 Macro Arguments
...
Parentheses within each argument must balance;
a comma within such parentheses does not end the argument.
However, there is no requirement for square brackets or braces to balance,
and they do not prevent a comma from separating arguments.
Also introduced an iteration pointer `p`, because `dev` is not an lvalue:
crypto/info.c:78:41: error:
lvalue required as increment operand
for (; *dev != NULL; dev++) {
This fixes commit 01036e2afbe116d608be048ed15930fc885ab2a8, which moved the
DEVRANDOM and DEVRANDOM_EGD defines into rand_unix.c. That change introduced
the regression that the compiler complains about missing declarations in
crypto/info.c when OpenSSL is configured using `--with-rand-seed=devrandom`
(resp. `--with-rand-seed=egd`)
Fixes #10759
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10762)
Richard Levitte [Sat, 4 Jan 2020 05:39:50 +0000 (06:39 +0100)]
Configuration: synchronise the variables on the build file templates
For some reason, we didn't use some of the possible target attributes
in the Unix Makefile template, and there was a similar but much
smaller lack of use in the Windows makefile template as well.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10753)
Shane Lontis [Thu, 5 Dec 2019 00:41:43 +0000 (10:41 +1000)]
Make ECDSA_size() use consistent asn1 encoder.
ECDSA signature lengths are calculated using i2d_ECDSA_SIG().
i2d_ECDSA_SIG() was changed in a previous PR to use a custom ASN1 encoder (using WPACKET)
so that the normal ASN1 encoder does not need to be pulled into the provider boundary.
For consistency ECDSA_size() has been changed to also use i2d_ECDSA_SIG() - this can now
be used directly inside the FIPS provider.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10577)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9970)
kaysond [Thu, 26 Dec 2019 04:20:46 +0000 (20:20 -0800)]
Add `-passin` arg to `ocsp`
Fix #10682
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10718)
Matt Caswell [Thu, 5 Dec 2019 17:09:49 +0000 (17:09 +0000)]
Deprecate the low level AES functions
Use of the low level AES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)
Matt Caswell [Thu, 5 Dec 2019 18:01:44 +0000 (18:01 +0000)]
Don't use the low level AES key wrap APIs in CMS
We should not be using the low level AES APIs in CMS. Instead we should
be using EVP. There was a small amount of use of the low level key
wrap APIs - so we convert that to EVP.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)
Matt Caswell [Fri, 3 Jan 2020 09:37:19 +0000 (09:37 +0000)]
Don't store an HMAC key for longer than we need
The HMAC_CTX structure stores the original key in case the ctx is reused
without changing the key.
However, HMAC_Init_ex() checks its parameters such that the only code path
where the stored key is ever used is in the case where HMAC_Init_ex is
called with a NULL key and an explicit md is provided which is the same as
the md that was provided previously. But in that case we can actually reuse
the pre-digested key that we calculated last time, so we can refactor the
code not to use the stored key at all.
With that refactor done it is no longer necessary to store the key in the
ctx at all. This means that long running ctx's will not keep the key in
memory for any longer than required. Note though that the digested key
*is* still kept in memory for the duration of the life of the ctx.
Fixes #10743
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10747)
Richard Levitte [Sat, 4 Jan 2020 18:24:39 +0000 (19:24 +0100)]
EVP: Fix method to determine if a PKEY is legacy or not
For the implementation of EVP_PKEY_CTX_new(), we determined if an
EVP_PKEY wass legacy or not by looking at 'pkey->pkey.ptr'. It turns
out that this code could get an unassigned EVP_PKEY, with that pointer
being NULL, and the determination proven incorrect.
The check now looks at 'pkey->ameth' instead.
Fixes #10704
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10758)
Rich Salz [Fri, 25 Oct 2019 03:02:09 +0000 (23:02 -0400)]
Move -nameopt to openssl.pod
Also clarify the description of the options.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10259)
Shane Lontis [Mon, 6 Jan 2020 03:02:16 +0000 (13:02 +1000)]
Add AES_CBC_HMAC_SHA ciphers to providers.
Also Add ability for providers to dynamically exclude cipher algorithms.
Cipher algorithms are only returned from providers if their capable() method is either NULL,
or the method returns 1.
This is mainly required for ciphers that only have hardware implementations.
If there is no hardware support, then the algorithm needs to be not available.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10146)
Andrew Hoang [Tue, 24 Dec 2019 04:19:24 +0000 (20:19 -0800)]
Fix incorrect return code on ECDSA key verification
ECDSA_do_verify() is a function that verifies a ECDSA signature given a hash and a public EC key. The function is supposed to return 1 on valid signature, 0 on invalid signature and -1 on error. Previously, we returned 0 if the key did not have a verify_sig method. This is actually an error case and not an invalid signature. Consequently, this patch updates the return code to -1.
Fixes #8766
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10693)
Nicola Tuveri [Sat, 8 Jun 2019 09:48:47 +0000 (12:48 +0300)]
Fix potential SCA vulnerability in some EC_METHODs
This commit addresses a potential side-channel vulnerability in the
internals of some elliptic curve low level operations.
The side-channel leakage appears to be tiny, so the severity of this
issue is rather low.
The issue was reported by David Schrammel and Samuel Weiser.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9239)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10130)
dcruette [Tue, 24 Dec 2019 21:48:19 +0000 (22:48 +0100)]
Update tls13_enc.c
Fix double + in hkdflabel declaration (FIXES #10675)
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10700)
Matt Caswell [Mon, 23 Dec 2019 17:14:58 +0000 (17:14 +0000)]
Temporarily disable the explicit enable-asan build
The explicit enable-asan build fails in the memleak test for unknown
reasons. Therefore we disable it temporarily to get a green Travis.
Other builds that use -fsanitize=address in Travis seem to pass.
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10689)
Matt Caswell [Mon, 23 Dec 2019 14:52:03 +0000 (14:52 +0000)]
Temporarily disable some Travis external tests
The pyca-cryptography external test has been failing for a long time.
It looks like upstream needs to make some changes to adapt to 3.0.
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10689)
Matt Caswell [Mon, 23 Dec 2019 14:39:57 +0000 (14:39 +0000)]
Don't run test_conf in cross compiled builds
test_conf was failing in travis for mingw builds. We run these on linux
via wine. However due to line break differences the tests were failing.
We just skip these in a cross compiled build.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10689)
Bernd Edlinger [Sun, 22 Dec 2019 18:40:03 +0000 (19:40 +0100)]
Fix a race condition in the speed command
The timer alarm sets run = 0, while the benchmark
does run = 1 in the initialization code. That is
a race condition, if the timer goes off too early
the benchmark runs forever.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10680)