thirdparty/openssl.git
12 hours agoDeprecate unprefixed manual entries for openssl commands master
Dr. Matthias St. Pierre [Wed, 21 Aug 2019 23:04:41 +0000 (01:04 +0200)] 
Deprecate unprefixed manual entries for openssl commands

Initially, the manual page entry for the 'openssl cmd' command used
to be available at 'cmd(1)'. Later, the aliases 'openssl-cmd(1)' was
introduced, which made it easier to group the openssl commands using
the 'apropos(1)' command or the shell's tab completion.

In order to reduce cluttering of the global manual page namespace,
the manual page entries without the 'openssl-' prefix have been
deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9666)

16 hours agoopenssl dgst, openssl enc: check for end of input
Richard Levitte [Thu, 22 Aug 2019 11:34:16 +0000 (13:34 +0200)] 
openssl dgst, openssl enc: check for end of input

The input reading loop in 'openssl dgst' and 'openssl enc' doesn't
check for end of input, and because of the way BIO works, it thereby
won't detect that the end is reached before the read is an error.
With the FILE BIO, an error occurs when trying to read past EOF, which
is fairly much ok, except when the command is used interactively, at
least on Unix.  The result in that case is that the user has to press
Ctrl-D twice for the command to terminate.

The issue is further complicated because both these commands use
filter BIOs on top of the FILE BIO, so a naïve attempt to check
BIO_eof() doesn't quite solve it, since that only checks the state of
the source/sink BIO, and the filter BIO may have some buffered data
that still needs to be read.  Fortunately, there's BIO_pending() that
checks exactly that, if any filter BIO has pending data that needs to
be processed.

We end up having to check both BIO_pending() and BIO_eof().

Thanks to Zsigmond Lőrinczy for the initial effort and inspiration.

Fixes #9355

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9668)

26 hours agoSupport parsing of SM2 ID in hexdecimal
Paul Yang [Tue, 30 Jul 2019 15:05:44 +0000 (23:05 +0800)] 
Support parsing of SM2 ID in hexdecimal

The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID
input in hexdecimal.

The newly added ctrl string is called: sm2_hex_id

Test cases and documentation are updated.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9584)

27 hours agoAdd basic aria and camellia ciphers modes to default provider
Shane Lontis [Thu, 22 Aug 2019 01:42:54 +0000 (11:42 +1000)] 
Add basic aria and camellia ciphers modes to default provider

The aes code has been refactored into generic and algorithn specific parts,
so that most of the code can be shared.
The cipher related files have been broken up into smaller parts.
Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the
generic code used by aes).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9451)

29 hours agoFix drbg_ossl_ctx_free() and drbg_nonce_ossl_ctx_free() to handle NULL
Richard Levitte [Wed, 21 Aug 2019 08:12:05 +0000 (10:12 +0200)] 
Fix drbg_ossl_ctx_free() and drbg_nonce_ossl_ctx_free() to handle NULL

If these were passed NULL, the crashed with a SIGSEGV, when they
should do like all other freeing functions and become a no-op.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9650)

29 hours agoModify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it
Richard Levitte [Wed, 21 Aug 2019 08:08:44 +0000 (10:08 +0200)] 
Modify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it

If ossl_method_store_add() gets called with a method that already exists
(i.e. the store has one with matching provider, nid and properties), that
method should not be stored.  We do this check inside ossl_method_store_add()
because it has all the locking required to do so safely.

Fixes #9561

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9650)

29 hours agoModify ossl_method_store_add() to handle reference counting
Richard Levitte [Wed, 21 Aug 2019 07:58:10 +0000 (09:58 +0200)] 
Modify ossl_method_store_add() to handle reference counting

Because this function affects the reference count on failure (the call
to impl_free() does this), it may as well handle incrementing it as
well to indicate the extra reference in the method store.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9650)

44 hours agoFix ossl_param_bld_push_{utf8,octet}_string() / param_bld_convert()
Richard Levitte [Wed, 21 Aug 2019 09:08:20 +0000 (11:08 +0200)] 
Fix ossl_param_bld_push_{utf8,octet}_string() / param_bld_convert()

ossl_param_bld_push_{utf8,octet}_string() saved the constant string
pointer to a non-constant structure field, so we change that field to
a pointer to a constant.  We also modify param_bld_convert() to
pretend the resulting pointer for PTR types points to a constant as
well.

Completes #9649

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9651)

47 hours agoConstify param builder string functions.
Pauli [Wed, 21 Aug 2019 05:28:52 +0000 (15:28 +1000)] 
Constify param builder string functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9649)

2 days agoCorrect documented return value for BIO_get_mem_data()
Johannes [Tue, 20 Aug 2019 06:13:47 +0000 (16:13 +1000)] 
Correct documented return value for BIO_get_mem_data()

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9643)

2 days agoStart up DEVRANDOM entropy improvement for older Linux devices.
Pauli [Tue, 20 Aug 2019 06:10:49 +0000 (16:10 +1000)] 
Start up DEVRANDOM entropy improvement for older Linux devices.

Improve handling of low entropy at start up from /dev/urandom by waiting for
a read(2) call on /dev/random to succeed.  Once one such call has succeeded,
a shared memory segment is created and persisted as an indicator to other
processes that /dev/urandom is properly seeded.

This does not fully prevent against attacks weakening the entropy source.
An attacker who has control of the machine early in its boot sequence
could create the shared memory segment preventing detection of low entropy
conditions.  However, this is no worse than the current situation.

An attacker would also be capable of removing the shared memory segment
and causing seeding to reoccur resulting in a denial of service attack.
This is partially mitigated by keeping the shared memory alive for the
duration of the process's existence.  Thus, an attacker would not only need
to have called call shmctl(2) with the IPC_RMID command but the system
must subsequently enter a state where no instances of libcrypto exist in
any process.  Even one long running process will prevent this attack.

The System V shared memory calls used here go back at least as far as
Linux kernel 2.0.  Linux kernels 4.8 and later, don't have a reliable way
to detect that /dev/urandom has been properly seeded, so a failure is raised
for this case (i.e. the getentropy(2) call has already failed).

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9595)

3 days agoprevent endless recursion when trace API is used within OPENSSL_init_crypto()
Dr. David von Oheimb [Sat, 10 Aug 2019 14:51:12 +0000 (16:51 +0200)] 
prevent endless recursion when trace API is used within OPENSSL_init_crypto()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9567)

3 days agocleanup provider digests
Shane Lontis [Mon, 19 Aug 2019 23:07:12 +0000 (09:07 +1000)] 
cleanup provider digests

Added some missing #ifdef NO_XXX around some of the digest functions.
Renamed core_mkdigest.h to digestcommon.h
Added ERR_raise() to set/get params for digest.
Moved common code for get_params/gettable_params into digest_common.c
Renamed #defines in digestcommon.
Removed null_prov.c (It should not be needed)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9625)

3 days agoAdd aes_ccm to provider
Shane Lontis [Mon, 19 Aug 2019 22:54:41 +0000 (08:54 +1000)] 
Add aes_ccm to provider

Add Cleanups for gcm - based on the changes to ccm.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9280)

3 days agoGet rid of using deprecated function isascii
Dmitry Belyavskiy [Sun, 18 Aug 2019 08:29:50 +0000 (11:29 +0300)] 
Get rid of using deprecated function isascii

Avoid using functions deprecated in some libcs (e.g. uClibc-ng).
Fixes #9557

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9628)

3 days agoAdd a fallback definition for __NR_getrandom for x86 linux
Bernd Edlinger [Mon, 19 Aug 2019 06:25:07 +0000 (08:25 +0200)] 
Add a fallback definition for __NR_getrandom for x86 linux

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9639)

3 days agoUse macros internally for algorithm names
Richard Levitte [Thu, 15 Aug 2019 10:39:20 +0000 (12:39 +0200)] 
Use macros internally for algorithm names

The macros are defined in include/openssl/core_names.h and follow the
naming standard OSSL_{OPNAME}_NAME_{ALGONAME}, where {OPNAME} is the
name of the operation (such as MAC) and {ALGONAME} is the name of the
algorithm.  Example: OSSL_MAC_NAME_HMAC

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9635)

4 days agodoc: fix link in BN_new.pod
Mykola Baibuz [Sun, 18 Aug 2019 08:17:03 +0000 (11:17 +0300)] 
doc: fix link in BN_new.pod

Fixes #9622

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9627)

4 days agoUntangle / retangle opensslv.h, openssslconf.h and macros.h
Richard Levitte [Sun, 18 Aug 2019 06:28:34 +0000 (08:28 +0200)] 
Untangle / retangle opensslv.h, openssslconf.h and macros.h

When openssl/macros.h is included without openssl/opensslv.h, it can't
define OPENSSL_API_4 properly (with sufficient warnings enabled, the
compiler will complain about OPENSSL_VERSION_MAJOR not being defined).
The quick fix could have been to include openssl/opensslv.h in
openssl/macros.h, but that would create a nasty include loop, since
openssl/opensslv.h includes openssl/opensslconf.h, which includes
openssl/macros.h, in an order that leads back to macro check errors.

The objective is to make these headers more independent:

- openssl/opensslconf.h should really be completely independent, as it
  only defines macros for configuration values.  However, it needs to
  include openssl/macros.h for backward compatibility reasons.  We do
  this at the very end, under inclusion guards.
- openssl/macros.h is changed to include openssl/opensslconf.h, so it
  gets necessary configuration values to build some macros.  This will
  not cause an endless inclusion loop, since opensslconf.h's inclusion
  of macros.h is under guard.
- openssl/opensslv.h is changed to include openssl/macros.h instead of
  openssl/opensslconf.h.

Only one last piece needs to be done to make openssl/macros.h
independent from openssl/opensslv.h.  We can realise that the
definition of OPENSSL_API_4 doesn't need to depend on the current
version number.  There's nothing in our configuration that  would have
OPENSSL_API_4 defined to 1, and if the user sets OPENSSL_API_COMPAT or
OPENSSL_API_LEVEL to a high enough value, we consider that a
deliberate and knowledgable action on their part.

Fixes #7874
Fixes #9601

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9626)

4 days agoAdd a fallback definition for __NR_getrandom for ARM linux
Bernd Edlinger [Sat, 17 Aug 2019 11:22:07 +0000 (13:22 +0200)] 
Add a fallback definition for __NR_getrandom for ARM linux

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9619)

4 days agocipher cleanups.
Shane Lontis [Sun, 18 Aug 2019 23:30:59 +0000 (09:30 +1000)] 
cipher cleanups.

Add test to evp_test_extra for ciphers (that is similiar to the digest_fetch).
Move some of the aes and gcm methods that can be shared with other ciphers into ciphers_common.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9580)

4 days agoAdd fips provider code for handling self test data
Shane Lontis [Sun, 18 Aug 2019 23:18:33 +0000 (09:18 +1000)] 
Add fips provider code for handling self test data

More PR's related to self test will be derived from this PR.

Note: the code removed in core_get_params() was causing a freeze since the
fips module was being loaded from a config file, which then called core_get_params()
which then tried to init the config fle again...

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9596)

4 days agoUse WARNINGS heading not WARNING
Rich Salz [Sun, 18 Aug 2019 15:38:25 +0000 (11:38 -0400)] 
Use WARNINGS heading not WARNING

Also update find-doc-nits to reject "=head1 WARNING"

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9602)

4 days agoUse EXAMPLES not EXAMPLE for section title
Rich Salz [Thu, 15 Aug 2019 18:26:08 +0000 (14:26 -0400)] 
Use EXAMPLES not EXAMPLE for section title

And update find-doc-nits to complain if "=head1 EXAMPLE" is found.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9602)

4 days agoFix some pod-page ordering nits
Rich Salz [Thu, 15 Aug 2019 17:52:41 +0000 (13:52 -0400)] 
Fix some pod-page ordering nits

The find-doc-nits script only looked for EXAMPLES, not EXAMPLE.
Fix the pattern and then fix the errors that resulted.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9602)

4 days agoFix --strict-warnings build
Patrick Steuer [Thu, 15 Aug 2019 21:13:53 +0000 (23:13 +0200)] 
Fix --strict-warnings build

Appease -Wstring-plus-int.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9608)

4 days agoTest for out-of-bounds write when requesting zero bytes from shake
Patrick Steuer [Mon, 5 Aug 2019 14:56:14 +0000 (16:56 +0200)] 
Test for out-of-bounds write when requesting zero bytes from shake

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9433)

4 days agoDirectly return from final sha3/keccak_final if no bytes are requested
Patrick Steuer [Mon, 5 Aug 2019 14:53:16 +0000 (16:53 +0200)] 
Directly return from final sha3/keccak_final if no bytes are requested

Requesting zero bytes from shake previously led to out-of-bounds write
on some platforms.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9433)

4 days ago.travis.yml: Use travis_terminate on failure
Rich Salz [Sat, 17 Aug 2019 16:49:50 +0000 (12:49 -0400)] 
.travis.yml: Use travis_terminate on failure

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9620)

5 days agoFix error handling in X509_chain_up_ref
Bernd Edlinger [Fri, 16 Aug 2019 13:18:51 +0000 (15:18 +0200)] 
Fix error handling in X509_chain_up_ref

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9614)

5 days agoWindows UWP builds: determine automatically if asm should be disabled
Richard Levitte [Tue, 23 Jul 2019 07:21:10 +0000 (09:21 +0200)] 
Windows UWP builds: determine automatically if asm should be disabled

Earlier Windows SDK versions lack the necessary support for our ASM
builds, so we check for the SDK version that has the support.

Information on exactly what registry key to check was found here:

https://stackoverflow.com/questions/2665755/how-can-i-determine-the-version-of-the-windows-sdk-installed-on-my-computer

Ref: #9125

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9440)

6 days agoFix 9bf682f which broke nistp224_method
Patrick Steuer [Thu, 15 Aug 2019 20:51:57 +0000 (22:51 +0200)] 
Fix 9bf682f which broke nistp224_method

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9607)

6 days agoRename ctx_{get,set}_params to {get,set}_ctx_params
Richard Levitte [Fri, 16 Aug 2019 07:04:29 +0000 (09:04 +0200)] 
Rename ctx_{get,set}_params to {get,set}_ctx_params

Recently, we added dispatched functions to get parameter descriptions,
and those for operation context parameters ended up being called
something_gettable_ctx_params and something_settable_ctx_params.

The corresponding dispatched functions to actually perform parameter
transfers were previously called something_ctx_get_params and
something_ctx_set_params, which doesn't quite match, so we rename them
to something_get_ctx_params and something_set_ctx_params.

An argument in favor of this name change is English, where you'd
rather say something like "set the context parameters".

This only change the libcrypto <-> provider interface.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9612)

7 days agoIgnore function code collisions
Rich Salz [Thu, 15 Aug 2019 16:09:08 +0000 (12:09 -0400)] 
Ignore function code collisions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9600)

7 days agoRe-implement 'openssl list -mac-algorithms'
Richard Levitte [Fri, 2 Aug 2019 08:40:30 +0000 (10:40 +0200)] 
Re-implement 'openssl list -mac-algorithms'

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoImplement EVP_MAC_do_all_ex()
Richard Levitte [Tue, 4 Jun 2019 16:17:49 +0000 (18:17 +0200)] 
Implement EVP_MAC_do_all_ex()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoAdd EVP_MAC_provider()
Richard Levitte [Tue, 4 Jun 2019 16:14:38 +0000 (18:14 +0200)] 
Add EVP_MAC_provider()

For information processing.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoRename the hash implementations KMAC{128,256} to KECCAK_KMAC{128,256}
Richard Levitte [Tue, 13 Aug 2019 08:20:05 +0000 (10:20 +0200)] 
Rename the hash implementations KMAC{128,256} to KECCAK_KMAC{128,256}

This avoids getting them confused with the MAC implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoOSSL_PARAM_construct_from_text(): handle non-hex octet string input
Richard Levitte [Mon, 12 Aug 2019 11:52:53 +0000 (13:52 +0200)] 
OSSL_PARAM_construct_from_text(): handle non-hex octet string input

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoAdjust some provider reason codes
Richard Levitte [Mon, 12 Aug 2019 11:14:51 +0000 (13:14 +0200)] 
Adjust some provider reason codes

BLAKE2 MACs came with a set of new reason codes.  Those talking about
lengths are consistently called PROV_R_INVALID_FOO_LENGTH, for any
name FOO.  The cipher messages were briefer.  In the interest of
having more humanly readable messages, we adjust the reasons used by
the ciphers (that's just IV length and key length).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoAdapt the MAC tests, and tests for other things that use EVP_MAC
Richard Levitte [Tue, 30 Jul 2019 20:52:07 +0000 (22:52 +0200)] 
Adapt the MAC tests, and tests for other things that use EVP_MAC

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoAdapt diverse code to provider based MACs.
Richard Levitte [Tue, 4 Jun 2019 16:00:04 +0000 (18:00 +0200)] 
Adapt diverse code to provider based MACs.

CRMF, SSKDF, TLS1_PRF and SIV are affected by this.

This also forces the need to check MAC names, which leads to storing
the names in the created methods, which affects all EVP APIs, not just
EVP_MAC.  We will want that kind of information anyway (for example
for 'openssl list')...  Consequently, EVP_MAC_name() is re-implemented.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoAdapt apps/mac.c to use provider based MACs
Richard Levitte [Sun, 2 Jun 2019 15:11:53 +0000 (17:11 +0200)] 
Adapt apps/mac.c to use provider based MACs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoRemove init of MACs from EVP
Richard Levitte [Sun, 2 Jun 2019 07:35:51 +0000 (09:35 +0200)] 
Remove init of MACs from EVP

Now that all our MACs have moved to the default provider, we let it
take over completely

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoMove Poly1305 to providers
Richard Levitte [Sun, 2 Jun 2019 07:33:28 +0000 (09:33 +0200)] 
Move Poly1305 to providers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoMove SipHash to providers
Richard Levitte [Sun, 2 Jun 2019 06:51:58 +0000 (08:51 +0200)] 
Move SipHash to providers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoMove KMAC to providers
Richard Levitte [Sun, 2 Jun 2019 06:46:35 +0000 (08:46 +0200)] 
Move KMAC to providers

Instead of using evp_keccak_kmac128() and evp_keccak_kmac256(), we refer
to the hash implementation by name, and fetch it, which should get us the
implementation from providers/common/digests/sha3_prov.c.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoMove HMAC to providers
Richard Levitte [Sat, 1 Jun 2019 16:36:10 +0000 (18:36 +0200)] 
Move HMAC to providers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoMove GMAC to providers
Richard Levitte [Sat, 1 Jun 2019 12:05:45 +0000 (14:05 +0200)] 
Move GMAC to providers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoMove CMAC to providers
Richard Levitte [Sat, 1 Jun 2019 09:18:15 +0000 (11:18 +0200)] 
Move CMAC to providers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoMove BLAKE2 MACs to the providers
Richard Levitte [Tue, 7 May 2019 10:40:25 +0000 (12:40 +0200)] 
Move BLAKE2 MACs to the providers

This also moves the remaining parts of BLAKE2 digests to the default
provider, and removes the legacy EVP implementation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoPrepare EVP_MAC infrastructure for moving all MACs to providers
Richard Levitte [Tue, 7 May 2019 10:39:58 +0000 (12:39 +0200)] 
Prepare EVP_MAC infrastructure for moving all MACs to providers

Quite a few adaptations are needed, most prominently the added code
to allow provider based MACs.

As part of this, all the old information functions are gone, except
for EVP_MAC_name().  Some of them will reappear later, for example
EVP_MAC_do_all() in some form.

MACs by EVP_PKEY was particularly difficult to deal with, as they
need to allocate and deallocate EVP_MAC_CTXs "under the hood", and
thereby implicitly fetch the corresponding EVP_MAC.  This means that
EVP_MACs can't be constant in a EVP_MAC_CTX, as their reference count
may need to be incremented and decremented as part of the allocation
or deallocation of the EVP_MAC_CTX.  It may be that other provider
based EVP operation types may need to be handled in a similar manner.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

7 days agoOPENSSL_s390xcap.pod: list msa9 facility bit (155)
Patrick Steuer [Fri, 12 Jul 2019 11:47:32 +0000 (13:47 +0200)] 
OPENSSL_s390xcap.pod: list msa9 facility bit (155)

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)

7 days agos390x assembly pack: accelerate ECDSA
Patrick Steuer [Thu, 11 Jul 2019 08:38:18 +0000 (10:38 +0200)] 
s390x assembly pack: accelerate ECDSA

for NIST P-256, P-384 and P-521 using KDSA instruction.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)

7 days agoEnable curve-spefific ECDSA implementations via EC_METHOD
Patrick Steuer [Thu, 11 Jul 2019 08:23:49 +0000 (10:23 +0200)] 
Enable curve-spefific ECDSA implementations via EC_METHOD

which are already enabled for ECDH.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)

7 days agos390x assembly pack: accelerate scalar multiplication
Patrick Steuer [Tue, 9 Jul 2019 08:25:04 +0000 (10:25 +0200)] 
s390x assembly pack: accelerate scalar multiplication

for NIST P-256, P-384 and P-521 using PCC instruction.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)

7 days agos390xcpuid.pl: fix comment
Patrick Steuer [Wed, 3 Jul 2019 16:02:11 +0000 (18:02 +0200)] 
s390xcpuid.pl: fix comment

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)

7 days agoTest SSL_set_ciphersuites
raja-ashok [Fri, 31 May 2019 03:20:54 +0000 (08:50 +0530)] 
Test SSL_set_ciphersuites

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9079)

7 days agoFix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list
raja-ashok [Thu, 30 May 2019 18:21:18 +0000 (23:51 +0530)] 
Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9079)

7 days agoINSTALL: clarify documentation of the --api=x.y.z deprecation option
Dr. Matthias St. Pierre [Thu, 15 Aug 2019 11:45:04 +0000 (13:45 +0200)] 
INSTALL: clarify documentation of the --api=x.y.z deprecation option

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9599)

7 days agoFix syntax error for the armv4 assembler
Omid Najafi [Fri, 2 Aug 2019 21:40:19 +0000 (17:40 -0400)] 
Fix syntax error for the armv4 assembler

The error was from the alignment syntax of the code.
More details:
https://stackoverflow.com/questions/57316823/arm-assembly-syntax-in-vst-vld-commands?noredirect=1#comment101133590_57316823

CLA: trivial

Fixes: #9518

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9518)

7 days agoRename provider and core get_param_types functions
Richard Levitte [Wed, 14 Aug 2019 18:17:39 +0000 (20:17 +0200)] 
Rename provider and core get_param_types functions

It was argued that names like SOMETHING_set_param_types were confusing,
and a rename has been proposed to SOMETHING_settable_params, and by
consequence, SOMETHING_get_param_types is renamed
SOMETHING_gettable_params.

This changes implements this change for the dispatched provider and
core functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9591)

7 days agocrypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally
Richard Levitte [Thu, 15 Aug 2019 08:20:13 +0000 (10:20 +0200)] 
crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally

When OpenSSL is configured with 'no-stdio', TEST_ENG_OPENSSL_RC4_P_INIT
shouldn't be defined, as that test uses stdio.

Fixes #9597

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9598)

7 days agoAdd {get,set}table_params() functions for provider digests
Richard Levitte [Mon, 12 Aug 2019 13:03:24 +0000 (15:03 +0200)] 
Add {get,set}table_params() functions for provider digests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)

7 days agoModify 'openssl list' to give more verbose descriptions
Richard Levitte [Mon, 12 Aug 2019 13:01:00 +0000 (15:01 +0200)] 
Modify 'openssl list' to give more verbose descriptions

With the diverse {get,set}table_params functions, it's possible to
give a more verbose description of the diverse algorithm
implementations.  Most notably, we add a description of the parameters
that each implementation is willing to share.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)

7 days agoAdd missing EVP param utility functions
Richard Levitte [Mon, 12 Aug 2019 12:56:18 +0000 (14:56 +0200)] 
Add missing EVP param utility functions

These functions were missing for a completes API:

EVP_MD_get_params(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
and EVP_CIPHER_CTX_get_params

Additionally, we also add all the corresponding parameter descriptor
returning functions, along the correspoding provider dispatches:

EVP_MD_gettable_params(), EVP_MD_CTX_settable_params(),
EVP_MD_CTX_gettable_params(), EVP_CIPHER_gettable_params(),
EVP_CIPHER_CTX_settable_params(), and EVP_CIPHER_CTX_gettable_params()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)

10 days agoAccess data after obtaining the lock not before.
Pauli [Mon, 12 Aug 2019 10:07:39 +0000 (20:07 +1000)] 
Access data after obtaining the lock not before.

It isn't completely clear that this constitutes a race condition, but it will
always be conservative to access the locked data after getting the lock.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9579)

8 days agoIf we are multiblock capable make sure we use it
Matt Caswell [Mon, 12 Aug 2019 10:55:53 +0000 (11:55 +0100)] 
If we are multiblock capable make sure we use it

Recent changes to the assembler defines meant that they weren't being
set for libssl code. This resulted in the multiblock code never being
used.

Fixes #9571

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9574)

8 days agoAdd missing EBCDIC strings
opensslonzos-github [Thu, 8 Aug 2019 18:11:38 +0000 (14:11 -0400)] 
Add missing EBCDIC strings

Fix a few places where calling ossl_isdigit does the wrong thing on
EBCDIC based systems.
Replaced with ascii_isdigit.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9556)

9 days agoAdd description in X509_STORE manipulation
Paul Yang [Wed, 14 Aug 2019 02:28:07 +0000 (10:28 +0800)] 
Add description in X509_STORE manipulation

Add memory management description in X509_STORE_add_cert, otherwise
users will not be aware that they are leaking memory...

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9484)

9 days agoBIO_lookup_ex: Do not retry on EAI_MEMORY
Tomas Mraz [Mon, 12 Aug 2019 14:43:59 +0000 (16:43 +0200)] 
BIO_lookup_ex: Do not retry on EAI_MEMORY

We should not retry on EAI_MEMORY as that error is most probably
fatal and not depending on AI_ADDRCONFIG hint.

Also report the error from the first call if the second call fails
as that one would be most probably the more interesting one.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)

9 days agoBIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set
Tomas Mraz [Mon, 5 Aug 2019 17:11:07 +0000 (19:11 +0200)] 
BIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set

Do not try to discern the error return value on
getaddrinfo() failure but when retrying set the AI_NUMERICHOST
to avoid DNS lookups.

Fixes: #9053

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)

9 days ago30-test_evp.t: make the tested configs depend on what's been built
Richard Levitte [Mon, 12 Aug 2019 05:04:13 +0000 (07:04 +0200)] 
30-test_evp.t: make the tested configs depend on what's been built

If the FIPS module hasn't been built, don't use test/fips.cnf, for example.

Fixes #9568

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9570)

11 days agoFix doc example code to follow coding style
Rich Salz [Mon, 12 Aug 2019 03:23:17 +0000 (13:23 +1000)] 
Fix doc example code to follow coding style

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9577)

10 days agoHMAC: use EVP_MD_flags(), not EVP_MD_meth_get_flags()
Richard Levitte [Wed, 24 Jul 2019 20:19:37 +0000 (22:19 +0200)] 
HMAC: use EVP_MD_flags(), not EVP_MD_meth_get_flags()

The latter should only be ussed with legacy methods.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)

10 days agoAdapt the provider digests for more use of OSSL_PARAM
Richard Levitte [Tue, 16 Jul 2019 04:06:26 +0000 (06:06 +0200)] 
Adapt the provider digests for more use of OSSL_PARAM

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)

10 days agoRework the provider digest constructor to provide implementation get_params
Richard Levitte [Tue, 16 Jul 2019 04:05:08 +0000 (06:05 +0200)] 
Rework the provider digest constructor to provide implementation get_params

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)

10 days agoAdapt diverse EVP_MD functions to use get_params and set_params interfaces
Richard Levitte [Tue, 16 Jul 2019 04:03:12 +0000 (06:03 +0200)] 
Adapt diverse EVP_MD functions to use get_params and set_params interfaces

Also clean up EVP_MD_CTX_ctrl(), which did use these interfaces, but
development since allows for more elegant code.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)

10 days agoMake more use of OSSL_PARAM for digests
Richard Levitte [Tue, 16 Jul 2019 03:59:50 +0000 (05:59 +0200)] 
Make more use of OSSL_PARAM for digests

A lot of the different numbers associated with digests are really
algorithm parameters.  block size, digest length, that sort of
thing.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)

10 days agoAdd OSSL_PARAM_construct_from_text() and OSSL_PARAM_allocate_from_text()
Richard Levitte [Wed, 3 Jul 2019 16:42:21 +0000 (18:42 +0200)] 
Add OSSL_PARAM_construct_from_text() and OSSL_PARAM_allocate_from_text()

These are utility functions that can be used to replace calls to
ctrl_str type functions with get_params / set_params types of calls.
They work by translating text values to something more suitable for
OSSL_PARAM, and by interpretting parameter keys in a compatible
fashion.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)

10 days agoAdd OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex()
Richard Levitte [Wed, 3 Jul 2019 16:40:17 +0000 (18:40 +0200)] 
Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex()

They do the same thing as OPENSSL_hexstr2buf() and OPENSSL_buf2hexstr(),
except they take a result buffer from the caller.

We take the opportunity to break out the documentation of the hex to /
from buffer conversion routines from the OPENSSL_malloc() file to its
own file.  These routines aren't memory allocation routines per se.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)

10 days agoenable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler
Vladimir Kotal [Mon, 22 Jul 2019 15:08:16 +0000 (17:08 +0200)] 
enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9434)

10 days agoConfigurations/unit-Makefile.tmpl: Don't clean away dotted files
Richard Levitte [Mon, 12 Aug 2019 09:46:23 +0000 (11:46 +0200)] 
Configurations/unit-Makefile.tmpl: Don't clean away dotted files

A local 'make clean' did some sweeping removals of files execpt for
the .git directory.  This is a little too sweeping, as other dotted
files might be cleaned away if they happen to match the pattern that's
searched for.

An example is a symlink .dir-locals.el that would keep disappearing if
you build in the source tree and do a make clean...

So we change this to leave all dotted files alone.  Our builds do not
produce such files anyway, so this is a harmless (or rather, less
harmful) change.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9573)

10 days agoRemove some duplicate words from the documentation
Denis Ovsienko [Fri, 9 Aug 2019 21:14:04 +0000 (22:14 +0100)] 
Remove some duplicate words from the documentation

Fixup INSTALL and a couple man pages to get rid of "the the" and "in the
in the".

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9563)

11 days agoFix windows compile errors in params.c
Shane Lontis [Mon, 12 Aug 2019 01:37:53 +0000 (11:37 +1000)] 
Fix windows compile errors in params.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9569)

11 days agoAdd a clang-7 build target with --strict-warnings
Bernd Edlinger [Wed, 24 Jul 2019 07:22:25 +0000 (09:22 +0200)] 
Add a clang-7 build target with --strict-warnings

[extended tests]

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9450)

13 days agoExtend tests of SSL_check_chain()
Matt Caswell [Tue, 23 Jul 2019 16:10:05 +0000 (17:10 +0100)] 
Extend tests of SSL_check_chain()

Actually supply a chain and then test:
1) A successful check of both the ee and chain certs
2) A failure to check the ee cert
3) A failure to check a chain cert

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)

13 days agoFix SSL_check_chain()
Matt Caswell [Tue, 23 Jul 2019 14:14:29 +0000 (15:14 +0100)] 
Fix SSL_check_chain()

The function SSL_check_chain() can be used by applications to check that
a cert and chain is compatible with the negotiated parameters. This could
be useful (for example) from the certificate callback. Unfortunately this
function was applying TLSv1.2 sig algs rules and did not work correctly if
TLSv1.3 was negotiated.

We refactor tls_choose_sigalg to split it up and create a new function
find_sig_alg which can (optionally) take a certificate and key as
parameters and find an appropriate sig alg if one exists. If the cert and
key are not supplied then we try to find a cert and key from the ones we
have available that matches the shared sig algs.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)

13 days agoFix test_key_exchange with no_tlsv1_2
Matt Caswell [Tue, 23 Jul 2019 14:13:26 +0000 (15:13 +0100)] 
Fix test_key_exchange with no_tlsv1_2

Make sure we only test TLSv1.2 things if TLSv1.2 is actually available.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)

13 days agoFix test_sslextension if TLSv1.2 has been disabled
Matt Caswell [Tue, 23 Jul 2019 14:12:29 +0000 (15:12 +0100)] 
Fix test_sslextension if TLSv1.2 has been disabled

A skip rule was skipping the wrong number of tests.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)

13 days agoAdd TLS tests for RSA-PSS Restricted certificates
Matt Caswell [Thu, 8 Aug 2019 10:41:18 +0000 (11:41 +0100)] 
Add TLS tests for RSA-PSS Restricted certificates

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)

13 days agoAdd Restricted PSS certificate and key
Matt Caswell [Thu, 8 Aug 2019 10:08:14 +0000 (11:08 +0100)] 
Add Restricted PSS certificate and key

Create a PSS certificate with parameter restrictions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)

13 days agoEnsure RSA PSS correctly returns the right default digest
Matt Caswell [Thu, 8 Aug 2019 08:13:51 +0000 (09:13 +0100)] 
Ensure RSA PSS correctly returns the right default digest

A default digest of SHA256 was being returned for RSA PSS even if the
PSS parameters indicated a different digest must be used. We change this
so that the correct default digest is returned and additionally mark this
as mandatory for PSS.

This bug had an impact on sig alg selection in libssl. Due to this issue
an incorrect sig alg might be selected in the event that a server is
configured with an RSA-PSS cert with parameter restrictions.

Fixes #9545

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)

13 days agouse native atomic increment function on Solaris
Vladimir Kotal [Fri, 21 Jun 2019 08:31:05 +0000 (10:31 +0200)] 
use native atomic increment function on Solaris

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9215)

13 days agoAdd missing SIZE_MAX define for windows
Shane Lontis [Fri, 9 Aug 2019 11:38:42 +0000 (21:38 +1000)] 
Add missing SIZE_MAX define for windows

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9559)

13 days agoAdd a CHANGES entry for BN_generate_prime_ex
Bernd Edlinger [Mon, 15 Jul 2019 18:34:31 +0000 (20:34 +0200)] 
Add a CHANGES entry for BN_generate_prime_ex

BN_generate_prime_ex no longer avoids factors 3..17863 in p-1
when not computing safe primes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)

13 days agoUpdate documentation of BN_generate_prime_ex
Bernd Edlinger [Wed, 10 Jul 2019 19:33:48 +0000 (21:33 +0200)] 
Update documentation of BN_generate_prime_ex

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)

13 days agoMerge probable_prime_dh_safe with bn_probable_prime_dh
Bernd Edlinger [Fri, 5 Jul 2019 09:55:56 +0000 (11:55 +0200)] 
Merge probable_prime_dh_safe with bn_probable_prime_dh

This should avoid half of the trial divisions in probable_prime_dh_safe
and avoid bn_probable_prime_dh generating primes with special properties.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)

13 days agoAdd a parameter to probable_prime if we look for a safe prime
Bernd Edlinger [Thu, 4 Jul 2019 12:52:41 +0000 (14:52 +0200)] 
Add a parameter to probable_prime if we look for a safe prime

Currently probable_prime makes sure that p-1 does not have
any prime factors from 3..17863, which is useful for safe primes,
but not necessarily for the general case.

Issue was initially reported here:
MIRONOV, I. Factoring RSA Moduli II.
https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)

13 days agomention what happens if OPENSSL_NO_RC2 is defined
Vladimir Kotal [Fri, 19 Jul 2019 14:01:13 +0000 (16:01 +0200)] 
mention what happens if OPENSSL_NO_RC2 is defined

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9415)