Fix a few places where calling ossl_isdigit does the wrong thing on
EBCDIC based systems.
Replaced with ascii_isdigit.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9556)
Paul Yang [Wed, 14 Aug 2019 02:28:07 +0000 (10:28 +0800)]
Add description in X509_STORE manipulation
Add memory management description in X509_STORE_add_cert, otherwise
users will not be aware that they are leaking memory...
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9484)
Tomas Mraz [Mon, 12 Aug 2019 14:43:59 +0000 (16:43 +0200)]
BIO_lookup_ex: Do not retry on EAI_MEMORY
We should not retry on EAI_MEMORY as that error is most probably
fatal and not depending on AI_ADDRCONFIG hint.
Also report the error from the first call if the second call fails
as that one would be most probably the more interesting one.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)
Tomas Mraz [Mon, 5 Aug 2019 17:11:07 +0000 (19:11 +0200)]
BIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set
Do not try to discern the error return value on
getaddrinfo() failure but when retrying set the AI_NUMERICHOST
to avoid DNS lookups.
Fixes: #9053 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)
Rich Salz [Mon, 12 Aug 2019 03:23:17 +0000 (13:23 +1000)]
Fix doc example code to follow coding style
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9577)
Richard Levitte [Wed, 3 Jul 2019 16:42:21 +0000 (18:42 +0200)]
Add OSSL_PARAM_construct_from_text() and OSSL_PARAM_allocate_from_text()
These are utility functions that can be used to replace calls to
ctrl_str type functions with get_params / set_params types of calls.
They work by translating text values to something more suitable for
OSSL_PARAM, and by interpretting parameter keys in a compatible
fashion.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)
Richard Levitte [Wed, 3 Jul 2019 16:40:17 +0000 (18:40 +0200)]
Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex()
They do the same thing as OPENSSL_hexstr2buf() and OPENSSL_buf2hexstr(),
except they take a result buffer from the caller.
We take the opportunity to break out the documentation of the hex to /
from buffer conversion routines from the OPENSSL_malloc() file to its
own file. These routines aren't memory allocation routines per se.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)
Vladimir Kotal [Mon, 22 Jul 2019 15:08:16 +0000 (17:08 +0200)]
enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9434)
A local 'make clean' did some sweeping removals of files execpt for
the .git directory. This is a little too sweeping, as other dotted
files might be cleaned away if they happen to match the pattern that's
searched for.
An example is a symlink .dir-locals.el that would keep disappearing if
you build in the source tree and do a make clean...
So we change this to leave all dotted files alone. Our builds do not
produce such files anyway, so this is a harmless (or rather, less
harmful) change.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9573)
Denis Ovsienko [Fri, 9 Aug 2019 21:14:04 +0000 (22:14 +0100)]
Remove some duplicate words from the documentation
Fixup INSTALL and a couple man pages to get rid of "the the" and "in the
in the".
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9563)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9450)
Matt Caswell [Tue, 23 Jul 2019 16:10:05 +0000 (17:10 +0100)]
Extend tests of SSL_check_chain()
Actually supply a chain and then test:
1) A successful check of both the ee and chain certs
2) A failure to check the ee cert
3) A failure to check a chain cert
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
Matt Caswell [Tue, 23 Jul 2019 14:14:29 +0000 (15:14 +0100)]
Fix SSL_check_chain()
The function SSL_check_chain() can be used by applications to check that
a cert and chain is compatible with the negotiated parameters. This could
be useful (for example) from the certificate callback. Unfortunately this
function was applying TLSv1.2 sig algs rules and did not work correctly if
TLSv1.3 was negotiated.
We refactor tls_choose_sigalg to split it up and create a new function
find_sig_alg which can (optionally) take a certificate and key as
parameters and find an appropriate sig alg if one exists. If the cert and
key are not supplied then we try to find a cert and key from the ones we
have available that matches the shared sig algs.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
Matt Caswell [Thu, 8 Aug 2019 08:13:51 +0000 (09:13 +0100)]
Ensure RSA PSS correctly returns the right default digest
A default digest of SHA256 was being returned for RSA PSS even if the
PSS parameters indicated a different digest must be used. We change this
so that the correct default digest is returned and additionally mark this
as mandatory for PSS.
This bug had an impact on sig alg selection in libssl. Due to this issue
an incorrect sig alg might be selected in the event that a server is
configured with an RSA-PSS cert with parameter restrictions.
Fixes #9545
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
Shane Lontis [Fri, 9 Aug 2019 11:38:42 +0000 (21:38 +1000)]
Add missing SIZE_MAX define for windows
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9559)
Add a parameter to probable_prime if we look for a safe prime
Currently probable_prime makes sure that p-1 does not have
any prime factors from 3..17863, which is useful for safe primes,
but not necessarily for the general case.
Issue was initially reported here:
MIRONOV, I. Factoring RSA Moduli II.
https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
Vladimir Kotal [Fri, 19 Jul 2019 14:01:13 +0000 (16:01 +0200)]
mention what happens if OPENSSL_NO_RC2 is defined
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9415)
Restrict usage of bio_dgram_sctp_data only to DGRAM SCTP methods
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9216)
Vladimir Kotal [Tue, 11 Jun 2019 14:21:00 +0000 (16:21 +0200)]
make ecp_nistz256_point_add_vis3() local
fixes #8936
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9132)
Martin Ukrop [Mon, 5 Aug 2019 12:14:54 +0000 (14:14 +0200)]
Fix reversed meaning of error codes
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were still reversed in the X509_STORE_CTX_get_error function documentation.
This used to be the problem also in the verify application documentation, but was fixed on 2010-02-23 in 7d3d178.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9529)
Matt Caswell [Fri, 28 Jun 2019 11:07:55 +0000 (12:07 +0100)]
Clarify the INSTALL instructions
Ensure users understand that they need to have appropriate permissions
to write to the install location.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9268)
Matt Caswell [Wed, 7 Aug 2019 08:38:05 +0000 (09:38 +0100)]
Fix no-ec
Fix some unguarded references to EC code inside the FIPS provider.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9543)
Shane Lontis [Thu, 8 Aug 2019 04:23:52 +0000 (14:23 +1000)]
Fix document nit in EVP_MAC.pod
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9551)
Matt Caswell [Tue, 6 Aug 2019 12:39:00 +0000 (13:39 +0100)]
Fix BN error reporting
Commit ed57f7f935 implemented the macro ERR_raise and updated err.h to use
it. A typo in err.h means that errors in the BN library are mistakenly
attributed to the RSA library.
This was found due to the following error appearing in a travis log:
00:07:CB:13:05:7F:00:00:error:0400006C:rsa routines::data greater than mod
len:crypto/bn/bn_gcd.c:613:
00:07:CB:13:05:7F:00:00:error:04000003:rsa routines::BN
lib:crypto/rsa/rsa_gen.c:393:
/home/travis/build/openssl/openssl/util/shlib_wrap.sh
/home/travis/build/openssl/openssl/apps/openssl genrsa -out rsamptest.pem
-primes 5 8192 => 1
not ok 12 - genrsa 8192p5
The line in question (crypto/bn/bn_gcd.c:613) actually looks like this:
The test was checking for that error being raised, but was instead seeing
a different error and thus failing.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9539)
Matt Caswell [Mon, 5 Aug 2019 12:38:25 +0000 (13:38 +0100)]
Run evp_test in FIPS mode
We run the cipher and digest evp_test test files in FIPS mode. Some
ciphers/digests aren't available in FIPS mode so we mark those as
only being available in the default provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9531)
Matt Caswell [Mon, 22 Jul 2019 10:02:46 +0000 (11:02 +0100)]
Correct the Extended Master Secret string for EBCDIC
The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string
"extended master secret". On EBCDIC machines it actually contained the
value "extecded master secret"
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9430)
Matt Caswell [Thu, 1 Aug 2019 13:55:25 +0000 (14:55 +0100)]
Fix SSL_MODE_RELEASE_BUFFERS functionality
At some point in the past do_ssl3_write() used to return the number of
bytes written, or a value <= 0 on error. It now just returns a success/
error code and writes the number of bytes written to |tmpwrit|.
The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code
for the number of bytes written rather than |tmpwrit|. This has the effect
that the buffers are not released when they are supposed to be.
Fixes #9490
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9505)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9483)
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9496)
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9501)
Matt Caswell [Wed, 31 Jul 2019 10:54:34 +0000 (11:54 +0100)]
Fix the krb5 external test
The krb5 external test relies on legacy algorithms. Therefore we make
use of the capability to load a config file by default, and ensure that
the config file in use by the krb5 tests loads both the legacy and default
providers.
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)
Matt Caswell [Wed, 31 Jul 2019 10:09:44 +0000 (11:09 +0100)]
Suppress loading the FIPS module in evp_test
Running evp_test with the FIPS module has never worked because the
config file was never loaded by default. Actually loading the FIPS module
reveals lots of failures in evp_test. The following commits will enable
loading the config file by default and so we temporarily disable running
the evp_test with the FIPS module until the tests can be fixed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)
Matt Caswell [Tue, 30 Jul 2019 17:36:53 +0000 (18:36 +0100)]
Properly process the "Availablein" keyword for evp_test
The "Availablein" keyword is supposed to indicate which providers are
required in evp_test in order for a particular test to pass. Unfortunately
this didn't work. If the provider was available then the test failed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)
Pauli [Wed, 31 Jul 2019 09:31:45 +0000 (19:31 +1000)]
Prevent an infinite recursion when the query cache is flushed.
The problem being that the "requires flush" flag was being cleared after the
the flush. The fix is to clear it before. This is a problem because the
cache flushing called RAND_bytes and if the DRBG hadn't been created yet, it
would be queried and added to the cache causing the flush code to repeat.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9477)
Pauli [Wed, 31 Jul 2019 09:31:21 +0000 (19:31 +1000)]
The query cache has been updated to not depend on RAND_bytes being available.
The alternative is to use a fast and small xorshift
random number generator. The stochastic flushing doesn't require good
random numbers, just enough variety to avoid causing problems.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9477)
The code has been modularized so that it can be shared by algorithms.
A fixed size IV is now used instead of being allocated.
The IV is not set into the low level struct now until the update (it uses an
iv_state for this purpose).
Hardware specific methods have been added to a PROV_GCM_HW object.
The S390 code has been changed to just contain methods that can be accessed in
a modular way. There are equivalent generic methods also for the other
platforms.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9231)
Richard Levitte [Wed, 31 Jul 2019 07:27:05 +0000 (09:27 +0200)]
ERR: fix err_data_size inconsistencies
In ERR_add_error_vdata(), the size of err_data had 1 added to it in
some spots, which could lead to buffer overflow.
In ERR_vset_error(), ERR_MAX_DATA_SIZE was used instead of buf_size in
the BIO_vsnprintf() call, which would lead to a buffer overflow if
such a large buffer couldn't be allocated.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9491)
CAdES : lowercase name for now internal methods.
CAdES : rework CAdES signing API.
Make it private, as it is unused outside library bounds.
Fix varous doc-nits.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Richard Levitte [Wed, 24 Jul 2019 14:55:32 +0000 (16:55 +0200)]
Avoid using ERR_put_error() directly in OpenSSL code
If compiled with 'no-deprecated', ERR_put_error() is undefined. We
had one spot where we were using it directly, because the file and
line information was passed from elsewhere.
Fortunately, it's possible to use ERR_raise() for that situation, and
call ERR_set_debug() immediately after and thereby override the
information that ERR_raise() stored in the error record.
util/mkerr.pl needed a small adjustment to not generate code that
won't compile in a 'no-deprecated' configuration.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)
Richard Levitte [Wed, 24 Jul 2019 11:37:42 +0000 (13:37 +0200)]
Refactor provider support for reporting errors
The core now supplies its own versions of ERR_new(), ERR_set_debug()
and ERR_vset_error(). This should suffice for a provider to have any
OpenSSL compatible functionlity it desires.
The main difference between the ERR functions and the core
counterparts is that the core counterparts take an OSSL_PROVIDER
parameter instead of the library number. That way, providers do not
need to know what number they have been assigned, that information
stays in the core.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)
Richard Levitte [Wed, 24 Jul 2019 11:03:32 +0000 (13:03 +0200)]
ERR: Add new building blocks for reporting errors
The new building block are ERR_new(), ERR_set_debug(),
ERR_set_error(), ERR_vset_error(), which allocate a new error record
and set the diverse data in them. They are designed in such a way
that it's reasonably easy to create macros that use all of them but
then rely completely on the function signature of ERR_set_error() or
ERR_vset_error().
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)
Richard Levitte [Wed, 24 Jul 2019 10:53:36 +0000 (12:53 +0200)]
Move some macros from include/openssl/opensslconf.h.in, add OPENSSL_FUNC
New header file, include/openssl/macros.h, which contains diverse
useful macros that we use elsewhere.
We also add the new macro OPENSSL_FUNC, which is an alias for
__FUNC__, __FUNCTION__, __FUNCSIG or __func__, depending on what the
compiler supports. In the worst case, it's an alias for the string
"(unknown function)".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)
Use OPENSSL_strlcpy instead of strncpy in e_afalg.c
This avoids a spurious gcc warning:
./config enable-asan --strict-warnings
=>
In function 'afalg_create_sk',
inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11:
engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be
truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation]
376 | strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
| ^~~~~~~
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9478)
Richard Levitte [Thu, 25 Jul 2019 15:51:30 +0000 (17:51 +0200)]
ERR: re-use the err_data field when possible
To deallocate the err_data field and then allocating it again might be
a waste of processing, but may also be a source of errors when memory
is scarce. While we normally tolerate that, the ERR sub-system is an
exception and we need to pay closer attention to how we handle memory.
This adds a new err_data flag, ERR_TXT_IGNORE, which means that even
if there is err_data memory allocated, its contents should be ignored.
Deallocation of the err_data field is much more selective, aand should
only happen when ERR_free_state() is called.
Fixes #9458
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9459)
Patrick Steuer [Thu, 18 Jul 2019 09:42:58 +0000 (11:42 +0200)]
s390x assembly pack: use getauxval to detect hw capabilities
if available.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9410)
Richard Levitte [Wed, 17 Jul 2019 09:34:14 +0000 (11:34 +0200)]
test/evp_test.c: modify to use OSSL_PROVIDER_available()
This changes the stanza format used so far. Some test stanza had the
following line, only possible for digests:
Legacy = 1
These have been traded for the following:
Availablein = legacy
That line is globally available in all test stanza and can be used to
tell what providers a certain algorithm may be available in. Only one
provider needs to match, so one might have something like this for
some tests:
Availablein = default fips
This means that one of those providers must be available for the test
stanza to be performed.
If the providers mentioned for a stanza aren't available, the test is
skipped.
If this line isn't used in a stanza, the algorithm is assumed to be
available unconditionally (either by fallback providers, or providers
loaded by the config file).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9398)
Richard Levitte [Wed, 17 Jul 2019 09:29:04 +0000 (11:29 +0200)]
Add functions to see if a provider is available for use.
Public function OSSL_PROVIDER_available() takes a library context and
a provider name, and returns 1 if it's available for use, i.e. if it's
possible to fetch implementations from it, otherwise 0.
Internal function ossl_provider_activated() returns 1 if the given
OSSL_PROVIDER is activated, otherwise 0.
To make this possible, the activation of fallbacks got refactored out
to a separate function, which ended up simplifying the code.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9398)
David Benjamin [Tue, 23 Jul 2019 18:14:48 +0000 (14:14 -0400)]
Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.
tls_parse_stoc_key_share was generating a new EVP_PKEY public/private
keypair and then overrides it with the server public key, so the
generation was a waste anyway. Instead, it should create a
parameters-only EVP_PKEY.
(This is a consequence of OpenSSL using the same type for empty key,
empty key with key type, empty key with key type + parameters, public
key, and private key. As a result, it's easy to mistakenly mix such
things up, as happened here.)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9445)