Commit Graph

28906 Commits

Author SHA1 Message Date
Pauli
3bbc7b562a evp: fix coverity 1451509: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
48b05bb617 evp: fix coverity 1451510: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
1002bb9ff0 evp: fix coverity 1472682: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Pauli
89f7ea045b test: fix coverity 1473234 & 1473239: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
2021-04-08 08:49:27 +10:00
Richard Levitte
41385f2708 test/recipes/02-test_errstr.t: Do not test negative system error codes
It's been deemed unlikely that these will end up in OpenSSL error
records, so we simply don't test them if they happen to be among the
error codes that perl has support for.

Fixes #14763

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14779)
2021-04-07 22:09:58 +02:00
Pauli
014498fff9 test: fix coverity 1475940: negative return
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14769)
2021-04-07 23:30:42 +10:00
Pauli
97ef45ea13 test: fix coverity 1475941: resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14769)
2021-04-07 23:30:42 +10:00
Pauli
ccf19c23c0 Disallow ASN.1 enumerated types to be treated as strings.
They are actually integers.

Problem reported by: Scott McPeak <scott.g.mcpeak@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14774)
2021-04-07 23:29:10 +10:00
Pauli
44e82b813f Remove locking in CRYPTO_secure_allocated()
The check for being in secure memory is against the arena.  The arena is only
ever modified by sh_init() and sh_done() and in both cases, it is done without
locking.  Thus, it is safe for the CRYPTO_secure_allocated() to not lock.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14775)
2021-04-07 23:28:07 +10:00
Pauli
0bc27f7203 Make the lock in CRYPTO_secure_allocated() a read lock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14775)
2021-04-07 23:28:07 +10:00
Fangming.Fang
bec9289143 Fix AES-CBC perf test failure issue
As ossl_cipher_generic dosen't support to set key length, and
"openssl speed aes-(128|192|256)-cbc" tests fail. A small fix by
adding OSSL_CIPHER_PARAM_KEYLEN params.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14777)
2021-04-07 23:27:03 +10:00
Nan Xiao
30573117bb Fix typo in store_meth.c
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14776)
2021-04-07 22:39:35 +10:00
Nan Xiao
1ac64327df Remove unnecessary setting SSL_MODE_AUTO_RETRY
Since SSL_MODE_AUTO_RETRY is enabled by default, no need to set
it explicitly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14742)
2021-04-07 13:02:37 +02:00
Sahana Prasad
86522324d2 Adds a new lock to read default_path and uses a strdup() on default_path before using it
Fixes #14483
Signed-off-by: Sahana Prasad <sahana@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14650)
2021-04-07 18:08:14 +10:00
Pauli
581c4b1d53 Ensure that the negative flag is correct set for ASN1 integer types.
Reported by: Scott McPeak <scott.g.mcpeak@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14768)
2021-04-07 18:06:06 +10:00
Pauli
0806698047 Check for integer overflow in i2a_ASN1_OBJECT and error out if found.
Problem reported by Scott McPeak <scott.g.mcpeak@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14768)
2021-04-07 18:06:06 +10:00
Nan Xiao
493e78986f Fix potential double free in sslapitest.c
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14758)
2021-04-07 09:08:19 +10:00
Tomas Mraz
0cfbc828e0 Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.

Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.

Fixes #14276

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
2021-04-06 09:10:11 +02:00
Richard Levitte
5ad3e6c56e Include BN assembler alongside CPUID code
It turns out that some CPUID code requires the presence of some BN
assembler code, so we make sure it's included in the same manner as
the CPUID code itself.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14755)
2021-04-02 16:39:13 +02:00
Richard Levitte
ef83daf4da Refactor CPUID code
We were using CPUID coded in several modules, but it was unclear how
it actually got there, and could fail randomly.

To remedy that, this change separates the CPUID C code from the rest
of cryptlib.c, and ensures the right modules get both that and the
assembler sources explicitly.

Fixes #11281

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14755)
2021-04-02 16:39:13 +02:00
Richard Levitte
baf02793fc APPS: Replace the use of OBJ_nid2ln() with name or description calls
With new provided algorithms added, we'd rather rely on the names and
descriptions that we get from the providers.

Specifically with the 'openssl list' command, we now display the
description of all algorithms.  For '-public-key-algorithms', we
additionally print key type information a bit more like we do for
legacy methods.

We also add descriptions to all our keymgmt functions, because the
built in EVP_PKEY_ASN1_METHODs had them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:57:47 +02:00
Richard Levitte
0388823329 EVP: Add EVP_<TYPE>_description()
The following operation types are covered:

EVP_MD, EVP_CIPHER, EVP_MAC, EVP_RAND, EVP_KEYMGMT, EVP_SIGNATURE,
EVP_ASYM_CIPHER, EVP_KEM, EVP_KEYEXCH, EVP_KDF.  Also EVP_PKEY.

For EVP_MD and EVP_CIPHER, OBJ_nid2ln() is used as a fallback for
legacy implementations.

For EVP_PKEY, the info field of the EVP_PKEY_ASN1_METHOD is used as a
fallback for legacy implementations.

Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:57:47 +02:00
Richard Levitte
b638dad970 Add OSSL_STORE_LOADER_description()
Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:57:47 +02:00
Richard Levitte
1010884e0a Add OSSL_DECODER_description() and OSSL_ENCODER_description()
Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:57:47 +02:00
Richard Levitte
309a78aa30 CORE: Add an algorithm_description field to OSSL_ALGORITHM
This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well
as the generic use of OBJ_nid2ln() as a one line description.

We also add the base functionality to make use of this field.

Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-04-02 08:52:37 +02:00
Randall S. Becker
650c668737 Corrected missing definitions from NonStop SPT build.
This change includes swapping the PUT and SPT configuration,
includes of sys/stat.h and sys/types.h in the correct scope
to be picked up by SPT definitions.

Fixes: #14698
Fixes: #14734

CLA: The author has the permission to grant the OpenSSL Team the right to use this change.

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14736)
2021-04-01 15:52:25 +02:00
Tomas Mraz
1f99b53fe5 DSA_generate_parameters_ex: use the old method for all small keys
Fixes #14733

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14744)
2021-04-01 15:50:45 +02:00
Nan Xiao
492bc359dc Fix typos in ssl_lib.c
CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14751)
2021-04-01 15:48:57 +02:00
luyahan
c29554245a Add riscv64 target
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14723)
2021-04-01 15:23:48 +02:00
Nan Xiao
975e37cd01 Remove unnecessary BIO_do_handshake()s
Since BIO_do_connect() and BIO_do_handshake() are same, no
need to invoke BIO_do_handshake() once more after BIO_do_connect().

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14725)
2021-04-01 15:21:47 +02:00
Tomas Mraz
78043fe898 Add "save-parameters" encoder parameter
The parameter makes the dsa key encoder to skip saving the DSA
key parameters similarly to what the legacy dsa key encoder did.

Fixes #14362

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14746)
2021-04-01 14:43:11 +02:00
Tomas Mraz
5050fd5b3b Avoid going through NID when unnecessary
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
2021-04-01 14:39:54 +02:00
Tomas Mraz
b064eebb50 EVP_CIPHER_type: fix misleading argument name
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
2021-04-01 14:39:53 +02:00
Tomas Mraz
83abd33cf7 Drop TODO 3.0 as we cannot get rid of legacy nids in 3.0
Fixes #14393

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
2021-04-01 14:39:53 +02:00
Tomas Mraz
e2e20129a9 OBJ_nid2sn(NID_sha256) is completely equivalent to OSSL_DIGEST_NAME_SHA2_256
The comment is bogus as that call for NID_sha256 does not do
anything else than looking up the string in an internal table.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
2021-04-01 14:39:53 +02:00
Tomas Mraz
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
2021-04-01 14:39:53 +02:00
Shane Lontis
9754665d6b Add macosx build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14738)
2021-04-01 16:46:42 +10:00
Shane Lontis
6ec37db540 Test miminal windows build using Github actions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14737)
2021-04-01 09:11:34 +10:00
Shane Lontis
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.
Fixes #14401

Note that this moves the public key check out of DH compute_key() since
key validation does not belong inside this primitive..
The check has been moved to the EVP_PKEY_derive_set_peer() function so that
it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex()
to disable this behaviour.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14717)
2021-04-01 09:07:08 +10:00
Dr. David von Oheimb
9e6f30e683 CHANGES.md: reflect OSSL_HTTP_REQ_CTX_i2d renamed to OSSL_HTTP_REQ_CTX_set1_req
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
2021-03-31 19:53:05 +02:00
Dr. David von Oheimb
1e6174b1b5 OSSL_HTTP_REQ_CTX_transfer(): improve distinction of send error vs. receive error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
2021-03-31 19:53:05 +02:00
Dr. David von Oheimb
2318379119 OSSL_parse_url(): Improve handling of IPv6 addresses
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
2021-03-31 19:53:05 +02:00
Dr. David von Oheimb
f7c4d86228 80-test_cmp_http.t: Add diagnostic info on starting/stopping mock server
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
2021-03-31 19:53:05 +02:00
Dr. David von Oheimb
e1428c62a1 http_client.c: Prevent spurious error queue entry on NULL mem argument
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14630)
2021-03-31 19:53:05 +02:00
Dr. David von Oheimb
534725fd43 HTTP: Fix method_POST param by moving it to OSSL_HTTP_REQ_CTX_set_request_line()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14699)
2021-03-31 19:51:52 +02:00
Rich Salz
c37b947957 Add a local perl module to get year last changed
This is used for generating a more-correct copyright statement
for the "build_generated" targets.

Fixes: #13765

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13791)
2021-03-31 13:59:53 +02:00
Randall S. Becker
c47a0803ce Split Makefile clean recipe for document sets into individual lines.
This is needed for less capable platforms with limits on the size of
command line argument lists.

Fixes #14732

CLA: The author has the permission to grant the OpenSSL Team the right to use this change.

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14735)
2021-03-31 13:33:35 +10:00
Richard Levitte
b24b72d109 EVP: One stray comma removed in crypto/evp/ctrl_params_translate.c
Commas at the end of a list of items isn't allowed by ANSI C.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
2021-03-31 13:28:46 +10:00
Randall S. Becker
35bc387b97 Added guarding #ifndef/#define to avoid duplicate include of crypto/types.h
Fixes #14730

CLA: The author has the permission to grant the OpenSSL Team the right to use this change.

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
2021-03-31 13:28:46 +10:00
Richard Levitte
a350e3ef38 Re-implement ANSI C building with a Github workflow
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
2021-03-31 13:28:46 +10:00