summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Drop daily run-checker build with just enable-acvp-testsTomas Mraz2021-07-161-1/+0
| | | | | | | | Having just enable-acvp-tests without enable-fips does not make much sense as this just builds the test but it is skipped. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16076)
* CI: have enable-acvp-tests in some CI buildTomas Mraz2021-07-161-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16076)
* Signature algos: allow having identical digest in paramsTomas Mraz2021-07-163-17/+43
| | | | | | | | | | | The flag_allow_md prevents setting a digest in params however this is unnecessarily strict. If the digest is the same as the one already set, we do not return an error. Fixes #16071 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16076)
* acvp_test: Fix incorrect parenthesisTomas Mraz2021-07-161-2/+2
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16076)
* apps: Use the first detected address family if IPv6 is not availableDaiki Ueno2021-07-161-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | This is a follow up of 15729bef385211bc2a0497e2d53a45c45d677d2c. Even when the host does not support IPv6 at all, BIO_lookup_ex may now return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of the ai_next field. After eee8a40aa5e06841eed6fa8eb4f6109238d59aea, the do_server function prefers the IPv6 address and fails on the BIO_socket call. This adds a fallback code to retry with the IPv4 address returned as the first element to avoid the error. The failure had been partially avoided in the previous code with AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no IPv6 address is associated with external interface. However, it would be still a problem if the external interface has an IPv6 address assigned, while the loopback interface doesn't. Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16074)
* Split bignum code out of the sparcv9cap.cTomas Mraz2021-07-1528-103/+157
| | | | | | | Fixes #15978 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16019)
* doc: document the params arguments to the initialisation functions.Pauli2021-07-152-4/+8
| | | | | | | | | These were accidentally omitted when the arguments were added globally. Fixes #16067 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16072)
* evp: constify some OSSL_PARAM argumentsPauli2021-07-152-5/+5
| | | | | | | These were missed when the initialisation params were added Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16072)
* Make EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check()Tomas Mraz2021-07-152-18/+4
| | | | | | | | | | | | The implementation of EVP_PKEY_pairwise_check() is also changed to handle the legacy keys. Fixes #16046 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16069)
* doc: Document that incomplete certificates return errorTomas Mraz2021-07-154-6/+10
| | | | | | | Fixes #16065 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16070)
* test: add single byte IV AES GCM testsPauli2021-07-141-0/+103
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16064)
* Remove lower limit on GCM mode ciphersPauli2021-07-144-12/+5
| | | | | | | | Fixes #16057 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16064)
* apps: avoid using POSIX IO macros and functions when built without them.Pauli2021-07-141-13/+23
| | | | | | | | | | Fall back to stdio functions if not available. Fixes a daily run-checker failure (no-posix-io) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16073)
* Fix OSSL_TRACE9 missing arg9Syrone Wong2021-07-141-1/+1
| | | | | | | | | | | | Signed-off-by: Syrone Wong <wong.syrone@gmail.com> CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16060)
* Avoid empty lines in nmake rule bodiesRichard Levitte2021-07-131-13/+13
| | | | | | | | | | | | | nmake is tolerant of those empty lines, but jom isn't. That tolerance isn't standard make behaviour, so we lean towards avoiding them. We simply use '@rem' instead. Fixes #16014 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16048)
* Remove executable mode attributes of non-executable filesTianjia Zhang2021-07-1310-0/+0
| | | | | | | | | | | Remove the executable attributes of some C code files and key files, change the file mode from 0755 to 0644. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16045)
* asn.1: fix Coverity 1487104 Logically dead codePauli2021-07-131-4/+5
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16042)
* doc: document the new opt_legacy_okay() function's behaviourPauli2021-07-121-1/+9
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* app: add library context and propq arguments to opt_md() and opt_cipher()Pauli2021-07-121-5/+14
| | | | | | | Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* apps: add a function opt_legacy_okay() that indicates if legacy paths are ↵Pauli2021-07-121-0/+32
| | | | | | | | | | | permitted or not By default they are. However, if a provider, provider path or a property query has been specified they are not. Likewise, if a library context or a property query has been specified by the command, they are not. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* apps: add query to allow a command to know of a provider command line option ↵Pauli2021-07-122-0/+18
| | | | | | | | | | | | | | | | | was processed Better fixing: Fixing #15683 Fixing #15686 Replacing rather than fixing: Fixing #15414 Since that claims to fix another: Fixing #15372 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* test: make build descriptions more consistentPauli2021-07-121-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* test: add a shim function for the apps's opt_legacy_okay() functionPauli2021-07-121-0/+26
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* test: rename apps_mem.c to be apps_shims.c in anticipation of additonal ↵Pauli2021-07-122-1/+1
| | | | | | | functions Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* Fix legacy OCSP_REQ_CTX_http() function to expect ASN.1 formatted inputDr. David von Oheimb2021-07-111-2/+3
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16029)
* Improve doc of OSSL_HTTP_REQ_CTX_set_expected() on timeout param < 0Dr. David von Oheimb2021-07-112-3/+5
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16029)
* BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is givenDaiki Ueno2021-07-101-1/+1
| | | | | | | | | | | | | The flag only affects which record types are queried via DNS (A or AAAA, or both). When node is NULL and AF_UNSPEC is used, it prevents getaddrinfo returning the right address associated with the loopback interface. Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16033)
* test_cmp_ctx: Avoid using empty X509 with i2dTomas Mraz2021-07-102-5/+23
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/16036)
* Fix test/asn1_encode_test.c to handle encoding/decoding failureRichard Levitte2021-07-101-22/+27
| | | | | | | | Make it only report (and fail on) encoding/decoding failures when success is expected. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16036)
* Fix test/asn1_encode_test.c to not use ASN1_FBOOLEANRichard Levitte2021-07-101-5/+5
| | | | | | | | | ASN1_FBOOLEAN is designed to use as a default for optional ASN1 items. This test program used it for non-optional items, which doesn't encode well. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16036)
* ASN.1: Refuse to encode to DER if non-optional items are missingRichard Levitte2021-07-101-9/+20
| | | | | | | Fixes #16026 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16036)
* TEST: Check that i2d refuses to encode non-optional items with no contentRichard Levitte2021-07-101-0/+44
| | | | | | | | The test case creates an RSA public key and tries to pass it through i2d_PrivateKey(). This SHOULD fail, since the private bits are missing. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16036)
* Configurations/unix-Makefile.tmpl: use platform->sharedlib() as fallbackRichard Levitte2021-07-101-1/+2
| | | | | | | | | | If platform->sharedlib_simple() and platform->sharedlib_import() return undefined, try platform->sharedlib() as a fallback before platform->staticlib(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16023)
* platform->sharedlib_simple(): return undef when same as platform->sharedlib()Richard Levitte2021-07-101-0/+1
| | | | | | | | | | | | | On some Unix-like platforms, there is no such thing as versioned shared libraries. In this case, platform->sharedlib_simple() should simply return undef. Among others, this avoids the shared libraries to be installed as symlinks on themselves. Fixes #16012 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16023)
* Fix s_server PSK handlingMatt Caswell2021-07-091-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #15951 describes a scenario which causes s_server to fail when using a PSK. In the originally described issue this only impacted master and not 1.1.1. However, in fact this issue does also impact 1.1.1 - but only if you additionally supply the option "-no_ticket" to the s_server command line. The difference between the behaviour in master and 1.1.1 is due to 9c13b49, which changed PSK_MAX_IDENTITY_LEN from 128 to 256. It just so happens that a default OpenSSL TLSv1.3 ticket length happens to fall between those 2 values. Tickets are presented in TLSv1.3 as a PSK "identity". Passing "no_ticket" doesn't actually stop TLSv1.3 tickets completely, it just forces the use of "session ids as a ticket" instead. This significantly reduces the ticket size to below 128 in 1.1.1. The problem was due to s_server setting a TLSv1.2 PSK callback and a TLSv1.3 PSK callback. For backwards compat reasons the TLSv1.2 PSK callbacks also work in TLSv1.3 but are not preferred. In the described scenario we use a PSK to create the initial connection. Subsequent to that we attempt a resumption using a TLSv1.3 ticket (psk). If the psk length is below PSK_MAX_IDENTITY_LEN then we first call the TLSv1.2 PSK callback. Subsequently we call the TLSv1.3 PSK callback. Unfortunately s_server's TLSv1.2 PSK callback accepts the identity regardless, even though it is an unexpected value, and hence the binder subsequently fails to verify. The fix is to bail early in the TLSv1.2 callback if we detect we are being called from a TLSv1.3 connection. Fixes #15951 Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16008)
* Add a PKCS12 test to check with one input cert we get one output certMatt Caswell2021-07-091-1/+15
| | | | | | | | | | | Following on from the regression in issue #15983, add a test that with one input cert, we get one cert in the pkcs12 file, and that it has the expected friendlyName. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16001)
* Don't add the first pkcs12 certificate multiple timesMatt Caswell2021-07-091-4/+7
| | | | | | | | | | | | | | This fixes a regression introduced by commit 1d6c867. When exporting a set of certificates to a PKCS12 file we shouldn't add the first one twice. Also we restore historic behaviour with respect to the canames option where we have no ee certificate with key. Fixes #15983 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16001)
* apps: fix Coverity 1451531 Unchecked return valuePauli2021-07-091-11/+13
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15994)
* evp: detect and raise an error if no digest is found for a sign/verify operationPauli2021-07-081-1/+8
| | | | | | | | | | | | | | If no digest is specified, the code looks for a default digest per PKEY via the evp_keymgmt_util_get_deflt_digest_name() call. If this call returns NULL, indicating no digest found, the code continues regardless. If the verify/sign init later fails, it returns an error without raising one. This change raises an error in this case. Fixes #15372 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16015)
* Fix compile warning with GCC 11.Juergen Christ2021-07-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When configured with strict warnings, GCC 11 complains about a possible stringop-translation: Config: /usr/bin/perl ./Configure enable-asan enable-ubsan enable-zlib-dynamic \ enable-unit-test enable-md2 enable-rc5 enable-buildtest-c++ \ enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-fips -w \ --strict-warnings Warning: crypto/evp/ctrl_params_translate.c: In function 'fix_rsa_pss_saltlen': crypto/evp/ctrl_params_translate.c:1356:13: error: 'strncpy' specified bound 50 equals destination size [-Werror=stringop-truncation] 1356 | strncpy(ctx->name_buf, str_value_map[i].ptr, sizeof(ctx->name_buf)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fix by copying one byte less than the buffer size. We anyway overwrite the last byte. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15993)
* Made foreign bit field unsigned in evp.hRandall S. Becker2021-07-081-1/+1
| | | | | | | | | | | | | Fixes #16010 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16011)
* Fix bug in X509_print_exRich Salz2021-07-081-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If the user set nmflags == XN_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed. The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == XN_FLAG_COMPAT and by returning -1 if nmflags != XN_FLAG_COMPAT. Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != XN_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty Thanks to Ingo Schwarze <schwarze@openbsd.org> for finding the bug, and Joel Sing <jsing@openbsd.org> for contributing an idea for the fix. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16009)
* Fix comment for test_negotiated_group() test orderBenjamin Kaduk2021-07-071-4/+4
| | | | | | | | | | | Because of how the 'client_multi' variable is set, we end up running the tests where the client configures multiple groups (and the server only configures one) before the ones where the server configures multiple groups (and the client only configures one). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16007)
* CRYPTO: Remove the check for built-in methods in the export_to functionRichard Levitte2021-07-074-28/+0
| | | | | | | | | | | | | | | | | | That check was seen as necessary at the time, but other changes have been made since, so we now have better control on when we're handling legacy structures and methods, making it safe to run the export_to function on keys with foreign methods. The basic message is that foreign methods must set key structure values according to our standards no matter what, or not set them at all. This has really always been the case, but was harder to see at the time because of interaction with other bugs. Fixes #15927 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15996)
* bn: procduce correct sign for result of BN_mod()Pauli2021-07-072-5/+79
| | | | | | | | | | | There is a problem that appears when calling BN_div(a, c, a, b) with negative b. In this case, the sign of the remainder c is incorrect. The problem only occurs if the dividend and the quotient are the same BIGNUM. Fixes #15982 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15991)
* changes: add entry noting the removal of ERR_GET_FUNC()Pauli2021-07-061-0/+8
| | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16004)
* doc: update documentation to note removal of ERR_GET_FUNC()Pauli2021-07-061-8/+6
| | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16004)
* err: remove ERR_GET_FUNC()Pauli2021-07-062-6/+0
| | | | | | | | | | | | This is problematic in 3.0 because the function codes are all defined as zero. This leads to either every error matching or no error ever matching. Both are problematic for users. The OTC vote resolved to remove this function completely. Fixes #15946 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16004)
* test: add some integral type size sanity checksPauli2021-07-061-1/+34
| | | | | | | | | With the recent problem on VMS of maxint_t being defined as a 32 bit integer despite OpenSSL mandating 64 bit integers being available, it seems prudent to add some sanity checks for out integral types. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15830)
* util: add -fips option to wrap.pl to make using the FIPS provider easierPauli2021-07-061-0/+14
| | | | | | | | Without this option, I find I need to figure out which environment variables point where which wastes effort. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15966)