[openssl] master update
The branch master has been updated via 283df0b84bb6c35ad1291cabd6f693328faca267 (commit) via f5f29796f00b94d150087bc72469a4f60a67a23b (commit) via 2741128e9deeb7f6fd73f10a1c657c05433a41cb (commit) from dc9ec65a018d92306e4b3139239505c5cfc5b15e (commit) - Log - commit 283df0b84bb6c35ad1291cabd6f693328faca267 Author: Tomas Mraz Date: Tue Feb 9 13:25:16 2021 +0100 Rename internal providercommonerr.h to less mouthful proverr.h Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14086) commit f5f29796f00b94d150087bc72469a4f60a67a23b Author: Tomas Mraz Date: Fri Feb 5 18:51:37 2021 +0100 Various cleanup of PROV_R_ reason codes Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14086) commit 2741128e9deeb7f6fd73f10a1c657c05433a41cb Author: Tomas Mraz Date: Fri Feb 5 17:40:42 2021 +0100 Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications or third party providers. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14086) --- Summary of changes: crypto/err/err_all.c | 2 +- crypto/err/openssl.ec | 2 +- crypto/err/openssl.txt | 24 +++-- .../openssl/proverr.h | 38 +--- .../common/include/prov/proverr.h | 6 ++-- providers/common/provider_err.c| 41 ++ providers/common/provider_util.c | 2 +- providers/common/securitycheck.c | 2 +- providers/common/securitycheck_fips.c | 2 +- providers/fips/fipsprov.c | 2 +- providers/fips/self_test.c | 2 +- providers/implementations/asymciphers/rsa_enc.c| 2 +- providers/implementations/asymciphers/sm2_enc.c| 2 +- .../ciphers/cipher_aes_cbc_hmac_sha.c | 2 +- .../implementations/ciphers/cipher_aes_cts.inc | 2 +- providers/implementations/ciphers/cipher_aes_hw.c | 4 +-- .../ciphers/cipher_aes_hw_aesni.inc| 2 +- .../implementations/ciphers/cipher_aes_hw_t4.inc | 2 +- providers/implementations/ciphers/cipher_aes_ocb.c | 4 +-- providers/implementations/ciphers/cipher_aes_siv.c | 2 +- providers/implementations/ciphers/cipher_aes_wrp.c | 2 +- providers/implementations/ciphers/cipher_aes_xts.c | 2 +- providers/implementations/ciphers/cipher_aria_hw.c | 3 +- .../implementations/ciphers/cipher_camellia_hw.c | 5 +-- .../ciphers/cipher_camellia_hw_t4.inc | 2 +- providers/implementations/ciphers/cipher_cast5.c | 2 +- .../implementations/ciphers/cipher_chacha20.c | 2 +- .../ciphers/cipher_chacha20_poly1305.c | 10 +++--- providers/implementations/ciphers/cipher_des.c | 6 ++-- providers/implementations/ciphers/cipher_null.c| 2 +- providers/implementations/ciphers/cipher_rc2.c | 2 +- .../implementations/ciphers/cipher_rc4_hmac_md5.c | 2 +- providers/implementations/ciphers/cipher_rc5.c | 2 +- providers/implementations/ciphers/cipher_tdes.c| 4 +-- .../implementations/ciphers/cipher_tdes_common.c | 6 ++-- .../implementations/ciphers/cipher_tdes_wrap.c | 2 +- providers/implementations/ciphers/ciphercommon.c | 6 ++-- .../implementations/ciphers/ciphercommon_block.c | 2 +- .../implementations/ciphers/ciphercommon_ccm.c | 18 +- .../implementations/ciphers/ciphercommon_gcm.c | 6 ++-- providers/implementations/digests/digestcommon.c | 4 +-- providers/implementations/digests/mdc2_prov.c | 2 +- providers/implementations/digests/sha3_prov.c | 2 +- .../implementations/encode_decode/decode_der2key.c | 4 +-- .../implementations/encode_decode/decode_pem2der.c | 2 +- .../implementations/encode_decode/encode_key2any.c | 4 +-- .../encode_decode/encode_key2text.c| 2 +- providers/implementations/exchange/ecx_exch.c | 2 +- providers/implementations/kdfs/hkdf.c | 2 +- providers/implementations/kdfs/kbkdf.c | 2 +- providers/implementations/kdfs/krb5kdf.c | 2 +- providers/implementations/kdfs/pbkdf2.c| 6 ++-- providers/implementations/kdfs/pkcs12kdf.c | 2 +- providers/implementations/kdfs/scrypt.c| 2 +- providers/implementations/kdfs/sshkdf.c| 2 +-
[openssl] master update
The branch master has been updated
via 4d2a6159db1060ca38a3808cfa60bac46737c670 (commit)
from 604b86d8d360e36fc2fc0d1611d05bf38699d297 (commit)
- Log -
commit 4d2a6159db1060ca38a3808cfa60bac46737c670
Author: Tomas Mraz
Date: Thu Feb 4 19:25:44 2021 +0100
Deprecate BN_pseudo_rand() and BN_pseudo_rand_range()
The functions are obsolete aliases for BN_rand() and BN_rand_range()
since 1.1.0.
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/14080)
---
Summary of changes:
CHANGES.md | 6 ++
crypto/bn/bn_rand.c | 2 ++
doc/man3/BN_rand.pod| 15 +--
include/openssl/bn.h| 4
test/ec_internal_test.c | 4 ++--
util/libcrypto.num | 4 ++--
6 files changed, 25 insertions(+), 10 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 7c934935eb..318cce84fc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -40,6 +40,12 @@ OpenSSL 3.0
*Rich Salz*
+ * Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range()
+ functions. They are identical to BN_rand() and BN_rand_range()
+ respectively.
+
+ *Tomáš Mráz*
+
* Deprecated the obsolete X9.31 RSA key generation related functions
BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
BN_X931_generate_prime_ex().
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index c6dd6e8814..3068c28710 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -217,6 +217,7 @@ int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
return bnrand_range(PRIVATE, r, range, NULL);
}
+# ifndef OPENSSL_NO_DEPRECATED_3_0
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return BN_rand(rnd, bits, top, bottom);
@@ -226,6 +227,7 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
{
return BN_rand_range(r, range);
}
+# endif
#endif
/*
diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod
index 01c3ff4dd1..38ef8f47f0 100644
--- a/doc/man3/BN_rand.pod
+++ b/doc/man3/BN_rand.pod
@@ -17,14 +17,17 @@ BN_pseudo_rand_range
int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
-
int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+OPENSSL_API_COMPAT with a suitable version value, see
+openssl_user_macros(7):
+
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
=head1 DESCRIPTION
@@ -93,13 +96,13 @@ L
Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical
to BN_rand() and BN_pseudo_rand_range() has been identical to
BN_rand_range().
-The "pseudo" functions should not be used and may be deprecated in
-a future release.
+The BN_pseudo_rand() and BN_pseudo_rand_range() functions were
+deprecated in OpenSSL 3.0.
=item *
-The
-BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.
+The BN_priv_rand() and BN_priv_rand_range() functions were added in
+OpenSSL 1.1.1.
=item *
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 39383f8509..1e4b27bf02 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -222,8 +222,12 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range,
BN_CTX *ctx);
int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+OSSL_DEPRECATEDIN_3_0
int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+# endif
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG l);
int BN_security_bits(int L, int N);
diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
index d3db698467..345ce199c5 100644
--- a/test/ec_internal_test.c
+++ b/test/ec_internal_test.c
@@ -38,8 +38,8 @@ static int group_field_tests(const EC_GROUP *group, BN_CTX
*ctx)
|| !TEST_true(group->meth->field_inv(group, b, BN_value_one(), ctx))
|| !TEST_true(BN_is_one(b))
/* (1/a)*a = 1 */
-|| !TEST_true(BN_pseudo_rand(a, BN_num_bits(group->field) - 1,
- BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+|| !TEST_true(BN_rand(a, BN_num_bits(group->field) - 1,
+ BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
||
[openssl] master update
The branch master has been updated via 93b39c85c9bbf4b40d3cc2486a0ecac50422b2f3 (commit) from 4d2a6159db1060ca38a3808cfa60bac46737c670 (commit) - Log - commit 93b39c85c9bbf4b40d3cc2486a0ecac50422b2f3 Author: Tomas Mraz Date: Thu Feb 4 18:40:33 2021 +0100 CHANGES.md: Mention RSA key generation slowdown related changes Fixes #14068 Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14073) --- Summary of changes: CHANGES.md | 18 +- doc/man3/BN_generate_prime.pod | 3 +++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 318cce84fc..380cd07886 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -52,7 +52,23 @@ OpenSSL 3.0 *Tomáš Mráz* - * Deprecate EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn() + * The default key generation method for the regular 2-prime RSA keys was + changed to the FIPS 186-4 B.3.6 method (Generation of Probable Primes with + Conditions Based on Auxiliary Probable Primes). This method is slower + than the original method. + + *Shane Lontis* + + * Deprecated the BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions. + They are replaced with the BN_check_prime() function that avoids possible + misuse and always uses at least 64 rounds of the Miller-Rabin + primality test. At least 64 rounds of the Miller-Rabin test are now also + used for all prime generation, including RSA key generation. + This increases key generation time, especially for larger keys. + + *Kurt Roeckx* + + * Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn() as they are not useful with non-deprecated functions. *Rich Salz* diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index 6b2ca3baab..288969c525 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -233,6 +233,9 @@ L =head1 HISTORY +The BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions were +deprecated in OpenSSL 3.0. + The BN_GENCB_new(), BN_GENCB_free(), and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0.
[openssl] master update
The branch master has been updated
via bbde8566191e5851f4418cbb8acb0d50b16170d8 (commit)
via 26372a4d44f0b4ef5423228b8bf975a5a7c814cb (commit)
from e60147fe74c202ef3ce5d36115252b7c3c504cd7 (commit)
- Log -
commit bbde8566191e5851f4418cbb8acb0d50b16170d8
Author: Tomas Mraz
Date: Fri Jan 29 17:02:32 2021 +0100
RSA: properly generate algorithm identifier for RSA-PSS signatures
Fixes #13969
- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
reflects the actual parameters set
- when generating keys do not override previously set parameters
with defaults
- tests added to the test_req recipe that should cover the PSS signature
handling
Reviewed-by: Richard Levitte
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/13988)
commit 26372a4d44f0b4ef5423228b8bf975a5a7c814cb
Author: Tomas Mraz
Date: Wed Jan 27 10:22:41 2021 +0100
provider-signature.pod: Fix formatting.
Reviewed-by: Richard Levitte
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/13988)
---
Summary of changes:
crypto/rsa/rsa_ameth.c| 4 +-
crypto/rsa/rsa_backend.c | 8 +-
crypto/rsa/rsa_pss.c | 4 +-
doc/man7/provider-signature.pod | 8 +-
include/crypto/rsa.h | 1 +
providers/common/der/der_rsa.h.in | 5 +-
providers/common/der/der_rsa_key.c| 32 +--
providers/common/der/der_rsa_sig.c| 2 +-
providers/implementations/keymgmt/rsa_kmgmt.c | 17 +-
providers/implementations/signature/rsa.c | 295 +-
test/recipes/25-test_req.t| 54 -
test/testrsapssmandatory.pem | 29 +++
12 files changed, 322 insertions(+), 137 deletions(-)
create mode 100644 test/testrsapssmandatory.pem
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 852facf577..e2dec1c98d 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -943,6 +943,7 @@ static int rsa_int_import_from(const OSSL_PARAM params[],
void *vpctx,
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
RSA *rsa = ossl_rsa_new_with_ctx(pctx->libctx);
RSA_PSS_PARAMS_30 rsa_pss_params = { 0, };
+int pss_defaults_set = 0;
int ok = 0;
if (rsa == NULL) {
@@ -953,7 +954,8 @@ static int rsa_int_import_from(const OSSL_PARAM params[],
void *vpctx,
RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
RSA_set_flags(rsa, rsa_type);
-if (!ossl_rsa_pss_params_30_fromdata(_pss_params, params,
pctx->libctx))
+if (!ossl_rsa_pss_params_30_fromdata(_pss_params, _defaults_set,
+ params, pctx->libctx))
goto err;
switch (rsa_type) {
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index 2f430b34d4..84f070a7ce 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -217,6 +217,7 @@ int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30
*pss,
}
int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
+int *defaults_set,
const OSSL_PARAM params[],
OSSL_LIB_CTX *libctx)
{
@@ -249,10 +250,13 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30
*pss_params,
* restrictions, so we start by setting default values, and let each
* parameter override their specific restriction data.
*/
-if (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL
-|| param_saltlen != NULL)
+if (!*defaults_set
+&& (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL
+|| param_saltlen != NULL)) {
if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
return 0;
+*defaults_set = 1;
+}
if (param_mgf != NULL) {
int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 1b73cbb0f6..3a92ed04dd 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -113,7 +113,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char
*mHash,
goto err;
}
if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) {
-ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
+ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED,
+ "expected: %d retrieved: %d", sLen,
+ maskedDBLen - i);
goto err;
}
if (!EVP_DigestInit_ex(ctx, Hash, NULL)
diff --git
[openssl] master update
The branch master has been updated
via 28e1904250183c25faad1744fead96f205559270 (commit)
from 963a65bfb41562909d1800339f7b1e3cfc0a39bf (commit)
- Log -
commit 28e1904250183c25faad1744fead96f205559270
Author: Tomas Mraz
Date: Mon Feb 1 15:15:43 2021 +0100
apps/ecparam: Avoid crash when parameters fail to load
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/14043)
---
Summary of changes:
apps/ecparam.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 33b24781e3..762da3f2c9 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -238,7 +238,7 @@ int ecparam_main(int argc, char **argv)
}
} else {
params_key = load_keyparams(infile, 1, "EC", "EC parameters");
-if (!EVP_PKEY_is_a(params_key, "EC"))
+if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC"))
goto end;
if (point_format
&& !EVP_PKEY_set_utf8_string_param(
[openssl] master update
The branch master has been updated
via 963a65bfb41562909d1800339f7b1e3cfc0a39bf (commit)
from 1409b5f664f21a52d23d7b9d0e0f962e2bde2b9e (commit)
- Log -
commit 963a65bfb41562909d1800339f7b1e3cfc0a39bf
Author: Armin Fuerst
Date: Fri Jan 29 19:16:14 2021 +0100
apps/ca: Properly handle certificate expiration times in do_updatedb
Fixes #13944
+ changed ASN1_UTCTIME to ASN1_TIME
+ removed all Y2K code from do_updatedb
+ changed compare to ASN1_TIME_compare
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/14026)
(cherry picked from commit dabea5447dc487983a50a40856f731db0db17a8e)
---
Summary of changes:
apps/ca.c | 51 ---
1 file changed, 20 insertions(+), 31 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 304e4a58ae..61e49336d0 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2268,62 +2268,51 @@ static int get_certificate_status(const char *serial,
CA_DB *db)
static int do_updatedb(CA_DB *db)
{
-ASN1_UTCTIME *a_tm = NULL;
+ASN1_TIME *a_tm = NULL;
int i, cnt = 0;
-int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
-char **rrow, *a_tm_s;
+char **rrow;
-a_tm = ASN1_UTCTIME_new();
+a_tm = ASN1_TIME_new();
if (a_tm == NULL)
return -1;
-/* get actual time and make a string */
+/* get actual time */
if (X509_gmtime_adj(a_tm, 0) == NULL) {
-ASN1_UTCTIME_free(a_tm);
+ASN1_TIME_free(a_tm);
return -1;
}
-a_tm_s = app_malloc(a_tm->length + 1, "time string");
-
-memcpy(a_tm_s, a_tm->data, a_tm->length);
-a_tm_s[a_tm->length] = '\0';
-
-if (strncmp(a_tm_s, "49", 2) <= 0)
-a_y2k = 1;
-else
-a_y2k = 0;
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == DB_TYPE_VAL) {
/* ignore entries that are not valid */
-if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
-db_y2k = 1;
-else
-db_y2k = 0;
+ASN1_TIME *exp_date = NULL;
-if (db_y2k == a_y2k) {
-/* all on the same y2k side */
-if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
-rrow[DB_type][0] = DB_TYPE_EXP;
-rrow[DB_type][1] = '\0';
-cnt++;
+exp_date = ASN1_TIME_new();
+if (exp_date == NULL) {
+ASN1_TIME_free(a_tm);
+return -1;
+}
-BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
-}
-} else if (db_y2k < a_y2k) {
+if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
+ASN1_TIME_free(a_tm);
+ASN1_TIME_free(exp_date);
+return -1;
+}
+
+if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
-
+ASN1_TIME_free(exp_date);
}
}
-ASN1_UTCTIME_free(a_tm);
-OPENSSL_free(a_tm_s);
+ASN1_TIME_free(a_tm);
return cnt;
}
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via dabea5447dc487983a50a40856f731db0db17a8e (commit)
from 2d8109f5f8205ac247630f397582727b9682be38 (commit)
- Log -
commit dabea5447dc487983a50a40856f731db0db17a8e
Author: Armin Fuerst
Date: Fri Jan 29 19:16:14 2021 +0100
apps/ca: Properly handle certificate expiration times in do_updatedb
Fixes #13944
+ changed ASN1_UTCTIME to ASN1_TIME
+ removed all Y2K code from do_updatedb
+ changed compare to ASN1_TIME_compare
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/14026)
---
Summary of changes:
apps/ca.c | 51 ---
1 file changed, 20 insertions(+), 31 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 6c9b1e57bc..3346042aa8 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial,
CA_DB *db)
static int do_updatedb(CA_DB *db)
{
-ASN1_UTCTIME *a_tm = NULL;
+ASN1_TIME *a_tm = NULL;
int i, cnt = 0;
-int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
-char **rrow, *a_tm_s;
+char **rrow;
-a_tm = ASN1_UTCTIME_new();
+a_tm = ASN1_TIME_new();
if (a_tm == NULL)
return -1;
-/* get actual time and make a string */
+/* get actual time */
if (X509_gmtime_adj(a_tm, 0) == NULL) {
-ASN1_UTCTIME_free(a_tm);
+ASN1_TIME_free(a_tm);
return -1;
}
-a_tm_s = app_malloc(a_tm->length + 1, "time string");
-
-memcpy(a_tm_s, a_tm->data, a_tm->length);
-a_tm_s[a_tm->length] = '\0';
-
-if (strncmp(a_tm_s, "49", 2) <= 0)
-a_y2k = 1;
-else
-a_y2k = 0;
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == DB_TYPE_VAL) {
/* ignore entries that are not valid */
-if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
-db_y2k = 1;
-else
-db_y2k = 0;
+ASN1_TIME *exp_date = NULL;
-if (db_y2k == a_y2k) {
-/* all on the same y2k side */
-if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
-rrow[DB_type][0] = DB_TYPE_EXP;
-rrow[DB_type][1] = '\0';
-cnt++;
+exp_date = ASN1_TIME_new();
+if (exp_date == NULL) {
+ASN1_TIME_free(a_tm);
+return -1;
+}
-BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
-}
-} else if (db_y2k < a_y2k) {
+if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
+ASN1_TIME_free(a_tm);
+ASN1_TIME_free(exp_date);
+return -1;
+}
+
+if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
-
+ASN1_TIME_free(exp_date);
}
}
-ASN1_UTCTIME_free(a_tm);
-OPENSSL_free(a_tm_s);
+ASN1_TIME_free(a_tm);
return cnt;
}
[openssl] master update
The branch master has been updated
via 1409b5f664f21a52d23d7b9d0e0f962e2bde2b9e (commit)
from 66194839fe9ae48cff51a4cdac25760a13b3868c (commit)
- Log -
commit 1409b5f664f21a52d23d7b9d0e0f962e2bde2b9e
Author: Rich Salz
Date: Thu Jan 28 15:47:53 2021 -0500
Deprecate EVP_MD_CTX_{set_}update_fn()
They are still used internally in legacy code.
Also fixed up some minor things in EVP_DigestInit.pod
Fixes: #14003
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/14008)
---
Summary of changes:
CHANGES.md | 5 +
doc/man3/EVP_DigestInit.pod | 24
include/openssl/evp.h | 4
util/libcrypto.num | 4 ++--
4 files changed, 27 insertions(+), 10 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 6877e8ad94..d80016560e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -35,6 +35,11 @@ OpenSSL 3.0
*Tomáš Mráz*
+ * Deprecate EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
+ as they are not useful with non-deprecated functions.
+
+ *Rich Salz*
+
* Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 082f26370c..3a17243976 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -80,11 +80,6 @@ EVP_MD_do_all_provided
int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
- int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
- const void *data, size_t count);
- void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
- int (*update)(EVP_MD_CTX *ctx,
- const void *data, size_t count));
const EVP_MD *EVP_md_null(void);
@@ -99,6 +94,17 @@ EVP_MD_do_all_provided
void (*fn)(EVP_MD *mac, void *arg),
void *arg);
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B with a suitable version value, see
+L:
+
+ int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+ const void *data, size_t count);
+
+ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+ int (*update)(EVP_MD_CTX *ctx,
+ const void *data, size_t count));
+
=head1 DESCRIPTION
The EVP digest routines are a high-level interface to message digests,
@@ -325,7 +331,7 @@ should not be used after the EVP_MD_CTX is freed.
=item EVP_MD_CTX_set_update_fn()
Sets the update function for I to I.
-This is the function that is called by EVP_DigestUpdate. If not set, the
+This is the function that is called by EVP_DigestUpdate(). If not set, the
update function from the B type specified at initialization is used.
=item EVP_MD_CTX_update_fn()
@@ -645,10 +651,12 @@ later, so now EVP_sha1() can be used with RSA and DSA.
The EVP_dss1() function was removed in OpenSSL 1.1.0.
-The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.
+The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1.
The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_CTX_set_params()
-and EVP_MD_CTX_get_params() functions were added in 3.0.
+and EVP_MD_CTX_get_params() functions were added in OpenSSL 3.0.
+The EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated
+in OpenSSL 3.0.
=head1 COPYRIGHT
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 3b967202da..f5e3592c30 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -533,11 +533,15 @@ int EVP_MD_block_size(const EVP_MD *md);
unsigned long EVP_MD_flags(const EVP_MD *md);
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count);
+OSSL_DEPRECATEDIN_3_0
void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
int (*update) (EVP_MD_CTX *ctx,
const void *data, size_t count));
+# endif
# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_md(e))
# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
# define EVP_MD_CTX_block_size(e)EVP_MD_block_size(EVP_MD_CTX_md(e))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 77612218c7..cbba0768b1 100644
[openssl] master update
The branch master has been updated via 66194839fe9ae48cff51a4cdac25760a13b3868c (commit) from 6a1a6498ac4ecfb95331e30fc52d6e25cafbba43 (commit) - Log - commit 66194839fe9ae48cff51a4cdac25760a13b3868c Author: Tomas Mraz Date: Mon Feb 1 22:07:17 2021 +0100 Add diacritics to my name in CHANGES.md Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14044) --- Summary of changes: CHANGES.md | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index c10593c327..6877e8ad94 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -33,7 +33,7 @@ OpenSSL 3.0 BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and BN_X931_generate_prime_ex(). - *Tomas Mraz* + *Tomáš Mráz* * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(), OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(), @@ -116,7 +116,7 @@ OpenSSL 3.0 read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs. Or load an EVP_PKEY directly from EC data using EVP_PKEY_fromdata(). - *Shane Lontis, Paul Dale, Richard Levitte, and Tomas Mraz* + *Shane Lontis, Paul Dale, Richard Levitte, and Tomáš Mráz* * Deprecated all the libcrypto and libssl error string loading functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(), @@ -312,7 +312,7 @@ OpenSSL 3.0 * Handshake now fails if Extended Master Secret extension is dropped on renegotiation. - *Tomas Mraz* + *Tomáš Mráz* * Dropped interactive mode from the `openssl` program. From now on, running it without arguments is equivalent to `openssl help`. @@ -1015,7 +1015,7 @@ OpenSSL 3.0 * Certificate verification using `X509_verify_cert()` meanwhile rejects EC keys with explicit curve parameters (specifiedCurve) as required by RFC 5480. - *Tomas Mraz* + *Tomáš Mráz* * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a encoded key @@ -1162,7 +1162,7 @@ OpenSSL 3.0 * Use SHA256 as the default digest for TS query in the `ts` app. - *Tomas Mraz* + *Tomáš Mráz* * Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898. This checks that the salt length is at least 128 bits, the derived key @@ -1471,7 +1471,7 @@ OpenSSL 1.1.1 * Certificates with explicit curve parameters are now disallowed in verification chains if the X509_V_FLAG_X509_STRICT flag is used. - *Tomas Mraz* + *Tomáš Mráz* * The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configuring DTLS-based contexts, and @@ -1492,7 +1492,7 @@ OpenSSL 1.1.1 * Handshake now fails if Extended Master Secret extension is dropped on renegotiation. - *Tomas Mraz* + *Tomáš Mráz* * The Oracle Developer Studio compiler will start reporting deprecated APIs @@ -1527,7 +1527,7 @@ OpenSSL 1.1.1 reporting the EOF via SSL_ERROR_SSL is kept on the current development branch and will be present in the 3.0 release. - *Tomas Mraz* + *Tomáš Mráz* * Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1 when primes for RSA keys are computed. @@ -2271,7 +2271,7 @@ OpenSSL 1.1.1 * Ignore the '-named_curve auto' value for compatibility of applications with OpenSSL 1.0.2. - *Tomas Mraz * + *Tomáš Mráz * * Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2 bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
[openssl] master update
The branch master has been updated via 6a1a6498ac4ecfb95331e30fc52d6e25cafbba43 (commit) from af403db090ee66715e81f0062d1ef614e8d921b5 (commit) - Log - commit 6a1a6498ac4ecfb95331e30fc52d6e25cafbba43 Author: Tomas Mraz Date: Mon Jan 25 19:12:43 2021 +0100 dh_cms_set_peerkey: Pad the public key to p size Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13958) --- Summary of changes: crypto/cms/cms_dh.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index 52bce12c73..e55b4a062f 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -48,7 +48,11 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if ((public_key = d2i_ASN1_INTEGER(NULL, , plen)) == NULL) goto err; -plen = ASN1_STRING_length((ASN1_STRING *)public_key); +/* + * Pad to full p parameter size as that is checked by + * EVP_PKEY_set1_encoded_public_key() + */ +plen = EVP_PKEY_size(pk); if ((bnpub = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) goto err; if ((buf = OPENSSL_malloc(plen)) == NULL)
[openssl] master update
The branch master has been updated
via 7ff9fdd4b31757f70080bd3fa2e633ca080408a4 (commit)
from d3372c2f35495d0c61ab09daf7fba3ecbbb595aa (commit)
- Log -
commit 7ff9fdd4b31757f70080bd3fa2e633ca080408a4
Author: Rich Salz
Date: Thu Jan 28 10:17:13 2021 -0500
Deprecate X509_certificate_type
Fixes: #13997
Reviewed-by: David von Oheimb
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/14002)
---
Summary of changes:
CHANGES.md| 6 ++
crypto/x509/build.info| 6 +-
include/openssl/evp.h | 22 --
include/openssl/x509.h.in | 3 ++-
util/libcrypto.num| 2 +-
5 files changed, 26 insertions(+), 13 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index e512b080c7..c10593c327 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,12 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX ]
+ * The undocumented function X509_certificate_type() has been deprecated;
+ applications can use X509_get0_pubkey() and X509_get0_signature() to
+ get the same information.
+
+ *Rich Salz*
+
* Deprecated the obsolete X9.31 RSA key generation related functions
BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
BN_X931_generate_prime_ex().
diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index 93019cc5e6..05c8e3003b 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\
x509_obj.c x509_req.c x509spki.c x509_vfy.c \
x509_set.c x509cset.c x509rset.c x509_err.c \
x509name.c x509_v3.c x509_ext.c x509_att.c \
-x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \
+x509_meth.c x509_lu.c x_all.c x509_txt.c \
x509_trs.c by_file.c by_dir.c by_store.c x509_vpm.c \
x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c \
@@ -15,3 +15,7 @@ SOURCE[../../libcrypto]=\
v3_pcia.c v3_pci.c v3_ist.c \
pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
+
+IF[{- !$disabled{'deprecated-3.0'} -}]
+ SOURCE[../../libcrypto]=x509type.c
+ENDIF
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 68f2543a60..3b967202da 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -37,16 +37,18 @@
# include
-# define EVP_PK_RSA 0x0001
-# define EVP_PK_DSA 0x0002
-# define EVP_PK_DH 0x0004
-# define EVP_PK_EC 0x0008
-# define EVP_PKT_SIGN0x0010
-# define EVP_PKT_ENC 0x0020
-# define EVP_PKT_EXCH0x0040
-# define EVP_PKS_RSA 0x0100
-# define EVP_PKS_DSA 0x0200
-# define EVP_PKS_EC 0x0400
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define EVP_PK_RSA 0x0001
+# define EVP_PK_DSA 0x0002
+# define EVP_PK_DH 0x0004
+# define EVP_PK_EC 0x0008
+# define EVP_PKT_SIGN0x0010
+# define EVP_PKT_ENC 0x0020
+# define EVP_PKT_EXCH0x0040
+# define EVP_PKS_RSA 0x0100
+# define EVP_PKS_DSA 0x0200
+# define EVP_PKS_EC 0x0400
+# endif
# define EVP_PKEY_NONE NID_undef
# define EVP_PKEY_RSANID_rsaEncryption
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 8a3cb2e4d0..7aef798e5b 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -726,7 +726,6 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
EVP_PKEY *X509_get0_pubkey(const X509 *x);
EVP_PKEY *X509_get_pubkey(X509 *x);
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
-int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
long X509_REQ_get_version(const X509_REQ *req);
int X509_REQ_set_version(X509_REQ *x, long version);
@@ -838,6 +837,8 @@ int X509_cmp(const X509 *a, const X509 *b);
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
#ifndef OPENSSL_NO_DEPRECATED_3_0
# define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL)
+OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x,
+const EVP_PKEY *pubkey);
#endif
unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx,
const char *propq, int *ok);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index f519518395..77612218c7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -693,7 +693,7 @@ X509_add1_reject_object 710 3_0_0
EXIST::FUNCTION:
ERR_set_mark7113_0_0 EXIST::FUNCTION:
d2i_ASN1_VISIBLESTRING 7123_0_0 EXIST::FUNCTION:
X509_NAME_ENTRY_dup 7143_0_0 EXIST::FUNCTION:
-X509_certificate_type 7153_0_0 EXIST::FUNCTION:
+X509_certificate_type
[openssl] master update
The branch master has been updated
via a2a5506b9329b978a2a5b11a518b9789446ad310 (commit)
from e947a0642db111bb34547b5f7d48e13163492ca5 (commit)
- Log -
commit a2a5506b9329b978a2a5b11a518b9789446ad310
Author: Tomas Mraz
Date: Tue Jan 26 11:39:27 2021 +0100
rsa_kmgmt: Return OSSL_PKEY_PARAM_DEFAULT_DIGEST for unrestricted PSS keys
Add a testcase to the test_req covering the issue.
Fixes #13957
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/13967)
---
Summary of changes:
providers/implementations/keymgmt/rsa_kmgmt.c | 11 +
test/recipes/25-test_req.t| 35 ++-
test/testrsapss.pem | 28 +
3 files changed, 68 insertions(+), 6 deletions(-)
create mode 100644 test/testrsapss.pem
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c
b/providers/implementations/keymgmt/rsa_kmgmt.c
index 9648c5f65d..9f783c56d8 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -312,18 +312,19 @@ static int rsa_get_params(void *key, OSSL_PARAM params[])
return 0;
/*
- * For RSA-PSS keys, we ignore the default digest request
- * TODO(3.0) with RSA-OAEP keys, this may need to be amended
+ * For restricted RSA-PSS keys, we ignore the default digest request.
+ * With RSA-OAEP keys, this may need to be amended.
*/
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
-&& rsa_type != RSA_FLAG_TYPE_RSASSAPSS) {
+&& (rsa_type != RSA_FLAG_TYPE_RSASSAPSS
+|| ossl_rsa_pss_params_30_is_unrestricted(pss_params))) {
if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD))
return 0;
}
/*
- * For non-RSA-PSS keys, we ignore the mandatory digest request
- * TODO(3.0) with RSA-OAEP keys, this may need to be amended
+ * For non-RSA-PSS keys, we ignore the mandatory digest request.
+ * With RSA-OAEP keys, this may need to be amended.
*/
if ((p = OSSL_PARAM_locate(params,
OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 2bf51a2089..3f0d9f59e7 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_req");
-plan tests => 42;
+plan tests => 43;
require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
@@ -92,6 +92,39 @@ subtest "generating certificate requests with RSA" => sub {
}
};
+subtest "generating certificate requests with RSA-PSS" => sub {
+plan tests => 4;
+
+SKIP: {
+skip "RSA is not supported by this OpenSSL build", 2
+if disabled("rsa");
+
+ok(run(app(["openssl", "req",
+"-config", srctop_file("test", "test.cnf"),
+"-new", "-out", "testreq-rsapss.pem", "-utf8",
+"-key", srctop_file("test", "testrsapss.pem")])),
+ "Generating request");
+
+ok(run(app(["openssl", "req",
+"-config", srctop_file("test", "test.cnf"),
+"-verify", "-in", "testreq-rsapss.pem", "-noout"])),
+ "Verifying signature on request");
+
+ok(run(app(["openssl", "req",
+"-config", srctop_file("test", "test.cnf"),
+"-new", "-out", "testreq-rsapss2.pem", "-utf8",
+"-sigopt", "rsa_padding_mode:pss",
+"-sigopt", "rsa_pss_saltlen:-1",
+"-key", srctop_file("test", "testrsapss.pem")])),
+ "Generating request");
+
+ok(run(app(["openssl", "req",
+"-config", srctop_file("test", "test.cnf"),
+"-verify", "-in", "testreq-rsapss2.pem", "-noout"])),
+ "Verifying signature on request");
+}
+};
+
subtest "generating certificate requests with DSA" => sub {
plan tests => 2;
diff --git a/test/testrsapss.pem b/test/testrsapss.pem
new file mode 100644
index 00..4b29ca334f
--- /dev/null
+++ b/test/testrsapss.pem
@@ -0,0 +1,28 @@
+-BEGIN PRIVATE KEY-
+MIIEvAIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAzs95rRH49f5zZ1G9
+Cb/Ie5P5GfNto2etu2L90qrewOJKZ4CQ49D8QEKzjnFJhagj/i5MNdWHeTCrDAsQ
+jrbKS6ik/HY11yiB0wZ4ItXsfMQX+qIVp2X9BQFx/ID5nVCXrQcfMfcqFk19cv4N
+mgKgdeEZT9O5baSX2jKKsR8E/4+QilI9xBxzig+HJ2cG2clMkGZut5hiBwwWZ0+1
+v1v5ZbkUGwroGJqBsqzI8vTW+bT/VVlhCgdoAj6/p543tgBM439O1ZDDIxVZbadI
+uacwSwV2yBlSzDGExJwjisABwOZWNta4lQ5NI1ZEzA0I1+MPyyzvX0/1ZupgDtcq
+T5zWUwIDAQABAoIBAHm4Cvkd1tWRiQKKTSRrx+dT1Ay+BQ1jfBEJ1jIjdy83AGui
+c6Rh39VCbMOtUYRkzapQPXKB1lYxmrpf2MLmOnIFM/WS7WVQ5ff5msOF/MYB88sD
[openssl] master update
The branch master has been updated
via e947a0642db111bb34547b5f7d48e13163492ca5 (commit)
from d744934b756bc71344818a2cb60b13dd89954afb (commit)
- Log -
commit e947a0642db111bb34547b5f7d48e13163492ca5
Author: Daniel Bevenius
Date: Fri Oct 9 06:07:43 2020 +0200
EVP: fix keygen for EVP_PKEY_RSA_PSS
This commit attempts to fix the an issue when generating a key of type
EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will
return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds
EVP_PKEY_RSA_PSS to also be accepted.
The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a
function and it is now called in legacy_ctrl_to_param.
Fixes #12384
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13099)
---
Summary of changes:
crypto/evp/pmeth_lib.c | 8 +++
crypto/rsa/rsa_lib.c| 67 -
doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod | 6 +++
include/openssl/core_names.h| 14 +++---
include/openssl/rsa.h | 11 ++--
test/evp_extra_test.c | 27 ++
util/libcrypto.num | 2 +
7 files changed, 121 insertions(+), 14 deletions(-)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 7c2e648209..7fb32df86a 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1315,6 +1315,14 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int
keytype, int optype,
return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, p1);
}
}
+
+if (keytype == EVP_PKEY_RSA_PSS) {
+ switch(cmd) {
+case EVP_PKEY_CTRL_MD:
+ return EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, p2);
+ }
+}
+
/*
* keytype == -1 is used when several key types share the same structure,
* or for generic controls that are the same across multiple key types.
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index da0fd4a6eb..6ca4f3a541 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -902,6 +902,70 @@ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int
*pad_mode)
}
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+const char *name;
+
+if (ctx == NULL || md == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+/* Uses the same return values as EVP_PKEY_CTX_ctrl */
+return -2;
+}
+
+/* If key type not RSA return error */
+if (ctx->pmeth != NULL
+&& ctx->pmeth->pkey_id != EVP_PKEY_RSA
+&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+return -1;
+
+/* TODO(3.0): Remove this eventually when no more legacy */
+if (ctx->op.keymgmt.genctx == NULL)
+return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
+ EVP_PKEY_CTRL_MD, 0, (void *)md);
+
+name = EVP_MD_name(md);
+
+return EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(ctx, name, NULL);
+}
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
+const char *mdname,
+const char *mdprops)
+{
+OSSL_PARAM rsa_params[3], *p = rsa_params;
+
+if (ctx == NULL || mdname == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+/* Uses the same return values as EVP_PKEY_CTX_ctrl */
+return -2;
+}
+
+/* If key type not RSA return error */
+if (ctx->pmeth != NULL
+&& ctx->pmeth->pkey_id != EVP_PKEY_RSA
+&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+return -1;
+
+
+*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST,
+/*
+ * Cast away the const. This is
read
+ * only so should be safe
+ */
+(char *)mdname, 0);
+if (mdprops != NULL) {
+*p++ = OSSL_PARAM_construct_utf8_string(
+OSSL_PKEY_PARAM_RSA_DIGEST_PROPS,
+/*
+ * Cast away the const. This is read only so should be safe
+ */
+(char *)mdprops, 0);
+}
+*p++ = OSSL_PARAM_construct_end();
+
+return EVP_PKEY_CTX_set_params(ctx, rsa_params);
+}
+
int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
{
const char *name;
@@ -1332,7 +1396,8 @@ int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx,
int bits)
}
/* If key type not RSA return error */
-if (ctx->pmeth
[openssl] master update
The branch master has been updated via fa2a7490c0b22083388fb81497998730f000e82d (commit) from eeb09f1bd7754e85e832853f46a726c761c93df1 (commit) - Log - commit fa2a7490c0b22083388fb81497998730f000e82d Author: Daniel Bevenius Date: Tue Jan 26 09:19:03 2021 +0100 Fix typo in thread_once comments Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13964) --- Summary of changes: include/internal/thread_once.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h index d16c924998..f08d19e4dc 100644 --- a/include/internal/thread_once.h +++ b/include/internal/thread_once.h @@ -18,7 +18,7 @@ #if !defined(FIPS_MODULE) || defined(ALLOW_RUN_ONCE_IN_FIPS) /* * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly - * once. It takes no arguments and returns and int result (1 for success or + * once. It takes no arguments and returns an int result (1 for success or * 0 for failure). Typical usage might be: * * DEFINE_RUN_ONCE(myinitfunc) @@ -50,7 +50,7 @@ /* * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run * exactly once. This function will be declared as static within the file. It - * takes no arguments and returns and int result (1 for success or 0 for + * takes no arguments and returns an int result (1 for success or 0 for * failure). Typical usage might be: * * DEFINE_RUN_ONCE_STATIC(myinitfunc) @@ -74,7 +74,7 @@ /* * DEFINE_RUN_ONCE_STATIC_ALT: Define an alternative initialiser function. This * function will be declared as static within the file. It takes no arguments - * and returns and int result (1 for success or 0 for failure). An alternative + * and returns an int result (1 for success or 0 for failure). An alternative * initialiser function is expected to be associated with a primary initialiser * function defined via DEFINE_ONCE_STATIC where both functions use the same * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function
[openssl] master update
The branch master has been updated
via 5764c3522c417fc775a78df4529e7a6f93379de8 (commit)
from b897b353dff8138aa838bae9766ecd3de8c03280 (commit)
- Log -
commit 5764c3522c417fc775a78df4529e7a6f93379de8
Author: Tomas Mraz
Date: Wed Nov 13 11:04:08 2019 +0100
krb5kdf: Do not dereference NULL ctx when allocation fails
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13953)
---
Summary of changes:
providers/implementations/kdfs/krb5kdf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/providers/implementations/kdfs/krb5kdf.c
b/providers/implementations/kdfs/krb5kdf.c
index cdf8a15415..c719dbf259 100644
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -63,8 +63,10 @@ static void *krb5kdf_new(void *provctx)
if (!ossl_prov_is_running())
return NULL;
-if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
+if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+return NULL;
+}
ctx->provctx = provctx;
return ctx;
}
[openssl] master update
The branch master has been updated
via c27e7922211ac4f7aee5573f605c3b3cbef0d0bc (commit)
from c9603dfa42d0643a6c8cac3e14364d9fd63303c4 (commit)
- Log -
commit c27e7922211ac4f7aee5573f605c3b3cbef0d0bc
Author: Tomas Mraz
Date: Thu Jan 21 16:37:26 2021 +0100
bn: Deprecate the X9.31 RSA key generation related functions
This key generation method is obsolete.
Fixes #10111
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/13921)
---
Summary of changes:
CHANGES.md | 6 ++
crypto/bn/bn_x931p.c | 2 ++
crypto/bn/build.info | 5 ++---
crypto/rsa/build.info | 5 -
crypto/rsa/rsa_x931g.c | 2 +-
include/openssl/bn.h | 5 +
util/libcrypto.num | 6 +++---
7 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 63d41c3911..fbd80c33c0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,12 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX ]
+ * Deprecated the obsolete X9.31 RSA key generation related functions
+ BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
+ BN_X931_generate_prime_ex().
+
+ *Tomas Mraz*
+
* Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index bca7c9788e..c7ecdd23c8 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include
#include
#include "bn_local.h"
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 6164bba8c7..f732be24f8 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -105,11 +105,10 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c
bn_mul.c \
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-bn_x931p.c bn_intern.c bn_dh.c \
-bn_rsa_fips186_4.c bn_const.c
+bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
IF[{- !$disabled{'deprecated-3.0'} -}]
- SOURCE[../../libcrypto]=bn_depr.c
+ SOURCE[../../libcrypto]=bn_depr.c bn_x931p.c
ENDIF
SOURCE[../../providers/libfips.a]=$COMMON $BNASM
SOURCE[../../providers/liblegacy.a]=$BNASM
diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info
index 1614996049..d97e07fa4c 100644
--- a/crypto/rsa/build.info
+++ b/crypto/rsa/build.info
@@ -2,7 +2,7 @@ LIBS=../../libcrypto
$COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \
rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c rsa_x931.c rsa_crpt.c \
-rsa_x931g.c rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \
+rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \
rsa_mp_names.c rsa_schemes.c
SOURCE[../../libcrypto]=$COMMON\
@@ -11,6 +11,9 @@ SOURCE[../../libcrypto]=$COMMON\
IF[{- !$disabled{'deprecated-0.9.8'} -}]
SOURCE[../../libcrypto]=rsa_depr.c
ENDIF
+IF[{- !$disabled{'deprecated-3.0'} -}]
+ SOURCE[../../libcrypto]=rsa_x931g.c
+ENDIF
SOURCE[../../providers/libfips.a]=$COMMON
diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
index 211e717871..6c50bd9593 100644
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -11,7 +11,7 @@
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
-#include "internal/deprecated.h"
+#define OPENSSL_SUPPRESS_DEPRECATED
#include
#include
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index c15fa3054f..2a9ba8cd7f 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -370,15 +370,20 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
const BIGNUM *add,
const BIGNUM *rem, BN_GENCB *cb);
int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0
int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
const BIGNUM *Xp, const BIGNUM *Xp1,
const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb);
+OSSL_DEPRECATEDIN_3_0
int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
BN_CTX *ctx, BN_GENCB *cb);
+# endif
BN_MONT_CTX *BN_MONT_CTX_new(void);
int
[openssl] master update
The branch master has been updated
via daa86f9e6bfeb83a5db976c6351f7a568a8d6dcb (commit)
from 616581aaac2dda1557586f7b43fc3a3d926899c4 (commit)
- Log -
commit daa86f9e6bfeb83a5db976c6351f7a568a8d6dcb
Author: zsugabubus
Date: Mon Jan 18 15:33:57 2021 +0100
Check input size before NULL pointer test inside mem_write()
Checking is performed after the read-only test so it catches such errors
earlier.
CLA: trivial
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13786)
---
Summary of changes:
crypto/bio/bss_mem.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index 3bdf457966..fe362d87fc 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -221,10 +221,6 @@ static int mem_write(BIO *b, const char *in, int inl)
int blen;
BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
-if (in == NULL) {
-ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER);
-goto end;
-}
if (b->flags & BIO_FLAGS_MEM_RDONLY) {
ERR_raise(ERR_LIB_BIO, BIO_R_WRITE_TO_READ_ONLY_BIO);
goto end;
@@ -232,6 +228,10 @@ static int mem_write(BIO *b, const char *in, int inl)
BIO_clear_retry_flags(b);
if (inl == 0)
return 0;
+if (in == NULL) {
+ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER);
+goto end;
+}
blen = bbm->readp->length;
mem_buf_sync(b);
if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0)
[openssl] master update
The branch master has been updated via 616581aaac2dda1557586f7b43fc3a3d926899c4 (commit) via 6c4ecc655a1def370b4f5b43c455b0c6617938c8 (commit) via 24d5be7a2a9a6b992510f055a65462e372bd1085 (commit) via 6253cdcc8ea7b0116a43ee596ac03e0b04b8b762 (commit) via f23e4a17a2309793a0ac787725736f1c4474c804 (commit) via 6d9a54c6e661094c0668f0307213789c2d9be3ec (commit) from 3d46c81a7d6219fd51ccc3b16406f19b82d0176e (commit) - Log - commit 616581aaac2dda1557586f7b43fc3a3d926899c4 Author: Tomas Mraz Date: Fri Jan 15 18:33:40 2021 +0100 dh_cms_set_shared_info: Use explicit fetch to be able to provide libctx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13869) commit 6c4ecc655a1def370b4f5b43c455b0c6617938c8 Author: Tomas Mraz Date: Fri Jan 15 17:13:00 2021 +0100 dh_cms_set_peerkey: The peer key is encoded as an ASN.1 integer It must be decoded from the ASN.1 integer before setting to the EVP_PKEY. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13869) commit 24d5be7a2a9a6b992510f055a65462e372bd1085 Author: Tomas Mraz Date: Fri Jan 15 11:12:09 2021 +0100 Make the smdh.pem test certificate usable with fips provider Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13869) commit 6253cdcc8ea7b0116a43ee596ac03e0b04b8b762 Author: Tomas Mraz Date: Thu Jan 14 15:53:08 2021 +0100 kdf_exch.c (kdf_derive): Proper handling of NULL secret Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13869) commit f23e4a17a2309793a0ac787725736f1c4474c804 Author: Tomas Mraz Date: Thu Jan 14 14:43:11 2021 +0100 Fixes related to broken DH support in CMS - DH support should work with both DH and DHX keys - UKM parameter is optional so it can have length 0 Fixes #13810 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13869) commit 6d9a54c6e661094c0668f0307213789c2d9be3ec Author: Tomas Mraz Date: Thu Jan 14 14:40:23 2021 +0100 Pass correct maximum output length to provider derive operation And improve error checking in EVP_PKEY_derive* calls. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13869) --- Summary of changes: crypto/cms/cms_dh.c | 28 +-- crypto/cms/cms_env.c | 4 +- crypto/evp/dh_ctrl.c | 2 +- crypto/evp/exchange.c | 16 +++--- crypto/evp/p_lib.c| 2 + providers/fips/self_test_kats.c | 2 +- providers/implementations/exchange/kdf_exch.c | 8 ++- test/recipes/80-test_cms.t| 22 test/smime-certs/mksmime-certs.sh | 3 +- test/smime-certs/smdh.pem | 72 --- 10 files changed, 101 insertions(+), 58 deletions(-) diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index 9cba6364d1..538ef45174 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -13,6 +13,7 @@ #include #include #include "cms_local.h" +#include "crypto/evp.h" static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) @@ -23,7 +24,9 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, ASN1_INTEGER *public_key = NULL; int rv = 0; EVP_PKEY *pkpeer = NULL, *pk = NULL; +BIGNUM *bnpub = NULL; const unsigned char *p; +unsigned char *buf = NULL; int plen; X509_ALGOR_get0(, , , alg); @@ -43,16 +46,28 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (p == NULL || plen == 0) goto err; +if ((public_key = d2i_ASN1_INTEGER(NULL, , plen)) == NULL) +goto err; +plen = ASN1_STRING_length((ASN1_STRING *)public_key); +if ((bnpub = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) +goto err; +if ((buf = OPENSSL_malloc(plen)) == NULL) +goto err; +if (BN_bn2binpad(bnpub, buf, plen) < 0) +goto err; + pkpeer = EVP_PKEY_new(); if (pkpeer == NULL || !EVP_PKEY_copy_parameters(pkpeer, pk) -|| !EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen)) +|| !EVP_PKEY_set1_encoded_public_key(pkpeer, buf, plen)) goto err; if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) rv = 1; err: ASN1_INTEGER_free(public_key); +BN_free(bnpub); +OPENSSL_free(buf); EVP_PKEY_free(pkpeer); return rv; } @@ -66,8 +81,9 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) unsigned char *dukm = NULL; size_t dukmlen = 0; int keylen,
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 76e30a434dfc625c0fae480449f87308d92d4b7c (commit) from b8cee4cb43f86a86a6714af8900674456d94908f (commit) - Log - commit 76e30a434dfc625c0fae480449f87308d92d4b7c Author: Tomas Mraz Date: Tue Jan 19 15:59:22 2021 +0100 CI: Add some legacy stuff that we do not test in GitHub CI yet There are some options that seem to belong to the legacy build. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13903) (cherry picked from commit adcaebc3148fe0fde3f7641c4b607f30e1479986) --- Summary of changes: .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ce40b5104a..aca73be1a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -108,7 +108,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: config -run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 && perl configdata.pm --dump +run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test
[openssl] master update
The branch master has been updated via adcaebc3148fe0fde3f7641c4b607f30e1479986 (commit) from 52b0bb38f3e7f0a57babc07a189f15f6c022cae2 (commit) - Log - commit adcaebc3148fe0fde3f7641c4b607f30e1479986 Author: Tomas Mraz Date: Tue Jan 19 15:59:22 2021 +0100 CI: Add some legacy stuff that we do not test in GitHub CI yet There are some options that seem to belong to the legacy build. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13903) --- Summary of changes: .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7588bcca66..fc4549fd57 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -107,7 +107,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: config - run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 && perl configdata.pm --dump + run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test
[openssl] master update
The branch master has been updated via 52b0bb38f3e7f0a57babc07a189f15f6c022cae2 (commit) from 6857058016e91d3182c2117922dd8001b27f5639 (commit) - Log - commit 52b0bb38f3e7f0a57babc07a189f15f6c022cae2 Author: Michael Baentsch Date: Wed Jan 13 16:58:22 2021 +0100 fall-back -> fallback find-doc-nit addition Ensure the same term is used for fallback Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13862) --- Summary of changes: util/find-doc-nits | 1 + 1 file changed, 1 insertion(+) diff --git a/util/find-doc-nits b/util/find-doc-nits index 6c559ba05d..c0845791c1 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -609,6 +609,7 @@ my %preferred_words = ( 'bitmask' => 'bit mask', 'builtin' => 'built-in', #'epoch' => 'Epoch', # handled specially, below +'fall-back' => 'fallback', 'file name' => 'filename', 'file system' => 'filesystem', 'host name' => 'hostname',
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via b8cee4cb43f86a86a6714af8900674456d94908f (commit) from 0a31723a158592d3271585bd02e627cc19a1c772 (commit) - Log - commit b8cee4cb43f86a86a6714af8900674456d94908f Author: Tim Hitchins Date: Wed Jan 20 11:35:33 2021 + Fix typo in crl2pkcs documentation Fixes #13910 CLA: trivial Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13911) (cherry picked from commit 6857058016e91d3182c2117922dd8001b27f5639) --- Summary of changes: doc/man1/crl2pkcs7.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/crl2pkcs7.pod b/doc/man1/crl2pkcs7.pod index f58a442b5b..681145e77d 100644 --- a/doc/man1/crl2pkcs7.pod +++ b/doc/man1/crl2pkcs7.pod @@ -56,7 +56,7 @@ output by default. Specifies a filename containing one or more certificates in B format. All certificates in the file will be added to the PKCS#7 structure. This -option can be used more than once to read certificates form multiple +option can be used more than once to read certificates from multiple files. =item B<-nocrl>
[openssl] master update
The branch master has been updated via 6857058016e91d3182c2117922dd8001b27f5639 (commit) from a3d267f18492a1e874534d5af6072bc8b7a290e5 (commit) - Log - commit 6857058016e91d3182c2117922dd8001b27f5639 Author: Tim Hitchins Date: Wed Jan 20 11:35:33 2021 + Fix typo in crl2pkcs documentation Fixes #13910 CLA: trivial Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13911) --- Summary of changes: doc/man1/openssl-crl2pkcs7.pod.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl-crl2pkcs7.pod.in b/doc/man1/openssl-crl2pkcs7.pod.in index db06f6e68f..7e57820ff7 100644 --- a/doc/man1/openssl-crl2pkcs7.pod.in +++ b/doc/man1/openssl-crl2pkcs7.pod.in @@ -55,7 +55,7 @@ output by default. Specifies a filename containing one or more certificates in B format. All certificates in the file will be added to the PKCS#7 structure. This -option can be used more than once to read certificates form multiple +option can be used more than once to read certificates from multiple files. =item B<-nocrl>
[openssl] master update
The branch master has been updated
via 3aa7212e0a4fd1533c8a28b8587dd8b022f3a66f (commit)
from 5b57aa24c35f78cc11aa91586bc8e8826c2ece5a (commit)
- Log -
commit 3aa7212e0a4fd1533c8a28b8587dd8b022f3a66f
Author: Vadim Fedorenko
Date: Sun Nov 22 10:02:31 2020 +
ktls: Initial support for ChaCha20-Poly1305
Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13475)
---
Summary of changes:
include/internal/ktls.h | 8
ssl/ktls.c | 21 -
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index fd439b5718..cf2c813bbc 100644
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -222,6 +222,11 @@ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int
fd, off_t off,
#define OPENSSL_KTLS_TLS13
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0)
# define OPENSSL_KTLS_AES_CCM_128
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0)
+# ifndef OPENSSL_NO_CHACHA
+# define OPENSSL_KTLS_CHACHA20_POLY1305
+# endif
+# endif
#endif
# endif
@@ -254,6 +259,9 @@ struct tls_crypto_info_all {
# endif
# ifdef OPENSSL_KTLS_AES_CCM_128
struct tls12_crypto_info_aes_ccm_128 ccm128;
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+struct tls12_crypto_info_chacha20_poly1305 chacha20poly1305;
# endif
};
size_t tls_crypto_info_len;
diff --git a/ssl/ktls.c b/ssl/ktls.c
index dc5bb2bbc3..da42084928 100644
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@@ -126,7 +126,9 @@ int ktls_check_supported_cipher(const SSL *s, const
EVP_CIPHER *c,
return 0;
}
-/* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 */
+/* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
+ * or Chacha20-Poly1305
+ */
switch (EVP_CIPHER_nid(c))
{
# ifdef OPENSSL_KTLS_AES_CCM_128
@@ -139,6 +141,9 @@ int ktls_check_supported_cipher(const SSL *s, const
EVP_CIPHER *c,
# endif
# ifdef OPENSSL_KTLS_AES_GCM_256
case NID_aes_256_gcm:
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+case NID_chacha20_poly1305:
# endif
return 1;
default:
@@ -212,6 +217,20 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER
*c, EVP_CIPHER_CTX *dd,
if (rec_seq != NULL)
*rec_seq = crypto_info->ccm128.rec_seq;
return 1;
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+case NID_chacha20_poly1305:
+crypto_info->chacha20poly1305.info.cipher_type =
TLS_CIPHER_CHACHA20_POLY1305;
+crypto_info->chacha20poly1305.info.version = s->version;
+crypto_info->tls_crypto_info_len =
sizeof(crypto_info->chacha20poly1305);
+memcpy(crypto_info->chacha20poly1305.iv, iiv,
+ TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE);
+memcpy(crypto_info->chacha20poly1305.key, key,
EVP_CIPHER_key_length(c));
+memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
+TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
+if (rec_seq != NULL)
+*rec_seq = crypto_info->chacha20poly1305.rec_seq;
+return 1;
# endif
default:
return 0;
[openssl] master update
The branch master has been updated
via 53d650d1f3b34188a86409def4d086974b301cef (commit)
from d8ab30be9cc4d4e77008d4037e696bc41ce293f8 (commit)
- Log -
commit 53d650d1f3b34188a86409def4d086974b301cef
Author: Tomas Mraz
Date: Tue Jan 19 13:58:34 2021 +0100
ec_kmgmt.c: OSSL_PKEY_PARAM_DEFAULT_DIGEST is gettable param for EC/SM2 keys
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13901)
---
Summary of changes:
providers/implementations/keymgmt/ec_kmgmt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c
b/providers/implementations/keymgmt/ec_kmgmt.c
index ac7094490e..8775622a01 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -706,6 +706,7 @@ static const OSSL_PARAM ec_known_gettable_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
EC_IMEXPORTABLE_DOM_PARAMETERS,
EC2M_GETTABLE_DOM_PARAMS
@@ -770,6 +771,7 @@ static const OSSL_PARAM sm2_known_gettable_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
EC_IMEXPORTABLE_DOM_PARAMETERS,
EC_IMEXPORTABLE_PUBLIC_KEY,
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 69b3a65adeb1a997b1d5c7f28cda45c543de956d (commit) from a83690c0b61e342f35a9583868b74e7ff6023101 (commit) - Log - commit 69b3a65adeb1a997b1d5c7f28cda45c543de956d Author: Tomas Mraz Date: Tue Jan 19 14:56:16 2021 +0100 Fix regression in no-deprecated build Also add a new no-deprecated CI build to test it. Fixes #13896 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/13902) --- Summary of changes: .github/workflows/ci.yml | 11 +++ test/verify_extra_test.c | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a4565e5499..ce40b5104a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,6 +70,17 @@ jobs: - name: make test run: make test + no-deprecated: +runs-on: ubuntu-latest +steps: + - uses: actions/checkout@v2 + - name: config +run: ./config --strict-warnings no-deprecated && perl configdata.pm --dump + - name: make +run: make -s -j4 + - name: make test +run: make test + sanitizers: runs-on: ubuntu-latest steps: diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 94faa4c78b..18f785ab8b 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -200,7 +200,7 @@ static int test_self_signed(const char *filename, int expected) ret = TEST_ptr(cert) && TEST_true(sk_X509_push(trusted, cert)) && TEST_true(X509_STORE_CTX_init(ctx, NULL, cert, NULL)); -X509_STORE_CTX_trusted_stack(ctx, trusted); +X509_STORE_CTX_set0_trusted_stack(ctx, trusted); ret = ret && TEST_int_eq(X509_verify_cert(ctx), expected); X509_STORE_CTX_free(ctx);
[openssl] master update
The branch master has been updated
via 3d63348a871d2319f7ff3512f97fd660fa7fadea (commit)
via ac6ea3a7c5f53dad710987aae289a66a2e3f159e (commit)
from 07b6068d240fb5af56fab880f2f971293a49f124 (commit)
- Log -
commit 3d63348a871d2319f7ff3512f97fd660fa7fadea
Author: Jon Spillett
Date: Tue Jan 19 13:43:35 2021 +1000
apps/genpkey.c: Use PEM_read_bio_Parameters_ex when reading parameters
Needed to be able to set the libctx and propq.
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13894)
commit ac6ea3a7c5f53dad710987aae289a66a2e3f159e
Author: Jon Spillett
Date: Thu Aug 20 15:10:21 2020 +1000
test-gendsa: Add test cases with FIPS provider
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13894)
---
Summary of changes:
apps/genpkey.c| 2 +-
test/recipes/15-test_gendsa.t | 52 ---
2 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 523ec1da8f..68dbbf87eb 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -252,7 +252,7 @@ static int init_keygen_file(EVP_PKEY_CTX **pctx, const char
*file, ENGINE *e,
return 0;
}
-pkey = PEM_read_bio_Parameters(pbio, NULL);
+pkey = PEM_read_bio_Parameters_ex(pbio, NULL, libctx, propq);
BIO_free(pbio);
if (pkey == NULL) {
diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
index 5e36109b37..4616deacc1 100644
--- a/test/recipes/15-test_gendsa.t
+++ b/test/recipes/15-test_gendsa.t
@@ -11,15 +11,25 @@ use strict;
use warnings;
use File::Spec;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
use OpenSSL::Test::Utils;
-setup("test_gendsa");
+BEGIN {
+setup("test_gendsa");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
plan skip_all => "This test is unsupported in a no-dsa build"
if disabled("dsa");
-plan tests => 11;
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+
+plan tests =>
+($no_fips ? 0 : 3) # FIPS install test + fips related tests
++ 11;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'DSA',
@@ -97,3 +107,39 @@ ok(run(app([ 'openssl', 'genpkey',
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'DSA'])),
"genpkey DSA with no params should fail");
+
+unless ($no_fips) {
+my $provconf = srctop_file("test", "fips-and-base.cnf");
+my $provpath = bldtop_dir("providers");
+my @prov = ( "-provider-path", $provpath,
+ "-config", $provconf);
+my $infile = bldtop_file('providers', platform->dso('fips'));
+
+ok(run(app(['openssl', 'fipsinstall',
+'-out', bldtop_file('providers', 'fipsmodule.cnf'),
+'-module', $infile,
+'-provider_name', 'fips', '-mac_name', 'HMAC',
+'-section_name', 'fips_sect'])),
+ "fipsinstall");
+
+$ENV{OPENSSL_TEST_LIBCTX} = "1";
+
+# Generate params
+ok(run(app(['openssl', 'genpkey',
+@prov,
+ '-genparam',
+ '-algorithm', 'DSA',
+ '-pkeyopt', 'pbits:3072',
+ '-pkeyopt', 'qbits:256',
+ '-out', 'gendsatest3072params.pem'])),
+ "Generating 3072-bit DSA params");
+
+# Generate keypair
+ok(run(app(['openssl', 'genpkey',
+@prov,
+ '-paramfile', 'gendsatest3072params.pem',
+ '-text',
+ '-out', 'gendsatest3072.pem'])),
+ "Generating 3072-bit DSA keypair");
+
+}
[openssl] master update
The branch master has been updated via 47b784a41b729d5df9ad47c99355db2f2026a709 (commit) from 038f4dc68edd16f719ce5cf140eda2fb5b86a62a (commit) - Log - commit 47b784a41b729d5df9ad47c99355db2f2026a709 Author: Kurt Roeckx Date: Thu Dec 17 22:28:17 2020 +0100 Fix memory leak in mac_newctx() on error Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13702) --- Summary of changes: providers/implementations/signature/mac_legacy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy.c index b92dabde3c..79a5c911a3 100644 --- a/providers/implementations/signature/mac_legacy.c +++ b/providers/implementations/signature/mac_legacy.c @@ -74,6 +74,7 @@ static void *mac_newctx(void *provctx, const char *propq, const char *macname) return pmacctx; err: +OPENSSL_free(pmacctx->propq); OPENSSL_free(pmacctx); EVP_MAC_free(mac); return NULL;
[openssl] master update
The branch master has been updated
via 038f4dc68edd16f719ce5cf140eda2fb5b86a62a (commit)
via 84af8027c5f2132a9166673e7a47b0f31c7cfe1d (commit)
from 0d83b7b9036feea680ba45751df028ff5e86cd63 (commit)
- Log -
commit 038f4dc68edd16f719ce5cf140eda2fb5b86a62a
Author: Shane Lontis
Date: Fri Dec 11 19:24:46 2020 +1000
Fix PKCS7 potential segfault
As the code that handles libctx, propq for PKCS7 is very similar to CMS
code, a similiar fix for issue #13624 needs to be applied.
Reviewed-by: Tim Hudson
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13668)
commit 84af8027c5f2132a9166673e7a47b0f31c7cfe1d
Author: Shane Lontis
Date: Fri Dec 11 19:19:37 2020 +1000
CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**.
Fixes #13624
Reviewed-by: Tim Hudson
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13668)
---
Summary of changes:
crypto/cms/cms_enc.c | 7 +-
crypto/cms/cms_env.c | 20 +++--
crypto/cms/cms_ess.c | 5 +-
crypto/cms/cms_io.c | 4 +-
crypto/cms/cms_kari.c| 19 +++--
crypto/cms/cms_lib.c | 19 ++---
crypto/cms/cms_pwri.c| 7 +-
crypto/cms/cms_sd.c | 28 ---
crypto/cms/cms_smime.c | 6 +-
crypto/pkcs7/pk7_asn1.c | 2 +-
crypto/pkcs7/pk7_doit.c | 44 ++
crypto/pkcs7/pk7_lib.c | 6 +-
crypto/pkcs7/pk7_mime.c | 2 +-
crypto/pkcs7/pk7_smime.c | 3 +-
crypto/x509/x_all.c | 4 +-
test/cmsapitest.c| 212 ++-
16 files changed, 318 insertions(+), 70 deletions(-)
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 0069bde939..c7583f4088 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -37,6 +37,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec,
size_t tkeylen = 0;
int ok = 0;
int enc, keep_key = 0;
+OSSL_LIB_CTX *libctx = cms_ctx_get0_libctx(cms_ctx);
+const char *propq = cms_ctx_get0_propq(cms_ctx);
enc = ec->cipher ? 1 : 0;
@@ -60,8 +62,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec,
cipher = EVP_get_cipherbyobj(calg->algorithm);
}
if (cipher != NULL) {
-fetched_ciph = EVP_CIPHER_fetch(cms_ctx->libctx,
EVP_CIPHER_name(cipher),
-cms_ctx->propq);
+fetched_ciph = EVP_CIPHER_fetch(libctx, EVP_CIPHER_name(cipher),
propq);
if (fetched_ciph != NULL)
cipher = fetched_ciph;
}
@@ -82,7 +83,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec,
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
-if (RAND_bytes_ex(cms_ctx->libctx, iv, ivlen) <= 0)
+if (RAND_bytes_ex(libctx, iv, ivlen) <= 0)
goto err;
piv = iv;
}
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 15ebe1b86b..d2f630146e 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -181,7 +181,8 @@ void cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
break;
case CMS_RECIPINFO_TRANS:
ri->d.ktri->cms_ctx = ctx;
-x509_set0_libctx(ri->d.ktri->recip, ctx->libctx, ctx->propq);
+x509_set0_libctx(ri->d.ktri->recip, cms_ctx_get0_libctx(ctx),
+ cms_ctx_get0_propq(ctx));
break;
case CMS_RECIPINFO_KEK:
ri->d.kekri->cms_ctx = ctx;
@@ -310,8 +311,9 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo
*ri, X509 *recip,
ktri->recip = recip;
if (flags & CMS_KEY_PARAM) {
-ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, ktri->pkey,
-ctx->propq);
+ktri->pctx = EVP_PKEY_CTX_new_from_pkey(cms_ctx_get0_libctx(ctx),
+ktri->pkey,
+cms_ctx_get0_propq(ctx));
if (ktri->pctx == NULL)
return 0;
if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
@@ -470,7 +472,8 @@ static int cms_RecipientInfo_ktri_encrypt(const
CMS_ContentInfo *cms,
if (!cms_env_asn1_ctrl(ri, 0))
goto err;
} else {
-pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, ktri->pkey, ctx->propq);
+pctx = EVP_PKEY_CTX_new_from_pkey(cms_ctx_get0_libctx(ctx), ktri->pkey,
+ cms_ctx_get0_propq(ctx));
if (pctx == NULL)
return 0;
@@ -524,6 +527,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo
*cms,
EVP_CIPHER *fetched_cipher = NULL;
[openssl] master update
The branch master has been updated
via 0d83b7b9036feea680ba45751df028ff5e86cd63 (commit)
from 3aff5b4bac7186fda9208a76127eff040cafae13 (commit)
- Log -
commit 0d83b7b9036feea680ba45751df028ff5e86cd63
Author: Tomas Mraz
Date: Thu Jan 14 15:19:46 2021 +0100
Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity
To clarify the purpose of these two calls rename them to
EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv.
Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV
to better align with the function name.
Fixes #13411
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13870)
---
Summary of changes:
crypto/evp/evp_lib.c | 14
...t_iv.pod => EVP_CIPHER_CTX_get_original_iv.pod} | 41 +-
doc/man7/provider-cipher.pod | 4 +--
include/openssl/core_names.h | 2 +-
include/openssl/evp.h | 4 +--
.../ciphers/cipher_aes_cbc_hmac_sha.c | 7 ++--
providers/implementations/ciphers/cipher_aes_ocb.c | 4 +--
providers/implementations/ciphers/ciphercommon.c | 4 +--
.../implementations/ciphers/ciphercommon_ccm.c | 2 +-
.../implementations/ciphers/ciphercommon_gcm.c | 2 +-
.../implementations/include/prov/ciphercommon.h| 2 +-
ssl/ktls.c | 6 ++--
test/aesgcmtest.c | 2 +-
test/evp_extra_test.c | 4 +--
test/evp_test.c| 2 +-
util/libcrypto.num | 4 +--
16 files changed, 56 insertions(+), 48 deletions(-)
rename doc/man3/{EVP_CIPHER_CTX_get_iv.pod =>
EVP_CIPHER_CTX_get_original_iv.pod} (52%)
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 954acaae0d..32f67a9242 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -511,8 +511,8 @@ const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX
*ctx)
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
params[0] =
-OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV_STATE, (void **),
- sizeof(ctx->iv));
+OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV,
+ (void **), sizeof(ctx->iv));
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
return ok != 0 ? v : NULL;
@@ -525,24 +525,24 @@ unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX
*ctx)
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
params[0] =
-OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV_STATE, (void **),
- sizeof(ctx->iv));
+OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV,
+ (void **), sizeof(ctx->iv));
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
return ok != 0 ? v : NULL;
}
#endif /* OPENSSL_NO_DEPRECATED_3_0_0 */
-int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
+int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
{
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
params[0] =
-OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV_STATE, buf,
len);
+OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, buf,
len);
return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
}
-int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
+int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
{
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
diff --git a/doc/man3/EVP_CIPHER_CTX_get_iv.pod
b/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod
similarity index 52%
rename from doc/man3/EVP_CIPHER_CTX_get_iv.pod
rename to doc/man3/EVP_CIPHER_CTX_get_original_iv.pod
index e099d96dec..c5995a584d 100644
--- a/doc/man3/EVP_CIPHER_CTX_get_iv.pod
+++ b/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod
@@ -2,29 +2,36 @@
=head1 NAME
-EVP_CIPHER_CTX_get_iv, EVP_CIPHER_CTX_get_iv_state, EVP_CIPHER_CTX_iv,
EVP_CIPHER_CTX_original_iv, EVP_CIPHER_CTX_iv_noconst - Routines to inspect
EVP_CIPHER_CTX IV data
+EVP_CIPHER_CTX_get_original_iv, EVP_CIPHER_CTX_get_updated_iv,
+EVP_CIPHER_CTX_iv, EVP_CIPHER_CTX_original_iv,
+EVP_CIPHER_CTX_iv_noconst - Routines to inspect EVP_CIPHER_CTX IV data
=head1 SYNOPSIS
#include
- int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
- int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
+ int
[openssl] master update
The branch master has been updated
via 2c04b34140be8833dae0e4debcb6ebf5fd0f287c (commit)
from 39f3427dc1cd8cf72cf4b3c8c26256874a067bfd (commit)
- Log -
commit 2c04b34140be8833dae0e4debcb6ebf5fd0f287c
Author: Jon Spillett
Date: Wed Jan 13 14:10:51 2021 +1000
Allow EVP_PKEY private key objects to be created without a public component
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13855)
---
Summary of changes:
crypto/dh/dh_backend.c | 9 ---
crypto/dsa/dsa_backend.c | 7 --
crypto/dsa/dsa_lib.c | 7 --
crypto/ec/ec_backend.c | 4 --
test/evp_extra_test.c| 162 +--
5 files changed, 158 insertions(+), 31 deletions(-)
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 660bb4845a..6e545763dc 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -69,15 +69,6 @@ int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
-/*
- * DH documentation says that a public key must be present if a
- * private key is present.
- * We want to have at least a public key either way, so we end up
- * requiring it unconditionally.
- */
-if (param_priv_key != NULL && param_pub_key == NULL)
-return 0;
-
if ((param_priv_key != NULL
&& !OSSL_PARAM_get_BN(param_priv_key, _key))
|| (param_pub_key != NULL
diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c
index 4809b3100b..6a053611e1 100644
--- a/crypto/dsa/dsa_backend.c
+++ b/crypto/dsa/dsa_backend.c
@@ -39,13 +39,6 @@ int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[])
if (param_priv_key == NULL && param_pub_key == NULL)
return 1;
-/*
- * DSA documentation says that a public key must be present if a
- * private key is present.
- */
-if (param_priv_key != NULL && param_pub_key == NULL)
-return 0;
-
if (param_pub_key != NULL && !OSSL_PARAM_get_BN(param_pub_key, _key))
goto err;
if (param_priv_key != NULL && !OSSL_PARAM_get_BN(param_priv_key,
_key))
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index df9dd73dfd..7488fa2451 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -310,13 +310,6 @@ void DSA_get0_key(const DSA *d,
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
{
-/* If the field pub_key in d is NULL, the corresponding input
- * parameters MUST be non-NULL. The priv_key field may
- * be left NULL.
- */
-if (d->pub_key == NULL && pub_key == NULL)
-return 0;
-
if (pub_key != NULL) {
BN_free(d->pub_key);
d->pub_key = pub_key;
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index dccf6a15b9..f950657173 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -245,10 +245,6 @@ int ec_key_fromdata(EC_KEY *ec, const OSSL_PARAM params[],
int include_private)
if (ctx == NULL)
goto err;
-/* OpenSSL decree: If there's a private key, there must be a public key */
-if (param_priv_key != NULL && param_pub_key == NULL)
-goto err;
-
if (param_pub_key != NULL)
if (!OSSL_PARAM_get_octet_string(param_pub_key,
(void **)_key, 0, _key_len)
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 67e5a48c3e..832989ae00 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -485,6 +485,135 @@ err:
return res;
}
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DSA)
+/*
+ * Test combinations of private, public, missing and private + public key
+ * params to ensure they are all accepted
+ */
+static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
+{
+OSSL_PARAM_BLD *bld = NULL;
+OSSL_PARAM *params = NULL;
+BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
+EVP_PKEY_CTX *pctx = NULL;
+EVP_PKEY *pkey = NULL;
+int ret = 0;
+
+/*
+ * Setup the parameters for our pkey object. For our purposes they don't
+ * have to actually be *valid* parameters. We just need to set something.
+ */
+if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL))
+|| !TEST_ptr(p = BN_new())
+|| !TEST_ptr(q = BN_new())
+|| !TEST_ptr(g = BN_new())
+|| !TEST_ptr(pub = BN_new())
+|| !TEST_ptr(priv = BN_new()))
+goto err;
+
+/* Test !priv and !pub */
+if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
+|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
+|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
+||
[openssl] master update
The branch master has been updated via e604b7c9156c66c05dd1640707f196f9fd49a184 (commit) from 975aae76db8792c9137921adf0e4ecbbf375f46b (commit) - Log - commit e604b7c9156c66c05dd1640707f196f9fd49a184 Author: Rich Salz Date: Tue Jan 5 18:05:42 2021 -0500 Document openssl thread-safety Also discuss reference-counting, mutability and safety. Thanks to David Benjamin for pointing to comment text he added to boringSSL's header files. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13788) --- Summary of changes: doc/man3/CRYPTO_THREAD_run_once.pod | 2 +- doc/man7/openssl-threads.pod| 105 2 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 doc/man7/openssl-threads.pod diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod index 3a46809efe..c15dc319fa 100644 --- a/doc/man3/CRYPTO_THREAD_run_once.pod +++ b/doc/man3/CRYPTO_THREAD_run_once.pod @@ -179,7 +179,7 @@ repeatedly load/unload shared libraries that allocate locks. =head1 SEE ALSO -L +L, L. =head1 COPYRIGHT diff --git a/doc/man7/openssl-threads.pod b/doc/man7/openssl-threads.pod new file mode 100644 index 00..56cc638e1b --- /dev/null +++ b/doc/man7/openssl-threads.pod @@ -0,0 +1,105 @@ +=pod + +=head1 NAME + +openssl-threads - Overview of thread safety in OpenSSL + +=head1 DESCRIPTION + +In this man page, we use the term B to indicate that an +object or function can be used by multiple threads at the same time. + +OpenSSL can be built with or without threads support. The most important +use of this support is so that OpenSSL itself can use a single consistent +API, as shown in L. +Multi-platform applications can also use this API. + +In particular, being configured for threads support does not imply that +all OpenSSL objects are thread-safe. +To emphasize: I. +Exceptions to this should be documented on the specific manual pages, and +some general high-level guidance is given here. + +One major use of the OpenSSL thread API is to implement reference counting. +Many objects within OpenSSL are reference-counted, so resources are not +released, until the last reference is removed. +References are often increased automatically (such as when an B +certificate object is added into an B trust store). +There is often an B_up_ref>() function that can be used to increase +the reference count. +Failure to match B_up_ref>() calls with the right number of +B_free>() calls is a common source of memory leaks when a program +exits. + +Many objects have set and get API's to set attributes in the object. +A C passes ownership from the caller to the object and a +C returns a pointer but the attribute ownership +remains with the object and a reference to it is returned. +A C or C function does not change the ownership, but instead +updates the attribute's reference count so that the object is shared +between the caller and the object; the caller must free the returned +attribute when finished. +Functions that involve attributes that have reference counts themselves, +but are named with just C or C are historical; and the documentation +must state how the references are handled. +Get methods are often thread-safe as long as the ownership requirements are +met and shared objects are not modified. +Set methods, or modifying shared objects, are generally not thread-safe +as discussed below. + +Objects are thread-safe +as long as the API's being invoked don't modify the object; in this +case the parameter is usually marked in the API as C. +Not all parameters are marked this way. +Note that a C declaration does not mean immutable; for example +L takes pointers to C objects, but the implementation +uses a C cast to remove that so it can lock objects, generate and cache +a DER encoding, and so on. + +Another instance of thread-safety is when updates to an object's +internal state, such as cached values, are done with locks. +One example of this is the reference counting API's described above. + +In all cases, however, it is generally not safe for one thread to +mutate an object, such as setting elements of a private or public key, +while another thread is using that object, such as verifying a signature. + +The same API's can usually be used simultaneously on different objects +without interference. +For example, two threads can calculate a signature using two different +B objects. + +For implicit global state or singletons, thread-safety depends on the facility. +The L and related API's have their own lock, +while L assumes the underlying platform allocation +will do any necessary locking. +Some API's, such as L and related, or L +do no locking at all; this can be considered a bug. + +A separate, although related,
[openssl] master update
The branch master has been updated via 0434f9841d45dee081c64ea3aba794a922787ece (commit) from 3bc061eb0a990a95d35c462b9206bdf74905cfa2 (commit) - Log - commit 0434f9841d45dee081c64ea3aba794a922787ece Author: Daniel Bevenius Date: Wed Jan 13 15:30:20 2021 +0100 Correct typo in rsa_oaep.c Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13861) --- Summary of changes: crypto/rsa/rsa_oaep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index f47369a1af..66f2ae40c2 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -45,7 +45,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, } /* - * Perform ihe padding as per NIST 800-56B 7.2.2.3 + * Perform the padding as per NIST 800-56B 7.2.2.3 * from (K) is the key material. * param (A) is the additional input. * Step numbers are included here but not in the constant time inverse below
[openssl] master update
The branch master has been updated
via 8bc5b0a570c8a2c9886a3cae9dea2016d510578d (commit)
from 2ed63033e46953d0d95ff100c1334da7cc32c49b (commit)
- Log -
commit 8bc5b0a570c8a2c9886a3cae9dea2016d510578d
Author: Tomas Mraz
Date: Tue Jan 12 16:53:33 2021 +0100
chacha20: Properly reinitialize the cipher context with NULL key
Same for chacha20-poly1305.
The test_cipher_reinit and test_cipher_reinit_partialupdate is modified
to test this case of cipher context reinitialization.
Fixes #13064
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/13850)
---
Summary of changes:
.../implementations/ciphers/cipher_chacha20_hw.c | 1 +
.../ciphers/cipher_chacha20_poly1305_hw.c | 6
test/evp_libctx_test.c | 36 --
3 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/providers/implementations/ciphers/cipher_chacha20_hw.c
b/providers/implementations/ciphers/cipher_chacha20_hw.c
index 06cb6b12d3..4ce4af0906 100644
--- a/providers/implementations/ciphers/cipher_chacha20_hw.c
+++ b/providers/implementations/ciphers/cipher_chacha20_hw.c
@@ -34,6 +34,7 @@ static int chacha20_initiv(PROV_CIPHER_CTX *bctx)
for (i = 0; i < CHACHA_CTR_SIZE; i += 4)
ctx->counter[i / 4] = CHACHA_U8TOU32(bctx->oiv + i);
}
+ctx->partial_len = 0;
return 1;
}
diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
index 65f0fe1ee8..55a57de726 100644
--- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
+++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
@@ -79,6 +79,12 @@ static int chacha20_poly1305_initiv(PROV_CIPHER_CTX *bctx)
unsigned char tempiv[CHACHA_CTR_SIZE] = { 0 };
int ret = 1;
+ctx->len.aad = 0;
+ctx->len.text = 0;
+ctx->aad = 0;
+ctx->mac_inited = 0;
+ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
/* pad on the left */
if (ctx->nonce_len <= CHACHA_CTR_SIZE) {
memcpy(tempiv + CHACHA_CTR_SIZE - ctx->nonce_len, bctx->oiv,
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
index c306bd9a16..66d2d4cddb 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -295,11 +295,13 @@ err:
static int test_cipher_reinit(int test_id)
{
-int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
+int ret = 0, diff, ccm, siv;
+int out1_len = 0, out2_len = 0, out3_len = 0;
EVP_CIPHER *cipher = NULL;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char out1[256];
unsigned char out2[256];
+unsigned char out3[256];
unsigned char in[16] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
@@ -330,6 +332,9 @@ static int test_cipher_reinit(int test_id)
/* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
+/* siv cannot be called with NULL key as the iv is irrelevant */
+siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
+
/* DES3-WRAP uses random every update - so it will give a different value
*/
diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
@@ -337,15 +342,21 @@ static int test_cipher_reinit(int test_id)
|| !TEST_true(EVP_EncryptUpdate(ctx, out1, _len, in, sizeof(in)))
|| !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
|| !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, _len, in,
sizeof(in)),
-ccm ? 0 : 1))
+ccm ? 0 : 1)
+|| !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
+|| !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, _len, in,
sizeof(in)),
+ccm || siv ? 0 : 1))
goto err;
if (ccm == 0) {
if (diff) {
-if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
+if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
+|| !TEST_mem_ne(out1, out1_len, out3, out3_len)
+|| !TEST_mem_ne(out2, out2_len, out3, out3_len))
goto err;
} else {
-if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
+if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
+|| (!siv && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
goto err;
}
}
@@ -364,11 +375,13 @@ err:
*/
static int test_cipher_reinit_partialupdate(int test_id)
{
-int ret = 0, out1_len = 0, out2_len = 0, in_len;
+int ret = 0, in_len;
+int out1_len = 0, out2_len = 0, out3_len = 0;
EVP_CIPHER *cipher = NULL;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char out1[256];
unsigned char
[tools] master update
The branch master has been updated
via bd6c6f78c080744a0092f04c04b7a38121ddcff3 (commit)
from 51ba5bc2c18780f94136c71800afc3cf8fd32d40 (commit)
- Log -
commit bd6c6f78c080744a0092f04c04b7a38121ddcff3
Author: Tomas Mraz
Date: Thu Jan 7 10:01:04 2021 +0100
addrev: Silence the git filter-branch warning message
Reviewed-by: Matt Caswell
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/tools/pull/81)
---
Summary of changes:
review-tools/addrev | 1 +
1 file changed, 1 insertion(+)
diff --git a/review-tools/addrev b/review-tools/addrev
index aa5215a..8f28b02 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -82,6 +82,7 @@ if ($useself) {
}
my $err = "/tmp/addrev$$";
+$ENV{FILTER_BRANCH_SQUELCH_WARNING} = 1;
system("git filter-branch -f --tag-name-filter cat --msg-filter \"gitaddrev
$args\" $filterargs || (echo addrev failed; exit 1)");
die if $?;
[openssl] master update
The branch master has been updated
via 48116c2d0fbb1db875e2bc703c08089bf3c5c5c3 (commit)
from 1df33351a732dac3c700b2de05d34f708e33 (commit)
- Log -
commit 48116c2d0fbb1db875e2bc703c08089bf3c5c5c3
Author: Agustin Gianni
Date: Fri Jan 8 16:04:05 2021 +0100
Fix incorrect use of BN_CTX API
In some edge cases BN_CTX_end was being called without first calling
BN_CTX_start. This creates a situation where the state of the big
number allocator is corrupted and may lead to crashes.
Fixes #13812
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13813)
---
Summary of changes:
crypto/bn/bn_prime.c | 6 --
crypto/bn/bn_sqrt.c | 5 -
crypto/bn/bn_x931p.c | 2 +-
crypto/ec/ec_mult.c | 5 -
4 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index a344d7df02..810f3c7b3d 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -145,8 +145,10 @@ int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
}
mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
-if (mods == NULL)
-goto err;
+if (mods == NULL) {
+ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE);
+return 0;
+}
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index e323a7f7ab..e0b21ab575 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -22,6 +22,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM
*p, BN_CTX *ctx)
int r;
BIGNUM *A, *b, *q, *t, *x, *y;
int e, i, j;
+int used_ctx = 0;
if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
if (BN_abs_is_word(p, 2)) {
@@ -57,6 +58,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM
*p, BN_CTX *ctx)
}
BN_CTX_start(ctx);
+used_ctx = 1;
A = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
@@ -353,7 +355,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const
BIGNUM *p, BN_CTX *ctx)
BN_clear_free(ret);
ret = NULL;
}
-BN_CTX_end(ctx);
+if (used_ctx)
+BN_CTX_end(ctx);
bn_check_top(ret);
return ret;
}
diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index 1e4d4991b2..bca7c9788e 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -174,7 +174,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits,
BN_CTX *ctx)
* exceeded.
*/
if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, ctx))
-goto err;
+return 0;
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 87b9eab604..98bcab2321 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -835,6 +835,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
EC_POINT **points = NULL;
EC_PRE_COMP *pre_comp;
int ret = 0;
+int used_ctx = 0;
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@@ -858,6 +859,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
goto err;
BN_CTX_start(ctx);
+used_ctx = 1;
order = EC_GROUP_get0_order(group);
if (order == NULL)
@@ -967,7 +969,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
ret = 1;
err:
-BN_CTX_end(ctx);
+if (used_ctx)
+BN_CTX_end(ctx);
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
[openssl] master update
The branch master has been updated
via 22aa4a3afb53984201c84970ec03b251d0117f00 (commit)
from d0afb30ef3950cacff50ec539e90073b95a276df (commit)
- Log -
commit 22aa4a3afb53984201c84970ec03b251d0117f00
Author: Billy Brumley
Date: Tue Jan 5 13:08:09 2021 +0200
[crypto/dh] side channel hardening for computing DH shared keys
Reviewed-by: Nicola Tuveri
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13783)
---
Summary of changes:
crypto/dh/dh_key.c | 34 +++---
doc/man3/DH_generate_key.pod | 27 +--
2 files changed, 52 insertions(+), 9 deletions(-)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 2e61ccbaa2..4535715367 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -86,26 +86,53 @@ static int compute_key(unsigned char *key, const BIGNUM
*pub_key, DH *dh)
goto err;
}
-ret = BN_bn2bin(tmp, key);
+/* return the padded key, i.e. same number of bytes as the modulus */
+ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->params.p));
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
+int ret = 0, i;
+volatile size_t npad = 0, mask = 1;
+
+/* compute the key; ret is constant unless compute_key is external */
#ifdef FIPS_MODULE
-return compute_key(key, pub_key, dh);
+ret = compute_key(key, pub_key, dh);
#else
-return dh->meth->compute_key(key, pub_key, dh);
+ret = dh->meth->compute_key(key, pub_key, dh);
#endif
+if (ret <= 0)
+return ret;
+
+/* count leading zero bytes, yet still touch all bytes */
+for (i = 0; i < ret; i++) {
+mask &= !key[i];
+npad += mask;
+}
+
+/* unpad key */
+ret -= npad;
+/* key-dependent memory access, potentially leaking npad / ret */
+memmove(key, key + npad, ret);
+/* key-dependent memory access, potentially leaking npad / ret */
+memset(key + ret, 0, npad);
+
+return ret;
}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
+/* rv is constant unless compute_key is external */
#ifdef FIPS_MODULE
rv = compute_key(key, pub_key, dh);
#else
@@ -114,6 +141,7 @@ int DH_compute_key_padded(unsigned char *key, const BIGNUM
*pub_key, DH *dh)
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->params.p) - rv;
+/* pad is constant (zero) unless compute_key is external */
if (pad > 0) {
memmove(key + pad, key, rv);
memset(key, 0, pad);
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index 7cc9e84a44..c5b58615e0 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -2,7 +2,8 @@
=head1 NAME
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+DH_generate_key, DH_compute_key, DH_compute_key_padded - perform
+Diffie-Hellman key exchange
=head1 SYNOPSIS
@@ -14,18 +15,20 @@ L:
int DH_generate_key(DH *dh);
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
-Both of the functions described on this page are deprecated.
+All of the functions described on this page are deprecated.
Applications should instead use L
and L.
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
+DH_compute_key() or DH_compute_key_padded(), these are combined with
+the other party's public value to compute the shared key.
DH_generate_key() expects B to contain the shared parameters
Bp> and Bg>. It generates a random private DH value
@@ -36,6 +39,14 @@ published.
DH_compute_key() computes the shared secret from the private DH value
in B and the other party's public value in B and stores
it in B. B must point to B bytes of memory.
+The padding style is RFC 5246 (8.1.2) that strips leading zero bytes.
+It is not constant time due to the leading zero bytes being stripped.
+The return value should be considered public.
+
+DH_compute_key_padded() is similar but stores a fixed number of bytes.
+The padding style is NIST SP 800-56A (C.1) that retains leading zero bytes.
+It is constant time due to the leading zero bytes being retained.
+The return value should be considered public.
=head1 RETURN VALUES
@@ -44,6 +55,8 @@
[openssl] master update
The branch master has been updated
via 3d0b6494d5a973d516e0944bc02b22385fca318a (commit)
via 981b4b95721907384f4add9de72bf90e0ba39288 (commit)
via 1c47539a2331ff0b58a4e8663bcc6db0dc2c6449 (commit)
via c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9 (commit)
from a86add03abf7ebdf63d79971b9feb396931b8697 (commit)
- Log -
commit 3d0b6494d5a973d516e0944bc02b22385fca318a
Author: Otto Hollmann
Date: Tue Oct 20 12:47:55 2020 +0200
Remove extra space.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12100)
commit 981b4b95721907384f4add9de72bf90e0ba39288
Author: Otto Hollmann
Date: Mon Oct 19 16:25:26 2020 +0200
Fixed error and return code.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12100)
commit 1c47539a2331ff0b58a4e8663bcc6db0dc2c6449
Author: Otto Hollmann
Date: Mon Oct 19 10:05:57 2020 +0200
Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12100)
commit c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9
Author: Otto Hollmann
Date: Tue Jun 9 15:50:12 2020 +0200
Fix set_ciphersuites ignore unknown ciphers.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12100)
---
Summary of changes:
CHANGES.md | 5 +
doc/man3/SSL_CTX_set_cipher_list.pod | 10 +-
ssl/ssl_ciph.c | 18 +-
3 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index a296406137..94bf750ffc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,11 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX ]
+ * Changed behavior of SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites()
+ to ignore unknown ciphers.
+
+ *Otto Hollmann*
+
* The -cipher-commands and -digest-commands options of the command line
utility list has been deprecated.
Instead use the -cipher-algorithms and -digest-algorithms options.
diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod
b/doc/man3/SSL_CTX_set_cipher_list.pod
index 2fdebdf51d..c2786295b7 100644
--- a/doc/man3/SSL_CTX_set_cipher_list.pod
+++ b/doc/man3/SSL_CTX_set_cipher_list.pod
@@ -65,11 +65,11 @@ cipher string for TLSv1.3 ciphersuites.
=head1 NOTES
-The control string B for SSL_CTX_set_cipher_list() and
-SSL_set_cipher_list() should be universally usable and not depend
-on details of the library configuration (ciphers compiled in). Thus no
-syntax checking takes place. Items that are not recognized, because the
-corresponding ciphers are not compiled in or because they are mistyped,
+The control string B for SSL_CTX_set_cipher_list(), SSL_set_cipher_list(),
+SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() should be universally
+usable and not depend on details of the library configuration (ciphers compiled
+in). Thus no syntax checking takes place. Items that are not recognized,
because
+the corresponding ciphers are not compiled in or because they are mistyped,
are simply ignored. Failure is only flagged if no ciphers could be collected
at all.
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 64ecc543ba..6c77cd3d40 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1288,19 +1288,17 @@ static int ciphersuite_cb(const char *elem, int len,
void *arg)
/* Arbitrary sized temp buffer for the cipher name. Should be big enough */
char name[80];
-if (len > (int)(sizeof(name) - 1)) {
-ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
-return 0;
-}
+if (len > (int)(sizeof(name) - 1))
+/* Anyway return 1 so we can parse rest of the list */
+return 1;
memcpy(name, elem, len);
name[len] = '\0';
cipher = ssl3_get_cipher_by_std_name(name);
-if (cipher == NULL) {
-ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
-return 0;
-}
+if (cipher == NULL)
+/* Ciphersuite not found but return 1 to parse rest of the list */
+return 1;
if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
@@ -1319,7 +1317,9 @@ static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER)
**currciphers, const cha
/* Parse the list. We explicitly allow an empty list */
if (*str != '\0'
-&& !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
+&& (CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers) <= 0
+|| sk_SSL_CIPHER_num(newciphers) == 0)) {
+ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via a953f26dba5dadf8ac69c6fcbf71ebe3efba9407 (commit)
from 80d5badd8fa7dcc7dffc88745376df53161e392a (commit)
- Log -
commit a953f26dba5dadf8ac69c6fcbf71ebe3efba9407
Author: Ole André Vadla Ravnås
Date: Wed Dec 30 22:14:23 2020 +0100
poly1305/asm/poly1305-armv4.pl: fix Clang compatibility issue
I.e.:
error: out of range immediate fixup value
This fix is identical to one of the changes made in 3405db9, which I
discovered right after taking a quick stab at fixing this.
CLA: trivial
Fixes #7878
Reviewed-by: Kurt Roeckx
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13757)
---
Summary of changes:
crypto/poly1305/asm/poly1305-armv4.pl | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/crypto/poly1305/asm/poly1305-armv4.pl
b/crypto/poly1305/asm/poly1305-armv4.pl
index f77e1170f6..0a4fe55d98 100755
--- a/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/poly1305/asm/poly1305-armv4.pl
@@ -133,10 +133,10 @@ poly1305_init:
# ifdef __thumb2__
itete eq
# endif
- addeq r12,r11,#(poly1305_emit-.Lpoly1305_init)
- addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init)
- addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init)
- addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init)
+ addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init)
+ addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init)
+ addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init)
+ addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init)
# endif
# ifdef__thumb2__
orr r12,r12,#1 @ thumb-ify address
@@ -352,6 +352,7 @@ $code.=<<___;
.type poly1305_emit,%function
.align 5
poly1305_emit:
+.Lpoly1305_emit:
stmdb sp!,{r4-r11}
.Lpoly1305_emit_enter:
@@ -671,6 +672,7 @@ poly1305_init_neon:
.type poly1305_blocks_neon,%function
.align 5
poly1305_blocks_neon:
+.Lpoly1305_blocks_neon:
ldr ip,[$ctx,#36] @ is_base2_26
ands$len,$len,#-16
beq .Lno_data_neon
@@ -1157,6 +1159,7 @@ poly1305_blocks_neon:
.type poly1305_emit_neon,%function
.align 5
poly1305_emit_neon:
+.Lpoly1305_emit_neon:
ldr ip,[$ctx,#36] @ is_base2_26
stmdb sp!,{r4-r11}
[openssl] master update
The branch master has been updated
via 7c0e98a5c40806ff9dde15cf4a619cc931800fd9 (commit)
from 7fd1ca723a06739e76a17d1065ac94bcfcfc4f9f (commit)
- Log -
commit 7c0e98a5c40806ff9dde15cf4a619cc931800fd9
Author: David CARLIER
Date: Mon Jan 4 16:42:47 2021 +
Mac M1 setting change proposal.
Running tests takes very long with the current setting while it takes a
lot shorter time with this change.
Reviewed-by: Ben Kaduk
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13771)
---
Summary of changes:
Configurations/10-main.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 5f672fbb77..ef892b555a 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1623,7 +1623,7 @@ my %targets = (
cflags => add("-arch arm64"),
lib_cppflags => add("-DL_ENDIAN"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
-asm_arch => 'aarch64_asm',
+asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
[openssl] master update
The branch master has been updated
via b043c41c0059786eb78492fb64217053272ef37d (commit)
via b2d14651533897b709208e633d4b4f590e0eff1c (commit)
from 2c61a670ebf2f1923a3bd2ef0ee4b2fa6261eaeb (commit)
- Log -
commit b043c41c0059786eb78492fb64217053272ef37d
Author: Etienne Millon
Date: Mon Jan 4 11:33:55 2021 +0100
28-seclevel.cnf.in: fix typo in algo name
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13768)
commit b2d14651533897b709208e633d4b4f590e0eff1c
Author: Etienne Millon
Date: Mon Jan 4 11:28:36 2021 +0100
EVP_SIGNATURE-ED25519.pod: fix typo in algo name
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13768)
---
Summary of changes:
doc/man7/EVP_SIGNATURE-ED25519.pod | 2 +-
test/ssl-tests/28-seclevel.cnf.in | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/man7/EVP_SIGNATURE-ED25519.pod
b/doc/man7/EVP_SIGNATURE-ED25519.pod
index bb91ae2434..e2fc31f724 100644
--- a/doc/man7/EVP_SIGNATURE-ED25519.pod
+++ b/doc/man7/EVP_SIGNATURE-ED25519.pod
@@ -15,7 +15,7 @@ one-shot digest sign and digest verify using PureEdDSA and
B or B be specified
when
diff --git a/test/ssl-tests/28-seclevel.cnf.in
b/test/ssl-tests/28-seclevel.cnf.in
index ebb082c0af..b7b96e87b7 100644
--- a/test/ssl-tests/28-seclevel.cnf.in
+++ b/test/ssl-tests/28-seclevel.cnf.in
@@ -34,7 +34,7 @@ our @tests_ec = (
test => { "ExpectedResult" => "Success" },
},
{
-# The Ed488 signature algorithm will not be enabled.
+# The Ed448 signature algorithm will not be enabled.
# Because of the config order, the certificate is first loaded, and
# then the security level is chaged. If you try this with s_server
# the order will be reversed and it will instead fail to load the key.
@@ -47,7 +47,7 @@ our @tests_ec = (
test => { "ExpectedResult" => "ServerFail" },
},
{
-# The client will not sent the Ed488 signature algorithm, so the server
+# The client will not sent the Ed448 signature algorithm, so the server
# doesn't have a useable signature algorithm for the certificate.
name => "SECLEVEL 5 client with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 64a1b940d2b640e5edf0feae90e81bbb6b4941e7 (commit)
from 5a5d87a936ceeca1648288e1efe4296687193b16 (commit)
- Log -
commit 64a1b940d2b640e5edf0feae90e81bbb6b4941e7
Author: Ingo Schwarze
Date: Fri Jun 5 00:30:00 2020 +0200
Fix NULL pointer access caused by X509_ATTRIBUTE_create()
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return
failure rather than silently constructing a broken X509_ATTRIBUTE object
that might cause NULL pointer accesses later on. This matters because
X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3)
and the NID comes straight from the user.
This bug was found while working on LibreSSL documentation.
Reviewed-by: Theo Buehler
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12052)
(cherry picked from commit c4b2c53fadb158bee34aef90d5a7d500aead1f70)
---
Summary of changes:
crypto/x509/x_attrib.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 813c5b01c3..7342c4f6bc 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype,
void *value)
{
X509_ATTRIBUTE *ret = NULL;
ASN1_TYPE *val = NULL;
+ASN1_OBJECT *oid;
+if ((oid = OBJ_nid2obj(nid)) == NULL)
+return NULL;
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return NULL;
-ret->object = OBJ_nid2obj(nid);
+ret->object = oid;
if ((val = ASN1_TYPE_new()) == NULL)
goto err;
if (!sk_ASN1_TYPE_push(ret->set, val))
[openssl] master update
The branch master has been updated
via c4b2c53fadb158bee34aef90d5a7d500aead1f70 (commit)
from 7a7ed5fc7978309c997804e174914a03d786 (commit)
- Log -
commit c4b2c53fadb158bee34aef90d5a7d500aead1f70
Author: Ingo Schwarze
Date: Fri Jun 5 00:30:00 2020 +0200
Fix NULL pointer access caused by X509_ATTRIBUTE_create()
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return
failure rather than silently constructing a broken X509_ATTRIBUTE object
that might cause NULL pointer accesses later on. This matters because
X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3)
and the NID comes straight from the user.
This bug was found while working on LibreSSL documentation.
Reviewed-by: Theo Buehler
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12052)
---
Summary of changes:
crypto/x509/x_attrib.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 5c5e608173..5c7e622d1a 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype,
void *value)
{
X509_ATTRIBUTE *ret = NULL;
ASN1_TYPE *val = NULL;
+ASN1_OBJECT *oid;
+if ((oid = OBJ_nid2obj(nid)) == NULL)
+return NULL;
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return NULL;
-ret->object = OBJ_nid2obj(nid);
+ret->object = oid;
if ((val = ASN1_TYPE_new()) == NULL)
goto err;
if (!sk_ASN1_TYPE_push(ret->set, val))
[openssl] master update
The branch master has been updated
via 7a7ed5fc7978309c997804e174914a03d786 (commit)
from 3a1ee3c1993c588a22cb80f1d0eb6237f83a1560 (commit)
- Log -
commit 7a7ed5fc7978309c997804e174914a03d786
Author: jwalch
Date: Tue Dec 15 15:00:11 2020 -0500
Restore v2i_AUTHORITY_INFO_ACCESS() behavior
Fixes #13636
Reviewed-by: Ben Kaduk
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13683)
---
Summary of changes:
crypto/x509/v3_info.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c
index 003f3ce172..053e591088 100644
--- a/crypto/x509/v3_info.c
+++ b/crypto/x509/v3_info.c
@@ -108,7 +108,7 @@ static AUTHORITY_INFO_ACCESS
*v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
ACCESS_DESCRIPTION *acc;
int i;
const int num = sk_CONF_VALUE_num(nval);
-char *ptmp;
+char *objtmp, *ptmp;
if ((ainfo = sk_ACCESS_DESCRIPTION_new_reserve(NULL, num)) == NULL) {
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
@@ -130,12 +130,18 @@ static AUTHORITY_INFO_ACCESS
*v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
ctmp.value = cnf->value;
if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, , 0))
goto err;
-acc->method = OBJ_txt2obj(cnf->value, 0);
+if ((objtmp = OPENSSL_strndup(cnf->name, ptmp - cnf->name)) == NULL) {
+ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+goto err;
+}
+acc->method = OBJ_txt2obj(objtmp, 0);
if (!acc->method) {
ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_OBJECT,
- "value=%s", cnf->value);
+ "value=%s", objtmp);
+OPENSSL_free(objtmp);
goto err;
}
+OPENSSL_free(objtmp);
}
return ainfo;
err:
[openssl] master update
The branch master has been updated
via a5f2782ceca7af2480c86562e8952b2980251e4e (commit)
from 5faec149c6af2e4269bc7e0b381c466619ed19a7 (commit)
- Log -
commit a5f2782ceca7af2480c86562e8952b2980251e4e
Author: Petr Gotthard
Date: Thu Dec 17 20:13:00 2020 +0100
Fix OSSL_PARAM creation in OSSL_STORE_open_ex
The params[0].data is set to a non-NULL value, but params[0].data_size
is always zero. This confuses get_string_internal, which creates 1 byte
string with uninitialized content.
When OSSL_PARAM_construct_utf8_string is used, the data_size is set
correctly.
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13699)
---
Summary of changes:
crypto/store/store_lib.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index c59c508be1..5d0b3e7397 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -103,13 +103,12 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx,
const char *propq,
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
} else if (propq != NULL) {
-OSSL_PARAM params[] = {
-OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
- NULL, 0),
-OSSL_PARAM_END
-};
+OSSL_PARAM params[2];
+
+params[0] = OSSL_PARAM_construct_utf8_string(
+OSSL_STORE_PARAM_PROPERTIES, (char *)propq, 0);
+params[1] = OSSL_PARAM_construct_end();
-params[0].data = (void *)propq;
if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
(void)fetched_loader->p_close(loader_ctx);
OSSL_STORE_LOADER_free(fetched_loader);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 3b5edb4a8c7c3af0697829425e6d44548dddfcbc (commit) from 69daea54fd88b8027bfce28af746e54e316a0a2b (commit) - Log - commit 3b5edb4a8c7c3af0697829425e6d44548dddfcbc Author: Rich Salz Date: Wed Dec 16 10:32:20 2020 -0500 Document OCSP_REQ_CTX_i2d. This is a backport of the documentation from #13620. Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13691) --- Summary of changes: doc/man3/OCSP_sendreq_new.pod | 28 +++- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod index 16d5a21dfc..65bdde88a2 100644 --- a/doc/man3/OCSP_sendreq_new.pod +++ b/doc/man3/OCSP_sendreq_new.pod @@ -2,9 +2,15 @@ =head1 NAME -OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, -OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, -OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions +OCSP_sendreq_new, +OCSP_sendreq_nbio, +OCSP_REQ_CTX_free, +OCSP_set_max_response_length, +OCSP_REQ_CTX_add1_header, +OCSP_REQ_CTX_set1_req, +OCSP_sendreq_bio, +OCSP_REQ_CTX_i2d +- OCSP responder query functions =head1 SYNOPSIS @@ -26,6 +32,9 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); + int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type, + const ASN1_ITEM *it, ASN1_VALUE *req); + =head1 DESCRIPTION The function OCSP_sendreq_new() returns an B structure using the @@ -51,6 +60,15 @@ additional headers are set. OCSP_REQ_CTX_set1_req() sets the OCSP request in B to B. This function should be called after any calls to OCSP_REQ_CTX_add1_header(). +OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following: + + OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request", +ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req) + +OCSP_REQ_CTX_i2d() sets the request context B to have the request +B, which has the ASN.1 type B. +The B, if not NULL, will be included in the HTTP request. +The function should be called after all other headers have already been added. OCSP_sendreq_bio() performs an OCSP request using the responder B, the URL path B, and the OCSP request B with a response header maximum line @@ -64,8 +82,8 @@ an error occurred. OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully, B<-1> if the operation should be retried and B<0> if an error occurred. -OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success -and B<0> for failure. +OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_set1_req(), and OCSP_REQ_CTX_i2d() +return B<1> for success and B<0> for failure. OCSP_sendreq_bio() returns the B structure sent by the responder or B if an error occurred.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 69daea54fd88b8027bfce28af746e54e316a0a2b (commit) from d73c93625f47fe66ea5c77db6757c1c20229ba23 (commit) - Log - commit 69daea54fd88b8027bfce28af746e54e316a0a2b Author: Tomas Mraz Date: Wed Dec 16 09:39:31 2020 +0100 Github CI: run also on repository pushes Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/13686) (cherry picked from commit 4159ebca3cb3d9586d6709c7a0166a4af5676f91) --- Summary of changes: .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a00ed88098..6073ba29bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,6 @@ name: GitHub CI -on: [pull_request] +on: [pull_request, push] # for some reason, this does not work: # variables:
[tools] master update
The branch master has been updated
via 51ba5bc2c18780f94136c71800afc3cf8fd32d40 (commit)
from 6305ba8fded75d8dcc410caae0a22c712228b721 (commit)
- Log -
commit 51ba5bc2c18780f94136c71800afc3cf8fd32d40
Author: Tomas Mraz
Date: Tue Dec 8 16:51:04 2020 +0100
ghmerge: Pass --tools and --web to addrev
Reviewed-by: Paul Dale
Reviewed-by: David von Oheimb
(Merged from https://github.com/openssl/tools/pull/80)
---
Summary of changes:
review-tools/ghmerge | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index 02ab06e..06f6bfa 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -28,7 +28,7 @@ Examples:
set -o errexit
-WHAT=openssl
+WHAT=""
PICK=no
INTERACTIVE=yes
AUTOSQUASH="--autosquash"
@@ -116,6 +116,12 @@ while [ $# -ne 0 ]; do
;;
esac
done
+
+if [ "$WHAT" = "" ] ; then
+WHAT="openssl"
+else
+ADDREVOPTS="$ADDREVOPTS --$WHAT"
+fi
ADDREVOPTS=${ADDREVOPTS# } # chop any leading ' '
[ "$REMOTE" = "" ] && REMOTE=`git remote -v | awk '/git.openssl.org.*(push)/{
print $1; }' | head -n 1` # usually this will be 'upstream'
[openssl] master update
The branch master has been updated
via 021410ea3fc3876538830839d16b67e610d12785 (commit)
from c678f68a19638c1e2bbfee6a7a1d8d728976ce66 (commit)
- Log -
commit 021410ea3fc3876538830839d16b67e610d12785
Author: Rich Salz
Date: Sat Nov 28 16:12:58 2020 -0500
Check non-option arguments
Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.
Made all error messages consistent (which is to say, minimal).
Fixes: #13527
Reviewed-by: Shane Lontis
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13563)
---
Summary of changes:
apps/asn1pars.c| 2 ++
apps/ca.c | 2 ++
apps/ciphers.c | 5 +++--
apps/cmp.c | 32 +++-
apps/cms.c | 2 ++
apps/crl.c | 2 ++
apps/crl2p7.c | 2 ++
apps/dgst.c| 2 ++
apps/dhparam.c | 10 --
apps/dsa.c | 2 ++
apps/dsaparam.c| 12
apps/ec.c | 2 ++
apps/ecparam.c | 2 ++
apps/enc.c | 7 ---
apps/engine.c | 2 +-
apps/errstr.c | 15 +--
apps/fipsinstall.c | 9 ++---
apps/gendsa.c | 8 +---
apps/genpkey.c | 2 ++
apps/genrsa.c | 2 ++
apps/info.c| 4 +---
apps/kdf.c | 7 +++
apps/list.c| 6 +++---
apps/mac.c | 7 +++
apps/nseq.c| 2 ++
apps/ocsp.c| 9 ++---
apps/openssl.c | 1 +
apps/passwd.c | 3 ++-
apps/pkcs12.c | 6 --
apps/pkcs7.c | 2 ++
apps/pkcs8.c | 2 ++
apps/pkey.c| 2 ++
apps/pkeyparam.c | 2 ++
apps/pkeyutl.c | 2 ++
apps/prime.c | 8 +++-
apps/rand.c| 7 ---
apps/rehash.c | 2 ++
apps/req.c | 2 ++
apps/rsa.c | 2 ++
apps/rsautl.c | 2 ++
apps/s_client.c| 35 ++-
apps/s_server.c| 5 -
apps/s_time.c | 2 ++
apps/sess_id.c | 2 ++
apps/smime.c | 9 +++--
apps/speed.c | 3 ++-
apps/spkac.c | 2 ++
apps/srp.c | 2 ++
apps/storeutl.c| 11 +++
apps/ts.c | 5 -
apps/verify.c | 3 +++
apps/version.c | 8 +---
apps/x509.c| 7 +++
53 files changed, 188 insertions(+), 106 deletions(-)
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index ae47aa8efc..798e8d1668 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -157,6 +157,8 @@ int asn1parse_main(int argc, char **argv)
break;
}
}
+
+/* No extra args. */
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
diff --git a/apps/ca.c b/apps/ca.c
index 82b008cbce..2772072b79 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -488,7 +488,9 @@ opthelp:
break;
}
}
+
end_of_options:
+/* Remaining args are files to certify. */
argc = opt_num_rest();
argv = opt_rest();
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 500b416046..3afbbe5002 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -176,11 +176,12 @@ int ciphers_main(int argc, char **argv)
break;
}
}
+
+/* Optional arg is cipher name. */
argv = opt_rest();
argc = opt_num_rest();
-
if (argc == 1)
-ciphers = *argv;
+ciphers = argv[0];
else if (argc != 0)
goto opthelp;
diff --git a/apps/cmp.c b/apps/cmp.c
index d57c67c644..b830b6a3c5 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2289,7 +2289,9 @@ static int get_opts(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
-goto opt_err;
+ opthelp:
+BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+return 0;
case OPT_HELP:
opt_help(cmp_options);
return -1;
@@ -2311,11 +2313,11 @@ static int get_opts(int argc, char **argv)
break;
case OPT_MSG_TIMEOUT:
if ((opt_msg_timeout = opt_nat()) < 0)
-goto opt_err;
+goto opthelp;
break;
case OPT_TOTAL_TIMEOUT:
if ((opt_total_timeout = opt_nat()) < 0)
-goto opt_err;
+goto opthelp;
break;
case OPT_TLS_USED:
opt_tls_used = 1;
@@ -2399,7 +2401,7 @@ static int get_opts(int argc, char **argv)
case OPT_V_CASES:
if (!opt_verify(o, vpm))
-goto opt_err;
+goto opthelp;
break;
case OPT_CMD:
opt_cmd_s = opt_str("cmd");
@@ -2425,7 +2427,7 @@ static int get_opts(int argc, char **argv)
break;
case OPT_DAYS:
if ((opt_days = opt_nat()) < 0)
-goto
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via d73c93625f47fe66ea5c77db6757c1c20229ba23 (commit)
from ad8e83cf11187388c71cfbdb70880d9e7ed26e0e (commit)
- Log -
commit d73c93625f47fe66ea5c77db6757c1c20229ba23
Author: Sebastian Andrzej Siewior
Date: Sun Jul 5 20:52:39 2020 +0200
Configurations: PowerPC is big endian
Define B_ENDIAN on PowerPC because it is a big endian architecture. With
this change the BN* related tests pass.
Fixes: #12199
Signed-off-by: Sebastian Andrzej Siewior
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12371)
(cherry picked from commit 52c6c12c1cad6f1046b34f4139d1aa3e967a5530)
---
Summary of changes:
Configurations/10-main.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index cea4feb9a0..8dc3e858df 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -663,6 +663,7 @@ my %targets = (
"linux-ppc" => {
inherit_from => [ "linux-generic32", asm("ppc32_asm") ],
perlasm_scheme => "linux32",
+lib_cppflags => add("-DB_ENDIAN"),
},
"linux-ppc64" => {
inherit_from => [ "linux-generic64", asm("ppc64_asm") ],
[openssl] master update
The branch master has been updated
via 52c6c12c1cad6f1046b34f4139d1aa3e967a5530 (commit)
from 3dafbd4468b6be4ee5228f1a1ba44c8826eff32d (commit)
- Log -
commit 52c6c12c1cad6f1046b34f4139d1aa3e967a5530
Author: Sebastian Andrzej Siewior
Date: Sun Jul 5 20:52:39 2020 +0200
Configurations: PowerPC is big endian
Define B_ENDIAN on PowerPC because it is a big endian architecture. With
this change the BN* related tests pass.
Fixes: #12199
Signed-off-by: Sebastian Andrzej Siewior
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12371)
---
Summary of changes:
Configurations/10-main.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index d7580bf3e1..5f672fbb77 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -706,6 +706,7 @@ my %targets = (
inherit_from => [ "linux-generic32" ],
asm_arch => 'ppc32',
perlasm_scheme => "linux32",
+lib_cppflags => add("-DB_ENDIAN"),
},
"linux-ppc64" => {
inherit_from => [ "linux-generic64" ],
[openssl] master update
The branch master has been updated via 5ea64b456b1a27ae046f23d632a968a7583bb9eb (commit) from 6582661f7b369c3ce7edab5fea2529de5f2fb408 (commit) - Log - commit 5ea64b456b1a27ae046f23d632a968a7583bb9eb Author: Fangming.Fang Date: Tue Apr 28 02:33:50 2020 + Read MIDR_EL1 system register on aarch64 MIDR_EL1 system register exposes microarchitecture information so that people can make micro-arch related optimization such as exposing as much instruction level parallelism as possible. MIDR_EL1 register can be read only if HWCAP_CPUID feature is supported. Change-Id: Iabb8a36c5d31b184dba6399f378598058d394d4e Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11744) --- Summary of changes: crypto/arm64cpuid.pl | 7 +++ crypto/arm_arch.h| 44 crypto/armcap.c | 11 +++ 3 files changed, 62 insertions(+) diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl index 0eadcc43f2..ac76dd449f 100755 --- a/crypto/arm64cpuid.pl +++ b/crypto/arm64cpuid.pl @@ -81,6 +81,13 @@ _armv8_sha512_probe: ret .size _armv8_sha512_probe,.-_armv8_sha512_probe +.globl _armv8_cpuid_probe +.type _armv8_cpuid_probe,%function +_armv8_cpuid_probe: + mrs x0, midr_el1 + ret +.size _armv8_cpuid_probe,.-_armv8_cpuid_probe + .globl OPENSSL_cleanse .type OPENSSL_cleanse,%function .align 5 diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index 2d279d6459..d98154bddb 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -71,6 +71,7 @@ # ifndef __ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; +extern unsigned int OPENSSL_arm_midr; # endif # define ARMV7_NEON (1<<0) @@ -80,5 +81,48 @@ extern unsigned int OPENSSL_armcap_P; # define ARMV8_SHA256(1<<4) # define ARMV8_PMULL (1<<5) # define ARMV8_SHA512(1<<6) +# define ARMV8_CPUID (1<<7) +/* + * MIDR_EL1 system register + * + * 63___ _ ___32_31___ _ ___24_23_20_19_16_15__ _ __4_3___0 + * || | | | || + * |RES0| Implementer | Variant | Arch| PartNum |Revision| + * | _ _|_ _ _|_|___ _| _ ___|| + * + */ + +# define ARM_CPU_IMP_ARM 0x41 + +# define ARM_CPU_PART_CORTEX_A72 0xD08 +# define ARM_CPU_PART_N1 0xD0C + +# define MIDR_PARTNUM_SHIFT 4 +# define MIDR_PARTNUM_MASK(0xfff << MIDR_PARTNUM_SHIFT) +# define MIDR_PARTNUM(midr) \ + (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) + +# define MIDR_IMPLEMENTER_SHIFT 24 +# define MIDR_IMPLEMENTER_MASK(0xff << MIDR_IMPLEMENTER_SHIFT) +# define MIDR_IMPLEMENTER(midr) \ + (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) + +# define MIDR_ARCHITECTURE_SHIFT 16 +# define MIDR_ARCHITECTURE_MASK (0xf << MIDR_ARCHITECTURE_SHIFT) +# define MIDR_ARCHITECTURE(midr) \ + (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) + +# define MIDR_CPU_MODEL_MASK \ + (MIDR_IMPLEMENTER_MASK | \ +MIDR_PARTNUM_MASK | \ +MIDR_ARCHITECTURE_MASK) + +# define MIDR_CPU_MODEL(imp, partnum) \ + (((imp) << MIDR_IMPLEMENTER_SHIFT) | \ +(0xf << MIDR_ARCHITECTURE_SHIFT) | \ +((partnum) << MIDR_PARTNUM_SHIFT)) + +# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ + (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum)) #endif diff --git a/crypto/armcap.c b/crypto/armcap.c index 70d2719ba7..7bd82f8ebc 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -18,6 +18,7 @@ #include "arm_arch.h" unsigned int OPENSSL_armcap_P = 0; +unsigned int OPENSSL_arm_midr = 0; #if __ARM_MAX_ARCH__<7 void OPENSSL_cpuid_setup(void) @@ -48,6 +49,7 @@ void _armv8_sha256_probe(void); void _armv8_pmull_probe(void); # ifdef __aarch64__ void _armv8_sha512_probe(void); +unsigned int _armv8_cpuid_probe(void); # endif uint32_t _armv7_tick(void); @@ -95,6 +97,7 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); # define HWCAP_CE_PMULL (1 << 4) # define HWCAP_CE_SHA1 (1 << 5) # define HWCAP_CE_SHA256(1 << 6) +# define HWCAP_CPUID(1 << 11) # define HWCAP_CE_SHA512(1 << 21) # endif @@ -155,6 +158,9 @@ void OPENSSL_cpuid_setup(void) # ifdef __aarch64__ if (hwcap & HWCAP_CE_SHA512) OPENSSL_armcap_P |= ARMV8_SHA512; + +if (hwcap & HWCAP_CPUID) +OPENSSL_armcap_P |= ARMV8_CPUID; # endif } # endif @@ -210,5 +216,10 @@ void OPENSSL_cpuid_setup(void) sigaction(SIGILL, _oact, NULL); sigprocmask(SIG_SETMASK, , NULL); + +# ifdef __aarch64__ +if (OPENSSL_armcap_P &
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 7da3894c70ce0d6641f345a23ee9de0082cb (commit)
from 5daa28ad7041a0def79e14a0e845f407e6f04f7e (commit)
- Log -
commit 7da3894c70ce0d6641f345a23ee9de0082cb
Author: Tomas Mraz
Date: Tue Dec 8 17:45:32 2020 +0100
v3nametest: Make the gennames structure static
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/13635)
(cherry picked from commit 7eea331eabe8b0a7ce03c9602a2bc72e9ddfe676)
---
Summary of changes:
test/v3nametest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/v3nametest.c b/test/v3nametest.c
index b6832a00fc..d1852190b8 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -359,7 +359,7 @@ static int call_run_cert(int i)
return failed == 0;
}
-struct gennamedata {
+static struct gennamedata {
const unsigned char der[22];
size_t derlen;
} gennames[] = {
[openssl] master update
The branch master has been updated
via 7eea331eabe8b0a7ce03c9602a2bc72e9ddfe676 (commit)
from 74c8dd1c516c7017477a205fd1f5f975cfa86722 (commit)
- Log -
commit 7eea331eabe8b0a7ce03c9602a2bc72e9ddfe676
Author: Tomas Mraz
Date: Tue Dec 8 17:45:32 2020 +0100
v3nametest: Make the gennames structure static
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/13635)
---
Summary of changes:
test/v3nametest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/v3nametest.c b/test/v3nametest.c
index cdf0472387..e1eeb75f2f 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -359,7 +359,7 @@ static int call_run_cert(int i)
return failed == 0;
}
-struct gennamedata {
+static struct gennamedata {
const unsigned char der[22];
size_t derlen;
} gennames[] = {
[openssl] master update
The branch master has been updated
via 8d4b5260d22cc05894d606edd6cfc524661ab6e9 (commit)
via 27db6118722a8af928aa6e4d1be865fa46fb0f0c (commit)
from c60b5723194952d2e4bbfc1e4a3eb07b7581edd9 (commit)
- Log -
commit 8d4b5260d22cc05894d606edd6cfc524661ab6e9
Author: David Carlier
Date: Fri Nov 13 10:16:55 2020 +
Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap
call level.
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13394)
commit 27db6118722a8af928aa6e4d1be865fa46fb0f0c
Author: David Carlier
Date: Fri Nov 13 06:07:52 2020 +
CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc
dont-dump-region.
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13394)
---
Summary of changes:
crypto/mem_sec.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index ee3750725c..cc4c4e08f6 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -32,6 +32,12 @@
# include
# if defined(OPENSSL_SYS_UNIX)
# include
+# if defined(__FreeBSD__)
+#define MADV_DONTDUMP MADV_NOCORE
+# endif
+# if !defined(MAP_CONCEAL)
+#define MAP_CONCEAL 0
+# endif
# endif
# if defined(OPENSSL_SYS_LINUX)
# include
@@ -468,7 +474,7 @@ static int sh_init(size_t size, size_t minsize)
#if !defined(_WIN32)
# ifdef MAP_ANON
sh.map_result = mmap(NULL, sh.map_size,
- PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
+ PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
# else
{
int fd;
[openssl] master update
The branch master has been updated
via c60b5723194952d2e4bbfc1e4a3eb07b7581edd9 (commit)
from e0b5058c11e8059fc6290139f8fc21898fe0ca63 (commit)
- Log -
commit c60b5723194952d2e4bbfc1e4a3eb07b7581edd9
Author: Daniel Bevenius
Date: Thu Sep 17 09:48:29 2020 +0200
STORE: clear err after ossl_store_get0_loader_int
This commit clears the error that might have been set when
ossl_store_get0_loader_int has been called as it will try to retrieve
a loader for the scheme on an empty store, which will cause the error
OSSL_STORE_R_UNREGISTERED_SCHEME to be set.
The motivation for this after returning from
ossl_store_get0_loader_int, OSSL_STORE_attach will continue and try to
fetch a OSSL_STORE_LOADER from the provider.
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12901)
---
Summary of changes:
crypto/store/store_lib.c | 15 ++-
test/ossl_store_test.c | 28
2 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 671852cea2..c59c508be1 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -930,6 +930,7 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char
*scheme,
scheme = "file";
OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
+ERR_set_mark();
#ifndef OPENSSL_NO_DEPRECATED_3_0
if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
loader_ctx = loader->attach(loader, bp, libctx, propq,
@@ -963,24 +964,36 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char
*scheme,
loader = fetched_loader;
}
-if (loader_ctx == NULL)
+if (loader_ctx == NULL) {
+ERR_clear_last_mark();
return NULL;
+}
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+ERR_clear_last_mark();
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (ui_method != NULL
&& !ossl_pw_set_ui_method(>pwdata, ui_method, ui_data)) {
+ERR_clear_last_mark();
OPENSSL_free(ctx);
return NULL;
}
+
ctx->fetched_loader = fetched_loader;
ctx->loader = loader;
ctx->loader_ctx = loader_ctx;
ctx->post_process = post_process;
ctx->post_process_data = post_process_data;
+/*
+ * ossl_store_get0_loader_int will raise an error if the loader for the
+ * the scheme cannot be retrieved. But if a loader was successfully
+ * fetched then we remove this error from the error stack.
+ */
+ERR_pop_to_mark();
+
return ctx;
}
diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c
index f48c282b2e..7424aed0dd 100644
--- a/test/ossl_store_test.c
+++ b/test/ossl_store_test.c
@@ -132,6 +132,33 @@ static int test_store_get_params(int idx)
return 1;
}
+/*
+ * This test verifies that calling OSSL_STORE_ATTACH does not set an
+ * "unregistered scheme" error when called.
+ */
+static int test_store_attach_unregistered_scheme(void)
+{
+int ret;
+OSSL_STORE_CTX *store_ctx;
+OSSL_PROVIDER *provider;
+OSSL_LIB_CTX *libctx;
+BIO *bio;
+libctx = OSSL_LIB_CTX_new();
+provider = OSSL_PROVIDER_load(libctx, "default");
+bio = BIO_new_file("test/certs/sm2-root.crt", "r");
+
+ret = TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL,
+ NULL, NULL, NULL, NULL)) &&
+ TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE) &&
+ TEST_int_ne(ERR_GET_REASON(ERR_peek_error()),
+ OSSL_STORE_R_UNREGISTERED_SCHEME);
+
+BIO_free(bio);
+OSSL_STORE_close(store_ctx);
+OSSL_PROVIDER_unload(provider);
+OSSL_LIB_CTX_free(libctx);
+return ret;
+}
const OPTIONS *test_get_options(void)
{
@@ -172,5 +199,6 @@ int setup_tests(void)
ADD_TEST(test_store_open);
ADD_TEST(test_store_search_by_key_fingerprint_fail);
ADD_ALL_TESTS(test_store_get_params, 3);
+ADD_TEST(test_store_attach_unregistered_scheme);
return 1;
}
[tools] master update
The branch master has been updated
via 7f0c30333ce9b6a8101c8aa01a8156c014182c16 (commit)
via 67906aa38534940c02c1d4182bd981cc9e7801de (commit)
via f9bb1cac3f600a78d1b00770879aa7a6d5f133e2 (commit)
via 4ed0a292ebf9c293f051a4f8b00280f3e7ad2717 (commit)
via 3953ec2fe13961d35bd577c381a0680701c8bcbe (commit)
from 96a195347859112c1520d1ef84690ec3109f1f49 (commit)
- Log -
commit 7f0c30333ce9b6a8101c8aa01a8156c014182c16
Author: Dr. David von Oheimb
Date: Thu Dec 3 13:59:25 2020 +0100
addrev: Remove tabs by space chars
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/79)
commit 67906aa38534940c02c1d4182bd981cc9e7801de
Author: Dr. David von Oheimb
Date: Thu Dec 3 12:55:19 2020 +0100
addrev: Fix regression on parsing bare prnum; correct help output
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/79)
commit f9bb1cac3f600a78d1b00770879aa7a6d5f133e2
Author: Dr. David von Oheimb
Date: Wed Dec 2 17:22:14 2020 +0100
ghmerge: Make pulling the latest REMOTE/REF work als for non-default REF
This avoids potential git errors such as:
You asked to pull from the remote 'upstream', but did not specify
a branch. Because this is not the default configured remote
for your current branch, you must specify a branch on the command line.
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/79)
commit 4ed0a292ebf9c293f051a4f8b00280f3e7ad2717
Author: Dr. David von Oheimb
Date: Thu Nov 19 11:21:04 2020 +0100
ghmerge: improve doc of --remote and --ref options
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/79)
commit 3953ec2fe13961d35bd577c381a0680701c8bcbe
Author: Dr. David von Oheimb
Date: Thu Nov 19 10:35:28 2020 +0100
addrev: re-enable use of singe-character review names
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/79)
---
Summary of changes:
review-tools/addrev | 52 +---
review-tools/ghmerge | 13 +++--
2 files changed, 32 insertions(+), 33 deletions(-)
diff --git a/review-tools/addrev b/review-tools/addrev
index 473ad46..aa5215a 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -14,9 +14,12 @@ my $useself = 1;
my $my_email;
foreach (@ARGV) {
-if (/^\@.+$/) {
+if (/^(--prnum=)?(\d{1,6}+)$/) {
+$args .= "--prnum=$2 ";
+$haveprnum = 1;
+} elsif (/^\@.+$/) {
$args .= "--reviewer=$_ ";
-} elsif (/^\w[-\w]+$/) {
+} elsif (/^\w[-\w]*$/) {
if (/^[0-9a-f]{7,}+/) {
print "Warning: overriding previous filter args $filterargs\n" if
$filterargs ne "";
$filterargs = $_;
@@ -40,21 +43,18 @@ foreach (@ARGV) {
} elsif (/^--myemail=(.+)$/) {
$my_email = $1;
} elsif (/^--nopr$/) {
- $haveprnum = 1;
-} elsif (/^(--prnum=)?(\d+)$/) {
-$args .= "--prnum=$2 ";
- $haveprnum = 1;
+$haveprnum = 1;
} elsif (/^--commit=(.+)$/) {
$args .= "--commit=$1 ";
} elsif (/^-(\d+)$/) {
print "Warning: overriding previous filter args $filterargs\n" if
$filterargs ne "";
$filterargs = "HEAD~$1..";
} elsif (/^--list$/) {
- $list_reviewers = 1;
- last;
+$list_reviewers = 1;
+last;
} elsif (/^--help$/ || /^-h$/) {
- $help = 1;
- last;
+$help = 1;
+last;
} else {
print "Warning: overriding previous filter args $filterargs\n" if
$filterargs ne "";
$filterargs = $_;
@@ -91,20 +91,18 @@ usage: addrev args...
option style arguments:
---help Print this help and exit
---list List the known reviewers and exit (discards all other
- arguments)
---verbose Be a bit more verbose
---trivial Do not require a CLA
---reviewer= A reviewer to be added on a Reviewed-by: line
---rmreviewers Remove all existing Reviewed-by: lines before adding
- reviewers
---commit= Only apply to commit
---myemail= Set email address. Defaults to the result from
- git configuration setting user.email
---nopr Do not require a PR number
-[--prnum=]NNN Add a reference to GitHub pull request NNN
-- Change the last commits. Defaults to 1
+--help Print this help and exit
+--list List the known reviewers and exit (discards all other
arguments)
+--verbose Be
[openssl] master update
The branch master has been updated
via c39f43534d4f359bdfee617f70f89b114c9f2cca (commit)
from b03da688a223c18b5a10b5a66abe229bbb590133 (commit)
- Log -
commit c39f43534d4f359bdfee617f70f89b114c9f2cca
Author: Daiki Ueno
Date: Mon Oct 26 13:23:14 2020 +0100
openssl dgst: add option to specify output length for XOF
This adds the -xoflen option to control the output length of the XOF
algorithms, such as SHAKE128 and SHAKE256.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13245)
---
Summary of changes:
apps/dgst.c | 54 +++-
doc/man1/openssl-dgst.pod.in | 5
test/recipes/20-test_dgst.t | 18 +--
3 files changed, 64 insertions(+), 13 deletions(-)
diff --git a/apps/dgst.c b/apps/dgst.c
index badcfdf0e2..4adf9cd9b4 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -24,7 +24,7 @@
#undef BUFSIZE
#define BUFSIZE 1024*8
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int
xoflen,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file);
@@ -40,7 +40,7 @@ typedef enum OPTION_choice {
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
-OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
+OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN,
OPT_DIGEST,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -65,6 +65,7 @@ const OPTIONS dgst_options[] = {
{"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values
ignored)"},
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
+{"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms"},
{"d", OPT_DEBUG, '-', "Print debug info"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
@@ -105,6 +106,7 @@ int dgst_main(int argc, char **argv)
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
+int xoflen = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0;
struct doall_dgst_digests dec;
@@ -180,6 +182,9 @@ int dgst_main(int argc, char **argv)
case OPT_BINARY:
out_bin = 1;
break;
+case OPT_XOFLEN:
+xoflen = atoi(opt_arg());
+break;
case OPT_DEBUG:
debug = 1;
break;
@@ -399,9 +404,20 @@ int dgst_main(int argc, char **argv)
if (md != NULL)
md_name = EVP_MD_name(md);
+if (xoflen > 0) {
+if (!(EVP_MD_flags(md) & EVP_MD_FLAG_XOF)) {
+BIO_printf(bio_err, "Length can only be specified for XOF\n");
+goto end;
+}
+if (sigkey != NULL) {
+BIO_printf(bio_err, "Signing key cannot be specified for XOF\n");
+goto end;
+}
+}
+
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
-ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+ret = do_fp(out, buf, inp, separator, out_bin, xoflen, sigkey, sigbuf,
siglen, NULL, md_name, "stdin");
} else {
const char *sig_name = NULL;
@@ -417,8 +433,8 @@ int dgst_main(int argc, char **argv)
ret++;
continue;
} else {
-r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
- siglen, sig_name, md_name, argv[i]);
+r = do_fp(out, buf, inp, separator, out_bin, xoflen,
+ sigkey, sigbuf, siglen, sig_name, md_name, argv[i]);
}
if (r)
ret = r;
@@ -504,14 +520,14 @@ static const char *newline_escape_filename(const char
*file, int * backslash)
}
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int
xoflen,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file)
{
size_t len = BUFSIZE;
int i, backslash = 0, ret = 1;
-unsigned char *sigbuf = NULL;
+unsigned char *allocated_buf = NULL;
while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
@@ -552,14 +568,30 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep,
int binout,
}
if (tmplen > BUFSIZE) {
len = tmplen;
-
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 409c59e8f44ae56f2587cdd8a7ce611d0e3d91d9 (commit)
from 0c60676338f1e25faaa44117238d8e35e507feee (commit)
- Log -
commit 409c59e8f44ae56f2587cdd8a7ce611d0e3d91d9
Author: Ard Biesheuvel
Date: Tue Nov 24 17:33:31 2020 +0100
aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode
ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected
by silicon errata #1742098 [0] and #1655431 [1], respectively, where the
second instruction of a AES instruction pair may execute twice if an
interrupt is taken right after the first instruction consumes an input
register of which a single 32-bit lane has been updated the last time it
was modified.
This is not such a rare occurrence as it may seem: in counter mode, only
the least significant 32-bit word is incremented in the absence of a
carry, which makes our counter mode implementation susceptible to these
errata.
So let's shuffle the counter assignments around a bit so that the most
recent updates when the AES instruction pair executes are 128-bit wide.
[0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice
[1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice
Signed-off-by: Ard Biesheuvel
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13571)
(cherry picked from commit 26217510d21cd4d5928db8bff41c6756a7c7a636)
---
Summary of changes:
crypto/aes/asm/aesv8-armx.pl | 28 ++--
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index f42f7bd1df..2b0e982996 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -740,17 +740,17 @@ $code.=<<___;
#ifndef __ARMEB__
rev $ctr, $ctr
#endif
- vorr$dat1,$dat0,$dat0
add $tctr1, $ctr, #1
- vorr$dat2,$dat0,$dat0
- add $ctr, $ctr, #2
vorr$ivec,$dat0,$dat0
rev $tctr1, $tctr1
- vmov.32 ${dat1}[3],$tctr1
+ vmov.32 ${ivec}[3],$tctr1
+ add $ctr, $ctr, #2
+ vorr$dat1,$ivec,$ivec
b.ls.Lctr32_tail
rev $tctr2, $ctr
+ vmov.32 ${ivec}[3],$tctr2
sub $len,$len,#3// bias
- vmov.32 ${dat2}[3],$tctr2
+ vorr$dat2,$ivec,$ivec
b .Loop3x_ctr32
.align 4
@@ -777,11 +777,11 @@ $code.=<<___;
aese$dat1,q8
aesmc $tmp1,$dat1
vld1.8 {$in0},[$inp],#16
-vorr $dat0,$ivec,$ivec
+add$tctr0,$ctr,#1
aese$dat2,q8
aesmc $dat2,$dat2
vld1.8 {$in1},[$inp],#16
-vorr $dat1,$ivec,$ivec
+rev$tctr0,$tctr0
aese$tmp0,q9
aesmc $tmp0,$tmp0
aese$tmp1,q9
@@ -790,8 +790,6 @@ $code.=<<___;
mov$key_,$key
aese$dat2,q9
aesmc $tmp2,$dat2
-vorr $dat2,$ivec,$ivec
-add$tctr0,$ctr,#1
aese$tmp0,q12
aesmc $tmp0,$tmp0
aese$tmp1,q12
@@ -807,20 +805,22 @@ $code.=<<___;
aese$tmp1,q13
aesmc $tmp1,$tmp1
veor $in2,$in2,$rndlast
-rev$tctr0,$tctr0
+vmov.32${ivec}[3], $tctr0
aese$tmp2,q13
aesmc $tmp2,$tmp2
-vmov.32${dat0}[3], $tctr0
+vorr $dat0,$ivec,$ivec
rev$tctr1,$tctr1
aese$tmp0,q14
aesmc $tmp0,$tmp0
+vmov.32${ivec}[3], $tctr1
+rev$tctr2,$ctr
aese$tmp1,q14
aesmc $tmp1,$tmp1
-vmov.32${dat1}[3], $tctr1
-rev$tctr2,$ctr
+vorr $dat1,$ivec,$ivec
+vmov.32${ivec}[3], $tctr2
aese$tmp2,q14
aesmc $tmp2,$tmp2
-vmov.32${dat2}[3], $tctr2
+vorr $dat2,$ivec,$ivec
subs $len,$len,#3
aese$tmp0,q15
aese$tmp1,q15
[openssl] master update
The branch master has been updated
via 26217510d21cd4d5928db8bff41c6756a7c7a636 (commit)
from cbb85bda0c0849ce962e1cf232689d6351e4a217 (commit)
- Log -
commit 26217510d21cd4d5928db8bff41c6756a7c7a636
Author: Ard Biesheuvel
Date: Tue Nov 24 17:33:31 2020 +0100
aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode
ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected
by silicon errata #1742098 [0] and #1655431 [1], respectively, where the
second instruction of a AES instruction pair may execute twice if an
interrupt is taken right after the first instruction consumes an input
register of which a single 32-bit lane has been updated the last time it
was modified.
This is not such a rare occurrence as it may seem: in counter mode, only
the least significant 32-bit word is incremented in the absence of a
carry, which makes our counter mode implementation susceptible to these
errata.
So let's shuffle the counter assignments around a bit so that the most
recent updates when the AES instruction pair executes are 128-bit wide.
[0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice
[1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice
Signed-off-by: Ard Biesheuvel
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13504)
---
Summary of changes:
crypto/aes/asm/aesv8-armx.pl | 28 ++--
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index ee2e29823a..9532db70e2 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -1797,17 +1797,17 @@ $code.=<<___;
#ifndef __ARMEB__
rev $ctr, $ctr
#endif
- vorr$dat1,$dat0,$dat0
add $tctr1, $ctr, #1
- vorr$dat2,$dat0,$dat0
- add $ctr, $ctr, #2
vorr$ivec,$dat0,$dat0
rev $tctr1, $tctr1
- vmov.32 ${dat1}[3],$tctr1
+ vmov.32 ${ivec}[3],$tctr1
+ add $ctr, $ctr, #2
+ vorr$dat1,$ivec,$ivec
b.ls.Lctr32_tail
rev $tctr2, $ctr
+ vmov.32 ${ivec}[3],$tctr2
sub $len,$len,#3// bias
- vmov.32 ${dat2}[3],$tctr2
+ vorr$dat2,$ivec,$ivec
___
$code.=<<___ if ($flavour =~ /64/);
cmp $len,#2
@@ -2003,11 +2003,11 @@ $code.=<<___;
aese$dat1,q8
aesmc $tmp1,$dat1
vld1.8 {$in0},[$inp],#16
-vorr $dat0,$ivec,$ivec
+add$tctr0,$ctr,#1
aese$dat2,q8
aesmc $dat2,$dat2
vld1.8 {$in1},[$inp],#16
-vorr $dat1,$ivec,$ivec
+rev$tctr0,$tctr0
aese$tmp0,q9
aesmc $tmp0,$tmp0
aese$tmp1,q9
@@ -2016,8 +2016,6 @@ $code.=<<___;
mov$key_,$key
aese$dat2,q9
aesmc $tmp2,$dat2
-vorr $dat2,$ivec,$ivec
-add$tctr0,$ctr,#1
aese$tmp0,q12
aesmc $tmp0,$tmp0
aese$tmp1,q12
@@ -2033,20 +2031,22 @@ $code.=<<___;
aese$tmp1,q13
aesmc $tmp1,$tmp1
veor $in2,$in2,$rndlast
-rev$tctr0,$tctr0
+vmov.32${ivec}[3], $tctr0
aese$tmp2,q13
aesmc $tmp2,$tmp2
-vmov.32${dat0}[3], $tctr0
+vorr $dat0,$ivec,$ivec
rev$tctr1,$tctr1
aese$tmp0,q14
aesmc $tmp0,$tmp0
+vmov.32${ivec}[3], $tctr1
+rev$tctr2,$ctr
aese$tmp1,q14
aesmc $tmp1,$tmp1
-vmov.32${dat1}[3], $tctr1
-rev$tctr2,$ctr
+vorr $dat1,$ivec,$ivec
+vmov.32${ivec}[3], $tctr2
aese$tmp2,q14
aesmc $tmp2,$tmp2
-vmov.32${dat2}[3], $tctr2
+vorr $dat2,$ivec,$ivec
subs $len,$len,#3
aese$tmp0,q15
aese$tmp1,q15
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 0c60676338f1e25faaa44117238d8e35e507feee (commit)
from 8e813c085ac43ca6a58a20f7982b26ed31dc326a (commit)
- Log -
commit 0c60676338f1e25faaa44117238d8e35e507feee
Author: ihsinme <61293369+ihsi...@users.noreply.github.com>
Date: Wed Nov 25 22:09:33 2020 +0300
Update bio_ok.c
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13515)
(cherry picked from commit a614af95531dd9f168aa4b71bd1195b4fdfe1794)
---
Summary of changes:
crypto/evp/bio_ok.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index a77cfb1552..aba305537a 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -203,7 +203,7 @@ static int ok_read(BIO *b, char *out, int outl)
/*
* copy start of the next block into proper place
*/
-if (ctx->buf_len_save - ctx->buf_off_save > 0) {
+if (ctx->buf_len_save > ctx->buf_off_save) {
ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
ctx->buf_len);
[openssl] master update
The branch master has been updated
via a614af95531dd9f168aa4b71bd1195b4fdfe1794 (commit)
from 90c046be9c61c012f8760d429f6254ef3c796a0a (commit)
- Log -
commit a614af95531dd9f168aa4b71bd1195b4fdfe1794
Author: ihsinme <61293369+ihsi...@users.noreply.github.com>
Date: Wed Nov 25 22:09:33 2020 +0300
Update bio_ok.c
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13515)
---
Summary of changes:
crypto/evp/bio_ok.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index f2d66ab129..3d31f19829 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -204,7 +204,7 @@ static int ok_read(BIO *b, char *out, int outl)
/*
* copy start of the next block into proper place
*/
-if (ctx->buf_len_save - ctx->buf_off_save > 0) {
+if (ctx->buf_len_save > ctx->buf_off_save) {
ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
ctx->buf_len);
[openssl] master update
The branch master has been updated
via 8dc34b1f579f71f24aa385d33112da4a91db7079 (commit)
from 2b407d050868c24ee36172e1abcfbfa0f003a98d (commit)
- Log -
commit 8dc34b1f579f71f24aa385d33112da4a91db7079
Author: Daniel Bevenius
Date: Wed Nov 11 05:23:11 2020 +0100
EVP: don't touch the lock for evp_pkey_downgrade
This commit tries to address a locking issue in evp_pkey_reset_unlocked
which can occur when it is called from evp_pkey_downgrade.
evp_pkey_downgrade will acquire a lock for pk->lock and if successful
then call evp_pkey_reset_unlocked. evp_pkey_reset_unlocked will call
memset on pk, and then create a new lock and set pk->lock to point to
that new lock. I believe there are two problems with this.
The first is that after the call to memset, another thread would try to
acquire a lock for NULL as that is what the value of pk->lock would be
at that point.
The second issue is that after the new lock has been assigned to
pk->lock, that lock is different from the one currently locked so
another thread trying to acquire the lock will succeed which can lead to
strange behaviour. More details and a reproducer can be found in the
Refs link below.
This changes the evp_pkey_reset_unlocked to not touch the lock
and the creation of a new lock is done in EVP_PKEY_new.
Refs:
https://github.com/danbev/learning-libcrypto/blob/master/notes/issues.md#openssl-investigationtroubleshooting
https://github.com/nodejs/node/issues/29817
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13374)
---
Summary of changes:
crypto/evp/p_lib.c | 36 ++--
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index a0c131d0c0..ad7a0ebee7 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1345,7 +1345,7 @@ size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey,
unsigned char **ppub)
/*
* This reset function must be used very carefully, as it literally throws
* away everything in an EVP_PKEY without freeing them, and may cause leaks
- * of memory, locks, what have you.
+ * of memory, what have you.
* The only reason we have this is to have the same code for EVP_PKEY_new()
* and evp_pkey_downgrade().
*/
@@ -1354,17 +1354,21 @@ static int evp_pkey_reset_unlocked(EVP_PKEY *pk)
if (pk == NULL)
return 0;
-memset(pk, 0, sizeof(*pk));
+if (pk->lock != NULL) {
+ const size_t offset = (unsigned char *)>lock - (unsigned char *)pk;
+
+ memset(pk, 0, offset);
+ memset((unsigned char *)pk + offset + sizeof(pk->lock),
+ 0,
+ sizeof(*pk) - offset - sizeof(pk->lock));
+}
+/* EVP_PKEY_new uses zalloc so no need to call memset if pk->lock is NULL
*/
+
pk->type = EVP_PKEY_NONE;
pk->save_type = EVP_PKEY_NONE;
pk->references = 1;
pk->save_parameters = 1;
-pk->lock = CRYPTO_THREAD_lock_new();
-if (pk->lock == NULL) {
-ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
-return 0;
-}
return 1;
}
@@ -1380,6 +1384,12 @@ EVP_PKEY *EVP_PKEY_new(void)
if (!evp_pkey_reset_unlocked(ret))
goto err;
+ret->lock = CRYPTO_THREAD_lock_new();
+if (ret->lock == NULL) {
+EVPerr(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+goto err;
+}
+
#ifndef FIPS_MODULE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, ret, >ex_data)) {
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
@@ -1880,7 +1890,6 @@ int evp_pkey_copy_downgraded(EVP_PKEY **dest, const
EVP_PKEY *src)
int evp_pkey_downgrade(EVP_PKEY *pk)
{
EVP_PKEY tmp_copy; /* Stack allocated! */
-CRYPTO_RWLOCK *tmp_lock = NULL; /* Temporary lock */
int rv = 0;
if (!ossl_assert(pk != NULL))
@@ -1908,12 +1917,9 @@ int evp_pkey_downgrade(EVP_PKEY *pk)
if (evp_pkey_reset_unlocked(pk)
&& evp_pkey_copy_downgraded(, _copy)) {
-/* Grab the temporary lock to avoid lock leak */
-tmp_lock = pk->lock;
/* Restore the common attributes, then empty |tmp_copy| */
pk->references = tmp_copy.references;
-pk->lock = tmp_copy.lock; /* |pk| now owns THE lock */
pk->attributes = tmp_copy.attributes;
pk->save_parameters = tmp_copy.save_parameters;
pk->ex_data = tmp_copy.ex_data;
@@ -1945,16 +1951,10 @@ int evp_pkey_downgrade(EVP_PKEY *pk)
evp_pkey_free_it(_copy);
rv = 1;
} else {
-/* Grab the temporary lock to avoid lock leak */
-tmp_lock = pk->lock;
-
/* Restore the original key */
-*pk = tmp_copy; /* |pk| now owns THE lock */
+*pk = tmp_copy;
}
-/*
[openssl] master update
The branch master has been updated
via 2b407d050868c24ee36172e1abcfbfa0f003a98d (commit)
via 5de9863bf33e6103264507b8ff87cd58b9c97a52 (commit)
via 8d8dd09b969dd22112137634125e1634bb8e5c4c (commit)
via 39fde64a85c93d2b3c6c58d5bde383f5f3932e5f (commit)
from e109aaa9797c16b0902f8f3302243283828fcfc1 (commit)
- Log -
commit 2b407d050868c24ee36172e1abcfbfa0f003a98d
Author: Tomas Mraz
Date: Wed Nov 18 16:22:08 2020 +0100
Documentation improvements for EVP_DigestInit_ex and related functions
Documenting when EVP_MD_CTX_reset() is implicitly called and when
type can be set to NULL.
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/13402)
commit 5de9863bf33e6103264507b8ff87cd58b9c97a52
Author: Tomas Mraz
Date: Fri Nov 13 15:57:27 2020 +0100
Fix regression in EVP_DigestInit_ex: crash when called with NULL type
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/13402)
commit 8d8dd09b969dd22112137634125e1634bb8e5c4c
Author: Tomas Mraz
Date: Fri Nov 13 14:16:35 2020 +0100
Add test for no reset after DigestFinal_ex and DigestFinalXOF
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/13402)
commit 39fde64a85c93d2b3c6c58d5bde383f5f3932e5f
Author: Tomas Mraz
Date: Fri Nov 13 13:42:31 2020 +0100
EVP_DigestFinalXOF must not reset the EVP_MD_CTX
It does not do it in legacy path and 1.1.1 so that must not change.
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/13402)
---
Summary of changes:
crypto/evp/digest.c | 17 +
doc/man3/EVP_DigestInit.pod | 11 ---
test/evp_extra_test.c | 46 +
3 files changed, 63 insertions(+), 11 deletions(-)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 3872bb68fb..b0ce61f935 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -170,8 +170,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
ENGINE *impl)
ctx->provctx = NULL;
}
-if (type != NULL)
+if (type != NULL) {
ctx->reqdigest = type;
+} else {
+if (ctx->digest == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_NO_DIGEST_SET);
+return 0;
+}
+type = ctx->digest;
+}
/* TODO(3.0): Legacy work around code below. Remove this */
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
@@ -292,12 +299,6 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
ENGINE *impl)
ctx->engine = impl;
} else
ctx->engine = NULL;
-} else {
-if (!ctx->digest) {
-ERR_raise(ERR_LIB_EVP, EVP_R_NO_DIGEST_SET);
-return 0;
-}
-type = ctx->digest;
}
#endif
if (ctx->digest != type) {
@@ -455,7 +456,7 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md,
size_t size)
if (EVP_MD_CTX_set_params(ctx, params) > 0)
ret = ctx->digest->dfinal(ctx->provctx, md, , size);
-EVP_MD_CTX_reset(ctx);
+
return ret;
legacy:
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 0af06869aa..082f26370c 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -208,6 +208,10 @@ value explicitly fetched with EVP_MD_fetch().
If I is non-NULL, its implementation of the digest I is used if
there is one, and if not, the default implementation is used.
+The I parameter can be NULL if I has been already initialized
+with another EVP_DigestInit_ex() call and has not been reset with
+EVP_MD_CTX_reset().
+
=item EVP_DigestUpdate()
Hashes I bytes of data at I into the digest context I. This
@@ -239,12 +243,13 @@ few bytes.
=item EVP_DigestInit()
Behaves in the same way as EVP_DigestInit_ex() except it always uses the
-default digest implementation and calls EVP_MD_CTX_reset().
+default digest implementation and calls EVP_MD_CTX_reset() so it cannot
+be used with an I of NULL.
=item EVP_DigestFinal()
-Similar to EVP_DigestFinal_ex() except the digest context I is
-automatically cleaned up.
+Similar to EVP_DigestFinal_ex() except after computing the digest
+the digest context I is automatically cleaned up with EVP_MD_CTX_reset().
=item EVP_MD_CTX_copy()
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index a52b472ba6..fa6d173e30 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -686,6 +686,51 @@ static int test_EVP_DigestVerifyInit(void)
return ret;
}
+/*
+ * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
+
[tools] master update
The branch master has been updated
via dbd9a8a187e3ab8c59e41f957ba1135c364d231c (commit)
from a14edd05a9d088aea1e377e665da25b71a799e24 (commit)
- Log -
commit dbd9a8a187e3ab8c59e41f957ba1135c364d231c
Author: Tomas Mraz
Date: Wed Nov 18 16:48:48 2020 +0100
Fix regression from latest addrev change
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/tools/pull/76)
---
Summary of changes:
review-tools/addrev | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/review-tools/addrev b/review-tools/addrev
index 5221500..473ad46 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -16,7 +16,7 @@ my $my_email;
foreach (@ARGV) {
if (/^\@.+$/) {
$args .= "--reviewer=$_ ";
-} elsif (/^[-\w]+$/) {
+} elsif (/^\w[-\w]+$/) {
if (/^[0-9a-f]{7,}+/) {
print "Warning: overriding previous filter args $filterargs\n" if
$filterargs ne "";
$filterargs = $_;
[openssl] master update
The branch master has been updated via 9ce8e0d17e608de4f85f7543c52b146e3c6a2291 (commit) from c87a7f31a3db97376d764583ad5ee4a76db2cbef (commit) - Log - commit 9ce8e0d17e608de4f85f7543c52b146e3c6a2291 Author: XiaokangQian Date: Fri Mar 13 03:27:34 2020 + Optimize AES-XTS mode in OpenSSL for aarch64 Aes-xts mode can be optimized by interleaving cipher operation on several blocks and loop unrolling. Interleaving needs one ideal unrolling factor, here we adopt the same factor with aes-cbc, which is described as below: If blocks number > 5, select 5 blocks as one iteration,every loop, decrease the blocks number by 5. If left blocks < 5, treat them as tail blocks. Detailed implementation has a little adjustment for squeezing code space. With this way, for small size such as 16 bytes, the performance is similar as before, but for big size such as 16k bytes, the performance improves a lot, even reaches to 2x uplift, for some arches such as A57, the improvement even reaches more than 2x uplift. We collect many performance datas on different micro-archs such as thunderx2, ampere-emag, a72, a75, a57, a53 and N1, all of which reach 0.5-2x uplift. The following table lists the encryption performance data on aarch64, take a72, a75, a57, a53 and N1 as examples. Performance value takes the unit of cycles per byte, takes the format as comparision of values. List them as below: A72: Before optimization After optimization Improve evp-aes-128-xts@16 8.899913518 5.949087263 49.60% evp-aes-128-xts@64 4.525512668 3.389141845 33.53% evp-aes-128-xts@256 3.502906908 1.633573479 114.43% evp-aes-128-xts@10243.174210419 1.155952639 174.60% evp-aes-128-xts@81923.053019303 1.028134888 196.95% evp-aes-128-xts@16384 3.025292462 1.02021169 196.54% evp-aes-256-xts@16 9.971105023 6.754233758 47.63% evp-aes-256-xts@64 4.931479093 3.786527393 30.24% evp-aes-256-xts@256 3.746788153 1.943975947 92.74% evp-aes-256-xts@10243.401743802 1.477394648 130.25% evp-aes-256-xts@81923.278769327 1.32950421 146.62% evp-aes-256-xts@16384 3.27093296 1.325276257 146.81% A75: Before optimization After optimization Improve evp-aes-128-xts@16 8.397965173 5.126839098 63.80% evp-aes-128-xts@64 4.176860631 2.59817764 60.76% evp-aes-128-xts@256 3.069126585 1.284561028 138.92% evp-aes-128-xts@10242.805962699 0.932754655 200.83% evp-aes-128-xts@81922.725820131 0.829820397 228.48% evp-aes-128-xts@16384 2.71521905 0.823251591 229.82% evp-aes-256-xts@16 11.24790935 7.383914448 52.33% evp-aes-256-xts@64 5.294128847 3.048641998 73.66% evp-aes-256-xts@256 3.861649617 1.570359905 145.91% evp-aes-256-xts@10243.537646797 1.200493533 194.68% evp-aes-256-xts@81923.435353012 1.085345319 216.52% evp-aes-256-xts@16384 3.437952563 1.097963822 213.12% A57: Before optimization After optimization Improve evp-aes-128-xts@16 10.57455446 7.165438012 47.58% evp-aes-128-xts@64 5.418185447 3.721241202 45.60% evp-aes-128-xts@256 3.855184592 1.747145379 120.66% evp-aes-128-xts@10243.477199757 1.253049735 177.50% evp-aes-128-xts@81923.36768104 1.091943159 208.41% evp-aes-128-xts@16384 3.360373443 1.088942789 208.59% evp-aes-256-xts@16 12.54559459 8.745489036 43.45% evp-aes-256-xts@64 6.542808937 4.326387568 51.23% evp-aes-256-xts@256 4.62668822 2.119908754 118.25% evp-aes-256-xts@10244.161716505 1.557335554 167.23% evp-aes-256-xts@81924.032462227 1.377749511 192.68% evp-aes-256-xts@16384 4.023293877 1.371558933 193.34% A53: Before optimization After
[openssl] master update
The branch master has been updated
via d8701e25239dc3d0c9d871e53873f592420f71d0 (commit)
via 368d9e030fac7355f0d1d24fb5059bf0c848fe4f (commit)
via 69d16b70cf84f0e290990de424274fde20420b78 (commit)
from 122e81f0705e74a2019c482e5122bbd9195ea1af (commit)
- Log -
commit d8701e25239dc3d0c9d871e53873f592420f71d0
Author: Tomas Mraz
Date: Tue Nov 3 18:51:38 2020 +0100
Do not prepend $OPENSSL_CONF_INCLUDE to absolute include paths
Also check for malloc failure and do not add '/' when
$OPENSSL_CONF_INCLUDE already ends with directory separator.
Fixes #13302
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13306)
commit 368d9e030fac7355f0d1d24fb5059bf0c848fe4f
Author: Tomas Mraz
Date: Tue Nov 3 18:34:16 2020 +0100
Add ossl_is_absolute_path function to detect absolute paths
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13306)
commit 69d16b70cf84f0e290990de424274fde20420b78
Author: Tomas Mraz
Date: Tue Nov 3 18:15:46 2020 +0100
Avoid duplicate ends_with_dirsep functions
Refactor them into inline ossl_ends_with_dirsep function in
internal/cryptlib.h.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13306)
---
Summary of changes:
crypto/conf/conf_def.c | 11 --
doc/internal/man3/ossl_ends_with_dirsep.pod | 45
engines/e_loader_attic.c | 16 +
include/internal/cryptlib.h | 30
providers/implementations/storemgmt/file_store.c | 17 ++---
5 files changed, 87 insertions(+), 32 deletions(-)
create mode 100644 doc/internal/man3/ossl_ends_with_dirsep.pod
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 63dfaef4d8..dd2d16647a 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -414,12 +414,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
if (!str_copy(conf, psection, , p))
goto err;
-if (include_dir != NULL) {
+if (include_dir != NULL && !ossl_is_absolute_path(include)) {
size_t newlen = strlen(include_dir) + strlen(include) + 2;
include_path = OPENSSL_malloc(newlen);
+if (include_path == NULL) {
+CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+OPENSSL_free(include);
+goto err;
+}
+
OPENSSL_strlcpy(include_path, include_dir, newlen);
-OPENSSL_strlcat(include_path, "/", newlen);
+if (!ossl_ends_with_dirsep(include_path))
+OPENSSL_strlcat(include_path, "/", newlen);
OPENSSL_strlcat(include_path, include, newlen);
OPENSSL_free(include);
} else {
diff --git a/doc/internal/man3/ossl_ends_with_dirsep.pod
b/doc/internal/man3/ossl_ends_with_dirsep.pod
new file mode 100644
index 00..d19ce7a3b9
--- /dev/null
+++ b/doc/internal/man3/ossl_ends_with_dirsep.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+ossl_ends_with_dirsep, ossl_is_absolute_path
+- internal functions to work with paths
+
+=head1 SYNOPSIS
+
+ #include "internal/cryptlib.h"
+
+ int ossl_ends_with_dirsep(const char *path);
+
+ int ossl_is_absolute_path(const char *path);
+
+=head1 DESCRIPTION
+
+ossl_ends_with_dirsep() detects whether the I ends with a directory
+separator in a platform agnostic way.
+
+ossl_is_absolute_path() detects whether the I is absolute path in
+a platform agnostic way.
+
+=head1 RETURN VALUES
+
+ossl_ends_with_dirsep() returns 1 if the I ends with a directory
+separator, 0 otherwise.
+
+ossl_is_absolute_path() returns 1 if the I is absolute, 0 otherwise.
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L.
+
+=cut
+
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 4f238b9cb2..176c159c8c 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -1424,27 +1424,13 @@ static int file_read_asn1(BIO *bp, unsigned char
**data, long *len)
return 1;
}
-static int ends_with_dirsep(const char *uri)
-{
-if (*uri != '\0')
-uri += strlen(uri) - 1;
-#if defined(__VMS)
-if (*uri == ']' || *uri == '>' || *uri == ':')
-
[openssl] master update
The branch master has been updated via dee8eded24fb814e6f1be64b3e8505a3b008a2f9 (commit) from acb934ff55e69d5cc3025d9ba20f4916089d1b83 (commit) - Log - commit dee8eded24fb814e6f1be64b3e8505a3b008a2f9 Author: Pali Rohár Date: Mon Jul 13 00:52:26 2020 +0200 Document pkcs12 alg NONE To generate unencrypted PKCS#12 file it is needed to use options: -keypbe NONE -certpbe NONE CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12426) --- Summary of changes: doc/man1/openssl-pkcs12.pod.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index c006396260..adcdc7c1a4 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -275,6 +275,8 @@ can be used (see L section for more information). If a cipher name is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only use PKCS#12 algorithms. +Special value C disables encryption of the private key and certificate. + =item B<-keyex>|B<-keysig> Specifies that the private key is to be used for key exchange or just signing.
[openssl] master update
The branch master has been updated
via 9750b4d39c610bac89fde009c3b22147eee0249c (commit)
from 23fb3661cf914eb6a0776abec629b0e3e5976b7f (commit)
- Log -
commit 9750b4d39c610bac89fde009c3b22147eee0249c
Author: Randall S. Becker
Date: Thu Oct 29 10:17:25 2020 -0500
Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c.
These methods should ultimately be deprecated. The move is to insulate
non-UNIX platforms from these undefined symbols.
CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.
Fixes #13273
Signed-off-by: Randall S. Becker
Reviewed-by: Tomas Mraz
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13276)
---
Summary of changes:
CHANGES.md| 9 +
crypto/init.c | 25 -
crypto/threads_pthread.c | 21 +
doc/man3/OPENSSL_fork_prepare.pod | 9 -
include/openssl/crypto.h.in | 8 +---
util/libcrypto.num| 6 +++---
6 files changed, 46 insertions(+), 32 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index dc3e837474..e9e9bc13c3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1246,6 +1246,15 @@ OpenSSL 3.0
*David von Oheimb*
+ * Deprecated pthread fork support methods. These were unused so no
+ replacement is required.
+
+ - OPENSSL_fork_prepare()
+ - OPENSSL_fork_parent()
+ - OPENSSL_fork_child()
+
+ *Randall S. Becker*
+
OpenSSL 1.1.1
-
diff --git a/crypto/init.c b/crypto/init.c
index cfd4eab9ed..f7c7d59f55 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -666,28 +666,3 @@ int OPENSSL_atexit(void (*handler)(void))
return 1;
}
-#ifdef OPENSSL_SYS_UNIX
-/*
- * The following three functions are for OpenSSL developers. This is
- * where we set/reset state across fork (called via pthread_atfork when
- * it exists, or manually by the application when it doesn't).
- *
- * WARNING! If you put code in either OPENSSL_fork_parent or
- * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
- * safe. See this link, for example:
- * http://man7.org/linux/man-pages/man7/signal-safety.7.html
- */
-
-void OPENSSL_fork_prepare(void)
-{
-}
-
-void OPENSSL_fork_parent(void)
-{
-}
-
-void OPENSSL_fork_child(void)
-{
-/* TODO(3.0): Inform all providers about a fork event */
-}
-#endif
diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c
index a2735332b8..d7cac6566a 100644
--- a/crypto/threads_pthread.c
+++ b/crypto/threads_pthread.c
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use the OPENSSL_fork_*() deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include
#include "internal/cryptlib.h"
@@ -196,12 +199,30 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret,
CRYPTO_RWLOCK *lock)
# ifndef FIPS_MODULE
# ifdef OPENSSL_SYS_UNIX
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+
+void OPENSSL_fork_prepare(void)
+{
+}
+
+void OPENSSL_fork_parent(void)
+{
+}
+
+void OPENSSL_fork_child(void)
+{
+}
+
+# endif
static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT;
static void fork_once_func(void)
{
+# ifndef OPENSSL_NO_DEPRECATED_3_0
pthread_atfork(OPENSSL_fork_prepare,
OPENSSL_fork_parent, OPENSSL_fork_child);
+# endif
}
# endif
diff --git a/doc/man3/OPENSSL_fork_prepare.pod
b/doc/man3/OPENSSL_fork_prepare.pod
index d028a55bce..b011c6a63d 100644
--- a/doc/man3/OPENSSL_fork_prepare.pod
+++ b/doc/man3/OPENSSL_fork_prepare.pod
@@ -11,12 +11,19 @@ OPENSSL_fork_child
#include
+Deprecated since OpenSSL 3.0.0, can be hidden entirely by defining
+B with a suitable version value, see
+L:
+
void OPENSSL_fork_prepare(void);
void OPENSSL_fork_parent(void);
void OPENSSL_fork_child(void);
=head1 DESCRIPTION
+These methods are currently unused, and as such, no replacement methods are
+required or planned.
+
OpenSSL has state that should be reset when a process forks. For example,
the entropy pool used to generate random numbers (and therefore encryption
keys) should not be shared across multiple programs.
@@ -53,7 +60,7 @@ These functions were added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
index b84712f227..1036da9a2b 100644
--- a/include/openssl/crypto.h.in
+++ b/include/openssl/crypto.h.in
@@ -389,9 +389,11 @@ int OPENSSL_isservice(void);
void
[openssl] master update
The branch master has been updated
via 3d7e7e7c48210b515ef5e05f4acf6dc58377331c (commit)
from d1ca391123864180d7d1d61c84e127ffcf2967d6 (commit)
- Log -
commit 3d7e7e7c48210b515ef5e05f4acf6dc58377331c
Author: jwalch
Date: Thu Oct 29 13:32:49 2020 -0400
Prevent potential UAF in init_thread_deregister()
I discovered the potential for use-after-free on glob_tevent_reg &
its members in this function as a consequence of some static
(de-)initialization
fiasco in C++ client code.
Long story short, an EVP_PKEY_free() was happening after
OPENSSL_cleanup(). Aside from being freed the EVP_PKEY object wasn't
actually being used after cleanup, it was basically just an
ordering issue.
Obviously the application behavior here is somewhat suspect,
but IMO is basically benign. Crashing (most typical outcome
of a UAF) doesn't seem the optimal response.
At any rate, the issue can be avoided (at least with regard to this
function)
by simply updating the pointer to NULL rather than leaving it pointing
to the freed memory, as is the typical practice.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13267)
---
Summary of changes:
crypto/initthread.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/initthread.c b/crypto/initthread.c
index f460252ff9..93160f577c 100644
--- a/crypto/initthread.c
+++ b/crypto/initthread.c
@@ -389,6 +389,8 @@ static int init_thread_deregister(void *index, int all)
return 0;
if (!all)
CRYPTO_THREAD_write_lock(gtr->lock);
+else
+glob_tevent_reg = NULL;
for (i = 0; i < sk_THREAD_EVENT_HANDLER_PTR_num(gtr->skhands); i++) {
THREAD_EVENT_HANDLER **hands
= sk_THREAD_EVENT_HANDLER_PTR_value(gtr->skhands, i);
[openssl] master update
The branch master has been updated via d1ca391123864180d7d1d61c84e127ffcf2967d6 (commit) from 3d4c81b09b2b44fe11be875fac817f2de6299065 (commit) - Log - commit d1ca391123864180d7d1d61c84e127ffcf2967d6 Author: Daniel Bevenius Date: Fri Oct 30 13:34:06 2020 +0100 EVP: Fix typo in EVP_PKEY_gen comment Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13282) --- Summary of changes: crypto/evp/pmeth_gn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 05394deca8..beaa001bf5 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -181,7 +181,7 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) /* * the returned value from evp_keymgmt_util_gen() is cached in *ppkey, - * so we so not need to save it, just check it. + * so we do not need to save it, just check it. */ ret = ret && (evp_keymgmt_util_gen(*ppkey, ctx->keymgmt, ctx->op.keymgmt.genctx,
[openssl] master update
The branch master has been updated
via 3d4c81b09b2b44fe11be875fac817f2de6299065 (commit)
from 8ea761bf40e6578ecd95ec47772ef86a2e4d4607 (commit)
- Log -
commit 3d4c81b09b2b44fe11be875fac817f2de6299065
Author: jwalch
Date: Thu Oct 29 14:05:19 2020 -0400
Initialize outl in evp_enc.c to 0, protect against NULL
Fixes #12734
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13268)
---
Summary of changes:
crypto/evp/evp_enc.c | 28
1 file changed, 28 insertions(+)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 929c95eed8..d8fc3ab7ad 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -535,6 +535,13 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char
*out, int *outl,
size_t soutl;
int blocksize;
+if (outl != NULL) {
+*outl = 0;
+} else {
+EVPerr(EVP_F_EVP_ENCRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
+return 0;
+}
+
/* Prevent accidental use of decryption context when encrypting */
if (!ctx->encrypt) {
EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
@@ -589,6 +596,13 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char
*out, int *outl)
size_t soutl;
int blocksize;
+if (outl != NULL) {
+*outl = 0;
+} else {
+EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, ERR_R_PASSED_NULL_PARAMETER);
+return 0;
+}
+
/* Prevent accidental use of decryption context when encrypting */
if (!ctx->encrypt) {
EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
@@ -670,6 +684,13 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char
*out, int *outl,
size_t soutl;
int blocksize;
+if (outl != NULL) {
+*outl = 0;
+} else {
+EVPerr(EVP_F_EVP_DECRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
+return 0;
+}
+
/* Prevent accidental use of encryption context when decrypting */
if (ctx->encrypt) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
@@ -784,6 +805,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char
*out, int *outl)
int ret;
int blocksize;
+if (outl != NULL) {
+*outl = 0;
+} else {
+EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, ERR_R_PASSED_NULL_PARAMETER);
+return 0;
+}
+
/* Prevent accidental use of encryption context when decrypting */
if (ctx->encrypt) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 5795acffd8706e1cb584284ee5bb3a30986d0e75 (commit)
from 8979ffee95043baffa51887b1d43d9b07f9fae1b (commit)
- Log -
commit 5795acffd8706e1cb584284ee5bb3a30986d0e75
Author: Ard Biesheuvel
Date: Tue Oct 27 18:02:40 2020 +0100
crypto/poly1305/asm: fix armv8 pointer authentication
PAC pointer authentication signs the return address against the value
of the stack pointer, to prevent stack overrun exploits from corrupting
the control flow. However, this requires that the AUTIASP is issued with
SP holding the same value as it held when the PAC value was generated.
The Poly1305 armv8 code got this wrong, resulting in crashes on PAC
capable hardware.
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13256)
(cherry picked from commit fcf6e9d056162d5af64c6f7209388a5c3be2ce57)
---
Summary of changes:
crypto/poly1305/asm/poly1305-armv8.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/poly1305/asm/poly1305-armv8.pl
b/crypto/poly1305/asm/poly1305-armv8.pl
index d07494bd18..2a42b64a92 100755
--- a/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/crypto/poly1305/asm/poly1305-armv8.pl
@@ -864,8 +864,8 @@ poly1305_blocks_neon:
st1 {$ACC4}[0],[$ctx]
.Lno_data_neon:
- .inst 0xd50323bf // autiasp
ldr x29,[sp],#80
+ .inst 0xd50323bf // autiasp
ret
.size poly1305_blocks_neon,.-poly1305_blocks_neon
[openssl] master update
The branch master has been updated
via fcf6e9d056162d5af64c6f7209388a5c3be2ce57 (commit)
from 728d03b576f360e72bbddc7e751433575430af3b (commit)
- Log -
commit fcf6e9d056162d5af64c6f7209388a5c3be2ce57
Author: Ard Biesheuvel
Date: Tue Oct 27 18:02:40 2020 +0100
crypto/poly1305/asm: fix armv8 pointer authentication
PAC pointer authentication signs the return address against the value
of the stack pointer, to prevent stack overrun exploits from corrupting
the control flow. However, this requires that the AUTIASP is issued with
SP holding the same value as it held when the PAC value was generated.
The Poly1305 armv8 code got this wrong, resulting in crashes on PAC
capable hardware.
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13256)
---
Summary of changes:
crypto/poly1305/asm/poly1305-armv8.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/poly1305/asm/poly1305-armv8.pl
b/crypto/poly1305/asm/poly1305-armv8.pl
index d2d875ad6c..113a2151b6 100755
--- a/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/crypto/poly1305/asm/poly1305-armv8.pl
@@ -866,8 +866,8 @@ poly1305_blocks_neon:
st1 {$ACC4}[0],[$ctx]
.Lno_data_neon:
- .inst 0xd50323bf // autiasp
ldr x29,[sp],#80
+ .inst 0xd50323bf // autiasp
ret
.size poly1305_blocks_neon,.-poly1305_blocks_neon
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 2e06150e3928daa06d5ff70c32bffad8088ebe58 (commit)
from d741debb320bf54e8575d35603a44d4eb40fa1f9 (commit)
- Log -
commit 2e06150e3928daa06d5ff70c32bffad8088ebe58
Author: André Klitzing
Date: Wed Mar 18 16:04:06 2020 +0100
Allow to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
This unifies the behaviour of a single certificate with
an unknown CA certificate with a self-signed certificate.
The user callback can mask that error to retrieve additional
error information. So the user application can decide to
abort the connection instead to be forced by openssl.
This change in behaviour is backward compatible as user callbacks
who don't want to ignore UNABLE_TO_VERIFY_LEAF_SIGNATURE will
still abort the connection by default.
CLA: trivial
Fixes #11297
Reviewed-by: David von Oheimb
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/11359)
---
Summary of changes:
crypto/x509/x509_vfy.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 801055f5a0..ffa8d637ff 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1750,9 +1750,15 @@ static int internal_verify(X509_STORE_CTX *ctx)
xs = xi;
goto check_cert;
}
-if (n <= 0)
-return verify_cb_cert(ctx, xi, 0,
- X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
+if (n <= 0) {
+if (!verify_cb_cert(ctx, xi, 0,
+X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
+return 0;
+
+xs = xi;
+goto check_cert;
+}
+
n--;
ctx->error_depth = n;
xs = sk_X509_value(ctx->chain, n);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via b11aa831cfe09befe3fb3229ca46a4a59352de34 (commit)
from 4b7595e3ecf3e31ecb93f6397300331ba36b2ca4 (commit)
- Log -
commit b11aa831cfe09befe3fb3229ca46a4a59352de34
Author: simplelins
Date: Fri Jan 3 22:56:18 2020 +0800
Fix AES-GCM bug on aarch64 BigEndian
Fixes #10638
Fixes #13188
Fixes a bug for aarch64 bigendian with instructions 'st1' and 'ld1' on
AES-GCM mode.
CLA: trivial
(cherry picked from commit bc8b648f744566031ce84d77333dbbcb9689e975)
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13193)
---
Summary of changes:
crypto/aes/asm/aesv8-armx.pl | 10 +-
crypto/modes/modes_local.h | 7 +--
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index d6068dbf03..f42f7bd1df 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -183,7 +183,12 @@ $code.=<<___;
.Loop192:
vtbl.8 $key,{$in1},$mask
vext.8 $tmp,$zero,$in0,#12
+#ifdef __ARMEB__
+ vst1.32 {$in1},[$out],#16
+ sub $out,$out,#8
+#else
vst1.32 {$in1},[$out],#8
+#endif
aese$key,$zero
subs$bits,$bits,#1
@@ -715,8 +720,11 @@ $code.=<<___;
ldr $rounds,[$key,#240]
ldr $ctr, [$ivp, #12]
+#ifdef __ARMEB__
+ vld1.8 {$dat0},[$ivp]
+#else
vld1.32 {$dat0},[$ivp]
-
+#endif
vld1.32 {q8-q9},[$key] // load key schedule...
sub $rounds,$rounds,#4
mov $step,#16
diff --git a/crypto/modes/modes_local.h b/crypto/modes/modes_local.h
index 28c32c0643..888141681e 100644
--- a/crypto/modes/modes_local.h
+++ b/crypto/modes/modes_local.h
@@ -63,12 +63,15 @@ typedef u32 u32_a1;
asm ("bswapl %0"\
: "+r"(ret_)); ret_; })
# elif defined(__aarch64__)
-# define BSWAP8(x) ({ u64 ret_; \
+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#define BSWAP8(x) ({ u64 ret_; \
asm ("rev %0,%1"\
: "=r"(ret_) : "r"(x)); ret_; })
-# define BSWAP4(x) ({ u32 ret_; \
+#define BSWAP4(x) ({ u32 ret_; \
asm ("rev %w0,%w1" \
: "=r"(ret_) : "r"(x)); ret_; })
+# endif
# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \
asm ("rev %0,%0; rev %1,%1" \
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 7b324bb09f6313b370954fde8f2034a6055d8c2f (commit)
from ed7cdb954e96d463add20f584f5e7ce99560af27 (commit)
- Log -
commit 7b324bb09f6313b370954fde8f2034a6055d8c2f
Author: Tomas Mraz
Date: Tue Oct 20 14:16:30 2020 +0200
Avoid potential doublefree on dh object assigned to EVP_PKEY
Fixes regression from 7844f3c784bfc93c9b94ae5a4082f9d01e82e0af
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/13194)
---
Summary of changes:
ssl/statem/statem_clnt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 3bf8aacfc0..fd3b79c4ef 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2150,6 +2150,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt,
EVP_PKEY **pkey)
ERR_R_EVP_LIB);
goto err;
}
+dh = NULL;
if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
0, peer_tmp)) {
[openssl] master update
The branch master has been updated via ec5059c3effc59457f4b539ed105123c0b702307 (commit) from 6be235a0927473a2fddad83dd30ce4474ae53880 (commit) - Log - commit ec5059c3effc59457f4b539ed105123c0b702307 Author: XiaokangQian Date: Tue Oct 13 09:53:58 2020 + Fix Aes-xts potential failure on aarch64 Add return value for aarch64 in the init key function. This will avoid overwriting the stream pointers of aarch64. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13133) --- Summary of changes: providers/implementations/ciphers/cipher_aes_xts_hw.c | 1 + 1 file changed, 1 insertion(+) diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c index 15c136bafd..c45d67b825 100644 --- a/providers/implementations/ciphers/cipher_aes_xts_hw.c +++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c @@ -59,6 +59,7 @@ static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx, XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key, HWAES_encrypt, HWAES_decrypt, stream_enc, stream_dec); +return 1; } else #endif /* HWAES_CAPABLE */
[openssl] master update
The branch master has been updated
via c804f2965ef6908dc1f30447d4547192fc3ba974 (commit)
from 8ebd88950d9d0a94037e4962daa6e80a464bea06 (commit)
- Log -
commit c804f2965ef6908dc1f30447d4547192fc3ba974
Author: Rainer Jung
Date: Tue Jul 21 11:32:02 2020 +0200
Make TAP::Harness and TAP::Parser optional.
In OpenSSL 1.1.1 the script run_tests.pl has an effectiver
workaround to fall back to Test::Harness, if TAP::Harness
is not available. That code has substantially changed,
but it seems it should still fall back but doesn't.
Observed on SuSE Linux Enterprise Server 11 (SLES11).
Error messages:
Can't locate TAP/Parser.pm in @inc (@inc contains:
/path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5
/usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0
/usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.10.0
/usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at
/path/to/local/perl/lib/perl5/parent.pm line 20.
BEGIN failed--compilation aborted at
/path/to/bld/openssl300/test/run_tests.pl line 131.
and
Can't locate TAP/Harness.pm in @inc (@inc contains:
/path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5
/usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0
/usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.10.0
/usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at
/path/to/local/perl/lib/perl5/parent.pm line 20.
BEGIN failed--compilation aborted at
/path/to/bld/openssl300/test/run_tests.pl line 215.
Concerning the fix: the docs for parent.pm show, that without
the "-norequire" it puts the require statement in a BEGIN block
which probably runs before the eval, to the loading is no
longer encapsulated by the eval. Without the additional require
line, the loading doesn't happen at all, so the availability
testing fails. Combining the "-norequire" and an explicit
"require" worked for me.
Tested on the original problem platform SLES 11, but also on
SLES 12 and 15, RHEL 6, 7 and 8 plus Solaris 10 Sparc.
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12500)
---
Summary of changes:
test/run_tests.pl | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/run_tests.pl b/test/run_tests.pl
index 14e195b468..8a9e156a54 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -148,7 +148,8 @@ my $eres;
$eres = eval {
package TAP::Parser::OpenSSL;
-use parent 'TAP::Parser';
+use parent -norequire, 'TAP::Parser';
+require TAP::Parser;
sub new {
my $class = shift;
@@ -231,7 +232,8 @@ $eres = eval {
}
package TAP::Harness::OpenSSL;
-use parent 'TAP::Harness';
+use parent -norequire, 'TAP::Harness';
+require TAP::Harness;
package main;
[openssl] master update
The branch master has been updated via cad809592579e62c7d38407bdcb11b942571d535 (commit) from a96722219ed431656b0f15a9a3d2c26676b6616e (commit) - Log - commit cad809592579e62c7d38407bdcb11b942571d535 Author: Tomas Mraz Date: Thu Oct 8 17:24:44 2020 +0200 INSTALL.md: Drop trailing spaces on a line Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/13097) --- Summary of changes: INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 813d8b456d..30c88872d2 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1470,7 +1470,7 @@ described here. Examine the Makefiles themselves for the full list. install_html_docs Only install the OpenSSL HTML documentation. - + install_fips Install the FIPS provider module configuration file.
[openssl] master update
The branch master has been updated
via d00bd4e452e846a610284fe2be3e9358153251e7 (commit)
from 13c5ec569ea9286ff18e019fb2d53be64829c62c (commit)
- Log -
commit d00bd4e452e846a610284fe2be3e9358153251e7
Author: Daniel Bevenius
Date: Mon Oct 5 08:14:29 2020 +0200
Set mark and pop error in d2i_PrivateKey_ex
This commit sets the error mark before calling old_priv_decode and if
old_priv_decode returns false, and if EVP_PKCS82PKEY is successful, the
errors are popped to the previously set mark.
The motivation for this is an issue we found when linking Node.js
against OpenSSL 3.0. Details can be found in the link below and the
test case provided in this commit attempts cover this.
Refs: https://github.com/danbev/learning-libcrypto#asn1-wrong-tag-issue
Refs: https://github.com/nodejs/node/issues/29817
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13073)
---
Summary of changes:
crypto/asn1/d2i_pr.c | 13 +++--
test/evp_extra_test2.c | 23 +++
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 838ce25b90..b478112349 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -45,6 +45,7 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const
unsigned char **pp,
goto err;
}
+ERR_set_mark();
if (!ret->ameth->old_priv_decode ||
!ret->ameth->old_priv_decode(ret, , length)) {
if (ret->ameth->priv_decode != NULL
@@ -52,20 +53,28 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const
unsigned char **pp,
EVP_PKEY *tmp;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, , length);
-if (p8 == NULL)
+if (p8 == NULL) {
+ERR_clear_last_mark();
goto err;
+}
tmp = EVP_PKCS82PKEY_ex(p8, libctx, propq);
PKCS8_PRIV_KEY_INFO_free(p8);
-if (tmp == NULL)
+if (tmp == NULL) {
+ERR_clear_last_mark();
goto err;
+}
EVP_PKEY_free(ret);
ret = tmp;
+ERR_pop_to_mark();
if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
goto err;
} else {
+ERR_clear_last_mark();
ASN1err(0, ERR_R_ASN1_LIB);
goto err;
}
+} else {
+ ERR_clear_last_mark();
}
*pp = p;
if (a != NULL)
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index 63380f878a..0667a82647 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -15,6 +15,7 @@
*/
#include
+#include
#include
#include "testutil.h"
#include "internal/nelem.h"
@@ -248,6 +249,27 @@ static int test_alternative_default(void)
return ok;
}
+static int test_d2i_PrivateKey_ex(void) {
+int ok;
+OSSL_PROVIDER *provider;
+BIO *key_bio;
+EVP_PKEY* pkey;
+ok = 0;
+
+provider = OSSL_PROVIDER_load(NULL, "default");
+key_bio = BIO_new_mem_buf(([0])->kder, ()[0]->size);
+
+ok = TEST_ptr(pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL));
+TEST_int_eq(ERR_peek_error(), 0);
+test_openssl_errors();
+
+EVP_PKEY_free(pkey);
+BIO_free(key_bio);
+OSSL_PROVIDER_unload(provider);
+
+return ok;
+}
+
int setup_tests(void)
{
mainctx = OPENSSL_CTX_new();
@@ -264,6 +286,7 @@ int setup_tests(void)
ADD_TEST(test_alternative_default);
ADD_ALL_TESTS(test_d2i_AutoPrivateKey_ex, OSSL_NELEM(keydata));
+ADD_TEST(test_d2i_PrivateKey_ex);
return 1;
}
[openssl] master update
The branch master has been updated
via 62f27ab9dcf29876b15cdae704c3a04b4c8a6344 (commit)
from f21c9c64f53484d4abe25b76d29350ed683db855 (commit)
- Log -
commit 62f27ab9dcf29876b15cdae704c3a04b4c8a6344
Author: Maxim Masiutin
Date: Tue Sep 29 18:40:56 2020 +0300
TLS AEAD ciphers: more bytes for key_block than needed
Fixes #12007
The key_block length was not written to trace, thus it was not obvious
that extra key_bytes were generated for TLS AEAD.
The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers
to figure out how many bytes from the key_block were needed for the IV.
The correct way was to take cipher mode (GCM, CCM, etc) into
consideration rather than simply callin the general function
EVP_CIPHER_iv_length.
The new function tls_iv_length_within_key_block takes this into
consideration.
Besides that, the order of addendums was counter-intuitive MAC length
was second, but it have to be first to correspond the order given in the
RFC.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13035)
---
Summary of changes:
ssl/t1_enc.c | 24 +++-
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index fbef9c1a86..91c3904723 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -175,6 +175,18 @@ int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX
*ctx,
return 1;
}
+
+static int tls_iv_length_within_key_block(const EVP_CIPHER *c)
+{
+/* If GCM/CCM mode only part of IV comes from PRF */
+if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+return EVP_GCM_TLS_FIXED_IV_LEN;
+else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+return EVP_CCM_TLS_FIXED_IV_LEN;
+else
+return EVP_CIPHER_iv_length(c);
+}
+
int tls1_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
@@ -337,14 +349,7 @@ int tls1_change_cipher_state(SSL *s, int which)
/* TODO(size_t): convert me */
cl = EVP_CIPHER_key_length(c);
j = cl;
-/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-/* If GCM/CCM mode only part of IV comes from PRF */
-if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
-k = EVP_GCM_TLS_FIXED_IV_LEN;
-else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
-k = EVP_CCM_TLS_FIXED_IV_LEN;
-else
-k = EVP_CIPHER_iv_length(c);
+k = tls_iv_length_within_key_block(c);
if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
ms = &(p[0]);
@@ -565,7 +570,7 @@ int tls1_setup_key_block(SSL *s)
s->s3.tmp.new_hash = hash;
s->s3.tmp.new_mac_pkey_type = mac_type;
s->s3.tmp.new_mac_secret_size = mac_secret_size;
-num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
+num = mac_secret_size + EVP_CIPHER_key_length(c) +
tls_iv_length_within_key_block(c);
num *= 2;
ssl3_cleanup_key_block(s);
@@ -580,6 +585,7 @@ int tls1_setup_key_block(SSL *s)
s->s3.tmp.key_block = p;
OSSL_TRACE_BEGIN(TLS) {
+BIO_printf(trc_out, "key block length: %ld\n", num);
BIO_printf(trc_out, "client random\n");
BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4);
BIO_printf(trc_out, "server random\n");
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 56e8fe0b4efbf582e40ae91319727c9d176c5e1e (commit)
from fdcddd9357fcda1f0507fda0307d94e8244f2b51 (commit)
- Log -
commit 56e8fe0b4efbf582e40ae91319727c9d176c5e1e
Author: Norman Ashley
Date: Fri Jul 10 19:01:32 2020 -0400
Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign
OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for
RSA_METHOD_FLAG_NO_CHECK.
If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail
because the X509_check_private_key() can fail.
The check for the RSA_METHOD_FLAG_NO_CHECK was moved to
crypto/rsa/rsa_ameth.c
as a common place to check. Checks in ssl_rsa.c were removed.
Reviewed-by: Matt Caswell
Reviewed-by: Tim Hudson
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12419)
---
Summary of changes:
crypto/rsa/rsa_ameth.c | 9 +
ssl/ssl_rsa.c | 26 --
2 files changed, 9 insertions(+), 26 deletions(-)
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 6692a51ed8..cc686fcbda 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -118,6 +118,15 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY
*pubkey)
static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
+/*
+ * Don't check the public/private key, this is mostly for smart
+ * cards.
+ */
+if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
+|| (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) {
+return 1;
+}
+
if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
|| BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
return 0;
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index b9693527b3..51abd27e27 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -148,15 +148,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
EVP_PKEY_copy_parameters(pktmp, pkey);
ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
-/*
- * Don't check the public/private key, this is mostly for smart
- * cards.
- */
-if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
-&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
-else
-#endif
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
X509_free(c->pkeys[i].x509);
c->pkeys[i].x509 = NULL;
@@ -342,16 +333,6 @@ static int ssl_set_cert(CERT *c, X509 *x)
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
-/*
- * Don't check the public/private key, this is mostly for smart
- * cards.
- */
-if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
-&& RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
-RSA_METHOD_FLAG_NO_CHECK) ;
-else
-#endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
/*
* don't fail for a cert/key mismatch, just free current private
@@ -1082,13 +1063,6 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx,
X509 *x509, EVP_PKEY *pr
EVP_PKEY_copy_parameters(pubkey, privatekey);
} /* else both have parameters */
-/* Copied from ssl_set_cert/pkey */
-#ifndef OPENSSL_NO_RSA
-if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) &&
-((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) &
RSA_METHOD_FLAG_NO_CHECK)))
-/* no-op */ ;
-else
-#endif
/* check that key <-> cert match */
if (EVP_PKEY_cmp(pubkey, privatekey) != 1) {
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
[openssl] master update
The branch master has been updated
via 36871717ac83fe049f8620ff82be4a5d36e0d97d (commit)
from 9c13b49a9f22d91c7f0576377975157f4f67984c (commit)
- Log -
commit 36871717ac83fe049f8620ff82be4a5d36e0d97d
Author: Norman Ashley
Date: Fri Jul 10 19:01:32 2020 -0400
Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign
OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for
RSA_METHOD_FLAG_NO_CHECK.
If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail
because the X509_check_private_key() can fail.
The check for the RSA_METHOD_FLAG_NO_CHECK was moved to
crypto/rsa/rsa_ameth.c
as a common place to check. Checks in ssl_rsa.c were removed.
Reviewed-by: Matt Caswell
Reviewed-by: Tim Hudson
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12419)
(cherry picked from commit 56e8fe0b4efbf582e40ae91319727c9d176c5e1e)
---
Summary of changes:
crypto/rsa/rsa_ameth.c | 9 +
ssl/ssl_rsa.c | 26 --
2 files changed, 9 insertions(+), 26 deletions(-)
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 130f6156c5..6558e1c662 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -144,6 +144,15 @@ static int rsa_pub_decode(EVP_PKEY *pkey, const
X509_PUBKEY *pubkey)
static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
+/*
+ * Don't check the public/private key, this is mostly for smart
+ * cards.
+ */
+if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
+|| (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) {
+return 1;
+}
+
if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
|| BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
return 0;
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 3a28b60ba6..76270b677e 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -166,15 +166,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
EVP_PKEY_copy_parameters(pktmp, pkey);
ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
-/*
- * Don't check the public/private key, this is mostly for smart
- * cards.
- */
-if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
-&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
-else
-#endif
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
X509_free(c->pkeys[i].x509);
c->pkeys[i].x509 = NULL;
@@ -365,16 +356,6 @@ static int ssl_set_cert(CERT *c, X509 *x)
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
-/*
- * Don't check the public/private key, this is mostly for smart
- * cards.
- */
-if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
-&& RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
-RSA_METHOD_FLAG_NO_CHECK) ;
-else
-#endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
/*
* don't fail for a cert/key mismatch, just free current private
@@ -1134,13 +1115,6 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx,
X509 *x509, EVP_PKEY *pr
EVP_PKEY_copy_parameters(pubkey, privatekey);
} /* else both have parameters */
-/* Copied from ssl_set_cert/pkey */
-#ifndef OPENSSL_NO_RSA
-if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) &&
-((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) &
RSA_METHOD_FLAG_NO_CHECK)))
-/* no-op */ ;
-else
-#endif
/* check that key <-> cert match */
if (EVP_PKEY_eq(pubkey, privatekey) != 1) {
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via fdcddd9357fcda1f0507fda0307d94e8244f2b51 (commit)
via 398c8da5c8c3cf3369ac7e8883823e0c94735ca7 (commit)
from ee617d0e020d6dd28c079fa7819d009790f2d2b9 (commit)
- Log -
commit fdcddd9357fcda1f0507fda0307d94e8244f2b51
Author: Tomas Mraz
Date: Fri Sep 11 09:09:29 2020 +0200
Disallow certs with explicit curve in verification chain
The check is applied only with X509_V_FLAG_X509_STRICT.
Fixes #12139
Reviewed-by: David von Oheimb
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/12909)
commit 398c8da5c8c3cf3369ac7e8883823e0c94735ca7
Author: Tomas Mraz
Date: Fri Aug 21 14:50:52 2020 +0200
EC_KEY: add EC_KEY_decoded_from_explicit_params()
The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.
Reviewed-by: David von Oheimb
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/12909)
---
Summary of changes:
crypto/ec/ec_asn1.c | 31 +++---
crypto/ec/ec_key.c | 7 +++
crypto/ec/ec_lib.c | 1 +
crypto/ec/ec_local.h | 2 +
crypto/x509/x509_txt.c | 2 +
crypto/x509/x509_vfy.c | 35 +++
doc/man3/EC_KEY_new.pod | 8 ++-
include/openssl/ec.h | 2 +
include/openssl/x509_vfy.h | 1 +
ssl/statem/statem_lib.c | 1 +
test/certs/ca-cert-ec-explicit.pem | 19 ++
test/certs/ca-cert-ec-named.pem | 14 +
test/certs/ca-key-ec-explicit.pem| 10 +++
test/certs/ca-key-ec-named.pem | 5 ++
test/certs/ee-cert-ec-explicit.pem | 16 +
test/certs/ee-cert-ec-named-explicit.pem | 11
test/certs/ee-cert-ec-named-named.pem| 11
test/certs/ee-key-ec-explicit.pem| 10 +++
test/certs/ee-key-ec-named-explicit.pem | 5 ++
test/certs/ee-key-ec-named-named.pem | 5 ++
test/certs/setup.sh | 12
test/ec_internal_test.c | 101 +++
test/recipes/25-test_verify.t| 23 ++-
util/libcrypto.num | 1 +
24 files changed, 323 insertions(+), 10 deletions(-)
create mode 100644 test/certs/ca-cert-ec-explicit.pem
create mode 100644 test/certs/ca-cert-ec-named.pem
create mode 100644 test/certs/ca-key-ec-explicit.pem
create mode 100644 test/certs/ca-key-ec-named.pem
create mode 100644 test/certs/ee-cert-ec-explicit.pem
create mode 100644 test/certs/ee-cert-ec-named-explicit.pem
create mode 100644 test/certs/ee-cert-ec-named-named.pem
create mode 100644 test/certs/ee-key-ec-explicit.pem
create mode 100644 test/certs/ee-key-ec-named-explicit.pem
create mode 100644 test/certs/ee-key-ec-named-named.pem
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 96e7d83ea7..7b7c75ce84 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -137,6 +137,12 @@ struct ec_parameters_st {
ASN1_INTEGER *cofactor;
} /* ECPARAMETERS */ ;
+typedef enum {
+ECPKPARAMETERS_TYPE_NAMED = 0,
+ECPKPARAMETERS_TYPE_EXPLICIT,
+ECPKPARAMETERS_TYPE_IMPLICIT
+} ecpk_parameters_type_t;
+
struct ecpk_parameters_st {
int type;
union {
@@ -535,9 +541,10 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
*group,
return NULL;
}
} else {
-if (ret->type == 0)
+if (ret->type == ECPKPARAMETERS_TYPE_NAMED)
ASN1_OBJECT_free(ret->value.named_curve);
-else if (ret->type == 1 && ret->value.parameters)
+else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT
+ && ret->value.parameters != NULL)
ECPARAMETERS_free(ret->value.parameters);
}
@@ -554,7 +561,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
*group,
ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID);
ok = 0;
} else {
-ret->type = 0;
+ret->type = ECPKPARAMETERS_TYPE_NAMED;
ret->value.named_curve = asn1obj;
}
} else
@@ -562,7 +569,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
*group,
ok = 0;
} else {
/* use the ECPARAMETERS structure */
-ret->type = 1;
+ret->type = ECPKPARAMETERS_TYPE_EXPLICIT;
if ((ret->value.parameters =
EC_GROUP_get_ecparameters(group, NULL)) == NULL)
ok = 0;
@@ -901,7 +908,8 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const
ECPKPARAMETERS *params)
return NULL;
}
-if (params->type == 0) {/* the curve
[openssl] master update
The branch master has been updated
via 639bb581ce5bfed0f3a6286ff4b2ccb773d3353d (commit)
from e57bbf9e1a95a93551dc711664d69ca086f7e0b1 (commit)
- Log -
commit 639bb581ce5bfed0f3a6286ff4b2ccb773d3353d
Author: Tomas Mraz
Date: Fri Sep 18 16:43:00 2020 +0200
apps/ocsp: Return non zero exit code with invalid certID
Fixes #7151
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/12916)
---
Summary of changes:
apps/ocsp.c | 18 --
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 93c17f4a07..4d01e99c15 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -62,7 +62,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
const EVP_MD *cert_id_md, X509 *issuer,
STACK_OF(OCSP_CERTID) *ids);
-static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
STACK_OF(OPENSSL_STRING) *names,
STACK_OF(OCSP_CERTID) *ids, long nsec,
long maxage);
@@ -813,7 +813,8 @@ redo_accept:
}
}
-print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage);
+if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
+ret = 1;
end:
ERR_print_errors(bio_err);
@@ -929,7 +930,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
return 0;
}
-static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
STACK_OF(OPENSSL_STRING) *names,
STACK_OF(OCSP_CERTID) *ids, long nsec,
long maxage)
@@ -938,10 +939,13 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP
*bs, OCSP_REQUEST *req,
const char *name;
int i, status, reason;
ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+int ret = 1;
-if (bs == NULL || req == NULL || !sk_OPENSSL_STRING_num(names)
-|| !sk_OCSP_CERTID_num(ids))
-return;
+if (req == NULL || !sk_OPENSSL_STRING_num(names))
+return 1;
+
+if (bs == NULL || !sk_OCSP_CERTID_num(ids))
+return 0;
for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
id = sk_OCSP_CERTID_value(ids, i);
@@ -951,6 +955,7 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP
*bs, OCSP_REQUEST *req,
if (!OCSP_resp_find_status(bs, id, , ,
, , )) {
BIO_puts(out, "ERROR: No Status found.\n");
+ret = 0;
continue;
}
@@ -984,6 +989,7 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP
*bs, OCSP_REQUEST *req,
ASN1_GENERALIZEDTIME_print(out, rev);
BIO_puts(out, "\n");
}
+return ret;
}
static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST
*req,
[openssl] master update
The branch master has been updated
via e57bbf9e1a95a93551dc711664d69ca086f7e0b1 (commit)
from 627ddf7b5b7b1f0f69a57495c25f7cbd39c33961 (commit)
- Log -
commit e57bbf9e1a95a93551dc711664d69ca086f7e0b1
Author: Rutger Hendriks
Date: Mon Aug 31 13:59:51 2020 +0200
Increase PSK_MAX_PSK_LEN to 512
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12777)
---
Summary of changes:
include/openssl/ssl.h.in | 2 +-
ssl/ssl_local.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 264b7eddb7..ac7c521e95 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -850,7 +850,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned
char **data,
* resulting identity/psk
*/
# define PSK_MAX_IDENTITY_LEN 128
-# define PSK_MAX_PSK_LEN 256
+# define PSK_MAX_PSK_LEN 512
typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
const char *hint,
char *identity,
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 49d24e6a96..fd4eacdc38 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -524,7 +524,7 @@ struct ssl_method_st {
* Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
* consistency, even in the event of OPENSSL_NO_PSK being defined.
*/
-# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH 512
/*-
* Lets make this into an ASN.1 type structure as follows
[openssl] master update
The branch master has been updated via 627ddf7b5b7b1f0f69a57495c25f7cbd39c33961 (commit) from d5b170a2fcf8b22c67e86a09222dff7ce306c7ad (commit) - Log - commit 627ddf7b5b7b1f0f69a57495c25f7cbd39c33961 Author: Tomas Mraz Date: Fri Sep 18 13:59:55 2020 +0200 Correct certificate and key names for explicit ec param test Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12915) --- Summary of changes: test/certs/setup.sh | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 6839e60674..ee3d678219 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -191,9 +191,11 @@ OPENSSL_KEYBITS=768 \ # EC cert with explicit curve signed by named curve ca ./mkcert.sh genee server.example ee-key-ec-explicit ee-cert-ec-explicit ca-key-ec-named ca-cert-ec-named # EC cert with named curve signed by explicit curve ca -./mkcert.sh genee server.example ee-key-ec-named ee-cert-ec-named ca-key-ec-explicit ca-cert-ec-explicit +./mkcert.sh genee server.example ee-key-ec-named-explicit \ +ee-cert-ec-named-explicit ca-key-ec-explicit ca-cert-ec-explicit # EC cert with named curve signed by named curve ca -./mkcert.sh genee server.example ee-key-ec-namnam ee-cert-ec-namnam ca-key-ec-named ca-cert-ec-named +./mkcert.sh genee server.example ee-key-ec-named-named \ +ee-cert-ec-named-named ca-key-ec-named ca-cert-ec-named # self-signed end-entity cert with explicit keyUsage not including KeyCertSign openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36500
[openssl] master update
The branch master has been updated
via 67ecd65cc4fdaa03fbae5fcccf53ebca7d785554 (commit)
via cccf532fef10aaa2d682227061b8828a1eb2c031 (commit)
via fe2f8aecfe4a0de483334bf671a8eb4f1c00 (commit)
from bde4aa8dc1946dff189c89396814a98d1052262d (commit)
- Log -
commit 67ecd65cc4fdaa03fbae5fcccf53ebca7d785554
Author: Tomas Mraz
Date: Fri Sep 11 15:27:23 2020 +0200
Rename check_chain_extensions to check_chain
The function does much more than just checking extensions.
Reviewed-by: David von Oheimb
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/12683)
commit cccf532fef10aaa2d682227061b8828a1eb2c031
Author: Tomas Mraz
Date: Fri Sep 11 09:09:29 2020 +0200
Disallow certs with explicit curve in verification chain
The check is applied only with X509_V_FLAG_X509_STRICT.
Fixes #12139
Reviewed-by: David von Oheimb
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/12683)
commit fe2f8aecfe4a0de483334bf671a8eb4f1c00
Author: Tomas Mraz
Date: Fri Aug 21 14:50:52 2020 +0200
EC_KEY: add EC_KEY_decoded_from_explicit_params()
The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.
Reviewed-by: David von Oheimb
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/12683)
---
Summary of changes:
crypto/ec/ec_asn1.c | 31 +++---
crypto/ec/ec_key.c | 7 +++
crypto/ec/ec_lib.c | 1 +
crypto/ec/ec_local.h | 2 +
crypto/x509/v3_purp.c| 2 +-
crypto/x509/x509_txt.c | 2 +
crypto/x509/x509_vfy.c | 41 -
doc/man3/EC_KEY_new.pod | 8 ++-
include/openssl/ec.h | 2 +
include/openssl/x509_vfy.h.in| 1 +
ssl/statem/statem_lib.c | 1 +
test/certs/ca-cert-ec-explicit.pem | 19 ++
test/certs/ca-cert-ec-named.pem | 14 +
test/certs/ca-key-ec-explicit.pem| 10 +++
test/certs/ca-key-ec-named.pem | 5 ++
test/certs/ee-cert-ec-explicit.pem | 16 +
test/certs/ee-cert-ec-named-explicit.pem | 11
test/certs/ee-cert-ec-named-named.pem| 11
test/certs/ee-key-ec-explicit.pem| 10 +++
test/certs/ee-key-ec-named-explicit.pem | 5 ++
test/certs/ee-key-ec-named-named.pem | 5 ++
test/certs/setup.sh | 10 +++
test/ec_internal_test.c | 101 +++
test/recipes/25-test_verify.t| 17 +-
util/libcrypto.num | 1 +
25 files changed, 319 insertions(+), 14 deletions(-)
create mode 100644 test/certs/ca-cert-ec-explicit.pem
create mode 100644 test/certs/ca-cert-ec-named.pem
create mode 100644 test/certs/ca-key-ec-explicit.pem
create mode 100644 test/certs/ca-key-ec-named.pem
create mode 100644 test/certs/ee-cert-ec-explicit.pem
create mode 100644 test/certs/ee-cert-ec-named-explicit.pem
create mode 100644 test/certs/ee-cert-ec-named-named.pem
create mode 100644 test/certs/ee-key-ec-explicit.pem
create mode 100644 test/certs/ee-key-ec-named-explicit.pem
create mode 100644 test/certs/ee-key-ec-named-named.pem
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 879ff9faa2..9454f580d5 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -74,6 +74,12 @@ struct ec_parameters_st {
ASN1_INTEGER *cofactor;
} /* ECPARAMETERS */ ;
+typedef enum {
+ECPKPARAMETERS_TYPE_NAMED = 0,
+ECPKPARAMETERS_TYPE_EXPLICIT,
+ECPKPARAMETERS_TYPE_IMPLICIT
+} ecpk_parameters_type_t;
+
struct ecpk_parameters_st {
int type;
union {
@@ -472,9 +478,10 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
*group,
return NULL;
}
} else {
-if (ret->type == 0)
+if (ret->type == ECPKPARAMETERS_TYPE_NAMED)
ASN1_OBJECT_free(ret->value.named_curve);
-else if (ret->type == 1 && ret->value.parameters)
+else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT
+ && ret->value.parameters != NULL)
ECPARAMETERS_free(ret->value.parameters);
}
@@ -491,7 +498,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
*group,
ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID);
ok = 0;
} else {
-ret->type = 0;
+ret->type = ECPKPARAMETERS_TYPE_NAMED;
ret->value.named_curve = asn1obj;
}
} else
@@ -499,7 +506,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP
[openssl] master update
The branch master has been updated
via 4bb73d5409c056a878f526280f86cc3c01f8cd68 (commit)
from 8230710f04ed70fee41ec3ed8f3e4b1af55be05a (commit)
- Log -
commit 4bb73d5409c056a878f526280f86cc3c01f8cd68
Author: jwalch
Date: Wed Sep 9 22:36:00 2020 -0400
Add a NULL check to EVP_PKEY_assign
Fixes #12619
Update p_lib.c
Reviewed-by: Tomas Mraz
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12863)
---
Summary of changes:
crypto/evp/p_lib.c | 2 +-
test/ecdsatest.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index e336d91286..5e032b4053 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -709,7 +709,7 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
int alias = type;
#ifndef OPENSSL_NO_EC
-if (EVP_PKEY_type(type) == EVP_PKEY_EC) {
+if ((key != NULL) && (EVP_PKEY_type(type) == EVP_PKEY_EC)) {
const EC_GROUP *group = EC_KEY_get0_group(key);
if (group != NULL && EC_GROUP_get_curve_name(group) == NID_sm2)
diff --git a/test/ecdsatest.c b/test/ecdsatest.c
index f7d6608f39..471aaa184d 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -252,6 +252,7 @@ static int test_builtin(int n, int as)
|| !TEST_ptr(eckey_neg = EC_KEY_new_by_curve_name(nid))
|| !TEST_true(EC_KEY_generate_key(eckey_neg))
|| !TEST_ptr(pkey_neg = EVP_PKEY_new())
+|| !TEST_false(EVP_PKEY_assign_EC_KEY(pkey_neg, NULL))
|| !TEST_true(EVP_PKEY_assign_EC_KEY(pkey_neg, eckey_neg)))
goto err;
[openssl] master update
The branch master has been updated
via 3101ab603cd82cdbc81de0902b2b4718e8f1279b (commit)
from b830e0042972a237c6677c071f1fcde5c1afbea7 (commit)
- Log -
commit 3101ab603cd82cdbc81de0902b2b4718e8f1279b
Author: Matt Caswell
Date: Thu Sep 3 11:50:30 2020 +0100
Fix an EVP_MD_CTX leak
If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same
EVP_MD_CTX with a provided MD then we end up leaking the md_data.
We need to ensure we free the md_data if we change to a provided MD.
Reviewed-by: Tomas Mraz
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/12779)
---
Summary of changes:
crypto/evp/digest.c | 45 +
crypto/evp/m_sigver.c | 10 ++
include/crypto/evp.h | 2 ++
3 files changed, 37 insertions(+), 20 deletions(-)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 19fddb74ab..07bf12e5ae 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -22,24 +22,9 @@
#include "internal/provider.h"
#include "evp_local.h"
-/* This call frees resources associated with the context */
-int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
-{
-if (ctx == NULL)
-return 1;
-
-#ifndef FIPS_MODULE
-/* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
-/*
- * pctx should be freed by the user of EVP_MD_CTX
- * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
- */
-if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
-EVP_PKEY_CTX_free(ctx->pctx);
-ctx->pctx = NULL;
-}
-#endif
+void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
+{
EVP_MD_free(ctx->fetched_digest);
ctx->fetched_digest = NULL;
ctx->reqdigest = NULL;
@@ -61,16 +46,36 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
ctx->digest->cleanup(ctx);
if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+&& (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) || force))
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
-}
+if (force)
+ctx->digest = NULL;
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(ctx->engine);
+ctx->engine = NULL;
#endif
+}
-/* TODO(3.0): End of legacy code */
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
+{
+if (ctx == NULL)
+return 1;
+
+#ifndef FIPS_MODULE
+/* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
+/*
+ * pctx should be freed by the user of EVP_MD_CTX
+ * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
+ */
+if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
+EVP_PKEY_CTX_free(ctx->pctx);
+ctx->pctx = NULL;
+}
+#endif
+evp_md_ctx_clear_digest(ctx, 0);
OPENSSL_cleanse(ctx, sizeof(*ctx));
return 1;
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index a60d6e770b..e2bb613a20 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -176,6 +176,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX
**pctx,
}
if (mdname != NULL) {
+/*
+ * We're about to get a new digest so clear anything associated
with
+ * an old digest.
+ */
+evp_md_ctx_clear_digest(ctx, 1);
+
/*
* This might be requested by a later call to EVP_MD_CTX_md().
* In that case the "explicit fetch" rules apply for that
@@ -185,6 +191,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX
**pctx,
*/
ctx->digest = ctx->reqdigest = ctx->fetched_digest =
EVP_MD_fetch(locpctx->libctx, mdname, props);
+if (ctx->digest == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+goto err;
+}
}
}
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 9d9b0a7298..bdff97f639 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -808,3 +808,5 @@ int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx);
void evp_method_store_flush(OPENSSL_CTX *libctx);
int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq,
int loadconfig);
+
+void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force);
[openssl] master update
The branch master has been updated
via 924663c36d47066d5307937da77fed7e872730c7 (commit)
from d96486dc809b5d134055785bfa6d707195d95534 (commit)
- Log -
commit 924663c36d47066d5307937da77fed7e872730c7
Author: Jakub Zelenka
Date: Sun Sep 6 19:11:34 2020 +0100
Add CMS AuthEnvelopedData with AES-GCM support
Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM
parameter as defined in RFC 5084.
Reviewed-by: Shane Lontis
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/8024)
---
Summary of changes:
crypto/asn1/evp_asn1.c| 108 +--
crypto/cms/cms_asn1.c | 12 ++
crypto/cms/cms_enc.c | 32 +++-
crypto/cms/cms_env.c | 345 ++
crypto/cms/cms_err.c | 3 +
crypto/cms/cms_kari.c | 4 +-
crypto/cms/cms_lib.c | 24 +++
crypto/cms/cms_local.h| 21 ++-
crypto/cms/cms_pwri.c | 16 +-
crypto/cms/cms_smime.c| 20 +-
crypto/err/openssl.txt| 3 +
crypto/evp/evp_lib.c | 107 ---
crypto/evp/evp_local.h| 5 +
doc/man1/openssl-cms.pod.in | 3 +
doc/man3/CMS_EnvelopedData_create.pod | 48 +++--
doc/man3/CMS_decrypt.pod | 6 +-
doc/man3/CMS_encrypt.pod | 22 ++-
include/crypto/asn1.h | 9 +
include/crypto/evp.h | 12 ++
include/openssl/asn1err.h | 1 +
include/openssl/cms.h | 5 +
include/openssl/cmserr.h | 2 +
test/cmsapitest.c | 29 ++-
test/drbgtest.c | 1 +
test/recipes/80-test_cms.t| 26 ++-
util/libcrypto.num| 2 +
26 files changed, 686 insertions(+), 180 deletions(-)
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index c775a22181..844aabe603 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,6 +11,7 @@
#include "internal/cryptlib.h"
#include
#include
+#include "crypto/asn1.h"
int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
{
@@ -46,6 +47,34 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned
char *data, int max_l
return ret;
}
+static ossl_inline void asn1_type_init_oct(ASN1_OCTET_STRING *oct,
+ unsigned char *data, int len)
+{
+oct->data = data;
+oct->type = V_ASN1_OCTET_STRING;
+oct->length = len;
+oct->flags = 0;
+}
+
+static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum,
+ long *num, unsigned char *data, int max_len)
+{
+int ret = ASN1_STRING_length(oct), n;
+
+if (num != NULL)
+*num = anum;
+
+if (max_len > ret)
+n = ret;
+else
+n = max_len;
+
+if (data != NULL)
+memcpy(data, ASN1_STRING_get0_data(oct), n);
+
+return ret;
+}
+
typedef struct {
int32_t num;
ASN1_OCTET_STRING *oct;
@@ -66,25 +95,18 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
unsigned char *data,
atmp.num = num;
atmp.oct =
-oct.data = data;
-oct.type = V_ASN1_OCTET_STRING;
-oct.length = len;
-oct.flags = 0;
+asn1_type_init_oct(, data, len);
if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), , ))
return 1;
return 0;
}
-/*
- * we return the actual length...
- */
-/* int max_len: for returned value*/
int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
unsigned char *data, int max_len)
{
asn1_int_oct *atmp = NULL;
-int ret = -1, n;
+int ret = -1;
if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
goto err;
@@ -95,17 +117,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long
*num,
if (atmp == NULL)
goto err;
-if (num != NULL)
-*num = atmp->num;
+ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len);
-ret = ASN1_STRING_length(atmp->oct);
-if (max_len > ret)
-n = ret;
-else
-n = max_len;
-
-if (data != NULL)
-memcpy(data, ASN1_STRING_get0_data(atmp->oct), n);
if (ret == -1) {
err:
ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
@@ -113,3 +126,58 @@ int
[openssl] master update
The branch master has been updated
via 807b0a1dbb65fcf0d432184326e76e9f745dc3f1 (commit)
from 72c1e37421ffe9a4db4bba46f3d736dbc227c255 (commit)
- Log -
commit 807b0a1dbb65fcf0d432184326e76e9f745dc3f1
Author: Felix Monninger
Date: Tue Jun 30 22:57:36 2020 +0200
also zero pad DHE public key in ClientKeyExchange message for interop
Reviewed-by: Ben Kaduk
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12331)
---
Summary of changes:
ssl/statem/statem_clnt.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 4c994dd389..0780e5fc9a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3069,9 +3069,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
{
#ifndef OPENSSL_NO_DH
DH *dh_clnt = NULL;
-const BIGNUM *pub_key;
EVP_PKEY *ckey = NULL, *skey = NULL;
unsigned char *keybytes = NULL;
+int prime_len;
skey = s->s3.peer_tmp;
if (skey == NULL) {
@@ -3101,15 +3101,19 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
}
/* send off the data */
-DH_get0_key(dh_clnt, _key, NULL);
-if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
-)) {
+prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
+/*
+ * For interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime, so use the length of the prime here.
+ */
+if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, )
+|| BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) <
0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
ERR_R_INTERNAL_ERROR);
goto err;
}
-BN_bn2bin(pub_key, keybytes);
EVP_PKEY_free(ckey);
return 1;
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 46a9ee8c796c8b5f8d95290676119b4f3d72be91 (commit)
from 925a9d0a8168bfd0b532bc6600ba3e7ab47a7592 (commit)
- Log -
commit 46a9ee8c796c8b5f8d95290676119b4f3d72be91
Author: Tomas Mraz
Date: Thu Aug 6 15:14:29 2020 +0200
sslapitest: Add test for premature call of SSL_export_keying_material
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12594)
(cherry picked from commit ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356)
---
Summary of changes:
test/sslapitest.c | 17 ++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 52207226f4..ad1824c68d 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4432,9 +4432,20 @@ static int test_export_key_mat(int tst)
SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
if (!TEST_true(create_ssl_objects(sctx, cctx, , , NULL,
- NULL))
-|| !TEST_true(create_ssl_connection(serverssl, clientssl,
-SSL_ERROR_NONE)))
+ NULL)))
+goto end;
+
+/*
+ * Premature call of SSL_export_keying_material should just fail.
+ */
+if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
+sizeof(ckeymat1), label,
+SMALL_LABEL_LEN + 1, context,
+sizeof(context) - 1, 1), 0))
+goto end;
+
+if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
goto end;
if (tst == 5) {
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 925a9d0a8168bfd0b532bc6600ba3e7ab47a7592 (commit)
from ea7a58a60659d12d102ec78af4d6c3e589347150 (commit)
- Log -
commit 925a9d0a8168bfd0b532bc6600ba3e7ab47a7592
Author: Tomas Mraz
Date: Thu Aug 6 11:20:43 2020 +0200
Avoid segfault in SSL_export_keying_material if there is no session
Fixes #12588
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12594)
(cherry picked from commit dffeec1c10a874d7c7b83c221dbbce82f755edb1)
---
Summary of changes:
ssl/ssl_lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 433a537969..b1df374817 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2897,7 +2897,8 @@ int SSL_export_keying_material(SSL *s, unsigned char
*out, size_t olen,
const unsigned char *context, size_t contextlen,
int use_context)
{
-if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
+if (s->session == NULL
+|| (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER))
return -1;
return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
[openssl] master update
The branch master has been updated
via ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356 (commit)
via dffeec1c10a874d7c7b83c221dbbce82f755edb1 (commit)
from dd0164e7565bb14fac193aea4c2c37714bf66d56 (commit)
- Log -
commit ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356
Author: Tomas Mraz
Date: Thu Aug 6 15:14:29 2020 +0200
sslapitest: Add test for premature call of SSL_export_keying_material
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12594)
commit dffeec1c10a874d7c7b83c221dbbce82f755edb1
Author: Tomas Mraz
Date: Thu Aug 6 11:20:43 2020 +0200
Avoid segfault in SSL_export_keying_material if there is no session
Fixes #12588
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12594)
---
Summary of changes:
ssl/ssl_lib.c | 3 ++-
test/sslapitest.c | 17 ++---
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f957664a48..c72341547a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3054,7 +3054,8 @@ int SSL_export_keying_material(SSL *s, unsigned char
*out, size_t olen,
const unsigned char *context, size_t contextlen,
int use_context)
{
-if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
+if (s->session == NULL
+|| (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER))
return -1;
return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 3d6d83a11a..6f4c11537b 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -5690,9 +5690,20 @@ static int test_export_key_mat(int tst)
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, , , NULL,
- NULL))
-|| !TEST_true(create_ssl_connection(serverssl, clientssl,
-SSL_ERROR_NONE)))
+ NULL)))
+goto end;
+
+/*
+ * Premature call of SSL_export_keying_material should just fail.
+ */
+if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
+sizeof(ckeymat1), label,
+SMALL_LABEL_LEN + 1, context,
+sizeof(context) - 1, 1), 0))
+goto end;
+
+if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
goto end;
if (tst == 5) {
[openssl] master update
The branch master has been updated
via 15c9aa3aef77c642ef2b6c84bba2b57b35ed083e (commit)
from 1b2873e4a1ed49b4eb9a6ecff4d38df8d7e9 (commit)
- Log -
commit 15c9aa3aef77c642ef2b6c84bba2b57b35ed083e
Author: Sahana Prasad
Date: Wed Jul 22 13:36:36 2020 +0200
apps/pkcs12: Change defaults from RC2 to PBES2 with PBKDF2
Fixes #11672
Add "-legacy" option to load the legacy provider and
fall back to the old legacy default algorithms.
doc/man1/openssl-pkcs12.pod.in: updates documentation about the new
"-legacy" option
Signed-off-by: Sahana Prasad
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12540)
---
Summary of changes:
apps/pkcs12.c | 46 --
doc/man1/openssl-pkcs12.pod.in | 24 --
2 files changed, 57 insertions(+), 13 deletions(-)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index ca83e2d1be..3398250efd 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -18,6 +18,7 @@
#include
#include
#include
+#include
DEFINE_STACK_OF(X509)
DEFINE_STACK_OF(PKCS7)
@@ -61,12 +62,13 @@ typedef enum OPTION_choice {
OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
OPT_ENGINE,
-OPT_R_ENUM, OPT_PROV_ENUM
+OPT_R_ENUM, OPT_PROV_ENUM, OPT_LEGACY_ALG
} OPTION_CHOICE;
const OPTIONS pkcs12_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
+{"legacy", OPT_LEGACY_ALG, '-', "use legacy algorithms"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
@@ -117,9 +119,9 @@ const OPTIONS pkcs12_options[] = {
OPT_SECTION("Encryption"),
#ifndef OPENSSL_NO_RC2
{"descert", OPT_DESCERT, '-',
- "Encrypt output with 3DES (default RC2-40)"},
+ "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"},
{"certpbe", OPT_CERTPBE, 's',
- "Certificate PBE algorithm (default RC2-40)"},
+ "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)"},
#else
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
@@ -143,14 +145,10 @@ int pkcs12_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
char *name = NULL, *csp_name = NULL;
char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
-int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
+int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0,
use_legacy = 0;
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
-#ifndef OPENSSL_NO_RC2
-int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-#else
-int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-#endif
-int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+int cert_pbe = NID_aes_256_cbc;
+int key_pbe = NID_aes_256_cbc;
int ret = 1, macver = 1, add_lmk = 0, private = 0;
int noprompt = 0;
char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
@@ -162,7 +160,7 @@ int pkcs12_main(int argc, char **argv)
BIO *in = NULL, *out = NULL;
PKCS12 *p12 = NULL;
STACK_OF(OPENSSL_STRING) *canames = NULL;
-const EVP_CIPHER *enc = EVP_des_ede3_cbc();
+const EVP_CIPHER *enc = EVP_aes_256_cbc();
OPTION_CHOICE o;
prog = opt_init(argc, argv, pkcs12_options);
@@ -313,6 +311,9 @@ int pkcs12_main(int argc, char **argv)
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
+case OPT_LEGACY_ALG:
+use_legacy = 1;
+break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
@@ -320,6 +321,29 @@ int pkcs12_main(int argc, char **argv)
}
}
argc = opt_num_rest();
+
+if (use_legacy) {
+/* load the legacy provider if not loaded already*/
+if (!OSSL_PROVIDER_available(app_get0_libctx(), "legacy")) {
+if (!app_provider_load(app_get0_libctx(), "legacy"))
+goto end;
+/* load the default provider explicitly */
+if (!app_provider_load(app_get0_libctx(), "default"))
+goto end;
+}
+if (cert_pbe != NID_pbe_WithSHA1And3_Key_TripleDES_CBC) {
+/* Restore default algorithms */
+#ifndef OPENSSL_NO_RC2
+cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#else
+cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#endif
+}
+
+key_pbe =
[openssl] master update
The branch master has been updated
via c5b356d5d6cfca1128b35f235dfdb893f2888027 (commit)
from ebc1e8fc4ec2888fdb99d487c064d8ef586f3ee3 (commit)
- Log -
commit c5b356d5d6cfca1128b35f235dfdb893f2888027
Author: Peter Eisentraut
Date: Thu Jul 16 10:18:16 2020 +0200
Mark an argument of an inline function as unused
This allows users of this header file to compile their own code with
the gcc option -Wunused-parameter.
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Shane Lontis
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/12459)
---
Summary of changes:
include/openssl/err.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/openssl/err.h b/include/openssl/err.h
index fd3b93aa47..77bbba4f9f 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -221,7 +221,7 @@ static ossl_inline int ERR_GET_LIB(unsigned long errcode)
return (errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK;
}
-static ossl_inline int ERR_GET_FUNC(unsigned long errcode)
+static ossl_inline int ERR_GET_FUNC(unsigned long errcode ossl_unused)
{
return 0;
}
[openssl] master update
The branch master has been updated
via 37d898df348b87a423133afdbb828383be22fda7 (commit)
via 892a9e4c99f13e295f6146b41e72b92b91899a12 (commit)
via 396e72096589593cb00412c85170c7ec87d13b89 (commit)
via c832840e899091948bb7f5e9af63f929e6a18f95 (commit)
from a677190779705d243cca88ae04f2105dee52672d (commit)
- Log -
commit 37d898df348b87a423133afdbb828383be22fda7
Author: David Woodhouse
Date: Tue May 19 11:51:14 2020 +0100
Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals
Reviewed-by: Viktor Dukhovni
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/9201)
commit 892a9e4c99f13e295f6146b41e72b92b91899a12
Author: David Woodhouse
Date: Mon May 11 19:28:03 2020 +0100
Disallow setting more than one IP address with SSL_add1_host()
The X509_VERIFY_PARAM can only take a single IP address, although it can
have multiple hostnames. When SSL_add1_host() is given an IP address,
don't accept it if there is already one configured.
Reviewed-by: Viktor Dukhovni
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/9201)
commit 396e72096589593cb00412c85170c7ec87d13b89
Author: David Woodhouse
Date: Thu Jun 20 21:39:38 2019 +0100
Fix certificate validation for IPv6 literals in sconnect demo
Instead of naïvely trying to truncate at the first colon, use
BIO_get_conn_hostname(). That handles IPv6 literals correctly, even
stripping the [] from around them.
Reviewed-by: Viktor Dukhovni
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/9201)
commit c832840e899091948bb7f5e9af63f929e6a18f95
Author: David Woodhouse
Date: Mon Oct 14 10:46:07 2019 +0100
Make SSL_set1_host() and SSL_add1_host() take IP addresses
There is a slight mismatch here because X509_VERIFY_PARAM copes only
with a single IP address, and doesn't let it be cleared once it's set.
But this fixes up the major use case, making things easier for users to
get it right.
The sconnect demo now works for Legacy IP literals; for IPv6 it needs to
fix up the way it tries to split the host:port string, which will happen
in a subsequent patch.
Reviewed-by: Viktor Dukhovni
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/9201)
---
Summary of changes:
CHANGES.md | 5 +
demos/bio/sconnect.c | 15 +++
ssl/ssl_lib.c| 29 +
3 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 14694739ae..75ecfc22f4 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,11 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX ]
+ * Allow SSL_set1_host() and SSL_add1_host() to take IP literal addresses
+ as well as actual hostnames.
+
+ *David Woodhouse*
+
* The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configuring DTLS-based contexts, and
conversely, silently ignore DTLS protocol version bounds when configuring
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
index 7e46bf0ad8..19f8ee78de 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -29,7 +29,7 @@ int main(int argc, char *argv[])
{
const char *hostport = HOSTPORT;
const char *CAfile = CAFILE;
-char *hostname;
+const char *hostname;
char *cp;
BIO *out = NULL;
char buf[1024 * 10], *p;
@@ -43,10 +43,6 @@ int main(int argc, char *argv[])
if (argc > 2)
CAfile = argv[2];
-hostname = OPENSSL_strdup(hostport);
-if ((cp = strchr(hostname, ':')) != NULL)
-*cp = 0;
-
#ifdef WATT32
dbug_init();
sock_init();
@@ -62,9 +58,6 @@ int main(int argc, char *argv[])
ssl = SSL_new(ssl_ctx);
SSL_set_connect_state(ssl);
-/* Enable peername verification */
-if (SSL_set1_host(ssl, hostname) <= 0)
-goto err;
/* Use it inside an SSL BIO */
ssl_bio = BIO_new(BIO_f_ssl());
@@ -73,6 +66,12 @@ int main(int argc, char *argv[])
/* Lets use a connect BIO under the SSL BIO */
out = BIO_new(BIO_s_connect());
BIO_set_conn_hostname(out, hostport);
+
+/* The BIO has parsed the host:port and even IPv6 literals in [] */
+hostname = BIO_get_conn_hostname(out);
+if (!hostname || SSL_set1_host(ssl, hostname) <= 0)
+goto err;
+
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 871606cfc1..3f621d5677 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -955,11 +955,40 @@ int SSL_set_trust(SSL *s, int trust)
int SSL_set1_host(SSL *s, const char *hostname)
{
+/* If a hostname is provided and
[tools] master update
The branch master has been updated
via ff67949521c929a243309f8a983b14a129820b0f (commit)
via 4bb402fbae5a9c7e48b8f205f035e3d181b4b22f (commit)
via c64d64ed24edb03457ca343a9197f5b221990112 (commit)
via da999bb4be744046be67944c6f14052810f742f8 (commit)
via 3d59254cb7aac3427c89f7305995a7e59a8e0a5a (commit)
via 6da33b651e1dedf576bb454f2dbe56b6ed6b5fef (commit)
from 3a3d8929cfab681d3807983a584fb4d7042df4b2 (commit)
- Log -
commit ff67949521c929a243309f8a983b14a129820b0f
Author: Dr. David von Oheimb
Date: Wed Jun 10 11:35:23 2020 +0200
Simplify and generalize passing of addrev flags via ghmerge
commit 4bb402fbae5a9c7e48b8f205f035e3d181b4b22f
Author: Dr. David von Oheimb
Date: Wed Jun 10 11:34:11 2020 +0200
Add usage/doc/help text on --trivial option of 'addrev'
commit c64d64ed24edb03457ca343a9197f5b221990112
Author: Dr. David von Oheimb
Date: Sat Jun 6 20:27:02 2020 +0200
Make opensslbuild faster by adding -j4 option to 'make test'
commit da999bb4be744046be67944c6f14052810f742f8
Author: Dr. David von Oheimb
Date: Sat Jun 6 20:25:59 2020 +0200
Slightly improve user interaction of ghmerge
commit 3d59254cb7aac3427c89f7305995a7e59a8e0a5a
Author: Dr. David von Oheimb
Date: Mon May 25 21:10:54 2020 +0200
Improve author matching for skipping author in list of reviewers in
gitaddrev
commit 6da33b651e1dedf576bb454f2dbe56b6ed6b5fef
Author: Dr. David von Oheimb
Date: Mon May 25 21:09:48 2020 +0200
Add check of REMOTE and --verbose option to ghmerge
---
Summary of changes:
review-tools/addrev | 7 ---
review-tools/ghmerge | 32 +---
review-tools/gitaddrev| 17 +
review-tools/opensslbuild | 4 ++--
4 files changed, 32 insertions(+), 28 deletions(-)
diff --git a/review-tools/addrev b/review-tools/addrev
index 24032e7..5617199 100755
--- a/review-tools/addrev
+++ b/review-tools/addrev
@@ -85,15 +85,16 @@ option style arguments:
--list List the known reviewers and exit (discards all other
arguments)
--verbose Be a bit more verbose
+--trivial Do not require a CLA
--reviewer= A reviewer to be added on a Reviewed-by: line
--rmreviewers Remove all existing Reviewed-by: lines before adding
reviewers
--commit= Only apply to commit
--myemail= Set email address. Defaults to the result from
- git configuration setting user.email.
---nopr Do not requre a PR number.
+ git configuration setting user.email
+--nopr Do not require a PR number
[--prnum=]NNN Add a reference to GitHub pull request NNN
-- Change the last commits. Defaults to 1.
+- Change the last commits. Defaults to 1
non-option style arguments can be:
diff --git a/review-tools/ghmerge b/review-tools/ghmerge
index d2da9e6..9c8a903 100755
--- a/review-tools/ghmerge
+++ b/review-tools/ghmerge
@@ -4,17 +4,21 @@ set -o errexit
WHAT=openssl
BUILD=yes
-TRIVIAL=""
INTERACTIVE=yes
AUTOSQUASH="--autosquash"
[ -z ${CC+x} ] && CC="ccache gcc" # the default otherwise is "ccache clang-3.6"
REMOTE=`git remote -v | awk '/git.openssl.org.*(push)/{ print $1; }' | head -n
1`
+if [ "$REMOTE" = "" ] ; then
+echo Cannot find remote git.openssl.org
+exit 1
+fi
if [ ! -d .git ] ; then
echo Not at top-level
exit 1
fi
+ADDREVOPTS=""
# Parse JCL.
while true ; do
case "$1" in
@@ -24,9 +28,6 @@ while true ; do
--web)
WHAT=web ; BUILD=no ; shift
;;
---trivial)
-TRIVIAL="--trivial" ; shift
-;;
--noautosquash)
AUTOSQUASH="" ; shift
;;
@@ -47,9 +48,10 @@ while true ; do
shift
break
;;
--*)
-echo "$0: Unknown flag $1"
-exit 1
+-*) # e.g., --verbose, --trivial, --myemail=...
+ADDREVOPTS="$ADDREVOPTS $1"
+shift
+break
;;
*)
break
@@ -58,7 +60,7 @@ while true ; do
done
if [ $# -lt 2 ] ; then
-echo "Usage: $0 [flags] prnum reviewer..."
+echo "Usage: $0 [flags, including addrev flags] prnum reviewer..."
exit 1
fi
PRNUM=$1 ; shift
@@ -89,14 +91,14 @@ REL=`git rev-parse --abbrev-ref HEAD`
WORK="${WHO}-${BRANCH}"
PREV=
-echo -n "Press Enter to pull the latest $REL from $REMOTE: "; read foo
+echo -n "Press Enter to pull the latest branch '$REL' from $REMOTE: "; read foo
git pull $REMOTE $REL
function cleanup {
if [ "$WORK" != "$REL" ]; then
git checkout -q $REL
git branch -D $WORK
-git reset --hard $REMOTE/$REL
+git reset --hard $REMOTE/$REL # prune any leftover commits added
locally
fi
}
