[openssl] master update

2019-09-23 Thread Matt Caswell
The branch master has been updated
   via  f9e57a28886fe29bc49d3c89a1cc4e53ee4896d6 (commit)
   via  7757a90e263da73542f9b12c4061af81812367bf (commit)
  from  320408382046db015c9a9cc04ae91c2bcd0e5c4c (commit)


- Log -
commit f9e57a28886fe29bc49d3c89a1cc4e53ee4896d6
Author: raja-ashok 
Date:   Thu Sep 19 16:42:42 2019 +0530

Update new TLS version options to s_time man page

Reviewed-by: Paul Yang 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9947)

commit 7757a90e263da73542f9b12c4061af81812367bf
Author: raja-ashok 
Date:   Thu Sep 19 16:07:21 2019 +0530

Add TLS version options to s_time

Reviewed-by: Paul Yang 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9947)

---

Summary of changes:
 apps/s_time.c   | 35 +--
 doc/man1/openssl-s_time.pod | 22 ++
 2 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/apps/s_time.c b/apps/s_time.c
index 39e3d4bb48..f6dbfa0462 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -47,7 +47,7 @@ typedef enum OPTION_choice {
 OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
 OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE,
 OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
-OPT_WWW
+OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3
 } OPTION_CHOICE;
 
 const OPTIONS s_time_options[] = {
@@ -75,6 +75,18 @@ const OPTIONS s_time_options[] = {
 {"www", OPT_WWW, 's', "Fetch specified page from the site"},
 #ifndef OPENSSL_NO_SSL3
 {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+{"tls1", OPT_TLS1, '-', "Just use TLSv1.0"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+{"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+{"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+{"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
 #endif
 {NULL}
 };
@@ -101,7 +113,7 @@ int s_time_main(int argc, char **argv)
 int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
 long bytes_read = 0, finishtime = 0;
 OPTION_CHOICE o;
-int max_version = 0, ver, buf_len;
+int min_version = 0, max_version = 0, ver, buf_len;
 size_t buf_size;
 
 meth = TLS_client_method();
@@ -177,8 +189,25 @@ int s_time_main(int argc, char **argv)
 }
 break;
 case OPT_SSL3:
+min_version = SSL3_VERSION;
 max_version = SSL3_VERSION;
 break;
+case OPT_TLS1:
+min_version = TLS1_VERSION;
+max_version = TLS1_VERSION;
+break;
+case OPT_TLS1_1:
+min_version = TLS1_1_VERSION;
+max_version = TLS1_1_VERSION;
+break;
+case OPT_TLS1_2:
+min_version = TLS1_2_VERSION;
+max_version = TLS1_2_VERSION;
+break;
+case OPT_TLS1_3:
+min_version = TLS1_3_VERSION;
+max_version = TLS1_3_VERSION;
+break;
 }
 }
 argc = opt_num_rest();
@@ -193,6 +222,8 @@ int s_time_main(int argc, char **argv)
 
 SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 SSL_CTX_set_quiet_shutdown(ctx, 1);
+if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+goto end;
 if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
 goto end;
 
diff --git a/doc/man1/openssl-s_time.pod b/doc/man1/openssl-s_time.pod
index 8a4f89fbc9..5993cd27fe 100644
--- a/doc/man1/openssl-s_time.pod
+++ b/doc/man1/openssl-s_time.pod
@@ -22,6 +22,10 @@ B B
 [B<-nameopt option>]
 [B<-time seconds>]
 [B<-ssl3>]
+[B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
+[B<-tls1_3>]
 [B<-bugs>]
 [B<-cipher cipherlist>]
 [B<-ciphersuites val>]
@@ -109,19 +113,13 @@ Performs the timing test using the same session ID; this 
can be used as a test
 that session caching is working. If neither B<-new> nor B<-reuse> are
 specified, they are both on by default and executed in sequence.
 
-=item B<-ssl3>
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>
 
-This option disables the use of SSL version 3. By default
-the initial handshake uses a method which should be compatible with all
-servers and permit them to use SSL v3 or TLS as appropriate.
-
-The timing program is not as rich in options to turn protocols on and off as
-the L program and may not connect to all servers.
-Unfortunately there are a lot of ancient and broken servers in use which
-cannot handle this technique and will fail to connect. Some servers only
-work if TLS is turned off with the B<-ssl3> option.
-
-Note that this option may not be available, depending on how
+These options enable specific SSL or TLS protocol versions for 

[openssl] master update

2019-09-23 Thread Richard Levitte
The branch master has been updated
   via  320408382046db015c9a9cc04ae91c2bcd0e5c4c (commit)
  from  15dbf3a5a1ec27315753ef5a9148f6ad69277909 (commit)


- Log -
commit 320408382046db015c9a9cc04ae91c2bcd0e5c4c
Author: Richard Levitte 
Date:   Sat Sep 21 20:57:51 2019 +0200

Rework cipher / digest fetching for legacy nids with multiple name support

With multiple names, it's no longer viable to just grab the "first" in
the set and use that to find the legacy NID.  Instead, all names for
an algorithm must be checked, and if we encounter more than one NID
asssociated with those names, we consider it an error and make that
method unloadable.

This ensures that all methods that do have an internal NID associated
will get that NID in their structure, thereby ensuring that other
parts of libcrypto that haven't gone away from using NIDs for
comparison will continue to work as expected.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9969)

---

Summary of changes:
 crypto/evp/digest.c| 44 ++--
 crypto/evp/evp_enc.c   | 44 ++--
 crypto/evp/evp_fetch.c | 10 ++
 crypto/evp/evp_locl.h  |  3 +++
 4 files changed, 81 insertions(+), 20 deletions(-)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index f39a443c89..92012f917e 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -636,6 +636,31 @@ EVP_MD *evp_md_new(void)
 return md;
 }
 
+/*
+ * FIPS module note: since internal fetches will be entirely
+ * provider based, we know that none of its code depends on legacy
+ * NIDs or any functionality that use them.
+ */
+#ifndef FIPS_MODE
+/* TODO(3.x) get rid of the need for legacy NIDs */
+static void set_legacy_nid(const char *name, void *vlegacy_nid)
+{
+int nid;
+int *legacy_nid = vlegacy_nid;
+
+if (*legacy_nid == -1)   /* We found a clash already */
+return;
+if ((nid = OBJ_sn2nid(name)) == NID_undef
+&& (nid = OBJ_ln2nid(name)) == NID_undef)
+return;
+if (*legacy_nid != NID_undef && *legacy_nid != nid) {
+*legacy_nid = -1;
+return;
+}
+*legacy_nid = nid;
+}
+#endif
+
 static void *evp_md_from_dispatch(int name_id,
   const OSSL_DISPATCH *fns,
   OSSL_PROVIDER *prov, void *unused)
@@ -648,21 +673,20 @@ static void *evp_md_from_dispatch(int name_id,
 EVPerr(0, ERR_R_MALLOC_FAILURE);
 return NULL;
 }
-md->name_id = name_id;
 
 #ifndef FIPS_MODE
-{
-/*
- * FIPS module note: since internal fetches will be entirely
- * provider based, we know that none of its code depends on legacy
- * NIDs or any functionality that use them.
- *
- * TODO(3.x) get rid of the need for legacy NIDs
- */
-md->type = OBJ_sn2nid(evp_first_name(prov, name_id));
+/* TODO(3.x) get rid of the need for legacy NIDs */
+md->type = NID_undef;
+evp_doall_names(prov, name_id, set_legacy_nid, >type);
+if (md->type == -1) {
+ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+EVP_MD_free(md);
+return NULL;
 }
 #endif
 
+md->name_id = name_id;
+
 for (; fns->function_id != 0; fns++) {
 switch (fns->function_id) {
 case OSSL_FUNC_DIGEST_NEWCTX:
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 8290494cb0..4e61d75bbd 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1293,6 +1293,31 @@ EVP_CIPHER *evp_cipher_new(void)
 return cipher;
 }
 
+/*
+ * FIPS module note: since internal fetches will be entirely
+ * provider based, we know that none of its code depends on legacy
+ * NIDs or any functionality that use them.
+ */
+#ifndef FIPS_MODE
+/* TODO(3.x) get rid of the need for legacy NIDs */
+static void set_legacy_nid(const char *name, void *vlegacy_nid)
+{
+int nid;
+int *legacy_nid = vlegacy_nid;
+
+if (*legacy_nid == -1)   /* We found a clash already */
+return;
+if ((nid = OBJ_sn2nid(name)) == NID_undef
+&& (nid = OBJ_ln2nid(name)) == NID_undef)
+return;
+if (*legacy_nid != NID_undef && *legacy_nid != nid) {
+*legacy_nid = -1;
+return;
+}
+*legacy_nid = nid;
+}
+#endif
+
 static void *evp_cipher_from_dispatch(const int name_id,
   const OSSL_DISPATCH *fns,
   OSSL_PROVIDER *prov,
@@ -1305,21 +1330,20 @@ static void *evp_cipher_from_dispatch(const int name_id,
 EVPerr(0, ERR_R_MALLOC_FAILURE);
 return NULL;
 }
-cipher->name_id = name_id;
 
 #ifndef FIPS_MODE
-{
-/*
- * FIPS module note: since internal fetches will be 

[openssl] master update

2019-09-22 Thread Richard Levitte
The branch master has been updated
   via  15dbf3a5a1ec27315753ef5a9148f6ad69277909 (commit)
  from  e3f3ee448f6c9d6765efc8739a09def8a04f0dc0 (commit)


- Log -
commit 15dbf3a5a1ec27315753ef5a9148f6ad69277909
Author: Richard Levitte 
Date:   Mon Sep 23 06:26:57 2019 +0200

include/openssl/macros.h: better OPENSSL_FUNC fallback

Make sure OPENSSL_FUNC gets defined to something, no matter what.

Reviewed-by: Paul Dale 
Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/9976)

---

Summary of changes:
 include/openssl/macros.h | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/include/openssl/macros.h b/include/openssl/macros.h
index a06b869522..78fbd38698 100644
--- a/include/openssl/macros.h
+++ b/include/openssl/macros.h
@@ -143,9 +143,6 @@
  *
  * If none of the above applies, we check if the compiler is MSVC,
  * and use __FUNCTION__ if that's the case.
- *
- * If all these possibilities are exhausted, we give up and use a
- * static string.
  */
 # ifndef OPENSSL_FUNC
 #  if defined(__STDC_VERSION__)
@@ -156,7 +153,12 @@
 #   endif
 #  elif defined(_MSC_VER)
 #define OPENSSL_FUNC __FUNCTION__
-#  else
+#  endif
+/*
+ * If all these possibilities are exhausted, we give up and use a
+ * static string.
+ */
+#  ifndef OPENSSL_FUNC
 #   define OPENSSL_FUNC "(unknown function)"
 #  endif
 # endif


[openssl] master update

2019-09-22 Thread shane . lontis
The branch master has been updated
   via  e3f3ee448f6c9d6765efc8739a09def8a04f0dc0 (commit)
  from  a941054ad7f5af9445896a37754ae451fad7ed98 (commit)


- Log -
commit e3f3ee448f6c9d6765efc8739a09def8a04f0dc0
Author: Shane Lontis 
Date:   Mon Sep 23 14:35:16 2019 +1000

Add des ciphers to default provider

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9954)

---

Summary of changes:
 crypto/evp/evp_enc.c  |   6 +
 crypto/include/internal/ciphermode_platform.h |   4 +
 providers/common/include/internal/provider_algs.h |  14 +-
 providers/default/ciphers/build.info  |   3 +-
 providers/default/ciphers/cipher_des.c| 163 
 providers/default/ciphers/cipher_des.h|  33 +
 providers/default/ciphers/cipher_des_hw.c | 173 ++
 providers/default/defltprov.c |   6 +
 test/recipes/30-test_evp.t|   3 +
 test/recipes/30-test_evp_data/evpciph.txt |  44 --
 test/recipes/30-test_evp_data/evpciph_des.txt |  64 
 11 files changed, 465 insertions(+), 48 deletions(-)
 create mode 100644 providers/default/ciphers/cipher_des.c
 create mode 100644 providers/default/ciphers/cipher_des.h
 create mode 100644 providers/default/ciphers/cipher_des_hw.c
 create mode 100644 test/recipes/30-test_evp_data/evpciph_des.txt

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index ce1136116c..8290494cb0 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -239,6 +239,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 case NID_des_ede_ofb64:
 case NID_des_ede_cfb64:
 case NID_desx_cbc:
+case NID_des_cbc:
+case NID_des_ecb:
+case NID_des_cfb1:
+case NID_des_cfb8:
+case NID_des_cfb64:
+case NID_des_ofb64:
 case NID_id_smime_alg_CMS3DESwrap:
 case NID_bf_cbc:
 case NID_bf_ecb:
diff --git a/crypto/include/internal/ciphermode_platform.h 
b/crypto/include/internal/ciphermode_platform.h
index a99ce0d495..b16062fa93 100644
--- a/crypto/include/internal/ciphermode_platform.h
+++ b/crypto/include/internal/ciphermode_platform.h
@@ -296,6 +296,10 @@ void des_t4_ede3_cbc_encrypt(const void *inp, void *out, 
size_t len,
  const DES_key_schedule ks[3], unsigned char 
iv[8]);
 void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
  const DES_key_schedule ks[3], unsigned char 
iv[8]);
+void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
+const DES_key_schedule *ks, unsigned char iv[8]);
+void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
+const DES_key_schedule *ks, unsigned char iv[8]);
 #  endif /*  OPENSSL_NO_DES */
 
 # elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
diff --git a/providers/common/include/internal/provider_algs.h 
b/providers/common/include/internal/provider_algs.h
index 3b0a9e4a8e..bca972d97a 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -160,10 +160,10 @@ extern const OSSL_DISPATCH sm4128ofb128_functions[];
 extern const OSSL_DISPATCH sm4128cfb128_functions[];
 #endif /* OPENSSL_NO_SM4 */
 
+#ifndef OPENSSL_NO_DES
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
-
-#ifndef FIPS_MODE
+# ifndef FIPS_MODE
 extern const OSSL_DISPATCH tdes_ede3_ofb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cfb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cfb8_functions[];
@@ -176,7 +176,15 @@ extern const OSSL_DISPATCH tdes_ede2_cfb_functions[];
 
 extern const OSSL_DISPATCH tdes_desx_cbc_functions[];
 extern const OSSL_DISPATCH tdes_wrap_cbc_functions[];
-#endif /* FIPS_MODE */
+
+extern const OSSL_DISPATCH des_ecb_functions[];
+extern const OSSL_DISPATCH des_cbc_functions[];
+extern const OSSL_DISPATCH des_ofb64_functions[];
+extern const OSSL_DISPATCH des_cfb64_functions[];
+extern const OSSL_DISPATCH des_cfb1_functions[];
+extern const OSSL_DISPATCH des_cfb8_functions[];
+# endif /* FIPS_MODE */
+#endif /* OPENSSL_NO_DES */
 
 /* MACs */
 extern const OSSL_DISPATCH blake2bmac_functions[];
diff --git a/providers/default/ciphers/build.info 
b/providers/default/ciphers/build.info
index 02e0f7fa51..f942ccc030 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -4,7 +4,8 @@ IF[{- !$disabled{des} -}]
   SOURCE[../../../libcrypto]=\
   cipher_tdes_default.c cipher_tdes_default_hw.c \
   cipher_tdes_wrap.c cipher_tdes_wrap_hw.c \
-  cipher_desx.c cipher_desx_hw.c
+  cipher_desx.c cipher_desx_hw.c \
+  

[openssl] master update

2019-09-21 Thread Dr . Paul Dale
The branch master has been updated
   via  a941054ad7f5af9445896a37754ae451fad7ed98 (commit)
  from  387bbce45bfe9c0bccbd2c84206ca7719d463740 (commit)


- Log -
commit a941054ad7f5af9445896a37754ae451fad7ed98
Author: Pauli 
Date:   Sat Sep 21 10:29:17 2019 +1000

Note that the mac command is preferrable to the MAC command line options.

The dgst command allows MACs to be calculated, the mac command is the more
recent interface for doing the same and provides better access to a wider
range of MACs.

Reviewed-by: Richard Levitte 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/9962)

---

Summary of changes:
 doc/man1/openssl-dgst.pod | 16 
 1 file changed, 16 insertions(+)

diff --git a/doc/man1/openssl-dgst.pod b/doc/man1/openssl-dgst.pod
index ed1a088e6e..5fb5128a02 100644
--- a/doc/man1/openssl-dgst.pod
+++ b/doc/man1/openssl-dgst.pod
@@ -123,6 +123,9 @@ The actual signature to verify.
 
 Create a hashed MAC using "key".
 
+The L command should be preferred to using this command line
+option.
+
 =item B<-mac alg>
 
 Create MAC (keyed Message Authentication Code). The most popular MAC
@@ -131,6 +134,9 @@ which are not based on hash, for instance B 
algorithm,
 supported by B engine. MAC keys and other options should be set
 via B<-macopt> parameter.
 
+The L command should be preferred to using this command line
+option.
+
 =item B<-macopt nm:v>
 
 Passes options to MAC algorithm, specified by B<-mac> key.
@@ -152,6 +158,9 @@ for example exactly 32 chars for gost-mac.
 
 =back
 
+The L command should be preferred to using this command line
+option.
+
 =item B<-rand file...>
 
 A file or files containing random data used to seed the random number
@@ -229,6 +238,13 @@ Hex signatures cannot be verified using B.  
Instead, use "xxd -r"
 or similar program to transform the hex signature into a binary signature
 prior to verification.
 
+The L command is preferred over the B<-hmac>, B<-mac> and
+B<-macopt> command line options.
+
+=head1 SEE ALSO
+
+L
+
 =head1 HISTORY
 
 The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.


[openssl] master update

2019-09-21 Thread matthias . st . pierre
The branch master has been updated
   via  387bbce45bfe9c0bccbd2c84206ca7719d463740 (commit)
  from  a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d (commit)


- Log -
commit 387bbce45bfe9c0bccbd2c84206ca7719d463740
Author: Dr. Matthias St. Pierre 
Date:   Sat Sep 21 00:01:04 2019 +0200

Configure: add missing dependency to fix parallel builds on Windows

The issue was encountered when testing parallel builds of OpenSSL on
Windows using `jom` instead of `nmake`. The builds persistently failed
with the following error message because the generated file "buildinf.h"
did not exist yet.

crypto\info.c(15): fatal error C1083:
cannot open include file: "buildinf.h": No such file or directory

Apparently this error does not occur on Linux because `make` parallelizes
the builds differently such that `crypto\cversion.c`, which has an
explicit dependency on `buildinf.h`, gets compiled first. Also, the
include dependency was added only recently in commit 096978f0990.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9960)

---

Summary of changes:
 crypto/build.info | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/build.info b/crypto/build.info
index 6c77f95108..5d3b123d69 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -82,6 +82,7 @@ SOURCE[../providers/fips]=$UTIL_COMMON
 DEFINE[../providers/fips]=$UTIL_DEFINE
 
 
+DEPEND[info.o]=buildinf.h
 DEPEND[cversion.o]=buildinf.h
 GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" 
"$(PLATFORM)"
 DEPEND[buildinf.h]=../configdata.pm


[openssl] master update

2019-09-21 Thread Kurt Roeckx
The branch master has been updated
   via  a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d (commit)
  from  ec87a649dd2128bde780f6e34a4833d9469f6b4d (commit)


- Log -
commit a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d
Author: Kurt Roeckx 
Date:   Fri Sep 20 20:26:42 2019 +0200

Use the correct maximum indent

Found by OSS-Fuzz

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 

GH: #9959

---

Summary of changes:
 crypto/bio/b_dump.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
index e4ad3615f4..018c4acb27 100644
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@@ -37,8 +37,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t 
len, void *u),
 
 if (indent < 0)
 indent = 0;
-else if (indent > 128)
-indent = 128;
+else if (indent > 64)
+indent = 64;
 
 dump_width = DUMP_WIDTH_LESS_INDENT(indent);
 rows = len / dump_width;


[openssl] master update

2019-09-20 Thread Richard Levitte
The branch master has been updated
   via  ec87a649dd2128bde780f6e34a4833d9469f6b4d (commit)
  from  6061cd541332b0917e7001814533c01f895200a8 (commit)


- Log -
commit ec87a649dd2128bde780f6e34a4833d9469f6b4d
Author: Richard Levitte 
Date:   Mon Sep 16 16:23:25 2019 +0200

include/openssl/macros.h: Rework OPENSSL_FUNC for div C standards

OPENSSL_FUNC was defined as an alias for __FUNCTION__ with new enough
GNU C, regardless of the language standard used.  We change this
slightly, so this won't happen unless __STDC_VERSION is defined.

Fixes #9911

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9913)

---

Summary of changes:
 include/openssl/macros.h | 32 
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/include/openssl/macros.h b/include/openssl/macros.h
index da5d155680..a06b869522 100644
--- a/include/openssl/macros.h
+++ b/include/openssl/macros.h
@@ -131,15 +131,31 @@
 #  endif
 # endif
 
+/*
+ * __func__ was standardized in C99, so for any compiler that claims
+ * to implement that language level or newer, we assume we can safely
+ * use that symbol.
+ *
+ * GNU C also provides __FUNCTION__ since version 2, which predates
+ * C99.  We can, however, only use this if __STDC_VERSION__ exists,
+ * as it's otherwise not allowed according to ISO C standards (C90).
+ * (compiling with GNU C's -pedantic tells us so)
+ *
+ * If none of the above applies, we check if the compiler is MSVC,
+ * and use __FUNCTION__ if that's the case.
+ *
+ * If all these possibilities are exhausted, we give up and use a
+ * static string.
+ */
 # ifndef OPENSSL_FUNC
-#  if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
-#   define OPENSSL_FUNC __func__
-#  elif defined(__STRICT_ANSI__)
-#   define OPENSSL_FUNC "(unknown function)"
-#  elif defined(_MSC_VER) || (defined(__GNUC__) && __GNUC__ >= 2)
-#   define OPENSSL_FUNC __FUNCTION__
-#  elif defined(__FUNCSIG__)
-#   define OPENSSL_FUNC __FUNCSIG__
+#  if defined(__STDC_VERSION__)
+#   if __STDC_VERSION__ >= 199901L
+#define OPENSSL_FUNC __func__
+#   elif defined(__GNUC__) && __GNUC__ >= 2
+#define OPENSSL_FUNC __FUNCTION__
+#   endif
+#  elif defined(_MSC_VER)
+#define OPENSSL_FUNC __FUNCTION__
 #  else
 #   define OPENSSL_FUNC "(unknown function)"
 #  endif


[openssl] master update

2019-09-20 Thread Richard Levitte
The branch master has been updated
   via  6061cd541332b0917e7001814533c01f895200a8 (commit)
   via  d3386f770a360cd77078041e496d88f7f6ba76c6 (commit)
   via  4e8b8e47c85a45d1bda3241d7b2852d82db2a255 (commit)
  from  ca392b294359a8e9ca55e685b344b485d02bc93b (commit)


- Log -
commit 6061cd541332b0917e7001814533c01f895200a8
Author: Richard Levitte 
Date:   Thu Sep 19 15:04:53 2019 +0200

Remove name string from PROV_CIPHER and PROV_DIGEST

It was short lived, as it's not necessary any more.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9946)

commit d3386f770a360cd77078041e496d88f7f6ba76c6
Author: Richard Levitte 
Date:   Thu Sep 19 11:51:22 2019 +0200

Refactor SSKDF to create the MAC contexts early

The SSKDF implementation fetched the digest(s) for the underlying MAC,
just to get their names and pass those down to the MAC, which in turn
would fetch those same digests again.

This change circumvents this by fetching the MAC and create the MAC
contexts for them directly when this PRF receives the relevant
parameters, thus only having to pass EVP_MAC_CTX pointers around.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9946)

commit 4e8b8e47c85a45d1bda3241d7b2852d82db2a255
Author: Richard Levitte 
Date:   Thu Sep 19 11:47:46 2019 +0200

Refactor TLS-PRF's kdf_tls1_prf_mkmacctx() to a provider utility

ossl_prov_macctx_load_from_params() creates a EVP_MAC_CTX *, or sets
new common parameters for an existing one.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9946)

---

Summary of changes:
 include/openssl/core_names.h  |  5 +-
 providers/common/include/internal/provider_util.h | 32 ++--
 providers/common/kdfs/sskdf.c | 85 
 providers/common/kdfs/tls1_prf.c  | 62 +++---
 providers/common/provider_util.c  | 98 ---
 5 files changed, 156 insertions(+), 126 deletions(-)

diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index e1bc43d8db..ad4cf50bb5 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -47,6 +47,7 @@ extern "C" {
  */
 #define OSSL_ALG_PARAM_DIGEST   "digest"/* utf8_string */
 #define OSSL_ALG_PARAM_CIPHER   "cipher"/* utf8_string */
+#define OSSL_ALG_PARAM_MAC  "mac"   /* utf8_string */
 #define OSSL_ALG_PARAM_ENGINE   "engine"/* utf8_string */
 #define OSSL_ALG_PARAM_PROPERTIES   "properties"/* utf8_string */
 
@@ -108,8 +109,8 @@ extern "C" {
 #define OSSL_KDF_PARAM_KEY  "key"   /* octet string */
 #define OSSL_KDF_PARAM_SALT "salt"  /* octet string */
 #define OSSL_KDF_PARAM_PASSWORD "pass"  /* octet string */
-#define OSSL_KDF_PARAM_DIGEST   OSSL_ALG_PARAM_DIGEST/* utf8 string */
-#define OSSL_KDF_PARAM_MAC  "mac"   /* utf8 string */
+#define OSSL_KDF_PARAM_DIGEST   OSSL_ALG_PARAM_DIGEST /* utf8 string */
+#define OSSL_KDF_PARAM_MAC  OSSL_ALG_PARAM_MAC/* utf8 string */
 #define OSSL_KDF_PARAM_MAC_SIZE "maclen"/* size_t */
 #define OSSL_KDF_PARAM_ENGINE   OSSL_ALG_PARAM_ENGINE /* utf8 string */
 #define OSSL_KDF_PARAM_PROPERTIES   OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
diff --git a/providers/common/include/internal/provider_util.h 
b/providers/common/include/internal/provider_util.h
index 9fe21c5ef6..9925ac2b09 100644
--- a/providers/common/include/internal/provider_util.h
+++ b/providers/common/include/internal/provider_util.h
@@ -21,9 +21,6 @@ typedef struct {
 
 /* Conditions for legacy EVP_CIPHER uses */
 ENGINE *engine; /* cipher engine */
-
-/* Name this was fetched by */
-char name[51];   /* A longer name would be unexpected */
 } PROV_CIPHER;
 
 typedef struct {
@@ -37,9 +34,6 @@ typedef struct {
 
 /* Conditions for legacy EVP_MD uses */
 ENGINE *engine; /* digest engine */
-
-/* Name this was fetched by */
-char name[51];   /* A longer name would be unexpected */
 } PROV_DIGEST;
 
 /* Cipher functions */
@@ -62,7 +56,6 @@ int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER 
*src);
 /* Query the cipher and associated engine (if any) */
 const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc);
 ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc);
-const char *ossl_prov_cipher_name(const PROV_CIPHER *pc);
 
 /* Digest functions */
 /*
@@ -84,4 +77,27 @@ int ossl_prov_digest_copy(PROV_DIGEST *dst, const 
PROV_DIGEST *src);
 /* Query the digest and associated engine (if any) */
 const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd);
 ENGINE 

[openssl] master update

2019-09-19 Thread shane . lontis
The branch master has been updated
   via  ca392b294359a8e9ca55e685b344b485d02bc93b (commit)
  from  e7b81fe67a5dd95af72e090fff6fd0749ee88553 (commit)


- Log -
commit ca392b294359a8e9ca55e685b344b485d02bc93b
Author: Shane Lontis 
Date:   Wed Jul 10 11:42:03 2019 +1000

Add aes_wrap cipher to providers

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9406)

---

Summary of changes:
 crypto/evp/evp_enc.c  |   6 +
 crypto/modes/build.info   |   5 +-
 providers/common/ciphers/build.info   |   2 +-
 providers/common/ciphers/cipher_aes_wrp.c | 246 ++
 providers/common/include/internal/provider_algs.h |   7 +
 providers/default/defltprov.c |   6 +
 providers/fips/fipsprov.c |  24 ++-
 7 files changed, 292 insertions(+), 4 deletions(-)
 create mode 100644 providers/common/ciphers/cipher_aes_wrp.c

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 6e509b2d13..ce1136116c 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -171,6 +171,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 case NID_aes_256_gcm:
 case NID_aes_192_gcm:
 case NID_aes_128_gcm:
+case NID_id_aes256_wrap:
+case NID_id_aes256_wrap_pad:
+case NID_id_aes192_wrap:
+case NID_id_aes192_wrap_pad:
+case NID_id_aes128_wrap:
+case NID_id_aes128_wrap_pad:
 case NID_aria_256_gcm:
 case NID_aria_192_gcm:
 case NID_aria_128_gcm:
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
index f5badff1bb..8a8aead651 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -48,9 +48,10 @@ IF[{- !$disabled{asm} -}]
   ENDIF
 ENDIF
 
-$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c 
$MODESASM
+$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c \
+wrap128.c $MODESASM
 SOURCE[../../libcrypto]=$COMMON \
-cts128.c wrap128.c ocb128.c siv128.c
+cts128.c ocb128.c siv128.c
 
 DEFINE[../../libcrypto]=$MODESDEF
 SOURCE[../../providers/fips]=$COMMON
diff --git a/providers/common/ciphers/build.info 
b/providers/common/ciphers/build.info
index 3f303e96b0..0969e6d378 100644
--- a/providers/common/ciphers/build.info
+++ b/providers/common/ciphers/build.info
@@ -11,6 +11,7 @@ $COMMON=cipher_common.c cipher_common_hw.c block.c \
 cipher_aes_gcm.c cipher_aes_gcm_hw.c \
 cipher_ccm.c cipher_ccm_hw.c \
 cipher_aes_ccm.c cipher_aes_ccm_hw.c \
+cipher_aes_wrp.c \
 $COMMON_DES
 
 SOURCE[../../../libcrypto]=$COMMON
@@ -18,4 +19,3 @@ INCLUDE[../../../libcrypto]=. ../../../crypto
 
 SOURCE[../../fips]=$COMMON
 INCLUDE[../../fips]=. ../../../crypto
-
diff --git a/providers/common/ciphers/cipher_aes_wrp.c 
b/providers/common/ciphers/cipher_aes_wrp.c
new file mode 100644
index 00..ae05aed540
--- /dev/null
+++ b/providers/common/ciphers/cipher_aes_wrp.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_aes.h"
+#include "internal/providercommonerr.h"
+#include "internal/provider_algs.h"
+
+/* AES wrap with padding has IV length of 4, without padding 8 */
+#define AES_WRAP_PAD_IVLEN   4
+#define AES_WRAP_NOPAD_IVLEN 8
+
+/* TODO(3.0) Figure out what flags need to be passed */
+#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \
+   | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+   | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
+
+typedef size_t (*aeswrap_fn)(void *key, const unsigned char *iv,
+ unsigned char *out, const unsigned char *in,
+ size_t inlen, block128_f block);
+
+static OSSL_OP_cipher_encrypt_init_fn aes_wrap_einit;
+static OSSL_OP_cipher_decrypt_init_fn aes_wrap_dinit;
+static OSSL_OP_cipher_update_fn aes_wrap_cipher;
+static OSSL_OP_cipher_final_fn aes_wrap_final;
+static OSSL_OP_cipher_freectx_fn aes_wrap_freectx;
+
+typedef struct prov_aes_wrap_ctx_st {
+PROV_CIPHER_CTX base;
+union {
+OSSL_UNION_ALIGN;
+AES_KEY ks;
+} ks;
+unsigned int iv_set : 1;
+aeswrap_fn wrapfn;
+
+} PROV_AES_WRAP_CTX;
+
+
+static void *aes_wrap_newctx(size_t kbits, size_t blkbits,
+ size_t ivbits, unsigned int mode, uint64_t flags)
+{
+PROV_AES_WRAP_CTX *wctx = OPENSSL_zalloc(sizeof(*wctx));
+PROV_CIPHER_CTX *ctx = 

[openssl] master update

2019-09-19 Thread shane . lontis
The branch master has been updated
   via  e7b81fe67a5dd95af72e090fff6fd0749ee88553 (commit)
  from  2e9645c8b9a81e7617395553088560847ac1b8c8 (commit)


- Log -
commit e7b81fe67a5dd95af72e090fff6fd0749ee88553
Author: Shane Lontis 
Date:   Thu Sep 19 17:26:04 2019 +1000

Fix missing bn_mul_mont symbol in solaris fips module

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9943)

---

Summary of changes:
 crypto/sparcv9cap.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c
index e48ebf7e6d..ec825662e5 100644
--- a/crypto/sparcv9cap.c
+++ b/crypto/sparcv9cap.c
@@ -24,11 +24,6 @@ __attribute__ ((visibility("hidden")))
 #endif
 unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 };
 
-/*
- * TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
- * the FIPS module yet.
- */
-#ifndef FIPS_MODE
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
 const BN_ULONG *np, const BN_ULONG *n0, int num)
 {
@@ -91,7 +86,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const 
BN_ULONG *bp,
 }
 return bn_mul_mont_int(rp, ap, bp, np, n0, num);
 }
-#endif /* FIPS_MODE */
 
 unsigned long _sparcv9_rdtick(void);
 void _sparcv9_vis1_probe(void);


[openssl] master update

2019-09-19 Thread shane . lontis
The branch master has been updated
   via  2e9645c8b9a81e7617395553088560847ac1b8c8 (commit)
  from  fbad6e79fae1ed12c5d3b5611f490e75066adfad (commit)


- Log -
commit 2e9645c8b9a81e7617395553088560847ac1b8c8
Author: Shane Lontis 
Date:   Thu Sep 19 18:40:07 2019 +1000

Move gcm decryption tag check higher up in the callstack

Code was updated for s390 that accidently removed the check inside the 
final method.
Moving the check up before the final method is called is a better way of 
handling this.
The oneshot method also calls the final method but doesnt need to do this 
check.

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9945)

---

Summary of changes:
 providers/common/ciphers/cipher_gcm.c| 4 +++-
 providers/common/ciphers/cipher_gcm_hw.c | 3 +--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/providers/common/ciphers/cipher_gcm.c 
b/providers/common/ciphers/cipher_gcm.c
index 9a61eabdfc..b5c79daee7 100644
--- a/providers/common/ciphers/cipher_gcm.c
+++ b/providers/common/ciphers/cipher_gcm.c
@@ -344,7 +344,9 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned 
char *out,
 goto err;
 }
 } else {
-/* Finished when in == NULL */
+/* The tag must be set before actually decrypting data */
+if (!ctx->enc && ctx->taglen == UNINITIALISED_SIZET)
+goto err;
 if (!hw->cipherfinal(ctx, ctx->buf))
 goto err;
 ctx->iv_state = IV_STATE_FINISHED; /* Don't reuse the IV */
diff --git a/providers/common/ciphers/cipher_gcm_hw.c 
b/providers/common/ciphers/cipher_gcm_hw.c
index e2587f2e5e..8b2913c695 100644
--- a/providers/common/ciphers/cipher_gcm_hw.c
+++ b/providers/common/ciphers/cipher_gcm_hw.c
@@ -90,8 +90,7 @@ int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
 CRYPTO_gcm128_tag(>gcm, tag, GCM_TAG_MAX_SIZE);
 ctx->taglen = GCM_TAG_MAX_SIZE;
 } else {
-if (ctx->taglen == UNINITIALISED_SIZET
-|| CRYPTO_gcm128_finish(>gcm, tag, ctx->taglen) != 0)
+if (CRYPTO_gcm128_finish(>gcm, tag, ctx->taglen) != 0)
 return 0;
 }
 return 1;


[openssl] master update

2019-09-19 Thread kaishen . yy
The branch master has been updated
   via  fbad6e79fae1ed12c5d3b5611f490e75066adfad (commit)
  from  51ba9ebd09bfa3569fee935ef7063394820cd333 (commit)


- Log -
commit fbad6e79fae1ed12c5d3b5611f490e75066adfad
Author: Rich Salz 
Date:   Thu Aug 29 15:37:01 2019 -0400

Exit non-zero if find-doc-nits finds nits

Filter all output to a new () routine, which sets the global
exit status, $status.
Also, fix all subroutine definitions and references to be consistent:
no prototypes, no & before function calls.

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Yang 
(Merged from https://github.com/openssl/openssl/pull/9733)

---

Summary of changes:
 Configurations/unix-Makefile.tmpl |   4 +-
 util/find-doc-nits| 196 +++---
 2 files changed, 101 insertions(+), 99 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 36cb253bf2..1267a2a96d 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -729,9 +729,7 @@ generate: generate_apps generate_crypto_bn 
generate_crypto_objects \
 
 .PHONY: doc-nits
 doc-nits: build_generated
-   (cd $(SRCDIR); $(PERL) util/find-doc-nits -n -p -s ) >doc-nits
-   @if [ -s doc-nits ] ; then cat doc-nits ; exit 1; \
-   else echo 'doc-nits: no errors.'; rm doc-nits ; fi
+   (cd $(SRCDIR); $(PERL) util/find-doc-nits -n -p -s )
 
 # Test coverage is a good idea for the future
 #coverage: $(PROGRAMS) $(TESTPROGRAMS)
diff --git a/util/find-doc-nits b/util/find-doc-nits
index d6dfa5a0dc..03b88ea767 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -31,8 +31,7 @@ our($opt_u);
 our($opt_v);
 our($opt_c);
 
-sub help()
-{
+sub help {
 print < [ 'NAME', 'DESCRIPTION', 'COPYRIGHT' ],
@@ -61,9 +61,14 @@ my %mandatory_sections =
   5  => [ ],
   7  => [ ] );
 
+# Print error message, set $status.
+sub err {
+print join(" ", @_), "\n";
+$status = 1
+}
+
 # Cross-check functions in the NAME and SYNOPSIS section.
-sub name_synopsis()
-{
+sub name_synopsis {
 my $id = shift;
 my $filename = shift;
 my $contents = shift;
@@ -72,11 +77,14 @@ sub name_synopsis()
 return unless $contents =~ /=head1 NAME(.*)=head1 SYNOPSIS/ms;
 my $tmp = $1;
 $tmp =~ tr/\n/ /;
-print "$id trailing comma before - in NAME\n" if $tmp =~ /, *-/;
+err($id, "trailing comma before - in NAME")
+if $tmp =~ /, *-/;
 $tmp =~ s/ -.*//g;
-print "$id POD markup among the names in NAME\n" if $tmp =~ /[<>]/;
+err($id, "POD markup among the names in NAME")
+if $tmp =~ /[<>]/;
 $tmp =~ s/  */ /g;
-print "$id missing comma in NAME\n" if $tmp =~ /[^,] /;
+err($id, "missing comma in NAME")
+if $tmp =~ /[^,] /;
 
 my $dirname = dirname($filename);
 my $simplename = basename(basename($filename, ".in"), ".pod");
@@ -86,7 +94,7 @@ sub name_synopsis()
 foreach my $n ( split ',', $tmp ) {
 $n =~ s/^\s+//;
 $n =~ s/\s+$//;
-print "$id the name '$n' contains white-space\n"
+err($id, "the name '$n' contains white-space")
 if $n =~ /\s/;
 $names{$n} = 1;
 $foundfilename++ if $n eq $simplename;
@@ -94,13 +102,13 @@ sub name_synopsis()
 if ((-f "$dirname/$n.pod.in" || -f "$dirname/$n.pod")
 && $n ne $simplename);
 }
-print "$id the following exist as other .pod or .pod.in files:\n",
-join(" ", sort keys %foundfilenames), "\n"
+err($id, "the following exist as other .pod or .pod.in files:",
+ sort keys %foundfilenames)
 if %foundfilenames;
-print "$id $simplename (filename) missing from NAME section\n"
+err($id, "$simplename (filename) missing from NAME section")
 unless $foundfilename;
 foreach my $n ( keys %names ) {
-print "$id $n is not public\n"
+err($id, "$n is not public")
 if $opt_p and !defined $public{$n};
 }
 
@@ -136,24 +144,23 @@ sub name_synopsis()
 else {
 next;
 }
-print "$id $sym missing from NAME section\n"
+err($id, "$sym missing from NAME section")
 unless defined $names{$sym};
 $names{$sym} = 2;
 
 # Do some sanity checks on the prototype.
-print "$id prototype missing spaces around commas: $line\n"
+err($id, "prototype missing spaces around commas: $line")
 if ( $line =~ /[a-z0-9],[^ ]/ );
 }
 
 foreach my $n ( keys %names ) {
 next if $names{$n} == 2;
-print "$id $n missing from SYNOPSIS\n";
+err($id, "$n missing from SYNOPSIS")
 }
 }
 
 # Check if SECTION ($3) is located before BEFORE ($4)
-sub check_section_location()
-{
+sub check_section_location {
 my $id = shift;
 

[openssl] master update

2019-09-19 Thread Richard Levitte
The branch master has been updated
   via  51ba9ebd09bfa3569fee935ef7063394820cd333 (commit)
   via  8c0e76813af6a886f66d3e95b908c6c924d2a6ad (commit)
   via  f6aca23e268799380e4e4193789ed96db1ed57f3 (commit)
   via  0f17ac26fc552b7f233e8765e6b6a278c9731e2a (commit)
  from  7cfa1717b812a126ce6f8e4cc32139164c89d789 (commit)


- Log -
commit 51ba9ebd09bfa3569fee935ef7063394820cd333
Author: Rich Salz 
Date:   Fri Aug 16 18:05:08 2019 -0400

Avoid ?: construct in XXXerr calls

It either makes the flow of control simpler and more obvious, or it is
just a "cleanup" so that the editing scripts will find and fixup things.

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9441)

commit 8c0e76813af6a886f66d3e95b908c6c924d2a6ad
Author: Rich Salz 
Date:   Mon Aug 12 15:50:51 2019 -0400

Add merge-err-lines script

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9441)

commit f6aca23e268799380e4e4193789ed96db1ed57f3
Author: Rich Salz 
Date:   Tue Jul 30 15:40:23 2019 -0400

Deprecate XXXerr() macros

Actually, for transition, they're not really deprecated.  Remove the
"1 ||" from the ifdef line (in include/openssl/err.h) when ready to
do this in production/"for real"

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9441)

commit 0f17ac26fc552b7f233e8765e6b6a278c9731e2a
Author: Rich Salz 
Date:   Wed Jul 24 11:40:07 2019 -0400

Add script convert XXerr to ERR_raise

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9441)

---

Summary of changes:
 crypto/evp/evp_lib.c   | 16 +-
 crypto/evp/evp_locl.h  |  4 +--
 crypto/rand/drbg_lib.c |  7 +++--
 include/openssl/err.h  | 83 +-
 util/err-to-raise  | 62 +
 util/merge-err-lines   | 29 ++
 6 files changed, 147 insertions(+), 54 deletions(-)
 create mode 100755 util/err-to-raise
 create mode 100755 util/merge-err-lines

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index e48c63037e..4ec880fd13 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -60,10 +60,10 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE 
*type)
 }
 } else
 ret = -1;
-if (ret <= 0)
-EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ret == -2 ?
-   ASN1_R_UNSUPPORTED_CIPHER :
-   EVP_R_CIPHER_PARAMETER_ERROR);
+if (ret == -2)
+EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER);
+else if (ret <= 0)
+EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, EVP_R_CIPHER_PARAMETER_ERROR);
 if (ret < -1)
 ret = -1;
 return ret;
@@ -106,10 +106,10 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE 
*type)
 }
 } else
 ret = -1;
-if (ret <= 0)
-EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, ret == -2 ?
-   EVP_R_UNSUPPORTED_CIPHER :
-   EVP_R_CIPHER_PARAMETER_ERROR);
+if (ret == -2)
+EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_UNSUPPORTED_CIPHER);
+else if (ret <= 0)
+EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_CIPHER_PARAMETER_ERROR);
 if (ret < -1)
 ret = -1;
 return ret;
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
index ebfa3acd08..3437e04b67 100644
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -233,7 +233,7 @@ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz);
 size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
   \
 if (pksize == 0) {\
-EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/  \
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \
 return 0; \
 } \
 if (arg == NULL) {\
@@ -241,7 +241,7 @@ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz);
 return 1; \
 } \
 if (*arglen < pksize) {   \
-EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
+ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
 return 0; \
 }

[openssl] master update

2019-09-19 Thread Richard Levitte
The branch master has been updated
   via  7cfa1717b812a126ce6f8e4cc32139164c89d789 (commit)
   via  f7c16d48a945e80f22f6f02550ee3fe14edb52fa (commit)
  from  f8c0218f09e190a2efb28302f6c9737efe151d27 (commit)


- Log -
commit 7cfa1717b812a126ce6f8e4cc32139164c89d789
Author: Richard Levitte 
Date:   Sat Sep 14 16:35:08 2019 +0200

Modify providers that keep track of underlying algorithms

With some provider implementations, there are underlying ciphers,
digests and macs.  For some of them, the name was retrieved from the
method, but since the methods do not store those any more, we add
different mechanics.

For code that needs to pass on the name of a cipher or diges via
parameters, we simply locally store the name that was used when
fetching said cipher or digest.  This will ensure that any underlying
code that needs to fetch that same cipher or digest does so with the
exact same name instead of any random name from the set of names
associated with the algorithm.

For code that needs to check what kind of algorithm was passed, we
provide EVP_{type}_is_a(), that returns true if the given method has
the given name as one of its names.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9897)

commit f7c16d48a945e80f22f6f02550ee3fe14edb52fa
Author: Richard Levitte 
Date:   Sat Sep 14 16:22:19 2019 +0200

In provider implemented methods, save the name number, not the name string

Multiple names per implementation is already supported in the namemap,
but hasn't been used yet.  However, as soon as we have multiple names,
we will get an issue with what name should be saved in the method.

The solution is to not save the name itself, but rather the number
it's associated with.  This number is supposed to be unique for each
set of names, and we assume that algorithm names are globally unique,
i.e. there can be no name overlap between different algorithm types.

Incidently, it was also found that the 'get' function used by
ossl_construct_method() doesn't need all the parameters it was given;
most of what it needs, it can now get through the data structure given
by the caller of ossl_construct_method().  As a consequence,
ossl_construct_method() itself doesn't need all the parameters it was
given either.

There are some added internal functions that are expected to disappear
as soon as legacy code is removed, such as evp_first_name() and
ossl_namemap_num2name().

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9897)

---

Summary of changes:
 crypto/core_fetch.c   |   8 +-
 crypto/core_namemap.c |  26 +++
 crypto/evp/digest.c   |  27 +--
 crypto/evp/evp_enc.c  |  26 +--
 crypto/evp/evp_fetch.c| 208 +-
 crypto/evp/evp_lib.c  |   9 +-
 crypto/evp/evp_locl.h |  29 ++-
 crypto/evp/exchange.c |  12 +-
 crypto/evp/kdf_lib.c  |   2 +-
 crypto/evp/kdf_meth.c |  12 +-
 crypto/evp/keymgmt_meth.c |  32 ++--
 crypto/evp/mac_meth.c |  19 +-
 crypto/evp/pkey_mac.c |   4 +-
 crypto/evp/pmeth_fn.c |  12 +-
 crypto/include/internal/evp_int.h |   8 +-
 doc/internal/man3/evp_generic_fetch.pod   |  49 +++--
 doc/internal/man3/ossl_method_construct.pod   |  26 ++-
 doc/man3/EVP_EncryptInit.pod  |   5 +
 doc/man3/EVP_MAC.pod  |  10 +-
 include/internal/core.h   |   5 +-
 include/internal/namemap.h|   2 +
 include/openssl/evp.h |   2 +
 providers/common/include/internal/provider_util.h |  16 +-
 providers/common/kdfs/sskdf.c |  10 +-
 providers/common/provider_util.c  |  15 ++
 util/libcrypto.num|   2 +
 26 files changed, 403 insertions(+), 173 deletions(-)

diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c
index 6e4414d831..1e0d82fb61 100644
--- a/crypto/core_fetch.c
+++ b/crypto/core_fetch.c
@@ -66,15 +66,12 @@ static void ossl_method_construct_this(OSSL_PROVIDER 
*provider,
 }
 
 void *ossl_method_construct(OPENSSL_CTX *libctx, int operation_id,
-const char *name, const char *propquery,
 int force_store,
 OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data)
 {
 

[openssl] master update

2019-09-19 Thread shane . lontis
The branch master has been updated
   via  f8c0218f09e190a2efb28302f6c9737efe151d27 (commit)
  from  4ed838915be263b3ebf847b6ada2ab2d3debec4c (commit)


- Log -
commit f8c0218f09e190a2efb28302f6c9737efe151d27
Author: Shane Lontis 
Date:   Thu Sep 19 21:21:39 2019 +1000

Fix Solaris compile errors in provider ciphers

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9941)

---

Summary of changes:
 providers/common/ciphers/cipher_aes_hw_t4.inc | 2 +-
 providers/common/ciphers/cipher_tdes_hw.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/common/ciphers/cipher_aes_hw_t4.inc 
b/providers/common/ciphers/cipher_aes_hw_t4.inc
index 8722fa0add..21b672710a 100644
--- a/providers/common/ciphers/cipher_aes_hw_t4.inc
+++ b/providers/common/ciphers/cipher_aes_hw_t4.inc
@@ -92,4 +92,4 @@ static const PROV_CIPHER_HW aes_t4_##mode = { 
 \
 };
 #define PROV_CIPHER_HW_select(mode)
\
 if (SPARC_AES_CAPABLE) 
\
-return aes_t4_##mode;
+return _t4_##mode;
diff --git a/providers/common/ciphers/cipher_tdes_hw.c 
b/providers/common/ciphers/cipher_tdes_hw.c
index 980201267b..92b6de2422 100644
--- a/providers/common/ciphers/cipher_tdes_hw.c
+++ b/providers/common/ciphers/cipher_tdes_hw.c
@@ -27,8 +27,8 @@ int cipher_hw_tdes_ede3_initkey(PROV_CIPHER_CTX *ctx, const 
unsigned char *key,
 des_t4_key_expand([0], >ks1);
 des_t4_key_expand([1], >ks2);
 des_t4_key_expand([2], >ks3);
-dat->tstream.cbc = enc ? des_t4_ede3_cbc_encrypt :
- des_t4_ede3_cbc_decrypt;
+tctx->tstream.cbc = ctx->enc ? des_t4_ede3_cbc_encrypt :
+   des_t4_ede3_cbc_decrypt;
 return 1;
 }
 }


[openssl] master update

2019-09-19 Thread shane . lontis
The branch master has been updated
   via  4ed838915be263b3ebf847b6ada2ab2d3debec4c (commit)
  from  3837c202b5e91f009d1508a8f3608c94515ca776 (commit)


- Log -
commit 4ed838915be263b3ebf847b6ada2ab2d3debec4c
Author: Jon Spillett 
Date:   Thu Sep 19 21:14:21 2019 +1000

Add option grouping capability to apps

Reviewed-by: Richard Levitte 
Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/9920)

---

Summary of changes:
 apps/include/opt.h |  5 
 apps/lib/opt.c | 72 +++---
 2 files changed, 47 insertions(+), 30 deletions(-)

diff --git a/apps/include/opt.h b/apps/include/opt.h
index 81faf7057d..92a7fd1d82 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -266,6 +266,7 @@
  */
 extern const char OPT_HELP_STR[];
 extern const char OPT_MORE_STR[];
+extern const char OPT_SECTION_STR[];
 typedef struct options_st {
 const char *name;
 int retval;
@@ -307,6 +308,9 @@ typedef struct string_int_pair_st {
 OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS   | \
 OPT_FMT_TEXT   | OPT_FMT_HTTP   | OPT_FMT_PVK)
 
+/* Divide options into sections when displaying usage */
+#define OPT_SECTION(sec) {OPT_SECTION_STR, 1, '-', sec " options:\n"}
+
 char *opt_progname(const char *argv0);
 char *opt_getprog(void);
 char *opt_init(int ac, char **av, const OPTIONS * o);
@@ -338,6 +342,7 @@ int opt_num_rest(void);
 int opt_verify(int i, X509_VERIFY_PARAM *vpm);
 int opt_rand(int i);
 void opt_help(const OPTIONS * list);
+void opt_print(const OPTIONS * opt, int width);
 int opt_format_error(const char *s, unsigned long flags);
 int opt_isdir(const char *name);
 int opt_printf_stderr(const char *fmt, ...);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index c2a5878ef6..44d2570ae7 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -28,6 +28,7 @@
 #define MAX_OPT_HELP_WIDTH 30
 const char OPT_HELP_STR[] = "--";
 const char OPT_MORE_STR[] = "---";
+const char OPT_SECTION_STR[] = "";
 
 /* Our state */
 static char **argv;
@@ -133,7 +134,8 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
 int duplicated, i;
 #endif
 
-if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
+if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR ||
+o->name == OPT_SECTION_STR)
 continue;
 #ifndef NDEBUG
 i = o->valtype;
@@ -832,40 +834,16 @@ static const char *valtype2param(const OPTIONS *o)
 return "parm";
 }
 
-void opt_help(const OPTIONS *list)
+void opt_print(const OPTIONS *o, int width)
 {
-const OPTIONS *o;
-int i;
-int standard_prolog;
-int width = 5;
+const char* help;
 char start[80 + 1];
 char *p;
-const char *help;
-
-/* Starts with its own help message? */
-standard_prolog = list[0].name != OPT_HELP_STR;
-
-/* Find the widest help. */
-for (o = list; o->name; o++) {
-if (o->name == OPT_MORE_STR)
-continue;
-i = 2 + (int)strlen(o->name);
-if (o->valtype != '-')
-i += 1 + strlen(valtype2param(o));
-if (i < MAX_OPT_HELP_WIDTH && i > width)
-width = i;
-OPENSSL_assert(i < (int)sizeof(start));
-}
-
-if (standard_prolog)
-opt_printf_stderr("Usage: %s [options]\nValid options are:\n", prog);
 
-/* Now let's print. */
-for (o = list; o->name; o++) {
 help = o->helpstr ? o->helpstr : "(No additional info)";
-if (o->name == OPT_HELP_STR) {
+if (o->name == OPT_HELP_STR || o->name == OPT_SECTION_STR) {
 opt_printf_stderr(help, prog);
-continue;
+return;
 }
 
 /* Pad out prefix */
@@ -876,7 +854,7 @@ void opt_help(const OPTIONS *list)
 /* Continuation of previous line; pad and print. */
 start[width] = '\0';
 opt_printf_stderr("%s  %s\n", start, help);
-continue;
+return;
 }
 
 /* Build up the "-flag [param]" part. */
@@ -899,6 +877,40 @@ void opt_help(const OPTIONS *list)
 }
 start[width] = '\0';
 opt_printf_stderr("%s  %s\n", start, help);
+}
+
+void opt_help(const OPTIONS *list)
+{
+const OPTIONS *o;
+int i;
+int standard_prolog;
+int width = 5;
+char start[80 + 1];
+
+/* Starts with its own help message? */
+standard_prolog = list[0].name != OPT_HELP_STR;
+
+/* Find the widest help. */
+for (o = list; o->name; o++) {
+if (o->name == OPT_MORE_STR)
+continue;
+i = 2 + (int)strlen(o->name);
+if (o->valtype != '-')
+i += 1 + strlen(valtype2param(o));
+if (i < MAX_OPT_HELP_WIDTH && i > width)
+width = i;
+OPENSSL_assert(i < (int)sizeof(start));
+}
+
+if (standard_prolog) {
+  

[openssl] master update

2019-09-19 Thread shane . lontis
The branch master has been updated
   via  3837c202b5e91f009d1508a8f3608c94515ca776 (commit)
  from  105dde2528d64b4af25c241288a985fdfc27afbc (commit)


- Log -
commit 3837c202b5e91f009d1508a8f3608c94515ca776
Author: Shane Lontis 
Date:   Thu Sep 19 20:10:25 2019 +1000

Add aes_ocb cipher to providers

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9320)

---

Summary of changes:
 crypto/evp/evp_enc.c   |   3 +
 providers/common/ciphers/cipher_locl.h |   4 -
 .../common/include/internal/ciphers/ciphercommon.h |   6 +
 providers/common/include/internal/provider_algs.h  |   5 +
 providers/default/ciphers/build.info   |   5 +
 providers/default/ciphers/cipher_aes_ocb.c | 491 +
 providers/default/ciphers/cipher_aes_ocb.h |  38 ++
 providers/default/ciphers/cipher_aes_ocb_hw.c  | 115 +
 providers/default/defltprov.c  |   5 +
 test/recipes/30-test_evp_data/evpciph.txt  |  24 +
 10 files changed, 692 insertions(+), 4 deletions(-)
 create mode 100644 providers/default/ciphers/cipher_aes_ocb.c
 create mode 100644 providers/default/ciphers/cipher_aes_ocb.h
 create mode 100644 providers/default/ciphers/cipher_aes_ocb_hw.c

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 41edd0decd..f2511a2b28 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -165,6 +165,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER 
*cipher,
 case NID_aes_128_ctr:
 case NID_aes_128_xts:
 case NID_aes_256_xts:
+case NID_aes_256_ocb:
+case NID_aes_192_ocb:
+case NID_aes_128_ocb:
 case NID_aes_256_gcm:
 case NID_aes_192_gcm:
 case NID_aes_128_gcm:
diff --git a/providers/common/ciphers/cipher_locl.h 
b/providers/common/ciphers/cipher_locl.h
index 7e0aaad438..cc37a348ed 100644
--- a/providers/common/ciphers/cipher_locl.h
+++ b/providers/common/ciphers/cipher_locl.h
@@ -25,9 +25,5 @@ const OSSL_PARAM * name##_gettable_ctx_params(void)   
 \
 return name##_known_gettable_ctx_params;   
\
 }
 
-size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
- const unsigned char **in, size_t *inlen);
-int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
- const unsigned char **in, size_t *inlen);
 void padblock(unsigned char *buf, size_t *buflen, size_t blocksize);
 int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize);
diff --git a/providers/common/include/internal/ciphers/ciphercommon.h 
b/providers/common/include/internal/ciphers/ciphercommon.h
index fe55342e19..7539d8cb81 100644
--- a/providers/common/include/internal/ciphers/ciphercommon.h
+++ b/providers/common/include/internal/ciphers/ciphercommon.h
@@ -224,3 +224,9 @@ static int 
cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx,\
 ctx->num = num;
\
 return 1;  
\
 }
+
+size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
+ const unsigned char **in, size_t *inlen);
+int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
+ const unsigned char **in, size_t *inlen);
+
diff --git a/providers/common/include/internal/provider_algs.h 
b/providers/common/include/internal/provider_algs.h
index aeb7c430a0..7c0f437832 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -58,6 +58,11 @@ extern const OSSL_DISPATCH aes192ctr_functions[];
 extern const OSSL_DISPATCH aes128ctr_functions[];
 extern const OSSL_DISPATCH aes256xts_functions[];
 extern const OSSL_DISPATCH aes128xts_functions[];
+#ifndef OPENSSL_NO_OCB
+extern const OSSL_DISPATCH aes256ocb_functions[];
+extern const OSSL_DISPATCH aes192ocb_functions[];
+extern const OSSL_DISPATCH aes128ocb_functions[];
+#endif /* OPENSSL_NO_OCB */
 extern const OSSL_DISPATCH aes256gcm_functions[];
 extern const OSSL_DISPATCH aes192gcm_functions[];
 extern const OSSL_DISPATCH aes128gcm_functions[];
diff --git a/providers/default/ciphers/build.info 
b/providers/default/ciphers/build.info
index 8f2bbae28d..02e0f7fa51 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -44,4 +44,9 @@ IF[{- !$disabled{sm4} -}]
   cipher_sm4.c cipher_sm4_hw.c
 ENDIF
 
+IF[{- !$disabled{ocb} -}]
+  SOURCE[../../../libcrypto]=\
+   cipher_aes_ocb.c cipher_aes_ocb_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_aes_ocb.c 

[openssl] master update

2019-09-18 Thread shane . lontis
The branch master has been updated
   via  105dde2528d64b4af25c241288a985fdfc27afbc (commit)
  from  639b53ecd82648fbb66a2ab7dabece7f15a1f730 (commit)


- Log -
commit 105dde2528d64b4af25c241288a985fdfc27afbc
Author: Shane Lontis 
Date:   Thu Sep 19 15:38:51 2019 +1000

Add sm4 ciphers to default provider

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9935)

---

Summary of changes:
 crypto/evp/evp_enc.c   |  5 +++
 providers/common/include/internal/provider_algs.h  |  7 +++
 providers/default/ciphers/build.info   |  5 +++
 providers/default/ciphers/cipher_sm4.c | 51 ++
 .../ciphers/{cipher_cast.h => cipher_sm4.h}| 15 ---
 providers/default/ciphers/cipher_sm4_hw.c  | 43 ++
 providers/default/defltprov.c  |  7 +++
 test/recipes/30-test_evp.t |  3 ++
 test/recipes/30-test_evp_data/evpciph.txt  | 31 -
 test/recipes/30-test_evp_data/evpciph_sm4.txt  | 39 +
 10 files changed, 168 insertions(+), 38 deletions(-)
 create mode 100644 providers/default/ciphers/cipher_sm4.c
 copy providers/default/ciphers/{cipher_cast.h => cipher_sm4.h} (57%)
 create mode 100644 providers/default/ciphers/cipher_sm4_hw.c
 create mode 100644 test/recipes/30-test_evp_data/evpciph_sm4.txt

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 4d6001688f..41edd0decd 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -247,6 +247,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 case NID_seed_ecb:
 case NID_seed_cfb128:
 case NID_seed_ofb128:
+case NID_sm4_cbc:
+case NID_sm4_ecb:
+case NID_sm4_ctr:
+case NID_sm4_cfb128:
+case NID_sm4_ofb128:
 break;
 default:
 goto legacy;
diff --git a/providers/common/include/internal/provider_algs.h 
b/providers/common/include/internal/provider_algs.h
index d69b9cd4b8..aeb7c430a0 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -140,6 +140,13 @@ extern const OSSL_DISPATCH seed128cbc_functions[];
 extern const OSSL_DISPATCH seed128ofb128_functions[];
 extern const OSSL_DISPATCH seed128cfb128_functions[];
 #endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_SM4
+extern const OSSL_DISPATCH sm4128ecb_functions[];
+extern const OSSL_DISPATCH sm4128cbc_functions[];
+extern const OSSL_DISPATCH sm4128ctr_functions[];
+extern const OSSL_DISPATCH sm4128ofb128_functions[];
+extern const OSSL_DISPATCH sm4128cfb128_functions[];
+#endif /* OPENSSL_NO_SM4 */
 
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
diff --git a/providers/default/ciphers/build.info 
b/providers/default/ciphers/build.info
index 66ef9df68a..8f2bbae28d 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -39,4 +39,9 @@ IF[{- !$disabled{seed} -}]
   cipher_seed.c cipher_seed_hw.c
 ENDIF
 
+IF[{- !$disabled{sm4} -}]
+  SOURCE[../../../libcrypto]=\
+  cipher_sm4.c cipher_sm4_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_sm4.c 
b/providers/default/ciphers/cipher_sm4.c
new file mode 100644
index 00..8b7c3761ca
--- /dev/null
+++ b/providers/default/ciphers/cipher_sm4.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb */
+
+#include "cipher_sm4.h"
+#include "internal/provider_algs.h"
+
+/* TODO (3.0) Figure out what flags to pass */
+#define SM4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1
+
+static OSSL_OP_cipher_freectx_fn sm4_freectx;
+static OSSL_OP_cipher_dupctx_fn sm4_dupctx;
+
+static void sm4_freectx(void *vctx)
+{
+PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx;
+
+OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *sm4_dupctx(void *ctx)
+{
+PROV_SM4_CTX *in = (PROV_SM4_CTX *)ctx;
+PROV_SM4_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+if (ret == NULL) {
+ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+return NULL;
+}
+*ret = *in;
+
+return ret;
+}
+
+/* sm4128ecb_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, SM4_FLAGS, 128, 128, 0, block)
+/* sm4128cbc_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, SM4_FLAGS, 128, 128, 128, block)
+/* 

[openssl] master update

2019-09-18 Thread Kurt Roeckx
The branch master has been updated
   via  639b53ecd82648fbb66a2ab7dabece7f15a1f730 (commit)
  from  a74b2eda2fcc386e85c6f859729631b0642c4ee6 (commit)


- Log -
commit 639b53ecd82648fbb66a2ab7dabece7f15a1f730
Author: Brian Chen 
Date:   Tue May 7 04:05:44 2019 -0400

Update fuzzing README for recent clang versions

Recent clang versions ship with libfuzzer, so there's no need to build
libfuzzer yourself. They also have a dedicated -fsanitize=fuzzer-no-link
flag and no longer support the sanitize flags described in the fuzzing
README. Update it to reflect all this.

Fixes #8768.

Reviewed-by: Matt Caswell 
Reviewed-by: Kurt Roeckx 

GH: #8891

---

Summary of changes:
 fuzz/README.md | 75 +-
 1 file changed, 43 insertions(+), 32 deletions(-)

diff --git a/fuzz/README.md b/fuzz/README.md
index 8e7c48d45e..dadf874691 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -3,57 +3,68 @@
 LibFuzzer
 =
 
-Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html).
+How to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html),
+starting from a vanilla+OpenSSH server Ubuntu install.
 
-Starting from a vanilla+OpenSSH server Ubuntu install.
+With `clang` from a package manager
+---
 
-Use Chrome's handy recent build of clang. Older versions may also work.
+Install `clang`, which [ships with 
`libfuzzer`](http://llvm.org/docs/LibFuzzer.html#fuzzer-usage)
+since version 6.0:
 
-$ sudo apt-get install git
-$ mkdir git-work
-$ git clone https://chromium.googlesource.com/chromium/src/tools/clang
-$ clang/scripts/update.py
+$ sudo apt-get install clang
 
-You may want to git pull and re-run the update from time to time.
-
-Update your path:
-
-$ PATH=~/third_party/llvm-build/Release+Asserts/bin/:$PATH
-
-Get and build libFuzzer (there is a git mirror at
-https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer):
-
-$ cd
-$ sudo apt-get install subversion
-$ mkdir svn-work
-$ cd svn-work
-$ svn co https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer 
Fuzzer
-$ cd Fuzzer
-$ clang++ -c -g -O2 -std=c++11 *.cpp
-$ ar r libFuzzer.a *.o
-$ ranlib libFuzzer.a
-
-Configure for fuzzing:
+Configure `openssl` for fuzzing. For now, you'll still need to pass in the path
+to the `libFuzzer` library file while configuring; this is represented as
+`$PATH_TO_LIBFUZZER` below. A typical value would be
+`/usr/lib/llvm-6.0/lib/clang/6.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a`.
 
 $ CC=clang ./config enable-fuzz-libfuzzer \
---with-fuzzer-include=../../svn-work/Fuzzer \
---with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer.a \
+--with-fuzzer-lib=$PATH_TO_LIBFUZZER \
 -DPEDANTIC enable-asan enable-ubsan no-shared \
 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
--fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp \
-enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 \
+-fsanitize=fuzzer-no-link \
+enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
 enable-weak-ssl-ciphers enable-rc5 enable-md2 \
 enable-ssl3 enable-ssl3-method enable-nextprotoneg \
 --debug
+
+Compile:
+
 $ sudo apt-get install make
 $ LDCMD=clang++ make -j
+
+Finally, perform the actual fuzzing:
+
 $ fuzz/helper.py $FUZZER
 
-Where $FUZZER is one of the executables in `fuzz/`.
+where $FUZZER is one of the executables in `fuzz/`.
 
 If you get a crash, you should find a corresponding input file in
 `fuzz/corpora/$FUZZER-crash/`.
 
+With `clang` from source/pre-built binaries
+---
+
+You may also wish to use a pre-built binary from the [LLVM Download
+site](http://releases.llvm.org/download.html), or to [build `clang` from
+source](https://clang.llvm.org/get_started.html). After adding `clang` to your
+path and locating the `libfuzzer` library file, the procedure for configuring
+fuzzing is the same, except that you also need to specify
+a `--with-fuzzer-include` option, which should be the parent directory of the
+prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below.
+
+$ CC=clang ./config enable-fuzz-libfuzzer \
+--with-fuzzer-include=$PATH_TO_LIBFUZZER_DIR \
+--with-fuzzer-lib=$PATH_TO_LIBFUZZER \
+-DPEDANTIC enable-asan enable-ubsan no-shared \
+-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
+-fsanitize=fuzzer-no-link \
+enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \
+enable-weak-ssl-ciphers enable-rc5 enable-md2 \
+enable-ssl3 

[openssl] master update

2019-09-18 Thread patrick . steuer
The branch master has been updated
   via  a74b2eda2fcc386e85c6f859729631b0642c4ee6 (commit)
  from  682b6f67472c22ad2e750c3398d0c49b13c7f5dd (commit)


- Log -
commit a74b2eda2fcc386e85c6f859729631b0642c4ee6
Author: Patrick Steuer 
Date:   Wed Sep 18 15:46:39 2019 +0200

Fix strict-warnings build

..which was broken for s390 due to 1c3ace68.

Signed-off-by: Patrick Steuer 

Reviewed-by: Kurt Roeckx 
(Merged from https://github.com/openssl/openssl/pull/9937)

---

Summary of changes:
 providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc 
b/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc
index ceb733db59..44c3bf332d 100644
--- a/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc
+++ b/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc
@@ -97,10 +97,7 @@ static int s390x_aes_gcm_cipher_final(PROV_GCM_CTX *ctx, 
unsigned char *tag)
 memcpy(tag, kma->t.b, ctx->taglen);
 rc = 1;
 } else {
-if (ctx->taglen < 0)
-rc = 0;
-else
-rc = (CRYPTO_memcmp(tag, kma->t.b, ctx->taglen) == 0);
+rc = (CRYPTO_memcmp(tag, kma->t.b, ctx->taglen) == 0);
 }
 return rc;
 }


[openssl] master update

2019-09-18 Thread patrick . steuer
The branch master has been updated
   via  682b6f67472c22ad2e750c3398d0c49b13c7f5dd (commit)
  from  70adc64632dde9359c8c1c23d01ef7f68d51382e (commit)


- Log -
commit 682b6f67472c22ad2e750c3398d0c49b13c7f5dd
Author: Patrick Steuer 
Date:   Wed Sep 18 20:43:02 2019 +0200

Fix aes ofb, cfb and cfb8 for s390x

..which was broken since e1178600.

Signed-off-by: Patrick Steuer 

Reviewed-by: Kurt Roeckx 
(Merged from https://github.com/openssl/openssl/pull/9939)

---

Summary of changes:
 providers/common/ciphers/cipher_aes_hw_s390x.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/common/ciphers/cipher_aes_hw_s390x.inc 
b/providers/common/ciphers/cipher_aes_hw_s390x.inc
index cefaa1c583..805fa91e5f 100644
--- a/providers/common/ciphers/cipher_aes_hw_s390x.inc
+++ b/providers/common/ciphers/cipher_aes_hw_s390x.inc
@@ -55,7 +55,7 @@ static int s390x_aes_ofb128_initkey(PROV_CIPHER_CTX *dat,
 {
 PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
 
-memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize);
+memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
 memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
 adat->plat.s390x.fc = S390X_AES_FC(keylen);
 adat->plat.s390x.res = 0;
@@ -114,7 +114,7 @@ static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat,
 adat->plat.s390x.fc |= S390X_DECRYPT;
 
 adat->plat.s390x.res = 0;
-memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize);
+memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
 memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
 return 1;
 }
@@ -175,7 +175,7 @@ static int s390x_aes_cfb8_initkey(PROV_CIPHER_CTX *dat,
 if (!dat->enc)
 adat->plat.s390x.fc |= S390X_DECRYPT;
 
-memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize);
+memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
 memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
 return 1;
 }


[openssl] master update

2019-09-18 Thread shane . lontis
The branch master has been updated
   via  70adc64632dde9359c8c1c23d01ef7f68d51382e (commit)
  from  9a92bf1bffad15ede5ac97d1f1705c3e2c249a98 (commit)


- Log -
commit 70adc64632dde9359c8c1c23d01ef7f68d51382e
Author: Shane Lontis 
Date:   Wed Sep 18 22:13:59 2019 +1000

Add SEED ciphers to default provider

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9932)

---

Summary of changes:
 crypto/evp/evp_enc.c   |   4 +
 providers/common/include/internal/provider_algs.h  |   6 +
 providers/default/ciphers/build.info   |   5 +
 providers/default/ciphers/cipher_seed.c|  49 
 .../ciphers/{cipher_cast.h => cipher_seed.h}   |  16 +-
 providers/default/ciphers/cipher_seed_hw.c |  36 +++
 providers/default/defltprov.c  |   6 +
 test/recipes/30-test_evp.t |   3 +
 test/recipes/30-test_evp_data/evpciph.txt  |  50 
 test/recipes/30-test_evp_data/evpciph_seed.txt | 313 +
 10 files changed, 430 insertions(+), 58 deletions(-)
 create mode 100644 providers/default/ciphers/cipher_seed.c
 copy providers/default/ciphers/{cipher_cast.h => cipher_seed.h} (57%)
 create mode 100644 providers/default/ciphers/cipher_seed_hw.c
 create mode 100644 test/recipes/30-test_evp_data/evpciph_seed.txt

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 383480b737..4d6001688f 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -243,6 +243,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 case NID_cast5_ecb:
 case NID_cast5_cfb64:
 case NID_cast5_ofb64:
+case NID_seed_cbc:
+case NID_seed_ecb:
+case NID_seed_cfb128:
+case NID_seed_ofb128:
 break;
 default:
 goto legacy;
diff --git a/providers/common/include/internal/provider_algs.h 
b/providers/common/include/internal/provider_algs.h
index 560a967562..d69b9cd4b8 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -134,6 +134,12 @@ extern const OSSL_DISPATCH cast5128cbc_functions[];
 extern const OSSL_DISPATCH cast564ofb64_functions[];
 extern const OSSL_DISPATCH cast564cfb64_functions[];
 #endif /* OPENSSL_NO_CAST */
+#ifndef OPENSSL_NO_SEED
+extern const OSSL_DISPATCH seed128ecb_functions[];
+extern const OSSL_DISPATCH seed128cbc_functions[];
+extern const OSSL_DISPATCH seed128ofb128_functions[];
+extern const OSSL_DISPATCH seed128cfb128_functions[];
+#endif /* OPENSSL_NO_SEED */
 
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
diff --git a/providers/default/ciphers/build.info 
b/providers/default/ciphers/build.info
index 05e45553f9..66ef9df68a 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -34,4 +34,9 @@ IF[{- !$disabled{cast} -}]
   cipher_cast5.c cipher_cast5_hw.c
 ENDIF
 
+IF[{- !$disabled{seed} -}]
+  SOURCE[../../../libcrypto]=\
+  cipher_seed.c cipher_seed_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_seed.c 
b/providers/default/ciphers/cipher_seed.c
new file mode 100644
index 00..5dfa648c96
--- /dev/null
+++ b/providers/default/ciphers/cipher_seed.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for Seed cipher modes ecb, cbc, ofb, cfb */
+
+#include "cipher_seed.h"
+#include "internal/provider_algs.h"
+
+/* TODO (3.0) Figure out what flags are required */
+#define SEED_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1
+
+static OSSL_OP_cipher_freectx_fn seed_freectx;
+static OSSL_OP_cipher_dupctx_fn seed_dupctx;
+
+static void seed_freectx(void *vctx)
+{
+PROV_SEED_CTX *ctx = (PROV_SEED_CTX *)vctx;
+
+OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *seed_dupctx(void *ctx)
+{
+PROV_SEED_CTX *in = (PROV_SEED_CTX *)ctx;
+PROV_SEED_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+if (ret == NULL) {
+ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+return NULL;
+}
+*ret = *in;
+
+return ret;
+}
+
+/* seed128ecb_functions */
+IMPLEMENT_generic_cipher(seed, SEED, ecb, ECB, SEED_FLAGS, 128, 128, 0, block)
+/* seed128cbc_functions */
+IMPLEMENT_generic_cipher(seed, SEED, cbc, CBC, SEED_FLAGS, 128, 128, 128, 
block)
+/* seed128ofb128_functions */
+IMPLEMENT_generic_cipher(seed, SEED, ofb128, OFB, SEED_FLAGS, 

[openssl] master update

2019-09-18 Thread Richard Levitte
The branch master has been updated
   via  9a92bf1bffad15ede5ac97d1f1705c3e2c249a98 (commit)
  from  18b0042731c739855cddf1f296b0b5a536ef88a3 (commit)


- Log -
commit 9a92bf1bffad15ede5ac97d1f1705c3e2c249a98
Author: Richard Levitte 
Date:   Wed Sep 18 11:49:55 2019 +0200

Refactor TLS1-PRF to create the MAC contexts early

The TLS1-PRF implementation fetched the digest(s) for the underlying
MAC, just to get their names and pass those down to the MAC, which in
turn would fetch those same digests again.

This change circumvents this by fetching the MAC (or MACs in the
MD5-SHA1 special case) and create the MAC contexts for them directly
when this PRF receives the relevant parameters, thus only having to
pass EVP_MAC_CTX pointers around.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/9930)

---

Summary of changes:
 providers/common/kdfs/tls1_prf.c | 138 +++
 1 file changed, 80 insertions(+), 58 deletions(-)

diff --git a/providers/common/kdfs/tls1_prf.c b/providers/common/kdfs/tls1_prf.c
index 2c5e24b403..0acdcdf3b8 100644
--- a/providers/common/kdfs/tls1_prf.c
+++ b/providers/common/kdfs/tls1_prf.c
@@ -68,7 +68,7 @@ static OSSL_OP_kdf_derive_fn kdf_tls1_prf_derive;
 static OSSL_OP_kdf_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params;
 static OSSL_OP_kdf_set_ctx_params_fn kdf_tls1_prf_set_ctx_params;
 
-static int tls1_prf_alg(const EVP_MD *md, const EVP_MD *sha1,
+static int tls1_prf_alg(EVP_MAC_CTX *mdctx, EVP_MAC_CTX *sha1ctx,
 const unsigned char *sec, size_t slen,
 const unsigned char *seed, size_t seed_len,
 unsigned char *out, size_t olen);
@@ -78,10 +78,12 @@ static int tls1_prf_alg(const EVP_MD *md, const EVP_MD 
*sha1,
 /* TLS KDF kdf context structure */
 typedef struct {
 void *provctx;
-/* Digest to use for PRF */
-PROV_DIGEST digest;
-/* Second digest for the MD5/SHA-1 combined PRF */
-PROV_DIGEST sha1;
+
+/* MAC context for the main digest */
+EVP_MAC_CTX *P_hash;
+/* MAC context for SHA1 for the MD5/SHA-1 combined PRF */
+EVP_MAC_CTX *P_sha1;
+
 /* Secret value to use for PRF */
 unsigned char *sec;
 size_t seclen;
@@ -112,8 +114,8 @@ static void kdf_tls1_prf_reset(void *vctx)
 {
 TLS1_PRF *ctx = (TLS1_PRF *)vctx;
 
-ossl_prov_digest_reset(>sha1);
-ossl_prov_digest_reset(>digest);
+EVP_MAC_CTX_free(ctx->P_hash);
+EVP_MAC_CTX_free(ctx->P_sha1);
 OPENSSL_clear_free(ctx->sec, ctx->seclen);
 OPENSSL_cleanse(ctx->seed, ctx->seedlen);
 memset(ctx, 0, sizeof(*ctx));
@@ -123,9 +125,8 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char 
*key,
size_t keylen)
 {
 TLS1_PRF *ctx = (TLS1_PRF *)vctx;
-const EVP_MD *md = ossl_prov_digest_md(>digest);
 
-if (md == NULL) {
+if (ctx->P_hash == NULL) {
 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
 return 0;
 }
@@ -137,38 +138,73 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char 
*key,
 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SEED);
 return 0;
 }
-return tls1_prf_alg(md, ossl_prov_digest_md(>sha1),
+
+return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
 ctx->sec, ctx->seclen,
 ctx->seed, ctx->seedlen,
 key, keylen);
 }
 
+static EVP_MAC_CTX *kdf_tls1_prf_mkmacctx(OPENSSL_CTX *libctx,
+  const char *mdname,
+  const OSSL_PARAM params[])
+{
+const OSSL_PARAM *p;
+OSSL_PARAM mac_params[5], *mp = mac_params;
+const char *properties = NULL;
+/* TODO(3.0) rethink "flags", also see hmac.c in providers */
+int mac_flags = EVP_MD_CTX_FLAG_NON_FIPS_ALLOW;
+EVP_MAC_CTX *macctx = NULL;
+
+*mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+ (char *)mdname, 0);
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ENGINE)) != NULL)
+*mp++ = *p;
+#endif
+if ((p = OSSL_PARAM_locate_const(params,
+ OSSL_KDF_PARAM_PROPERTIES)) != NULL) {
+properties = p->data;
+*mp++ = *p;
+}
+*mp++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FLAGS, _flags);
+*mp = OSSL_PARAM_construct_end();
+
+/* Implicit fetch */
+{
+EVP_MAC *mac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_HMAC, properties);
+
+macctx = EVP_MAC_CTX_new(mac);
+/* The context holds on to the MAC */
+EVP_MAC_free(mac);
+if (macctx == NULL)
+goto err;
+}
+
+if 

[openssl] master update

2019-09-18 Thread shane . lontis
The branch master has been updated
   via  18b0042731c739855cddf1f296b0b5a536ef88a3 (commit)
  from  fddb1847b1d53ead95678cbe21004c03c88d506d (commit)


- Log -
commit 18b0042731c739855cddf1f296b0b5a536ef88a3
Author: Shane Lontis 
Date:   Wed Sep 18 18:55:11 2019 +1000

Add cast5 ciphers to default provider

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9929)

---

Summary of changes:
 crypto/evp/evp_enc.c   |   4 +
 providers/common/include/internal/provider_algs.h  |   6 +
 providers/default/ciphers/build.info   |   5 +
 .../ciphers/{cipher_idea.h => cipher_cast.h}   |  16 +-
 providers/default/ciphers/cipher_cast5.c   |  46 +++
 providers/default/ciphers/cipher_cast5_hw.c|  36 ++
 providers/default/defltprov.c  |   6 +
 test/recipes/30-test_evp.t |   3 +
 test/recipes/30-test_evp_data/evpciph_cast5.txt| 385 +
 9 files changed, 499 insertions(+), 8 deletions(-)
 copy providers/default/ciphers/{cipher_idea.h => cipher_cast.h} (56%)
 create mode 100644 providers/default/ciphers/cipher_cast5.c
 create mode 100644 providers/default/ciphers/cipher_cast5_hw.c
 create mode 100644 test/recipes/30-test_evp_data/evpciph_cast5.txt

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index b0eff2d528..383480b737 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -239,6 +239,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 case NID_idea_ecb:
 case NID_idea_cfb64:
 case NID_idea_ofb64:
+case NID_cast5_cbc:
+case NID_cast5_ecb:
+case NID_cast5_cfb64:
+case NID_cast5_ofb64:
 break;
 default:
 goto legacy;
diff --git a/providers/common/include/internal/provider_algs.h 
b/providers/common/include/internal/provider_algs.h
index 9e0a96e9ad..560a967562 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -128,6 +128,12 @@ extern const OSSL_DISPATCH idea128cbc_functions[];
 extern const OSSL_DISPATCH idea128ofb64_functions[];
 extern const OSSL_DISPATCH idea128cfb64_functions[];
 #endif /* OPENSSL_NO_IDEA */
+#ifndef OPENSSL_NO_CAST
+extern const OSSL_DISPATCH cast5128ecb_functions[];
+extern const OSSL_DISPATCH cast5128cbc_functions[];
+extern const OSSL_DISPATCH cast564ofb64_functions[];
+extern const OSSL_DISPATCH cast564cfb64_functions[];
+#endif /* OPENSSL_NO_CAST */
 
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
diff --git a/providers/default/ciphers/build.info 
b/providers/default/ciphers/build.info
index 3722215daf..05e45553f9 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -29,4 +29,9 @@ IF[{- !$disabled{idea} -}]
   cipher_idea.c cipher_idea_hw.c
 ENDIF
 
+IF[{- !$disabled{cast} -}]
+  SOURCE[../../../libcrypto]=\
+  cipher_cast5.c cipher_cast5_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_idea.h 
b/providers/default/ciphers/cipher_cast.h
similarity index 56%
copy from providers/default/ciphers/cipher_idea.h
copy to providers/default/ciphers/cipher_cast.h
index 8e096bfe9f..279f92216f 100644
--- a/providers/default/ciphers/cipher_idea.h
+++ b/providers/default/ciphers/cipher_cast.h
@@ -7,18 +7,18 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include 
+#include 
 #include "internal/ciphers/ciphercommon.h"
 
-typedef struct prov_idea_ctx_st {
+typedef struct prov_cast_ctx_st {
 PROV_CIPHER_CTX base;  /* Must be first */
 union {
 OSSL_UNION_ALIGN;
-IDEA_KEY_SCHEDULE ks;
+CAST_KEY ks;
 } ks;
-} PROV_IDEA_CTX;
+} PROV_CAST_CTX;
 
-const PROV_CIPHER_HW *PROV_CIPHER_HW_idea_cbc(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_idea_ecb(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_idea_ofb64(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_idea_cfb64(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_ofb64(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_cfb64(size_t keybits);
diff --git a/providers/default/ciphers/cipher_cast5.c 
b/providers/default/ciphers/cipher_cast5.c
new file mode 100644
index 00..13d48ea091
--- /dev/null
+++ b/providers/default/ciphers/cipher_cast5.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You 

[openssl] master update

2019-09-18 Thread Dr . Paul Dale
The branch master has been updated
   via  fddb1847b1d53ead95678cbe21004c03c88d506d (commit)
   via  b1cabee8ce63e73f0116e501cd0933ace3cdec88 (commit)
   via  4c04e7b1cc14d98fe79acb647e4ad1cf1b8114b5 (commit)
   via  54488bd914ee344d55dc75d9df71ce9a5ad3da49 (commit)
   via  40526dfd92817fd1fdd8e4adc9065c02c7807818 (commit)
  from  5b5e2985f355c8e99c196d9ce5d02c15bebadfbc (commit)


- Log -
commit fddb1847b1d53ead95678cbe21004c03c88d506d
Author: Pauli 
Date:   Tue Sep 17 08:46:49 2019 +1000

Change PARAMETER NAMES links to PARAMETERS

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9905)

commit b1cabee8ce63e73f0116e501cd0933ace3cdec88
Author: Pauli 
Date:   Tue Sep 17 08:45:38 2019 +1000

Use PARAMETERS instead of PARAMETER NAMES for the heading for consistency.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9905)

commit 4c04e7b1cc14d98fe79acb647e4ad1cf1b8114b5
Author: Pauli 
Date:   Tue Sep 17 08:44:15 2019 +1000

Fix links to functions.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9905)

commit 54488bd914ee344d55dc75d9df71ce9a5ad3da49
Author: Pauli 
Date:   Mon Sep 16 09:07:32 2019 +1000

Cleanup KDF section 1 documentation.

Remove reference to EVP_KDF_ctrl_str and replace it with 
EVP_KDF_CTX_set_params.

Add missing links, and specify two extra KDFs.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9905)

commit 40526dfd92817fd1fdd8e4adc9065c02c7807818
Author: Pauli 
Date:   Mon Sep 16 08:59:10 2019 +1000

Clean up KDF documentation in section 7.

The EVP_KDF_ctrl function doesn't exist anymore and have been replaced by
EVP_KDF_CTX_set_params.

The EVP_KDF_new_id function doesn't exist either and EVP_KDF_new should be
used instead.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9905)

---

Summary of changes:
 doc/man1/openssl-kdf.pod  | 25 ++---
 doc/man3/EVP_KDF.pod  |  2 +-
 doc/man3/EVP_MAC.pod  |  2 +-
 doc/man7/EVP_KDF-HKDF.pod | 16 
 doc/man7/EVP_KDF-PBKDF2.pod   | 12 ++--
 doc/man7/EVP_KDF-SCRYPT.pod   | 14 +++---
 doc/man7/EVP_KDF-SS.pod   | 12 ++--
 doc/man7/EVP_KDF-SSHKDF.pod   | 14 +++---
 doc/man7/EVP_KDF-TLS1_PRF.pod | 12 ++--
 doc/man7/EVP_KDF-X942.pod | 12 ++--
 doc/man7/EVP_KDF-X963.pod | 14 +++---
 doc/man7/EVP_MAC-BLAKE2.pod   |  4 ++--
 doc/man7/EVP_MAC-CMAC.pod |  4 ++--
 doc/man7/EVP_MAC-GMAC.pod |  4 ++--
 doc/man7/EVP_MAC-HMAC.pod |  4 ++--
 doc/man7/EVP_MAC-KMAC.pod |  4 ++--
 doc/man7/EVP_MAC-Poly1305.pod |  4 ++--
 doc/man7/EVP_MAC-Siphash.pod  |  4 ++--
 18 files changed, 83 insertions(+), 80 deletions(-)

diff --git a/doc/man1/openssl-kdf.pod b/doc/man1/openssl-kdf.pod
index a2b0f25d25..2b14eaadc4 100644
--- a/doc/man1/openssl-kdf.pod
+++ b/doc/man1/openssl-kdf.pod
@@ -42,9 +42,9 @@ Output the derived key in binary form. Uses hexadecimal text 
format if not speci
 =item B<-kdfopt> I
 
 Passes options to the KDF algorithm.
-A comprehensive list of controls can be found in the EVP_KDF_CTX implementation
-documentation.
-Common control strings used by EVP_KDF_ctrl_str() are:
+A comprehensive list of parameters can be found in the EVP_KDF_CTX
+implementation documentation.
+Common parameter names used by EVP_KDF_CTX_set_params() are:
 
 =over 4
 
@@ -82,7 +82,8 @@ To see the list of supported digests, use the command I.
 =item I
 
 Specifies the name of a supported KDF algorithm which will be used.
-The supported algorithms names are TLS1-PRF, HKDF, SSKDF, PBKDF2, SSHKDF and 
id-scrypt.
+The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2,
+SSHKDF, X942KDF, X963KDF and id-scrypt.
 
 =back
 
@@ -143,14 +144,16 @@ used when building OpenSSL.
 =head1 SEE ALSO
 
 L,
-L
+L,
 L,
-L
-L
-L
-L
-L
-L
+L,
+L,
+L,
+L,
+L,
+L,
+L,
+L
 
 =head1 HISTORY
 
diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod
index 2770c9534f..9b88baad9f 100644
--- a/doc/man3/EVP_KDF.pod
+++ b/doc/man3/EVP_KDF.pod
@@ -138,7 +138,7 @@ providers in the given library context I, and for 
each of the
 implementations, calls the given function I with the implementation method
 and the given I as argument.
 
-=head1 PARAMETER NAMES
+=head1 PARAMETERS
 
 The standard parameter names are:
 
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index 4d819b7544..2ab4c48fbf 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -165,7 +165,7 @@ providers in the given library context I, and for 
each of the
 implementations, calls the given function I with the implementation method
 and the given 

[openssl] master update

2019-09-18 Thread Dr . Paul Dale
The branch master has been updated
   via  5b5e2985f355c8e99c196d9ce5d02c15bebadfbc (commit)
  from  f22431f2cd9e96cf75fd020c6e5019ff58f710cf (commit)


- Log -
commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
Author: Alistair Francis 
Date:   Thu Aug 29 13:56:21 2019 -0700

Add support for io_pgetevents_time64 syscall

32-bit architectures that are y2038 safe don't include syscalls that use
32-bit time_t. Instead these architectures have suffixed syscalls that
always use a 64-bit time_t. In the case of the io_getevents syscall the
syscall has been replaced with the io_pgetevents_time64 syscall instead.

This patch changes the io_getevents() function to use the correct
syscall based on the avaliable syscalls and the time_t size. We will
only use the new 64-bit time_t syscall if the architecture is using a
64-bit time_t. This is to avoid having to deal with 32/64-bit
conversions and relying on a 64-bit timespec struct on 32-bit time_t
platforms. As of Linux 5.3 there are no 32-bit time_t architectures
without __NR_io_getevents. In the future if a 32-bit time_t architecture
wants to use the 64-bit syscalls we can handle the conversion.

This fixes build failures on 32-bit RISC-V.

Signed-off-by: Alistair Francis 

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9819)

---

Summary of changes:
 engines/e_afalg.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index dacbe358cb..99516cb1bb 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -125,7 +125,23 @@ static ossl_inline int io_getevents(aio_context_t ctx, 
long min, long max,
struct io_event *events,
struct timespec *timeout)
 {
+#if defined(__NR_io_getevents)
 return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
+#elif defined(__NR_io_pgetevents_time64)
+/* Let's only support the 64 suffix syscalls for 64-bit time_t.
+ * This simplifies the code for us as we don't need to use a 64-bit
+ * version of timespec with a 32-bit time_t and handle converting
+ * between 64-bit and 32-bit times and check for overflows.
+ */
+if (sizeof(timeout->tv_sec) == 8)
+return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, 
timeout, NULL);
+else {
+errno = ENOSYS;
+return -1;
+}
+#else
+# error "We require either the io_getevents syscall or 
__NR_io_pgetevents_time64."
+#endif
 }
 
 static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,


[openssl] master update

2019-09-17 Thread shane . lontis
The branch master has been updated
   via  f22431f2cd9e96cf75fd020c6e5019ff58f710cf (commit)
  from  ecae0575103918868b29cc11aa35e3b91fe7dcc8 (commit)


- Log -
commit f22431f2cd9e96cf75fd020c6e5019ff58f710cf
Author: Shane Lontis 
Date:   Wed Sep 18 15:57:08 2019 +1000

Add IDEA ciphers to default provider

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9917)

---

Summary of changes:
 crypto/evp/evp_enc.c   |   4 +
 providers/common/include/internal/provider_algs.h  |   6 +
 providers/default/ciphers/build.info   |   5 +
 providers/default/ciphers/cipher_idea.c|  46 ++
 .../ciphers/{cipher_blowfish.h => cipher_idea.h}   |  16 +-
 providers/default/ciphers/cipher_idea_hw.c |  56 +++
 providers/default/defltprov.c  |   6 +
 test/recipes/30-test_evp.t |   2 +
 test/recipes/30-test_evp_data/evpciph_idea.txt | 555 +
 9 files changed, 688 insertions(+), 8 deletions(-)
 create mode 100644 providers/default/ciphers/cipher_idea.c
 copy providers/default/ciphers/{cipher_blowfish.h => cipher_idea.h} (55%)
 create mode 100644 providers/default/ciphers/cipher_idea_hw.c
 create mode 100644 test/recipes/30-test_evp_data/evpciph_idea.txt

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 9a4e40d9a9..b0eff2d528 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -235,6 +235,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 case NID_bf_ecb:
 case NID_bf_cfb64:
 case NID_bf_ofb64:
+case NID_idea_cbc:
+case NID_idea_ecb:
+case NID_idea_cfb64:
+case NID_idea_ofb64:
 break;
 default:
 goto legacy;
diff --git a/providers/common/include/internal/provider_algs.h 
b/providers/common/include/internal/provider_algs.h
index 5f54612b0a..9e0a96e9ad 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -122,6 +122,12 @@ extern const OSSL_DISPATCH blowfish128cbc_functions[];
 extern const OSSL_DISPATCH blowfish64ofb64_functions[];
 extern const OSSL_DISPATCH blowfish64cfb64_functions[];
 #endif /* OPENSSL_NO_BF */
+#ifndef OPENSSL_NO_IDEA
+extern const OSSL_DISPATCH idea128ecb_functions[];
+extern const OSSL_DISPATCH idea128cbc_functions[];
+extern const OSSL_DISPATCH idea128ofb64_functions[];
+extern const OSSL_DISPATCH idea128cfb64_functions[];
+#endif /* OPENSSL_NO_IDEA */
 
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
diff --git a/providers/default/ciphers/build.info 
b/providers/default/ciphers/build.info
index a4ca5cc6c8..3722215daf 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -24,4 +24,9 @@ IF[{- !$disabled{bf} -}]
   cipher_blowfish.c cipher_blowfish_hw.c
 ENDIF
 
+IF[{- !$disabled{idea} -}]
+  SOURCE[../../../libcrypto]=\
+  cipher_idea.c cipher_idea_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_idea.c 
b/providers/default/ciphers/cipher_idea.c
new file mode 100644
index 00..6bb5419b6d
--- /dev/null
+++ b/providers/default/ciphers/cipher_idea.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for Idea cipher modes ecb, cbc, ofb, cfb */
+
+#include "cipher_idea.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_cipher_freectx_fn idea_freectx;
+static OSSL_OP_cipher_dupctx_fn idea_dupctx;
+
+static void idea_freectx(void *vctx)
+{
+PROV_IDEA_CTX *ctx = (PROV_IDEA_CTX *)vctx;
+
+OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *idea_dupctx(void *ctx)
+{
+PROV_IDEA_CTX *in = (PROV_IDEA_CTX *)ctx;
+PROV_IDEA_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+if (ret == NULL) {
+ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+return NULL;
+}
+*ret = *in;
+
+return ret;
+}
+
+/* idea128ecb_functions */
+IMPLEMENT_generic_cipher(idea, IDEA, ecb, ECB, 0, 128, 64, 0, block)
+/* idea128cbc_functions */
+IMPLEMENT_generic_cipher(idea, IDEA, cbc, CBC, 0, 128, 64, 64, block)
+/* idea128ofb64_functions */
+IMPLEMENT_generic_cipher(idea, IDEA, ofb64, OFB, 0, 128, 8, 64, stream)
+/* idea128cfb64_functions */
+IMPLEMENT_generic_cipher(idea, IDEA, cfb64,  CFB, 0, 128, 8, 64, stream)
diff --git a/providers/default/ciphers/cipher_blowfish.h 

[openssl] master update

2019-09-17 Thread shane . lontis
The branch master has been updated
   via  ecae0575103918868b29cc11aa35e3b91fe7dcc8 (commit)
  from  793374c82abd3215ec33d989810214a871849eda (commit)


- Log -
commit ecae0575103918868b29cc11aa35e3b91fe7dcc8
Author: Shane Lontis 
Date:   Wed Sep 18 15:26:19 2019 +1000

Fix Compiler error/warning for windows icl build

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9907)

---

Summary of changes:
 include/internal/refcount.h | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/include/internal/refcount.h b/include/internal/refcount.h
index eddf12415f..1619b28932 100644
--- a/include/internal/refcount.h
+++ b/include/internal/refcount.h
@@ -73,6 +73,21 @@ static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, 
void *lock)
 __atomic_thread_fence(__ATOMIC_ACQUIRE);
 return 1;
 }
+#  elif defined(__ICL) && defined(_WIN32)
+#   define HAVE_ATOMICS 1
+typedef volatile int CRYPTO_REF_COUNT;
+
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+{
+*ret = _InterlockedExchangeAdd((void *)val, 1) + 1;
+return 1;
+}
+
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+{
+*ret = _InterlockedExchangeAdd((void *)val, -1) - 1;
+return 1;
+}
 
 #  elif defined(_MSC_VER) && _MSC_VER>=1200
 


[openssl] master update

2019-09-17 Thread shane . lontis
The branch master has been updated
   via  793374c82abd3215ec33d989810214a871849eda (commit)
  from  d5d32e784dd2ac25b3c773893f94484bcda5a23d (commit)


- Log -
commit 793374c82abd3215ec33d989810214a871849eda
Author: Shane Lontis 
Date:   Wed Sep 18 15:20:30 2019 +1000

Fix Coverity CID:1453685 'unreachable code' in aes_xts code.

Reviewed-by: Richard Levitte 
Reviewed-by: Kurt Roeckx 
(Merged from https://github.com/openssl/openssl/pull/9902)

---

Summary of changes:
 providers/common/ciphers/cipher_aes_xts.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/providers/common/ciphers/cipher_aes_xts.c 
b/providers/common/ciphers/cipher_aes_xts.c
index c85475442b..0d642368b3 100644
--- a/providers/common/ciphers/cipher_aes_xts.c
+++ b/providers/common/ciphers/cipher_aes_xts.c
@@ -176,7 +176,6 @@ static int aes_xts_cipher(void *vctx, unsigned char *out, 
size_t *outl,
 else if (CRYPTO_xts128_encrypt(>xts, ctx->base.iv, in, out, inl,
ctx->base.enc))
 return 0;
-return 1;
 
 *outl = inl;
 return 1;
@@ -198,7 +197,6 @@ static int aes_xts_stream_update(void *vctx, unsigned char 
*out, size_t *outl,
 return 0;
 }
 
-*outl = inl;
 return 1;
 }
 


[openssl] master update

2019-09-17 Thread Richard Levitte
The branch master has been updated
   via  d5d32e784dd2ac25b3c773893f94484bcda5a23d (commit)
  from  dbcc7b45670483cc89428afe1d3c363ef83d76df (commit)


- Log -
commit d5d32e784dd2ac25b3c773893f94484bcda5a23d
Author: Richard Levitte 
Date:   Thu Sep 12 13:27:52 2019 +0200

crypto/bn/build.info: Correct use of SSE2 definition

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9879)

---

Summary of changes:
 crypto/bn/build.info | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 669256d8e3..18b5950f6d 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -96,7 +96,7 @@ IF[{- !$disabled{asm} -}]
   $BNDEF=$BNDEF $BNDEF_{- $target{asm_arch} -}_ec2m
 ENDIF
 IF[{- !$disabled{sse2} -}]
-  DEFINE[]=$BNDEF_{- $target{asm_arch} -}_sse2
+  $BNDEF=$BNDEF $BNDEF_{- $target{asm_arch} -}_sse2
 ENDIF
   ENDIF
 ENDIF


[openssl] master update

2019-09-17 Thread matthias . st . pierre
The branch master has been updated
   via  dbcc7b45670483cc89428afe1d3c363ef83d76df (commit)
  from  8c95977fbf401df72c9a236348130ba4483d7691 (commit)


- Log -
commit dbcc7b45670483cc89428afe1d3c363ef83d76df
Author: Jon Spillett 
Date:   Mon Sep 2 10:06:29 2019 +1000

apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present

Currently the pkcs12 app will only ever print the first value of a 
multi-value
attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) 
but
may miss values for other attributes.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/9751)

---

Summary of changes:
 CHANGES   |  4 
 apps/pkcs12.c | 64 +++
 2 files changed, 42 insertions(+), 26 deletions(-)

diff --git a/CHANGES b/CHANGES
index 65b344efe4..c32f768fc8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX ]
 
+  *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
+ the first value.
+ [Jon Spillett]
+
   *) Deprecated the public definition of ERR_STATE as well as the function
  ERR_get_state().  This is done in preparation of making ERR_STATE an
  opaque type.
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 407340b388..902b75029c 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const 
STACK_OF(PKCS12_SAFEBAG) *bags,
 int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
  const char *pass, int passlen,
  int options, char *pempass, const EVP_CIPHER *enc);
+void print_attribute(BIO *out, const ASN1_TYPE *av);
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
   const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 return ret;
 }
 
+/* Generalised x509 attribute value print */
+
+void print_attribute(BIO *out, const ASN1_TYPE *av)
+{
+char *value;
+
+switch (av->type) {
+case V_ASN1_BMPSTRING:
+value = OPENSSL_uni2asc(av->value.bmpstring->data,
+av->value.bmpstring->length);
+BIO_printf(out, "%s\n", value);
+OPENSSL_free(value);
+break;
+
+case V_ASN1_OCTET_STRING:
+hex_prin(out, av->value.octet_string->data,
+ av->value.octet_string->length);
+BIO_printf(out, "\n");
+break;
+
+case V_ASN1_BIT_STRING:
+hex_prin(out, av->value.bit_string->data,
+ av->value.bit_string->length);
+BIO_printf(out, "\n");
+break;
+
+default:
+BIO_printf(out, "\n", av->type);
+break;
+}
+}
+
 /* Generalised attribute print: handle PKCS#8 and bag attributes */
 
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
@@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) 
*attrlst,
 {
 X509_ATTRIBUTE *attr;
 ASN1_TYPE *av;
-char *value;
-int i, attr_nid;
+int i, j, attr_nid;
 if (!attrlst) {
 BIO_printf(out, "%s: \n", name);
 return 1;
@@ -910,30 +942,10 @@ int print_attribs(BIO *out, const 
STACK_OF(X509_ATTRIBUTE) *attrlst,
 }
 
 if (X509_ATTRIBUTE_count(attr)) {
-av = X509_ATTRIBUTE_get0_type(attr, 0);
-switch (av->type) {
-case V_ASN1_BMPSTRING:
-value = OPENSSL_uni2asc(av->value.bmpstring->data,
-av->value.bmpstring->length);
-BIO_printf(out, "%s\n", value);
-OPENSSL_free(value);
-break;
-
-case V_ASN1_OCTET_STRING:
-hex_prin(out, av->value.octet_string->data,
- av->value.octet_string->length);
-BIO_printf(out, "\n");
-break;
-
-case V_ASN1_BIT_STRING:
-hex_prin(out, av->value.bit_string->data,
- av->value.bit_string->length);
-BIO_printf(out, "\n");
-break;
-
-default:
-BIO_printf(out, "\n", av->type);
-break;
+for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
+{
+av = X509_ATTRIBUTE_get0_type(attr, j);
+print_attribute(out, av);
 }
 } else {
 BIO_printf(out, "\n");


[openssl] master update

2019-09-16 Thread shane . lontis
The branch master has been updated
   via  8c95977fbf401df72c9a236348130ba4483d7691 (commit)
  from  3b2f8c771a1babbe223c9f1ca76fbc9dec5f915f (commit)


- Log -
commit 8c95977fbf401df72c9a236348130ba4483d7691
Author: Shane Lontis 
Date:   Tue Sep 17 13:34:47 2019 +1000

Fix Solaris aes_hw_t4 compile issue

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9910)

---

Summary of changes:
 providers/common/ciphers/cipher_aes_hw_t4.inc | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/providers/common/ciphers/cipher_aes_hw_t4.inc 
b/providers/common/ciphers/cipher_aes_hw_t4.inc
index f7e363e5c3..8722fa0add 100644
--- a/providers/common/ciphers/cipher_aes_hw_t4.inc
+++ b/providers/common/ciphers/cipher_aes_hw_t4.inc
@@ -17,34 +17,35 @@ static int cipher_hw_aes_t4_initkey(PROV_CIPHER_CTX *dat,
 {
 int ret, bits;
 PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+AES_KEY *ks = >ks.ks;
 
-dat->ks = >ks.ks;
+dat->ks = (const void *)ks; /* used by cipher_hw_generic_XXX */
 
 bits = keylen * 8;
 if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
 && !dat->enc) {
 ret = 0;
-aes_t4_set_decrypt_key(key, bits, dat->ks);
-dat->block = (block128_f) aes_t4_decrypt;
+aes_t4_set_decrypt_key(key, bits, ks);
+dat->block = (block128_f)aes_t4_decrypt;
 switch (bits) {
 case 128:
 dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
-(cbc128_f) aes128_t4_cbc_decrypt : NULL;
+(cbc128_f)aes128_t4_cbc_decrypt : NULL;
 break;
 case 192:
 dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
-(cbc128_f) aes192_t4_cbc_decrypt : NULL;
+(cbc128_f)aes192_t4_cbc_decrypt : NULL;
 break;
 case 256:
 dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
-(cbc128_f) aes256_t4_cbc_decrypt : NULL;
+(cbc128_f)aes256_t4_cbc_decrypt : NULL;
 break;
 default:
 ret = -1;
 }
 } else {
 ret = 0;
-aes_t4_set_encrypt_key(key, bits, dat->ks);
+aes_t4_set_encrypt_key(key, bits, ks);
 dat->block = (block128_f)aes_t4_encrypt;
 switch (bits) {
 case 128:


[openssl] master update

2019-09-16 Thread bernd . edlinger
The branch master has been updated
   via  3b2f8c771a1babbe223c9f1ca76fbc9dec5f915f (commit)
  from  1aa89a7a3afb053d0c0b7fad8d3ea1b0a5447289 (commit)


- Log -
commit 3b2f8c771a1babbe223c9f1ca76fbc9dec5f915f
Author: Bernd Edlinger 
Date:   Fri Sep 13 10:45:29 2019 +0200

Fix building statically without any dso support

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9895)

---

Summary of changes:
 Configure | 5 +++--
 INSTALL   | 3 +++
 crypto/include/internal/dso_conf.h.in | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Configure b/Configure
index 92c9d4e4d9..4415e1d6bc 100755
--- a/Configure
+++ b/Configure
@@ -350,6 +350,7 @@ my @disablables = (
 "dgram",
 "dh",
 "dsa",
+"dso",
 "dtls",
 "dynamic-engine",
 "ec",
@@ -442,7 +443,6 @@ my %deprecated_disablables = (
 "hw-padlock" => "padlockeng",
 "ripemd" => "rmd160",
 "ui" => "ui-console",
-"dso" => undef,
 "heartbeats" => undef,
 );
 
@@ -510,6 +510,7 @@ my @disable_cascades = (
 # (note that even with shared libraries, both the app and dynamic engines
 # must be linked with the same library)
 "shared"=> [ "dynamic-engine", "uplink" ],
+"dso"   => [ "dynamic-engine", "module" ],
 # Other modules don't necessarily have to link with libcrypto, so shared
 # libraries do not have to be a condition to produce those.
 
@@ -1239,7 +1240,7 @@ foreach my $what (sort keys %disabled) {
 
 $skipdir{engines} = $what if $what eq 'engine';
 $skipdir{"crypto/$skipdir"} = $what
-unless $what eq 'async' || $what eq 'err';
+unless $what eq 'async' || $what eq 'err' || $what eq 'dso';
 }
 }
 
diff --git a/INSTALL b/INSTALL
index c02ceb1255..d576548c89 100644
--- a/INSTALL
+++ b/INSTALL
@@ -364,6 +364,9 @@
Don't build support for datagram based BIOs. Selecting this
option will also force the disabling of DTLS.
 
+  no-dso
+   Don't build support for loading Dynamic Shared Objects.
+
   enable-devcryptoeng
Build the /dev/crypto engine.  It is automatically selected
on BSD implementations, in which case it can be disabled 
with
diff --git a/crypto/include/internal/dso_conf.h.in 
b/crypto/include/internal/dso_conf.h.in
index b6703f7c1d..9a373b2032 100644
--- a/crypto/include/internal/dso_conf.h.in
+++ b/crypto/include/internal/dso_conf.h.in
@@ -16,7 +16,7 @@
 # has support compiled in for them. Currently each method is enabled
 # by a define "DSO_" ... we translate the "dso_scheme" config
 # string entry into using the following logic;
-my $scheme = uc $target{dso_scheme};
+my $scheme = $disabled{dso} ? undef : uc $target{dso_scheme};
 if (!$scheme) {
 $scheme = "NONE";
 }


[openssl] master update

2019-09-16 Thread Matt Caswell
The branch master has been updated
   via  6ef03ea98fac501e6d6e33bac6ad3c92ea074712 (commit)
  from  1ce6044206a371680ea44219ea63dae2a1bba3d1 (commit)


- Log -
commit 6ef03ea98fac501e6d6e33bac6ad3c92ea074712
Author: ManishPatidar1 
Date:   Mon Sep 9 19:02:56 2019 +0530

clearing the ecx private key memory

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9830)

---

Summary of changes:
 crypto/ec/ecx_meth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 75ea96754f..b88139218a 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -195,7 +195,7 @@ static int ecx_priv_decode(EVP_PKEY *pkey, const 
PKCS8_PRIV_KEY_INFO *p8)
 }
 
 rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE);
-ASN1_OCTET_STRING_free(oct);
+ASN1_STRING_clear_free(oct);
 return rv;
 }
 


[openssl] master update

2019-09-16 Thread Dr . Paul Dale
The branch master has been updated
   via  1ce6044206a371680ea44219ea63dae2a1bba3d1 (commit)
  from  2710e8a88809c54a654baa5594b7a474ce07a8e7 (commit)


- Log -
commit 1ce6044206a371680ea44219ea63dae2a1bba3d1
Author: Pauli 
Date:   Mon Sep 16 13:22:56 2019 +1000

Avoid mentioning ctrl_str in the MAC documentation.

Change to mentioning params instead.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9908)

---

Summary of changes:
 doc/man1/openssl-mac.pod | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/doc/man1/openssl-mac.pod b/doc/man1/openssl-mac.pod
index abfbb560ec..d2e6c7f262 100644
--- a/doc/man1/openssl-mac.pod
+++ b/doc/man1/openssl-mac.pod
@@ -49,7 +49,7 @@ Output the MAC in binary form. Uses hexadecimal text format 
if not specified.
 Passes options to the MAC algorithm.
 A comprehensive list of controls can be found in the EVP_MAC implementation
 documentation.
-Common control strings used by EVP_MAC_ctrl_str() are:
+Common parameter names used by EVP_MAC_CTX_get_params() are:
 
 =over 4
 
@@ -144,12 +144,12 @@ The B command can be used to list 
them.
 
 L,
 L,
-L,
-L,
-L,
-L,
-L,
-L
+L,
+L,
+L,
+L,
+L,
+L
 
 =head1 COPYRIGHT
 


[openssl] master update

2019-09-16 Thread Dr . Paul Dale
The branch master has been updated
   via  2710e8a88809c54a654baa5594b7a474ce07a8e7 (commit)
  from  55c7dc79274f7256f573d99353f887263b162b7b (commit)


- Log -
commit 2710e8a88809c54a654baa5594b7a474ce07a8e7
Author: Pauli 
Date:   Mon Sep 16 11:15:25 2019 +1000

Use "PARAMETERS" in the documentation headings.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9906)

---

Summary of changes:
 doc/man3/EVP_DigestInit.pod | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 7f5a1e5db2..69a52d10aa 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -146,17 +146,17 @@ See L below for more information.
 =item EVP_MD_get_params()
 
 Retrieves the requested list of B from a MD B.
-See L below for more information.
+See L below for more information.
 
 =item EVP_MD_CTX_get_params()
 
 Retrieves the requested list of B from a MD context B.
-See L below for more information.
+See L below for more information.
 
 =item EVP_MD_CTX_set_params()
 
 Sets the list of B into a MD context B.
-See L below for more information.
+See L below for more information.
 
 =item EVP_MD_gettable_params(), EVP_MD_CTX_gettable_params(),
 EVP_MD_CTX_settable_params()
@@ -331,7 +331,7 @@ I as argument.
 
 =back
 
-=head1 PARAMS
+=head1 PARAMETERS
 
 See L for information about passing parameters.
 


[openssl] master update

2019-09-15 Thread shane . lontis
The branch master has been updated
   via  55c7dc79274f7256f573d99353f887263b162b7b (commit)
  from  7bb82f92d94375e7673fe02cb8186595b2c539f2 (commit)


- Log -
commit 55c7dc79274f7256f573d99353f887263b162b7b
Author: Shane Lontis 
Date:   Sun Sep 15 20:06:28 2019 +1000

Add blowfish ciphers to default provider

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9887)

---

Summary of changes:
 crypto/evp/evp_enc.c   |  4 ++
 providers/common/ciphers/cipher_aes_xts.c  |  8 +--
 providers/common/ciphers/cipher_common.c   | 13 ++--
 providers/common/ciphers/cipher_tdes.c |  5 +-
 .../common/include/internal/ciphers/cipher_tdes.h  |  4 +-
 .../common/include/internal/ciphers/ciphercommon.h | 82 +-
 providers/common/include/internal/provider_algs.h  |  6 ++
 providers/default/ciphers/build.info   |  5 ++
 providers/default/ciphers/cipher_blowfish.c| 46 
 providers/default/ciphers/cipher_blowfish.h| 24 +++
 providers/default/ciphers/cipher_blowfish_hw.c | 36 ++
 providers/default/ciphers/cipher_tdes_wrap.c   |  2 +-
 providers/default/defltprov.c  |  6 ++
 13 files changed, 225 insertions(+), 16 deletions(-)
 create mode 100644 providers/default/ciphers/cipher_blowfish.c
 create mode 100644 providers/default/ciphers/cipher_blowfish.h
 create mode 100644 providers/default/ciphers/cipher_blowfish_hw.c

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 6d657f76cd..9a4e40d9a9 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -231,6 +231,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 case NID_des_ede_cfb64:
 case NID_desx_cbc:
 case NID_id_smime_alg_CMS3DESwrap:
+case NID_bf_cbc:
+case NID_bf_ecb:
+case NID_bf_cfb64:
+case NID_bf_ofb64:
 break;
 default:
 goto legacy;
diff --git a/providers/common/ciphers/cipher_aes_xts.c 
b/providers/common/ciphers/cipher_aes_xts.c
index feaa36991f..c85475442b 100644
--- a/providers/common/ciphers/cipher_aes_xts.c
+++ b/providers/common/ciphers/cipher_aes_xts.c
@@ -106,13 +106,13 @@ static int aes_xts_dinit(void *vctx, const unsigned char 
*key, size_t keylen,
 return aes_xts_init(vctx, key, keylen, iv, ivlen, 0);
 }
 
-static void *aes_xts_newctx(void *provctx, unsigned int mode, size_t kbits,
-size_t blkbits, size_t ivbits)
+static void *aes_xts_newctx(void *provctx, unsigned int mode, uint64_t flags,
+size_t kbits, size_t blkbits, size_t ivbits)
 {
 PROV_AES_XTS_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
 if (ctx != NULL) {
-cipher_generic_initkey(>base, kbits, blkbits, ivbits, mode,
+cipher_generic_initkey(>base, kbits, blkbits, ivbits, mode, flags,
PROV_CIPHER_HW_aes_xts(kbits), NULL);
 }
 return ctx;
@@ -255,7 +255,7 @@ static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM 
params[])\
 static OSSL_OP_cipher_newctx_fn aes_##kbits##_xts_newctx;  
\
 static void *aes_##kbits##_xts_newctx(void *provctx)   
\
 {  
\
-return aes_xts_newctx(provctx, EVP_CIPH_##UCMODE##_MODE, 2 * kbits,
\
+return aes_xts_newctx(provctx, EVP_CIPH_##UCMODE##_MODE, flags, 2 * kbits, 
\
   AES_XTS_BLOCK_BITS, AES_XTS_IV_BITS);
\
 }  
\
 const OSSL_DISPATCH aes##kbits##xts_functions[] = {
\
diff --git a/providers/common/ciphers/cipher_common.c 
b/providers/common/ciphers/cipher_common.c
index 18d6dd9ca5..3c45dd5b9a 100644
--- a/providers/common/ciphers/cipher_common.c
+++ b/providers/common/ciphers/cipher_common.c
@@ -124,9 +124,13 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX 
*ctx,
 memcpy(ctx->iv, iv, ctx->ivlen);
 }
 if (key != NULL) {
-if (keylen != ctx->keylen) {
-ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
-return 0;
+if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) {
+if (keylen != ctx->keylen) {
+ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
+return 0;
+}
+} else {
+ctx->keylen = keylen;
 }
 return ctx->hw->init(ctx, key, ctx->keylen);
 }
@@ -384,11 +388,12 @@ int cipher_generic_set_ctx_params(void *vctx, const 
OSSL_PARAM params[])
 }
 
 void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
-

[openssl] master update

2019-09-15 Thread shane . lontis
The branch master has been updated
   via  7bb82f92d94375e7673fe02cb8186595b2c539f2 (commit)
  from  dd11c5f0fa809063b152cd2851c4c1e56fbd20c8 (commit)


- Log -
commit 7bb82f92d94375e7673fe02cb8186595b2c539f2
Author: Shane Lontis 
Date:   Sun Sep 15 19:55:10 2019 +1000

Add fips module integrity check

Add environment variable for setting CONF .include path

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9769)

---

Summary of changes:
 .gitignore |   2 +
 apps/fipsinstall.c |   1 +
 crypto/conf/conf_def.c |  25 ++-
 crypto/provider_core.c |   2 +-
 doc/man5/config.pod|   7 +-
 doc/man7/provider-base.pod |   4 +-
 include/openssl/core_numbers.h |   6 +-
 providers/fips/build.info  |   2 +-
 providers/fips/fipsprov.c  |  12 +-
 providers/fips/selftest.c  | 150 +
 providers/fips/selftest.h  |   7 +-
 test/build.info|   6 +-
 test/{default.cnf => default-and-fips.cnf} |   3 +
 test/evp_extra_test.c  | 336 +
 test/evp_fetch_prov_test.c | 251 +
 test/fips.cnf  |   5 +-
 test/recipes/30-test_evp.t |  20 +-
 test/recipes/30-test_evp_fetch_prov.t  |  79 +++
 18 files changed, 563 insertions(+), 355 deletions(-)
 create mode 100644 providers/fips/selftest.c
 copy test/{default.cnf => default-and-fips.cnf} (75%)
 create mode 100644 test/evp_fetch_prov_test.c
 create mode 100644 test/recipes/30-test_evp_fetch_prov.t

diff --git a/.gitignore b/.gitignore
index fb08a3c5b0..9fdd588e4f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,6 +61,8 @@ Makefile
 /test/rsa_complex
 # Other generated files in test/
 /test/provider_internal_test.conf
+/test/fipsinstall.conf
+/providers/fipsinstall.conf
 
 # Certain files that get created by tests on the fly
 /test/test-runs
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index 2aedcbaa6c..78200c5876 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -128,6 +128,7 @@ static int write_config_fips_section(BIO *out, const char 
*section,
 int ret = 0;
 
 if (!(BIO_printf(out, "[%s]\n", section) > 0
+  && BIO_printf(out, "activate = 1\n") > 0
   && BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
 VERSION_VAL) > 0
   && print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac,
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index cbf0b2b183..ff4c43fc75 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -352,6 +352,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 && (p != pname + 8 || *p == '=')) {
 char *include = NULL;
 BIO *next;
+const char *include_dir = 
ossl_safe_getenv("OPENSSL_CONF_INCLUDE");
+char *include_path = NULL;
 
 if (*p == '=') {
 p++;
@@ -360,17 +362,34 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 trim_ws(conf, p);
 if (!str_copy(conf, psection, , p))
 goto err;
+
+if (include_dir != NULL) {
+size_t newlen = strlen(include_dir) + strlen(include) + 2;
+
+include_path = OPENSSL_malloc(newlen);
+OPENSSL_strlcpy(include_path, include_dir, newlen);
+OPENSSL_strlcat(include_path, "/", newlen);
+OPENSSL_strlcat(include_path, include, newlen);
+} else {
+include_path = include;
+}
+
 /* get the BIO of the included file */
 #ifndef OPENSSL_NO_POSIX_IO
-next = process_include(include, , );
-if (include != dirpath) {
+next = process_include(include_path, , );
+if (include_path != dirpath) {
 /* dirpath will contain include in case of a directory */
 OPENSSL_free(include);
+if (include_path != include)
+OPENSSL_free(include_path);
 }
 #else
-next = BIO_new_file(include, "r");
+next = BIO_new_file(include_path, "r");
 OPENSSL_free(include);
+if (include_path != include)
+OPENSSL_free(include_path);
 #endif
+
 if (next != NULL) {
 /* push the currently processing BIO onto stack */
 if (biosk == NULL) {
diff --git 

[openssl] master update

2019-09-15 Thread shane . lontis
The branch master has been updated
   via  dd11c5f0fa809063b152cd2851c4c1e56fbd20c8 (commit)
  from  f407a9a998f95f693a7127bc76a2c922dfaedbdb (commit)


- Log -
commit dd11c5f0fa809063b152cd2851c4c1e56fbd20c8
Author: Shane Lontis 
Date:   Sun Sep 15 19:33:04 2019 +1000

Fix compile error detected by Solaris build

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9901)

---

Summary of changes:
 crypto/include/internal/ciphermode_platform.h | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/crypto/include/internal/ciphermode_platform.h 
b/crypto/include/internal/ciphermode_platform.h
index f357ea5c84..a99ce0d495 100644
--- a/crypto/include/internal/ciphermode_platform.h
+++ b/crypto/include/internal/ciphermode_platform.h
@@ -238,12 +238,6 @@ void aes_t4_encrypt(const unsigned char *in, unsigned char 
*out,
 const AES_KEY *key);
 void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
 const AES_KEY *key);
-void des_t4_key_expand(const void *key, DES_key_schedule *ks);
-void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
- const DES_key_schedule ks[3], unsigned char 
iv[8]);
-void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
- const DES_key_schedule ks[3], unsigned char 
iv[8]);
-
 /*
  * Key-length specific subroutines were chosen for following reason.
  * Each SPARC T4 core can execute up to 8 threads which share core's
@@ -295,6 +289,15 @@ void aes256_t4_xts_decrypt(const unsigned char *in, 
unsigned char *out,
size_t blocks, const AES_KEY *key1,
const AES_KEY *key2, const unsigned char *ivec);
 
+#  ifndef OPENSSL_NO_DES
+#   include 
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
+ const DES_key_schedule ks[3], unsigned char 
iv[8]);
+void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
+ const DES_key_schedule ks[3], unsigned char 
iv[8]);
+#  endif /*  OPENSSL_NO_DES */
+
 # elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
 /* IBM S390X support */
 #  include "s390x_arch.h"


[openssl] master update

2019-09-15 Thread shane . lontis
The branch master has been updated
   via  f407a9a998f95f693a7127bc76a2c922dfaedbdb (commit)
  from  64c1e74572f16a3e7c225f66fe85a3451ad39e68 (commit)


- Log -
commit f407a9a998f95f693a7127bc76a2c922dfaedbdb
Author: Shane Lontis 
Date:   Sun Sep 15 19:29:02 2019 +1000

Fix aesni_xts compile error

Block copy bug..

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9900)

---

Summary of changes:
 providers/common/ciphers/cipher_aes_xts_hw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/common/ciphers/cipher_aes_xts_hw.c 
b/providers/common/ciphers/cipher_aes_xts_hw.c
index 2b06c5bb4b..9ac70c4fa8 100644
--- a/providers/common/ciphers/cipher_aes_xts_hw.c
+++ b/providers/common/ciphers/cipher_aes_xts_hw.c
@@ -84,7 +84,7 @@ static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx,
 PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
 
 XTS_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key,
-   aesni_xts_encrypt, aesni_decrypt,
+   aesni_encrypt, aesni_decrypt,
aesni_xts_encrypt, aesni_xts_decrypt);
 return 1;
 }


[openssl] master update

2019-09-15 Thread Richard Levitte
The branch master has been updated
   via  64c1e74572f16a3e7c225f66fe85a3451ad39e68 (commit)
  from  a218770d4de819afc9453284dc13b609eeea4639 (commit)


- Log -
commit 64c1e74572f16a3e7c225f66fe85a3451ad39e68
Author: Jan-Frederik Rieckers 
Date:   Fri Sep 13 19:34:14 2019 +0200

Fix small typo in doc for X509_STORE_CTX_new

CLA: trivial

Reviewed-by: Matthias St. Pierre 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9894)

---

Summary of changes:
 doc/man3/X509_STORE_CTX_new.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod
index 89e548dc75..db8416fab4 100644
--- a/doc/man3/X509_STORE_CTX_new.pod
+++ b/doc/man3/X509_STORE_CTX_new.pod
@@ -28,7 +28,7 @@ X509_STORE_CTX_verify_fn
  void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) 
*sk);
 
  void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
- STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx);
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
  void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) 
*chain);
  void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 


[openssl] master update

2019-09-14 Thread Dr . Paul Dale
The branch master has been updated
   via  a218770d4de819afc9453284dc13b609eeea4639 (commit)
  from  f3f3318a25e62f471a69e1e8dd117bf30191da20 (commit)


- Log -
commit a218770d4de819afc9453284dc13b609eeea4639
Author: Pauli 
Date:   Sun Sep 15 09:44:14 2019 +1000

Fix examples in the section 7 KDF man pages.

All of the examples called EVP_KDF_set_params() when they should have been
calling EVP_KDF_CTX_set_params().

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9898)

---

Summary of changes:
 doc/man7/EVP_KDF-HKDF.pod |  4 ++--
 doc/man7/EVP_KDF-SCRYPT.pod   |  4 ++--
 doc/man7/EVP_KDF-SS.pod   | 12 ++--
 doc/man7/EVP_KDF-SSHKDF.pod   |  2 +-
 doc/man7/EVP_KDF-TLS1_PRF.pod |  4 ++--
 doc/man7/EVP_KDF-X942.pod |  4 ++--
 doc/man7/EVP_KDF-X963.pod |  4 ++--
 7 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod
index 746e7fb972..fb675b2d45 100644
--- a/doc/man7/EVP_KDF-HKDF.pod
+++ b/doc/man7/EVP_KDF-HKDF.pod
@@ -119,8 +119,8 @@ salt value "salt" and info value "label":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
   "salt", (size_t)4);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_params(kctx, params) <= 0) {
- error("EVP_KDF_set_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+ error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
  error("EVP_KDF_derive");
diff --git a/doc/man7/EVP_KDF-SCRYPT.pod b/doc/man7/EVP_KDF-SCRYPT.pod
index ce22aaa7ca..dff8e15f39 100644
--- a/doc/man7/EVP_KDF-SCRYPT.pod
+++ b/doc/man7/EVP_KDF-SCRYPT.pod
@@ -93,8 +93,8 @@ This example derives a 64-byte long test vector using scrypt 
with the password
  *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8);
  *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_params(kctx, params) <= 0) {
- error("EVP_KDF_set_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+ error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
  error("EVP_KDF_derive");
diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod
index be69606701..be45d9e3c7 100644
--- a/doc/man7/EVP_KDF-SS.pod
+++ b/doc/man7/EVP_KDF-SS.pod
@@ -92,8 +92,8 @@ and fixedinfo value "label":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
   "label", (size_t)5);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_params(kctx, params) <= 0) {
- error("EVP_KDF_set_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+ error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
  error("EVP_KDF_derive");
@@ -124,8 +124,8 @@ fixedinfo value "label" and salt "salt":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
   "salt", (size_t)4);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_params(kctx, params) <= 0) {
- error("EVP_KDF_set_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+ error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
  error("EVP_KDF_derive");
@@ -157,8 +157,8 @@ fixedinfo value "label", salt of "salt" and KMAC outlen of 
20:
   "salt", (size_t)4);
  *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_params(kctx, params) <= 0) {
- error("EVP_KDF_set_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+ error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
  error("EVP_KDF_derive");
diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod
index 0ed57626ef..cd05abe9dd 100644
--- a/doc/man7/EVP_KDF-SSHKDF.pod
+++ b/doc/man7/EVP_KDF-SSHKDF.pod
@@ -125,7 +125,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K 
"key" and appropriate
  *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE,
  EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_params(kctx, params) <= 0)
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
  /* Error */
 
  if (EVP_KDF_derive(kctx, out, ) <= 0)
diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod
index a04f811792..2adcf9f0aa 100644
--- a/doc/man7/EVP_KDF-TLS1_PRF.pod
+++ b/doc/man7/EVP_KDF-TLS1_PRF.pod
@@ -80,8 +80,8 @@ and seed value "seed":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
   "seed", 

[openssl] master update

2019-09-14 Thread Matt Caswell
The branch master has been updated
   via  f3f3318a25e62f471a69e1e8dd117bf30191da20 (commit)
  from  7b6b194b5281649ad5c50ecead0f3725d2d2a6a0 (commit)


- Log -
commit f3f3318a25e62f471a69e1e8dd117bf30191da20
Author: Andreas Kretschmer 
Date:   Thu Sep 5 13:21:03 2019 +0200

fix CRMF symmetric key handling

Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9774)

---

Summary of changes:
 crypto/crmf/crmf_lib.c | 39 ---
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index e519c50677..2974341446 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -29,6 +29,7 @@
 #include 
 
 #include "crmf_int.h"
+#include "internal/constant_time_locl.h"
 
 /* explicit #includes not strictly needed since implied by the above: */
 #include 
@@ -654,7 +655,9 @@ X509 
*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert,
 X509 *cert = NULL; /* decrypted certificate */
 EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */
 unsigned char *ek = NULL; /* decrypted symmetric encryption key */
+size_t eksize = 0; /* size of decrypted symmetric encryption key */
 const EVP_CIPHER *cipher = NULL; /* used cipher */
+int cikeysize = 0; /* key size from cipher */
 unsigned char *iv = NULL; /* initial vector for symmetric encryption */
 unsigned char *outbuf = NULL; /* decryption output buffer */
 const unsigned char *p = NULL; /* needed for decoding ASN1 */
@@ -673,18 +676,31 @@ X509 
*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert,
 CRMF_R_UNSUPPORTED_CIPHER);
 return NULL;
 }
-
+/* select symmetric cipher based on algorithm given in message */
+if ((cipher = EVP_get_cipherbynid(symmAlg)) == NULL) {
+CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
+CRMF_R_UNSUPPORTED_CIPHER);
+goto end;
+}
+cikeysize = EVP_CIPHER_key_length(cipher);
 /* first the symmetric key needs to be decrypted */
 pkctx = EVP_PKEY_CTX_new(pkey, NULL);
 if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx)) {
 ASN1_BIT_STRING *encKey = ecert->encSymmKey;
-size_t eksize = 0;
+size_t failure;
+int retval;
 
-if (EVP_PKEY_decrypt(pkctx, NULL, , encKey->data, 
encKey->length)
-<= 0
-|| (ek = OPENSSL_malloc(eksize)) == NULL
-|| EVP_PKEY_decrypt(pkctx, ek, , encKey->data,
-encKey->length) <= 0) {
+if (EVP_PKEY_decrypt(pkctx, NULL, ,
+ encKey->data, encKey->length) <= 0
+|| (ek = OPENSSL_malloc(eksize)) == NULL)
+goto oom;
+retval = EVP_PKEY_decrypt(pkctx, ek, ,
+  encKey->data, encKey->length);
+ERR_clear_error(); /* error state may have sensitive information */
+failure = ~constant_time_is_zero_s(constant_time_msb(retval)
+   | constant_time_is_zero(retval));
+failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize);
+if (failure) {
 CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
 CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY);
 goto end;
@@ -692,13 +708,6 @@ X509 
*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert,
 } else {
 goto oom;
 }
-
-/* select symmetric cipher based on algorithm given in message */
-if ((cipher = EVP_get_cipherbynid(symmAlg)) == NULL) {
-CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
-CRMF_R_UNSUPPORTED_CIPHER);
-goto end;
-}
 if ((iv = OPENSSL_malloc(EVP_CIPHER_iv_length(cipher))) == NULL)
 goto oom;
 if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv,
@@ -743,7 +752,7 @@ X509 
*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert,
 EVP_PKEY_CTX_free(pkctx);
 OPENSSL_free(outbuf);
 EVP_CIPHER_CTX_free(evp_ctx);
-OPENSSL_free(ek);
+OPENSSL_clear_free(ek, eksize);
 OPENSSL_free(iv);
 return cert;
 }


[openssl] master update

2019-09-13 Thread Dr . Paul Dale
The branch master has been updated
   via  7b6b194b5281649ad5c50ecead0f3725d2d2a6a0 (commit)
   via  f4651268b42dc5d7ccf29922d06b65e62d0ab2a1 (commit)
   via  1aa010093537a0b49facfb9b435b081989b6f08e (commit)
  from  3a9f26f3308c5b3e59ec0e589310fd137b0399f6 (commit)


- Log -
commit 7b6b194b5281649ad5c50ecead0f3725d2d2a6a0
Author: Pauli 
Date:   Fri Sep 13 19:37:40 2019 +1000

Use param types instead of native types in the param descriptions

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9891)

commit f4651268b42dc5d7ccf29922d06b65e62d0ab2a1
Author: Pauli 
Date:   Fri Sep 13 19:35:37 2019 +1000

Use param types for parameter descriptions.  Mention a size_t limit to 
those where it makes sense.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9891)

commit 1aa010093537a0b49facfb9b435b081989b6f08e
Author: Pauli 
Date:   Fri Sep 13 19:32:28 2019 +1000

Add wording to limit the 'size' parameter to no more than can be specified 
using a size_t variable

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9891)

---

Summary of changes:
 doc/man3/EVP_DigestInit.pod |  9 +
 doc/man3/EVP_KDF.pod| 10 ++
 doc/man3/EVP_MAC.pod| 11 ++-
 3 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index cc38235274..7f5a1e5db2 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -339,12 +339,13 @@ EVP_MD_CTX_set_params() can be used with the following 
OSSL_PARAM keys:
 
 =over 4
 
-=item OSSL_PARAM_DIGEST_KEY_XOFLEN 
+=item OSSL_PARAM_DIGEST_KEY_XOFLEN 
 
 Sets the digest length for extendable output functions.
-It is used by the SHAKE algorithm.
+It is used by the SHAKE algorithm and should not exceed what can be given
+using a B.
 
-=item OSSL_PARAM_DIGEST_KEY_PAD_TYPE 
+=item OSSL_PARAM_DIGEST_KEY_PAD_TYPE 
 
 Sets the pad type.
 It is used by the MDC2 algorithm.
@@ -355,7 +356,7 @@ EVP_MD_CTX_get_params() can be used with the following 
OSSL_PARAM keys:
 
 =over 4
 
-=item OSSL_PARAM_DIGEST_KEY_MICALG .
+=item OSSL_PARAM_DIGEST_KEY_MICALG .
 
 Gets the digest Message Integrity Check algorithm string. This is used when
 creating S/MIME multipart/signed messages, as specified in RFC 3851.
diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod
index 2069e7f0ee..2770c9534f 100644
--- a/doc/man3/EVP_KDF.pod
+++ b/doc/man3/EVP_KDF.pod
@@ -156,7 +156,7 @@ For those KDF implementations that support it, this 
parameter sets the salt.
 
 The default value, if any, is implementation dependent.
 
-=item B ("iter") 
+=item B ("iter") 
 
 Some KDF implementations require an iteration count.
 For those KDF implementations that support it, this parameter sets the
@@ -170,7 +170,7 @@ The default value, if any, is implementation dependent.
 
 =item B ("digest") 
 
-=item B ("engine") 
+=item B ("engine") 
 
 For KDF implementations that use an underlying computation MAC or
 digest, these parameters set what the algorithm should be, and the
@@ -189,15 +189,16 @@ Some KDF implementations require a key.
 For those KDF implementations that support it, this octet string parameter
 sets the key.
 
-=item B ("maclen") 
+=item B ("maclen") 
 
 Used by implementations that use a MAC with a variable output size (KMAC).
 For those KDF implementations that support it, this parameter
 sets the MAC output size.
 
 The default value, if any, is implementation dependent.
+The length must never exceed what can be given with a B.
 
-=item B ("macmaxmem_byteslen") 
+=item B ("macmaxmem_byteslen") 
 
 Memory-hard password-based KDF algorithms, such as scrypt, use an amount of
 memory that depends on the load factors provided as input.
@@ -208,6 +209,7 @@ If this memory usage limit is exceeded because the load 
factors are chosen
 too high, the key derivation will fail.
 
 The default value is implementation dependent.
+The memory size must never exceed what can be given with a B.
 
 =back
 
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index cf851354e7..4d819b7544 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -210,13 +210,13 @@ This option is used by KMAC.
 These will set the MAC flags to the given numbers.
 Some MACs do not support this option.
 
-=item B ("engine") 
+=item B ("engine") 
 
-=item B ("properties") 
+=item B ("properties") 
 
-=item B ("digest") 
+=item B ("digest") 
 
-=item B ("cipher") 
+=item B ("cipher") 
 
 For MAC implementations that use an underlying computation cipher or
 digest, these parameters set what the algorithm should be, and the
@@ -234,7 +234,8 @@ or SHAKE256.
 
 For MAC implementations that support it, set the output size that
 EVP_MAC_final() should produce.
-The 

[openssl] master update

2019-09-13 Thread shane . lontis
The branch master has been updated
   via  3a9f26f3308c5b3e59ec0e589310fd137b0399f6 (commit)
  from  88d870824f1f913877f0f978ae60879575daf56d (commit)


- Log -
commit 3a9f26f3308c5b3e59ec0e589310fd137b0399f6
Author: Shane Lontis 
Date:   Sat Sep 14 09:27:49 2019 +1000

Add aes_xts cipher to providers

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9327)

---

Summary of changes:
 crypto/err/openssl.txt |   2 +
 crypto/evp/evp_enc.c   |   2 +
 crypto/modes/build.info|   5 +-
 providers/common/ciphers/build.info|   4 +-
 providers/common/ciphers/cipher_aes_xts.c  | 286 +
 providers/common/ciphers/cipher_aes_xts.h  |  29 +++
 providers/common/ciphers/cipher_aes_xts_hw.c   | 153 +++
 providers/common/include/internal/provider_algs.h  |   2 +
 .../common/include/internal/providercommonerr.h|   2 +
 providers/common/provider_err.c|   4 +
 providers/default/defltprov.c  |   2 +
 providers/fips/fipsprov.c  |   6 +
 test/recipes/30-test_evp_data/evpciph.txt  |  18 +-
 13 files changed, 503 insertions(+), 12 deletions(-)
 create mode 100644 providers/common/ciphers/cipher_aes_xts.c
 create mode 100644 providers/common/ciphers/cipher_aes_xts.h
 create mode 100644 providers/common/ciphers/cipher_aes_xts_hw.c

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index f74659c599..700f1da20f 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2706,6 +2706,8 @@ PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type
 PROV_R_VALUE_ERROR:138:value error
 PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length
 PROV_R_WRONG_OUTPUT_BUFFER_SIZE:139:wrong output buffer size
+PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE:148:xts data unit is too large
+PROV_R_XTS_DUPLICATED_KEYS:149:xts duplicated keys
 RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long
 RAND_R_ALREADY_INSTANTIATED:103:already instantiated
 RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 466a03dbf3..6d657f76cd 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -163,6 +163,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER 
*cipher,
 case NID_aes_256_ctr:
 case NID_aes_192_ctr:
 case NID_aes_128_ctr:
+case NID_aes_128_xts:
+case NID_aes_256_xts:
 case NID_aes_256_gcm:
 case NID_aes_192_gcm:
 case NID_aes_128_gcm:
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
index fa5e52f50e..506e04d5fa 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -48,9 +48,10 @@ IF[{- !$disabled{asm} -}]
   ENDIF
 ENDIF
 
-$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c gcm128.c ccm128.c $MODESASM
+$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c 
$MODESASM
 SOURCE[../../libcrypto]=$COMMON \
-cts128.c xts128.c wrap128.c ocb128.c siv128.c
+cts128.c wrap128.c ocb128.c siv128.c
+
 DEFINE[../../libcrypto]=$MODESDEF
 SOURCE[../../providers/fips]=$COMMON
 DEFINE[../../providers/fips]=$MODESDEF
diff --git a/providers/common/ciphers/build.info 
b/providers/common/ciphers/build.info
index 0302cf151e..3f303e96b0 100644
--- a/providers/common/ciphers/build.info
+++ b/providers/common/ciphers/build.info
@@ -6,6 +6,7 @@ ENDIF
 
 $COMMON=cipher_common.c cipher_common_hw.c block.c \
 cipher_aes.c cipher_aes_hw.c \
+cipher_aes_xts.c cipher_aes_xts_hw.c \
 cipher_gcm.c cipher_gcm_hw.c \
 cipher_aes_gcm.c cipher_aes_gcm_hw.c \
 cipher_ccm.c cipher_ccm_hw.c \
@@ -16,4 +17,5 @@ SOURCE[../../../libcrypto]=$COMMON
 INCLUDE[../../../libcrypto]=. ../../../crypto
 
 SOURCE[../../fips]=$COMMON
-INCLUDE[../../fips]=. ../../../crypto
\ No newline at end of file
+INCLUDE[../../fips]=. ../../../crypto
+
diff --git a/providers/common/ciphers/cipher_aes_xts.c 
b/providers/common/ciphers/cipher_aes_xts.c
new file mode 100644
index 00..feaa36991f
--- /dev/null
+++ b/providers/common/ciphers/cipher_aes_xts.c
@@ -0,0 +1,286 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_aes_xts.h"
+#include "internal/provider_algs.h"
+#include "internal/providercommonerr.h"
+
+/* TODO (3.0) Figure out what flags need to be set */
+#define AES_XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV 
\
+  

[openssl] master update

2019-09-13 Thread shane . lontis
The branch master has been updated
   via  88d870824f1f913877f0f978ae60879575daf56d (commit)
  from  b4570683608a9a349aae20bfa13270cd2b5bee1d (commit)


- Log -
commit 88d870824f1f913877f0f978ae60879575daf56d
Author: Shane Lontis 
Date:   Sat Sep 14 09:11:28 2019 +1000

Fix S390X bad size_t that causes memory trash in legacy ciphers

This caused a SEGV inside tls13_enc() when using chacha_poly.
The tls code assigns the iv_length to a size_t (even though it is an int).
This is actually really bad since it could be -1, which will then trash the 
iv buffer.

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/9890)

---

Summary of changes:
 crypto/evp/evp_lib.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 5be04b0502..eeed7359a4 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -317,8 +317,8 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
 
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
 {
-int rv;
-size_t len, v = EVP_CIPHER_iv_length(ctx->cipher);
+int rv, len = EVP_CIPHER_iv_length(ctx->cipher);
+size_t v = len;
 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, );
@@ -331,9 +331,9 @@ legacy:
 if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
 rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
  0, );
-return (rv == 1) ? (int)len : -1;
+return (rv == 1) ? len : -1;
 }
-return v;
+return len;
 }
 
 int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)


[openssl] master update

2019-09-13 Thread Richard Levitte
The branch master has been updated
   via  b4570683608a9a349aae20bfa13270cd2b5bee1d (commit)
  from  f28bc7d386b25fb75625d0c62c6b2e6d21de0d09 (commit)


- Log -
commit b4570683608a9a349aae20bfa13270cd2b5bee1d
Author: Rich Salz 
Date:   Thu Sep 12 13:06:04 2019 -0400

ERR: Change get_error_values() to use an enum

Reviewed-by: Tomas Mraz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9870)

---

Summary of changes:
 crypto/err/err.c | 83 +++-
 1 file changed, 40 insertions(+), 43 deletions(-)

diff --git a/crypto/err/err.c b/crypto/err/err.c
index 51115fd00a..6ad995d679 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -131,9 +131,14 @@ static ERR_STRING_DATA *int_err_get_item(const 
ERR_STRING_DATA *);
 static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
 static int int_err_library_number = ERR_LIB_USER;
 
-static unsigned long get_error_values(int inc, int top, const char **file,
-  int *line, const char **func,
-  const char **data, int *flags);
+typedef enum ERR_GET_ACTION_e {
+EV_POP, EV_PEEK, EV_PEEK_LAST
+} ERR_GET_ACTION;
+
+static unsigned long get_error_values(ERR_GET_ACTION g,
+  const char **file, int *line,
+  const char **func, const char **data,
+  int *flags);
 
 static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
 {
@@ -377,111 +382,112 @@ void ERR_clear_error(void)
 
 unsigned long ERR_get_error(void)
 {
-return get_error_values(1, 0, NULL, NULL, NULL, NULL, NULL);
+return get_error_values(EV_POP, NULL, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_get_error_line(const char **file, int *line)
 {
-return get_error_values(1, 0, file, line, NULL, NULL, NULL);
+return get_error_values(EV_POP, file, line, NULL, NULL, NULL);
 }
 
 unsigned long ERR_get_error_func(const char **func)
 {
-return get_error_values(1, 0, NULL, NULL, func, NULL, NULL);
+return get_error_values(EV_POP, NULL, NULL, func, NULL, NULL);
 }
 
 unsigned long ERR_get_error_data(const char **data, int *flags)
 {
-return get_error_values(1, 0, NULL, NULL, NULL, data, flags);
+return get_error_values(EV_POP, NULL, NULL, NULL, data, flags);
 }
 
 unsigned long ERR_get_error_all(const char **file, int *line,
 const char **func,
 const char **data, int *flags)
 {
-return get_error_values(1, 0, file, line, func, data, flags);
+return get_error_values(EV_POP, file, line, func, data, flags);
 }
 
 #if !OPENSSL_API_3
 unsigned long ERR_get_error_line_data(const char **file, int *line,
   const char **data, int *flags)
 {
-return get_error_values(1, 0, file, line, NULL, data, flags);
+return get_error_values(EV_POP, file, line, NULL, data, flags);
 }
 #endif
 
 unsigned long ERR_peek_error(void)
 {
-return get_error_values(0, 0, NULL, NULL, NULL, NULL, NULL);
+return get_error_values(EV_PEEK, NULL, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_peek_error_line(const char **file, int *line)
 {
-return get_error_values(0, 0, file, line, NULL, NULL, NULL);
+return get_error_values(EV_PEEK, file, line, NULL, NULL, NULL);
 }
 
 unsigned long ERR_peek_error_func(const char **func)
 {
-return get_error_values(0, 0, NULL, NULL, func, NULL, NULL);
+return get_error_values(EV_PEEK, NULL, NULL, func, NULL, NULL);
 }
 
 unsigned long ERR_peek_error_data(const char **data, int *flags)
 {
-return get_error_values(0, 0, NULL, NULL, NULL, data, flags);
+return get_error_values(EV_PEEK, NULL, NULL, NULL, data, flags);
 }
 
 unsigned long ERR_peek_error_all(const char **file, int *line,
  const char **func,
  const char **data, int *flags)
 {
-return get_error_values(0, 0, file, line, func, data, flags);
+return get_error_values(EV_PEEK, file, line, func, data, flags);
 }
 
 #if !OPENSSL_API_3
 unsigned long ERR_peek_error_line_data(const char **file, int *line,
const char **data, int *flags)
 {
-return get_error_values(0, 0, file, line, NULL, data, flags);
+return get_error_values(EV_PEEK, file, line, NULL, data, flags);
 }
 #endif
 
 unsigned long ERR_peek_last_error(void)
 {
-return get_error_values(0, 1, NULL, NULL, NULL, NULL, NULL);
+return get_error_values(EV_PEEK_LAST, NULL, NULL, NULL, NULL, NULL);
 }
 
 unsigned long ERR_peek_last_error_line(const char **file, int *line)
 {
-return get_error_values(0, 1, file, line, NULL, NULL, NULL);
+return get_error_values(EV_PEEK_LAST, file, 

[openssl] master update

2019-09-13 Thread bernd . edlinger
The branch master has been updated
   via  f28bc7d386b25fb75625d0c62c6b2e6d21de0d09 (commit)
  from  e9147bd408db3c1fe262688dc3debe372c42fa24 (commit)


- Log -
commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09
Author: Bernd Edlinger 
Date:   Mon Sep 9 19:12:25 2019 +0200

Fix potential memory leaks with BN_to_ASN1_INTEGER

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9833)

---

Summary of changes:
 crypto/ec/ec_asn1.c   |  7 +--
 crypto/x509/v3_asid.c | 26 --
 2 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index e0d02bb01a..2726f5d151 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -449,6 +449,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP 
*group,
 unsigned char *buffer = NULL;
 const EC_POINT *point = NULL;
 point_conversion_form_t form;
+ASN1_INTEGER *orig;
 
 if (params == NULL) {
 if ((ret = ECPARAMETERS_new()) == NULL) {
@@ -499,8 +500,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP 
*group,
 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
 goto err;
 }
-ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
+ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
 if (ret->order == NULL) {
+ret->order = orig;
 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
 goto err;
 }
@@ -508,8 +510,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP 
*group,
 /* set the cofactor (optional) */
 tmp = EC_GROUP_get0_cofactor(group);
 if (tmp != NULL) {
-ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
+ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
 if (ret->cofactor == NULL) {
+ret->cofactor = orig;
 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
 goto err;
 }
diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c
index 1d41380c41..2287675005 100644
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,
 static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 {
 ASN1_INTEGER *a_max_plus_one = NULL;
+ASN1_INTEGER *orig;
 BIGNUM *bn = NULL;
 int i, ret = 0;
 
@@ -298,9 +299,15 @@ static int 
ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
  */
 if ((bn == NULL && (bn = BN_new()) == NULL) ||
 ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-!BN_add_word(bn, 1) ||
-(a_max_plus_one =
- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+!BN_add_word(bn, 1)) {
+X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+  ERR_R_MALLOC_FAILURE);
+goto done;
+}
+
+if ((a_max_plus_one =
+BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
+a_max_plus_one = orig;
 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
   ERR_R_MALLOC_FAILURE);
 goto done;
@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)
 static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
 {
 ASN1_INTEGER *a_max_plus_one = NULL;
+ASN1_INTEGER *orig;
 BIGNUM *bn = NULL;
 int i, ret = 0;
 
@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice 
*choice)
  */
 if ((bn == NULL && (bn = BN_new()) == NULL) ||
 ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-!BN_add_word(bn, 1) ||
-(a_max_plus_one =
- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+!BN_add_word(bn, 1)) {
+X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+  ERR_R_MALLOC_FAILURE);
+goto done;
+}
+
+if ((a_max_plus_one =
+ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
+a_max_plus_one = orig;
 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
   ERR_R_MALLOC_FAILURE);
 goto done;


[openssl] master update

2019-09-13 Thread Dr . Paul Dale
The branch master has been updated
   via  e9147bd408db3c1fe262688dc3debe372c42fa24 (commit)
  from  3c90534830fdb0cc0e790dd1d5fa2a90e1375e87 (commit)


- Log -
commit e9147bd408db3c1fe262688dc3debe372c42fa24
Author: Pauli 
Date:   Thu Sep 12 18:12:47 2019 +1000

Define the MAC parameter types without using C type names to avoid 
confusion.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9875)

---

Summary of changes:
 doc/man3/EVP_MAC.pod | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index 4d3b223934..cf851354e7 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -199,24 +199,24 @@ empty string.
 
 This option is used by BLAKE2 MAC.
 
-=item B ("xof") 
+=item B ("xof") 
 
 It's a simple flag, the value 0 or 1 are expected.
 
 This option is used by KMAC.
 
-=item B ("flags") 
+=item B ("flags") 
 
 These will set the MAC flags to the given numbers.
 Some MACs do not support this option.
 
-=item B ("engine") 
+=item B ("engine") 
 
-=item B ("properties") 
+=item B ("properties") 
 
-=item B ("digest") 
+=item B ("digest") 
 
-=item B ("cipher") 
+=item B ("cipher") 
 
 For MAC implementations that use an underlying computation cipher or
 digest, these parameters set what the algorithm should be, and the
@@ -230,7 +230,7 @@ Note that not all algorithms may support all digests.
 HMAC does not support variable output length digests such as SHAKE128
 or SHAKE256.
 
-=item B ("size") 
+=item B ("size") 
 
 For MAC implementations that support it, set the output size that
 EVP_MAC_final() should produce.


[openssl] master update

2019-09-13 Thread Richard Levitte
The branch master has been updated
   via  3c90534830fdb0cc0e790dd1d5fa2a90e1375e87 (commit)
   via  e5d4233fbd07eac52227c7ec5f479a46f15914bf (commit)
   via  14e275e8fb736be4ea83441b630515f7be97d06b (commit)
  from  1f86b8228b49938e0e368f361202570d7eab5806 (commit)


- Log -
commit 3c90534830fdb0cc0e790dd1d5fa2a90e1375e87
Author: Richard Levitte 
Date:   Thu Aug 1 12:03:57 2019 +0200

Document the deprecation of ERR_STATE and ERR_get_state()

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9462)

commit e5d4233fbd07eac52227c7ec5f479a46f15914bf
Author: Richard Levitte 
Date:   Fri Jul 26 18:11:55 2019 +0200

Deprecate ERR_get_state()

Internally, we still need this function, so we make it internal and
then add a new ERR_get_state() that simply calls the internal variant,
unless it's "removed" by configuration.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9462)

commit 14e275e8fb736be4ea83441b630515f7be97d06b
Author: Richard Levitte 
Date:   Thu Jul 25 21:57:48 2019 +0200

Deprecate the public definition of ERR_STATE

The intention is to make it opaque later on.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9462)

---

Summary of changes:
 CHANGES|  5 +
 crypto/err/err.c   | 32 +++-
 crypto/err/err_blocks.c|  9 ++---
 crypto/err/err_locl.h  |  2 ++
 crypto/err/err_prn.c   |  3 +++
 fuzz/asn1.c|  2 +-
 fuzz/asn1parse.c   |  2 +-
 fuzz/bignum.c  |  2 +-
 fuzz/bndiv.c   |  2 +-
 fuzz/client.c  |  2 +-
 fuzz/cms.c |  2 +-
 fuzz/conf.c|  2 +-
 fuzz/crl.c |  2 +-
 fuzz/ct.c  |  2 +-
 fuzz/server.c  |  2 +-
 fuzz/x509.c|  2 +-
 include/openssl/err.h  | 14 --
 include/openssl/ossl_typ.h |  2 ++
 util/libcrypto.num |  2 +-
 19 files changed, 61 insertions(+), 30 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7b325171fb..65b344efe4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX ]
 
+  *) Deprecated the public definition of ERR_STATE as well as the function
+ ERR_get_state().  This is done in preparation of making ERR_STATE an
+ opaque type.
+ [Richard Levitte]
+
   *) Added ERR functionality to give callers access to the stored function
  names that have replaced the older function code based functions.
 
diff --git a/crypto/err/err.c b/crypto/err/err.c
index deaa579090..51115fd00a 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -7,6 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* TODO: When ERR_STATE becomes opaque, this musts be removed */
+#define OSSL_FORCE_ERR_STATE
+
 #include 
 #include 
 #include 
@@ -24,6 +27,9 @@
 #include "e_os.h"
 #include "err_locl.h"
 
+/* Forward declaration in case it's not published because of configuration */
+ERR_STATE *ERR_get_state(void);
+
 static int err_load_strings(const ERR_STRING_DATA *str);
 
 static void ERR_STATE_free(ERR_STATE *s);
@@ -359,7 +365,7 @@ void ERR_clear_error(void)
 int i;
 ERR_STATE *es;
 
-es = ERR_get_state();
+es = err_get_state_int();
 if (es == NULL)
 return;
 
@@ -482,7 +488,7 @@ static unsigned long get_error_values(int inc, int top, 
const char **file,
 ERR_STATE *es;
 unsigned long ret;
 
-es = ERR_get_state();
+es = err_get_state_int();
 if (es == NULL)
 return 0;
 
@@ -679,7 +685,7 @@ DEFINE_RUN_ONCE_STATIC(err_do_init)
 return CRYPTO_THREAD_init_local(_thread_local, NULL);
 }
 
-ERR_STATE *ERR_get_state(void)
+ERR_STATE *err_get_state_int(void)
 {
 ERR_STATE *state;
 int saveerrno = get_last_sys_error();
@@ -718,6 +724,14 @@ ERR_STATE *ERR_get_state(void)
 return state;
 }
 
+#if !OPENSSL_API_3
+ERR_STATE *ERR_get_state(void)
+{
+return err_get_state_int();
+}
+#endif
+
+
 /*
  * err_shelve_state returns the current thread local error state
  * and freezes the error module until err_unshelve_state is called.
@@ -780,7 +794,7 @@ static int err_set_error_data_int(char *data, size_t size, 
int flags,
 {
 ERR_STATE *es;
 
-es = ERR_get_state();
+es = err_get_state_int();
 if (es == NULL)
 return 0;
 
@@ -825,7 +839,7 @@ void ERR_add_error_vdata(int num, va_list args)
 ERR_STATE *es;
 
 /* Get the current error data; if an allocated string get it. */
-es = ERR_get_state();
+es = err_get_state_int();
 if (es == NULL)
 return;
 i = es->top;
@@ -880,7 +894,7 @@ int ERR_set_mark(void)
 {
 ERR_STATE *es;
 
-es = ERR_get_state();
+es = 

[openssl] master update

2019-09-12 Thread Richard Levitte
The branch master has been updated
   via  1f86b8228b49938e0e368f361202570d7eab5806 (commit)
   via  486f149131e94c970da1b89ebe8c66ab88e5d343 (commit)
  from  d4830d018dfdab5d5d497d88207ee8f1761cf878 (commit)


- Log -
commit 1f86b8228b49938e0e368f361202570d7eab5806
Author: Richard Levitte 
Date:   Sun Aug 25 10:46:22 2019 +0200

confdata.pm.in: New template for configdata.pm

To have the configdata.pm text embedded in Configure was kind of ugly,
and becomes clearer if put into a template file, configdata.pm.in.  We
can then use OpenSSL::Template to generate it.

We also modify configdata.pm to be the build file generator, and run
it from Configure.  The benefit with that is that developers who
tinker and play with the build file can do a "factory reset" without
having to go through the configuration process, i.e. they can re-use
the config data the already have.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9693)

commit 486f149131e94c970da1b89ebe8c66ab88e5d343
Author: Richard Levitte 
Date:   Sun Aug 25 10:44:41 2019 +0200

util/dofile.pl, util/perl/OpenSSL/Template.pm: move parts of dofile.pl

We make a module OpenSSL::Template from the central parts of
util/dofile.pl, and also reduce the amount of ugly code with more
proper use of Text::Template.  OpenSSL::Template is a simply subclass
of Text::Template.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9693)

---

Summary of changes:
 Configure | 495 --
 configdata.pm.in  | 418 +++
 util/dofile.pl| 204 +++--
 util/perl/OpenSSL/Template.pm | 195 +
 4 files changed, 684 insertions(+), 628 deletions(-)
 create mode 100644 configdata.pm.in
 create mode 100644 util/perl/OpenSSL/Template.pm

diff --git a/Configure b/Configure
index 652d13ea16..92c9d4e4d9 100755
--- a/Configure
+++ b/Configure
@@ -19,6 +19,7 @@ use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs 
splitdir/;
 use File::Path qw/mkpath/;
 use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt";
 use OpenSSL::Glob;
+use OpenSSL::Template;
 
 # see INSTALL for instructions.
 
@@ -2387,452 +2388,50 @@ foreach (grep /_(asm|aux)_src$/, keys %target) {
 
 # Write down our configuration where it fits #
 
-print "Creating configdata.pm\n";
-open(OUT,">configdata.pm") || die "unable to create configdata.pm: $!\n";
-print OUT <<"EOF";
-#! $config{HASHBANGPERL}
-
-package configdata;
-
-use strict;
-use warnings;
-
-use Exporter;
-#use vars qw(\@ISA \@EXPORT);
-our \@ISA = qw(Exporter);
-our \@EXPORT = qw(\%config \%target \%disabled \%withargs \%unified_info 
\@disablables \@disablables_int);
-
-EOF
-print OUT "our %config = (\n";
-foreach (sort keys %config) {
-if (ref($config{$_}) eq "ARRAY") {
-print OUT "  ", $_, " => [ ", join(", ",
-   map { quotify("perl", $_) }
-   @{$config{$_}}), " ],\n";
-} elsif (ref($config{$_}) eq "HASH") {
-print OUT "  ", $_, " => {";
-if (scalar keys %{$config{$_}} > 0) {
-print OUT "\n";
-foreach my $key (sort keys %{$config{$_}}) {
-print OUT "  ",
-join(" => ",
- quotify("perl", $key),
- defined $config{$_}->{$key}
- ? quotify("perl", $config{$_}->{$key})
- : "undef");
-print OUT ",\n";
-}
-print OUT "  ";
-}
-print OUT "},\n";
-} else {
-print OUT "  ", $_, " => ", quotify("perl", $config{$_}), ",\n"
-}
-}
-print OUT <<"EOF";
-);
-
-EOF
-print OUT "our %target = (\n";
-foreach (sort keys %target) {
-if (ref($target{$_}) eq "ARRAY") {
-print OUT "  ", $_, " => [ ", join(", ",
-   map { quotify("perl", $_) }
-   @{$target{$_}}), " ],\n";
-} else {
-print OUT "  ", $_, " => ", quotify("perl", $target{$_}), ",\n"
-}
-}
-print OUT <<"EOF";
+my %template_vars = (
+config => \%config,
+target => \%target,
+disablables => \@disablables,
+disablables_int => \@disablables_int,
+disabled => \%disabled,
+withargs => \%withargs,
+unified_info => \%unified_info,
+tls => \@tls,
+dtls => \@dtls,
+makevars => [ sort keys %user ],
+disabled_info => \%disabled_info,
+user_crossable => \@user_crossable,
 );
-
-EOF
-print OUT "our \%available_protocols = (\n";
-print OUT "  tls => [ ", join(", ", map { 

[openssl] master update

2019-09-12 Thread Richard Levitte
The branch master has been updated
   via  d4830d018dfdab5d5d497d88207ee8f1761cf878 (commit)
   via  100a779918f8af0022d96704d4f8cbf6d971874d (commit)
   via  b579014d574375b57ef1f52d3e40988ebdba911c (commit)
   via  b13342e933c507c4ce0eda0a0193339a111f27a5 (commit)
   via  06ff79bd773d0b4214e4b6a8a1332a3355b17742 (commit)
   via  c659882c9892788085fcdd4e8c47f98c01edf9ad (commit)
   via  0cd1b144f99e9aabea15a158bd567cba81592039 (commit)
  from  6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95 (commit)


- Log -
commit d4830d018dfdab5d5d497d88207ee8f1761cf878
Author: Richard Levitte 
Date:   Thu Sep 5 09:14:03 2019 +0200

Add a CHANGES entry for the recent ERR changes

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9756)

commit 100a779918f8af0022d96704d4f8cbf6d971874d
Author: Richard Levitte 
Date:   Thu Sep 5 08:51:12 2019 +0200

Document the deprecation of ERR_func_error_string()

Also, correct the output template for ERR_error_string() and
ERR_error_string_n().

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9756)

commit b579014d574375b57ef1f52d3e40988ebdba911c
Author: Richard Levitte 
Date:   Wed Sep 4 22:14:21 2019 +0200

Modernise ERR_print_errors_cb()

ERR_print_errors_cb() used functionality that isn't suitable any more,
as that functionality couldn't integrate the error record function
name strings.  We therefore refactor it a bit to use better adapted
methods.

Fixes #9756

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9756)

commit b13342e933c507c4ce0eda0a0193339a111f27a5
Author: Richard Levitte 
Date:   Wed Sep 4 22:04:08 2019 +0200

Modernise the ERR functionality further (new functions and deprecations)

ERR_func_error_string() essentially returns NULL, and since all
function codes are now removed for all intents and purposes, this
function has fallen out of use and cannot be modified to suit the
data, since its only function is to interpret an error code.

To compensate for the loss of error code, we instead provide new
functions that extracts the function name strings from an error
record:

- ERR_get_error_func()
- ERR_peek_error_func()
- ERR_peek_last_error_func()

Similarly, the once all encompasing functions
ERR_peek_last_error_line_data(), ERR_peek_error_line_data() and
ERR_get_error_line_data() lack the capability of getting the function
name string, so we deprecate those and add these functions to replace
them:

- ERR_get_error_all()
- ERR_peek_error_all()
- ERR_peek_last_error_all()

Finally, we adjust a few lines of code that used the now deprecated
functions.

Fixes #9756

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9756)

commit 06ff79bd773d0b4214e4b6a8a1332a3355b17742
Author: Richard Levitte 
Date:   Wed Sep 4 21:55:58 2019 +0200

include/openssl/err.h: Depend on OPENSSL_NO_FILENAMES, not OPENSSL_NO_ERR

The configuration option 'no-err' is documented to be used to avoid
loading error related string tables.  For some reason, it was also
used to define if ERR_PUT_error() would pass the source file name and
line information or not.

The configuration option 'no-filenames' is documented to be used to
avoid passing the source file name and line anywhere.  So, the
definition of ERR_PUT_error() should depend on OPENSSL_NO_FILENAMES
rather than OPENSSL_NO_ERR.

Furthermore, the definition of OPENSSL_FILE and OPENSSL_LINE depends
on if OPENSSL_NO_FILENAMES is defined or not, so there was never any
need to do extra macro gymnastics in include/openssl/err.h, so we
simply remove it and use OPENSSL_FILE and OPENSSL_LINE directly.

Finally, the macro OPENSSL_FUNC is unaffected by all these
configuration options, so it should be used in all macros that call
ERR_set_debug().

Fixes #9756

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9756)

commit c659882c9892788085fcdd4e8c47f98c01edf9ad
Author: Richard Levitte 
Date:   Wed Sep 4 21:51:17 2019 +0200

include/openssl/macros.h: Remove the PEDANTIC OPENSSL_FUNC definition

There was a section to define OPENSSL_FUNC that depended on PEDANTIC
being defined.  That is an internal build macro that should never
appear in a public header.  The solution was simple, replace it with
a check of __STRICT_ANSI__.

Fixes #9756

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9756)

commit 0cd1b144f99e9aabea15a158bd567cba81592039
Author: Richard Levitte 
Date:   Wed Sep 4 21:45:56 2019 +0200

util/mkerr.pl: make it not 

[openssl] master update

2019-09-12 Thread tmraz
The branch master has been updated
   via  6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95 (commit)
  from  799614faa3f921ff6ea49e700cbe8a9fb4febf4c (commit)


- Log -
commit 6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95
Author: Tomas Mraz 
Date:   Thu Sep 12 12:27:36 2019 +0200

BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.

There can be data to write in output buffer and data to read that were
not yet read in the input stream.

Fixes #9866

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9877)

---

Summary of changes:
 crypto/comp/c_zlib.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 78219f202d..1dd7d67998 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void 
*ptr)
 BIO_copy_next_retry(b);
 break;
 
+case BIO_CTRL_WPENDING:
+if (ctx->obuf == NULL)
+return 0;
+
+if (ctx->odone) {
+ret = ctx->ocount;
+} else {
+ret = ctx->ocount;
+if (ret == 0)
+/* Unknown amount pending but we are not finished */
+ret = 1;
+}
+if (ret == 0)
+ret = BIO_ctrl(next, cmd, num, ptr);
+break;
+
+case BIO_CTRL_PENDING:
+ret = ctx->zin.avail_in;
+if (ret == 0)
+ret = BIO_ctrl(next, cmd, num, ptr);
+break;
+
 default:
 ret = BIO_ctrl(next, cmd, num, ptr);
 break;


[openssl] master update

2019-09-12 Thread Richard Levitte
The branch master has been updated
   via  799614faa3f921ff6ea49e700cbe8a9fb4febf4c (commit)
   via  e3d9a6b5f0157d92aa5bbfdb0f95fd55be9a0396 (commit)
   via  f3503cb0f6ffe19c03c731b4b6069f26584917b4 (commit)
  from  45211c563fb12aca50771b3400b833da4095c6de (commit)


- Log -
commit 799614faa3f921ff6ea49e700cbe8a9fb4febf4c
Author: Richard Levitte 
Date:   Wed Sep 11 11:16:53 2019 +0200

Travis and Appveyor: use HARNESS_VERBOSE_FAILURE rather than HARNESS_VERBOSE

This allows for shorter logs, and also logs that only show the details
for tests that fail.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9862)

commit e3d9a6b5f0157d92aa5bbfdb0f95fd55be9a0396
Author: Richard Levitte 
Date:   Wed Sep 11 11:05:11 2019 +0200

Rework test/run_tests.pl to support selective verbosity and TAP copy

This includes a complete rework of how we use TAP::Harness, by adding
a TAP::Parser subclass that allows additional callbacks to be passed
to perform what we need.  The TAP::Parser callbacks we add are:

ALL to print all the TAP output to a file (conditionally)
to collect all the TAP output to an array (conditionally)
EOF to print all the collected TAP output (if there is any)
if any subtest failed

To get TAP output to file, the environment variable HARNESS_TAP_COPY
must be defined, with a file name as value.  That file will be
overwritten unconditionally.

To get TAP output displayed on failure, the make variable VERBOSE_FAILURE
or VF must be defined with a non-emoty value.

Additionally, the output of test recipe names has been changed to only
display its basename.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9862)

commit f3503cb0f6ffe19c03c731b4b6069f26584917b4
Author: Richard Levitte 
Date:   Wed Sep 11 11:02:24 2019 +0200

util/perl/OpenSSL/Test.pm: Disable stdout/stderr redirection on 
non-verbosity

... except on VMS, where output from executed programs doesn't seem to be
captured properly by Test::Harness or TAP::Harness.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9862)

---

Summary of changes:
 .travis.yml |   2 +-
 CHANGES |   9 ++
 Configurations/descrip.mms.tmpl |   1 +
 INSTALL |  14 ++-
 appveyor.yml|   4 +-
 test/run_tests.pl   | 205 +---
 util/perl/OpenSSL/Test.pm   |  49 ++
 7 files changed, 206 insertions(+), 78 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 6f97a6bebb..ade61d1d60 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -195,7 +195,7 @@ script:
   if [ -e krb5/src ]; then
   sudo apt-get -yq install bison dejagnu gettext keyutils 
ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad 
slapd tcl-dev tcsh;
   fi;
-  if ! HARNESS_VERBOSE=yes 
BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then
+  if ! HARNESS_VERBOSE_FAILURE=yes 
BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then
   echo -e '\052\052 FAILED -- MAKE TEST';
   travis_terminate 1;
   fi;
diff --git a/CHANGES b/CHANGES
index 29ab546d91..7491417c78 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,15 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX ]
 
+  *) Extended testing to be verbose for failing tests only.  The make variables
+ VERBOSE_FAILURE or VF can be used to enable this:
+
+ $ make VF=1 test   # Unix
+ $ mms /macro=(VF=1) test   ! OpenVMS
+ $ nmake VF=1 test  # Windows
+
+ [Richard Levitte]
+
   *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
  used even when parsing explicit parameters, when loading a serialized key
  or calling `EC_GROUP_new_from_ecpkparameters()`/
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 0bc1492eea..6cbbb01565 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -114,6 +114,7 @@ BLDDIR={- $config{builddir} -}
 # Allow both V and VERBOSE to indicate verbosity.  This only applies
 # to testing.
 VERBOSE=$(V)
+VERBOSE_FAILURE=$(VF)
 
 VERSION={- "$config{full_version}" -}
 MAJOR={- $config{major} -}
diff --git a/INSTALL b/INSTALL
index 9ea1f11513..c02ceb1255 100644
--- a/INSTALL
+++ b/INSTALL
@@ -911,11 +911,17 @@
  malfunction with Perl).  You may want increased verbosity, that
  can be accomplished like this:
 
-   $ make VERBOSE=1 test  

[openssl] master update

2019-09-12 Thread Richard Levitte
The branch master has been updated
   via  45211c563fb12aca50771b3400b833da4095c6de (commit)
   via  fd60a12d3a08381a543e8f15f1733f7f67de74b8 (commit)
   via  d3ed4ded298f169fe5d29d43c5db8da7cd95d2b0 (commit)
  from  022351fdc3b01cfcb6c1b064c56d8a1393ed0ec8 (commit)


- Log -
commit 45211c563fb12aca50771b3400b833da4095c6de
Author: Richard Levitte 
Date:   Sat Aug 31 09:30:43 2019 +0200

doc/man3/OSSL_PARAM.pod: add details about multiple elements with same key

Usually, each element in an OSSL_PARAM array will have a unique key.
However, there may be some rare cases when a responder will handle
multiple elements with the same key.  This adds a short passage
explaining this case.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9741)

commit fd60a12d3a08381a543e8f15f1733f7f67de74b8
Author: Richard Levitte 
Date:   Sat Aug 31 09:30:15 2019 +0200

doc/man3/OSSL_PARAM.pod: remove a comment that isn't true any more

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9741)

commit d3ed4ded298f169fe5d29d43c5db8da7cd95d2b0
Author: Richard Levitte 
Date:   Sat Aug 31 09:29:33 2019 +0200

doc/man3/OSSL_PARAM.pod: conform to man-page standards

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9741)

---

Summary of changes:
 doc/man3/OSSL_PARAM.pod | 109 
 1 file changed, 54 insertions(+), 55 deletions(-)

diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod
index 61ff378e46..361028fa00 100644
--- a/doc/man3/OSSL_PARAM.pod
+++ b/doc/man3/OSSL_PARAM.pod
@@ -19,7 +19,7 @@ OSSL_PARAM - a structure to pass or request object parameters
 
 =head1 DESCRIPTION
 
-C is a type that allows passing arbitrary data for some
+B is a type that allows passing arbitrary data for some
 object between two parties that have no or very little shared
 knowledge about their respective internal structures for that object.
 
@@ -33,76 +33,75 @@ Arrays of this type can be used for the following purposes:
 
 =item * Setting parameters for some object
 
-The caller sets up the C array and calls some function
+The caller sets up the B array and calls some function
 (the I) that has intimate knowledge about the object that can
-take the data from the C array and assign them in a
+take the data from the B array and assign them in a
 suitable form for the internal structure of the object.
 
 =item * Request parameters of some object
 
-The caller (the I) sets up the C array and
+The caller (the I) sets up the B array and
 calls some function (the I) that has intimate knowledge
 about the object, which can take the internal data of the object and
 copy (possibly convert) that to the memory prepared by the
-I and pointed at with the C C.
+I and pointed at with the B I.
 
 =item * Request parameter descriptors
 
-The caller gets an array of constant C, which describe
+The caller gets an array of constant B, which describe
 available parameters and some of their properties; name, data type and
 expected data size.
 For a detailed description of each field for this use, see the field
 descriptions below.
 
 The caller may then use the information from this descriptor array to
-build up its own C array to pass down to a I or
+build up its own B array to pass down to a I or
 I.
 
 =back
 
-=head2 C fields
+Normally, the order of the an B array is not relevant.
+However, if the I can handle multiple elements with the
+same key, those elements must be handled in the order they are in.
+
+=head2 B fields
 
 =over 4
 
-=item C
+=item I
 
 The identity of the parameter in the form of a string.
 
-=item C
-
-=for comment It's still debated if this field should be present, or if
-the type should always be implied by how it's used.
-Either way, these data types will have to be passed together with the
-names as an array of OSSL_ITEM, for discovery purposes.
+=item I
 
-The C is a value that describes the type and organization of
+The I is a value that describes the type and organization of
 the data.
 See L below for a description of the types.
 
-=item C
+=item I
 
-=item C
+=item I
 
-C is a pointer to the memory where the parameter data is (when
+I is a pointer to the memory where the parameter data is (when
 setting parameters) or shall (when requesting parameters) be stored,
-and C is its size in bytes.
+and I is its size in bytes.
 The organization of the data depends on the parameter type and flag.
 
-When the C is used as a parameter descriptor, C
+When the B is used as a parameter descriptor, I
 should be ignored.
-If C is zero, it means that an arbitrary data size is
+If I is zero, it means that an arbitrary data size is
 accepted, otherwise it specifies the maximum size allowed.
 
-=item C
+=item I
 

[openssl] master update

2019-09-12 Thread Richard Levitte
The branch master has been updated
   via  022351fdc3b01cfcb6c1b064c56d8a1393ed0ec8 (commit)
  from  05c9c7b02d3e4e66fc0c0446af1116bd5b19f6dc (commit)


- Log -
commit 022351fdc3b01cfcb6c1b064c56d8a1393ed0ec8
Author: Richard Levitte 
Date:   Fri Jun 7 10:52:25 2019 +0200

test/evp_test.c: try fetching algorithms

Instead of relying on implicit fetches, try explicit fetches when available.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9121)

---

Summary of changes:
 test/evp_test.c | 18 --
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/test/evp_test.c b/test/evp_test.c
index 69ccb9739e..b1194d2bc9 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -325,6 +325,7 @@ static int parse_bin(const char *value, unsigned char 
**buf, size_t *buflen)
 typedef struct digest_data_st {
 /* Digest this test is for */
 const EVP_MD *digest;
+EVP_MD *fetched_digest;
 /* Input to digest */
 STACK_OF(EVP_TEST_BUFFER) *input;
 /* Expected output */
@@ -336,8 +337,10 @@ static int digest_test_init(EVP_TEST *t, const char *alg)
 {
 DIGEST_DATA *mdat;
 const EVP_MD *digest;
+EVP_MD *fetched_digest;
 
-if ((digest = EVP_get_digestbyname(alg)) == NULL) {
+if ((digest = fetched_digest = EVP_MD_fetch(NULL, alg, NULL)) == NULL
+&& (digest = EVP_get_digestbyname(alg)) == NULL) {
 /* If alg has an OID assume disabled algorithm */
 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
 t->skip = 1;
@@ -349,6 +352,9 @@ static int digest_test_init(EVP_TEST *t, const char *alg)
 return 0;
 t->data = mdat;
 mdat->digest = digest;
+mdat->fetched_digest = fetched_digest;
+if (fetched_digest != NULL)
+TEST_info("%s is fetched", alg);
 return 1;
 }
 
@@ -358,6 +364,7 @@ static void digest_test_cleanup(EVP_TEST *t)
 
 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
 OPENSSL_free(mdat->output);
+EVP_MD_meth_free(mdat->fetched_digest);
 }
 
 static int digest_test_parse(EVP_TEST *t,
@@ -472,6 +479,7 @@ static const EVP_TEST_METHOD digest_test_method = {
 
 typedef struct cipher_data_st {
 const EVP_CIPHER *cipher;
+EVP_CIPHER *fetched_cipher;
 int enc;
 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
 int aead;
@@ -494,10 +502,12 @@ typedef struct cipher_data_st {
 static int cipher_test_init(EVP_TEST *t, const char *alg)
 {
 const EVP_CIPHER *cipher;
+EVP_CIPHER *fetched_cipher;
 CIPHER_DATA *cdat;
 int m;
 
-if ((cipher = EVP_get_cipherbyname(alg)) == NULL) {
+if ((cipher = fetched_cipher = EVP_CIPHER_fetch(NULL, alg, NULL)) == NULL
+&& (cipher = EVP_get_cipherbyname(alg)) == NULL) {
 /* If alg has an OID assume disabled algorithm */
 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
 t->skip = 1;
@@ -507,6 +517,7 @@ static int cipher_test_init(EVP_TEST *t, const char *alg)
 }
 cdat = OPENSSL_zalloc(sizeof(*cdat));
 cdat->cipher = cipher;
+cdat->fetched_cipher = fetched_cipher;
 cdat->enc = -1;
 m = EVP_CIPHER_mode(cipher);
 if (m == EVP_CIPH_GCM_MODE
@@ -520,6 +531,8 @@ static int cipher_test_init(EVP_TEST *t, const char *alg)
 cdat->aead = 0;
 
 t->data = cdat;
+if (fetched_cipher != NULL)
+TEST_info("%s is fetched", alg);
 return 1;
 }
 
@@ -535,6 +548,7 @@ static void cipher_test_cleanup(EVP_TEST *t)
 for (i = 0; i < AAD_NUM; i++)
 OPENSSL_free(cdat->aad[i]);
 OPENSSL_free(cdat->tag);
+EVP_CIPHER_meth_free(cdat->fetched_cipher);
 }
 
 static int cipher_test_parse(EVP_TEST *t, const char *keyword,


[openssl] master update

2019-09-12 Thread Richard Levitte
The branch master has been updated
   via  7f4a2dff12f93791e96a284454bdd84a2fa7d29b (commit)
   via  1935a5861c7e4bc1e0a4434800896a2dbd834ae4 (commit)
  from  7eeceeaab24aea16027cdc1f9df92366094893b7 (commit)


- Log -
commit 7f4a2dff12f93791e96a284454bdd84a2fa7d29b
Author: Richard Levitte 
Date:   Mon Sep 9 12:13:37 2019 +0200

Clarify the status of bundled external perl modules

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9826)

commit 1935a5861c7e4bc1e0a4434800896a2dbd834ae4
Author: Richard Levitte 
Date:   Mon Sep 9 11:51:01 2019 +0200

Rework the perl fallback functionality

The module with_fallback.pm was kind of clunky and required a transfer
module.  This change replaces if with a much more generic pragma type
module, which simply appends given directories to @INC (as opposed to
the 'lib' pragma, which prepends the directories to @INC).

This also supports having a file MODULES.txt with sub-directories to
modules.  This ensures that we don't have to spray individual module
paths throughout our perl code, but can have them collected in one
place.

(do note that there is a 'fallback' module on CPAN.  However, it isn't
part of the core perl, and it has no support the any MODULES.txt kind
of construct)

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9826)

---

Summary of changes:
 Configure   |   3 +-
 external/perl/Downloaded.txt|   3 +-
 external/perl/MODULES.txt   |   1 +
 external/perl/transfer/Text/Template.pm |  23 ---
 test/generate_ssl_tests.pl  |   8 ++-
 util/dofile.pl  |   9 ++-
 util/perl/OpenSSL/fallback.pm   | 112 
 util/perl/with_fallback.pm  |  27 
 8 files changed, 126 insertions(+), 60 deletions(-)
 create mode 100644 external/perl/MODULES.txt
 delete mode 100644 external/perl/transfer/Text/Template.pm
 create mode 100644 util/perl/OpenSSL/fallback.pm
 delete mode 100644 util/perl/with_fallback.pm

diff --git a/Configure b/Configure
index a5b56a0d20..652d13ea16 100755
--- a/Configure
+++ b/Configure
@@ -17,6 +17,7 @@ use lib "$FindBin::Bin/util/perl";
 use File::Basename;
 use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs splitdir/;
 use File::Path qw/mkpath/;
+use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt";
 use OpenSSL::Glob;
 
 # see INSTALL for instructions.
@@ -1617,7 +1618,7 @@ my %unified_info = ();
 
 my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
 if ($builder eq "unified") {
-use with_fallback qw(Text::Template);
+use Text::Template 1.46;
 
 sub cleandir {
 my $base = shift;
diff --git a/external/perl/Downloaded.txt b/external/perl/Downloaded.txt
index af0c20a3e4..93b72b1372 100644
--- a/external/perl/Downloaded.txt
+++ b/external/perl/Downloaded.txt
@@ -3,8 +3,9 @@ Intro
 
 If we find a useful Perl module that isn't one of the core Perl
 modules, we may choose to bundle it with the OpenSSL source.
+They remain unmodified and retain their copyright and license.
 
-Here, we simply list those modules and where we downloaded them from.
+Here, we simply list those modules and where we got them from.
 
 Downloaded and bundled Perl modules
 ---
diff --git a/external/perl/MODULES.txt b/external/perl/MODULES.txt
new file mode 100644
index 00..442b618f0c
--- /dev/null
+++ b/external/perl/MODULES.txt
@@ -0,0 +1 @@
+Text-Template-1.46/lib
diff --git a/external/perl/transfer/Text/Template.pm 
b/external/perl/transfer/Text/Template.pm
deleted file mode 100644
index dbe6d737ed..00
--- a/external/perl/transfer/Text/Template.pm
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# Quick transfer to the downloaded Text::Template
-
-package transfer::Text::Template;
-$VERSION = 1.46;
-
-BEGIN {
-use File::Spec::Functions;
-use File::Basename;
-use lib catdir(dirname(__FILE__), "..", "..", "Text-Template-1.46", "lib");
-# Some unpackers on VMS convert periods in directory names to underscores
-use lib catdir(dirname(__FILE__), "..", "..", "Text-Template-1_46", "lib");
-use Text::Template;
-shift @INC; # Takes away the effect of use lib
-shift @INC; # Takes away the effect of use lib
-}
-1;
diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl
index 

[openssl] master update

2019-09-12 Thread Matt Caswell
The branch master has been updated
   via  7eeceeaab24aea16027cdc1f9df92366094893b7 (commit)
  from  6b3d0423528b049d04b299a8588a32d5c1224717 (commit)


- Log -
commit 7eeceeaab24aea16027cdc1f9df92366094893b7
Author: Matt Caswell 
Date:   Wed Sep 11 15:03:39 2019 +0100

Avoid passing NULL to memcpy

It is undefined behaviour to send NULL as either the src, or dest params
in memcpy.

In pkey_kdf.c we had a check to ensure that the src address is non-NULL.
However in some situations it is possible that the dest address could also
be NULL. Specifically in the case where the datalen is 0 and we are using
a newly allocated BUF_MEM.

We add a check of datalen to avoid the undefined behaviour.

Reviewed-by: Tomas Mraz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9868)

---

Summary of changes:
 crypto/evp/pkey_kdf.c | 16 ++--
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c
index c13bb203b3..f32d2131a7 100644
--- a/crypto/evp/pkey_kdf.c
+++ b/crypto/evp/pkey_kdf.c
@@ -82,17 +82,13 @@ static int collect(BUF_MEM **collector, void *data, size_t 
datalen)
 return 0;
 }
 
-i = (*collector)->length; /* BUF_MEM_grow() changes it! */
-/*
- * The i + datalen check is to distinguish between BUF_MEM_grow()
- * signaling an error and BUF_MEM_grow() simply returning the (zero)
- * length.
- */
-if (!BUF_MEM_grow(*collector, i + datalen)
-&& i + datalen != 0)
-return 0;
-if (data != NULL)
+if (data != NULL && datalen > 0) {
+i = (*collector)->length; /* BUF_MEM_grow() changes it! */
+
+if (!BUF_MEM_grow(*collector, i + datalen))
+return 0;
 memcpy((*collector)->data + i, data, datalen);
+}
 return 1;
 }
 


[openssl] master update

2019-09-12 Thread Matt Caswell
The branch master has been updated
   via  6b3d0423528b049d04b299a8588a32d5c1224717 (commit)
  from  252a3665e4c24a387e86ff4e07159f8e846adebc (commit)


- Log -
commit 6b3d0423528b049d04b299a8588a32d5c1224717
Author: Matt Caswell 
Date:   Wed Sep 11 11:52:47 2019 +0100

Pass the correct ctx to provider KDF functions

Make sure we pass the provider side ctx and not the libcrypto side ctx.

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9865)

---

Summary of changes:
 crypto/evp/kdf_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
index dedb250988..9f055a61d0 100644
--- a/crypto/evp/kdf_lib.c
+++ b/crypto/evp/kdf_lib.c
@@ -117,7 +117,7 @@ size_t EVP_KDF_size(EVP_KDF_CTX *ctx)
 
 *params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, );
 if (ctx->meth->get_ctx_params != NULL
-&& ctx->meth->get_ctx_params(ctx, params))
+&& ctx->meth->get_ctx_params(ctx->data, params))
 return s;
 if (ctx->meth->get_params != NULL
 && ctx->meth->get_params(params))


[openssl] master update

2019-09-12 Thread Matt Caswell
The branch master has been updated
   via  252a3665e4c24a387e86ff4e07159f8e846adebc (commit)
  from  8d0f8c818117132a38005a046f0daacd1219e217 (commit)


- Log -
commit 252a3665e4c24a387e86ff4e07159f8e846adebc
Author: Matt Caswell 
Date:   Wed Sep 11 10:17:00 2019 +0100

Fix no-engine

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9863)

---

Summary of changes:
 providers/common/provider_util.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c
index babbfffd3d..92cfb749c0 100644
--- a/providers/common/provider_util.c
+++ b/providers/common/provider_util.c
@@ -44,7 +44,8 @@ static int load_common(const OSSL_PARAM params[], const char 
**propquery,
 
 *engine = NULL;
 /* TODO legacy stuff, to be removed */
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */
+/* Inside the FIPS module, we don't support legacy ciphers */
+#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
 p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE);
 if (p != NULL) {
 if (p->data_type != OSSL_PARAM_UTF8_STRING)


[openssl] master update

2019-09-12 Thread Matt Caswell
The branch master has been updated
   via  8d0f8c818117132a38005a046f0daacd1219e217 (commit)
  from  98b687f8d053662f8d7fee586d5a91d86fecdfee (commit)


- Log -
commit 8d0f8c818117132a38005a046f0daacd1219e217
Author: Matt Caswell 
Date:   Wed Sep 11 10:04:23 2019 +0100

Fix no-dsa

Also fixes no-dh

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/9861)

---

Summary of changes:
 providers/common/keymgmt/build.info | 6 +-
 test/evp_extra_test.c   | 4 
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/providers/common/keymgmt/build.info 
b/providers/common/keymgmt/build.info
index 4e7bc750f5..e66190c401 100644
--- a/providers/common/keymgmt/build.info
+++ b/providers/common/keymgmt/build.info
@@ -1,5 +1,9 @@
 LIBS=../../../libcrypto
 IF[{- !$disabled{dh} -}]
   SOURCE[../../../libcrypto]=\
-  dh_kmgmt.c dsa_kmgmt.c
+  dh_kmgmt.c
+ENDIF
+IF[{- !$disabled{dsa} -}]
+  SOURCE[../../../libcrypto]=\
+  dsa_kmgmt.c
 ENDIF
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 631ad65540..bbb846e6fd 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1398,6 +1398,7 @@ static int test_EVP_CIPHER_fetch(int tst)
 return ret;
 }
 
+#ifndef OPENSSL_NO_DSA
 /* Test getting and setting parameters on an EVP_PKEY_CTX */
 static int test_EVP_PKEY_CTX_get_set_params(void)
 {
@@ -1508,6 +1509,7 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
 
 return ret;
 }
+#endif
 
 int setup_tests(void)
 {
@@ -1545,6 +1547,8 @@ int setup_tests(void)
 ADD_ALL_TESTS(test_EVP_MD_fetch, 5);
 ADD_ALL_TESTS(test_EVP_CIPHER_fetch, 5);
 #endif
+#ifndef OPENSSL_NO_DSA
 ADD_TEST(test_EVP_PKEY_CTX_get_set_params);
+#endif
 return 1;
 }


[openssl] master update

2019-09-12 Thread kaishen . yy
The branch master has been updated
   via  98b687f8d053662f8d7fee586d5a91d86fecdfee (commit)
  from  7f0a8dc7f9c5c35af0f66aca553304737931d55f (commit)


- Log -
commit 98b687f8d053662f8d7fee586d5a91d86fecdfee
Author: Paul Yang 
Date:   Thu Sep 12 16:57:23 2019 +0800

Fix test error if scrypt is disabled

Fix no-scrypt.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9840)

---

Summary of changes:
 test/evp_test.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/evp_test.c b/test/evp_test.c
index 67a818d98d..69ccb9739e 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1989,7 +1989,8 @@ static int kdf_test_init(EVP_TEST *t, const char *name)
 EVP_KDF *kdf;
 
 #ifdef OPENSSL_NO_SCRYPT
-if (strcmp(name, "scrypt") == 0) {
+/* TODO(3.0) Replace with "scrypt" once aliases are supported */
+if (strcmp(name, "id-scrypt") == 0) {
 t->skip = 1;
 return 1;
 }


[openssl] master update

2019-09-11 Thread matthias . st . pierre
The branch master has been updated
   via  7f0a8dc7f9c5c35af0f66aca553304737931d55f (commit)
   via  0768b38b80d7636910c129ef8954d4f13a574ff6 (commit)
   via  5562dbb39cbf9db41dad9b8d3ae643262e458c63 (commit)
   via  849529257c9979c7ca0d28e8b80a47bc4a36d4f2 (commit)
  from  dc64dc2edd215d6cc5843c1bfe1f0b64bff26adc (commit)


- Log -
commit 7f0a8dc7f9c5c35af0f66aca553304737931d55f
Author: Dr. Matthias St. Pierre 
Date:   Wed Sep 11 10:40:18 2019 +0200

crypto/threads_win.c: fix preprocessor indentation

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9832)

commit 0768b38b80d7636910c129ef8954d4f13a574ff6
Author: Dr. Matthias St. Pierre 
Date:   Thu May 30 18:37:29 2019 +0200

drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt)

Since commit 7c226dfc434d a chained DRBG does not add additional
data anymore when reseeding from its parent. The reason is that
the size of the additional data exceeded the allowed size when
no derivation function was used.

This commit provides an alternative fix: instead of adding the
entire DRBG's complete state, we just add the DRBG's address
in memory, thereby providing some distinction between the different
DRBG instances.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9832)

commit 5562dbb39cbf9db41dad9b8d3ae643262e458c63
Author: Dr. Matthias St. Pierre 
Date:   Thu May 30 18:52:39 2019 +0200

drbg: add fork id to additional data on UNIX systems

Provides a little extra fork-safety on UNIX systems, adding to the
fact that all DRBGs reseed automatically when the fork_id changes.

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9832)

commit 849529257c9979c7ca0d28e8b80a47bc4a36d4f2
Author: Dr. Matthias St. Pierre 
Date:   Mon May 27 21:03:09 2019 +0200

drbg: ensure fork-safety without using a pthread_atfork handler

When the new OpenSSL CSPRNG was introduced in version 1.1.1,
it was announced in the release notes that it would be fork-safe,
which the old CSPRNG hadn't been.

The fork-safety was implemented using a fork count, which was
incremented by a pthread_atfork handler. Initially, this handler
was enabled by default. Unfortunately, the default behaviour
had to be changed for other reasons in commit b5319bdbd095, so
the new OpenSSL CSPRNG failed to keep its promise.

This commit restores the fork-safety using a different approach.
It replaces the fork count by a fork id, which coincides with
the process id on UNIX-like operating systems and is zero on other
operating systems. It is used to detect when an automatic reseed
after a fork is necessary.

To prevent a future regression, it also adds a test to verify that
the child reseeds after fork.

CVE-2019-1549

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9832)

---

Summary of changes:
 crypto/include/internal/rand_int.h |  1 -
 crypto/init.c  |  1 -
 crypto/rand/drbg_lib.c |  9 +---
 crypto/rand/rand_lcl.h | 23 +--
 crypto/rand/rand_lib.c | 13 ---
 crypto/rand/rand_unix.c|  3 +++
 crypto/threads_none.c  | 13 +++
 crypto/threads_pthread.c   | 10 +
 crypto/threads_win.c   | 10 ++---
 include/internal/cryptlib.h|  1 +
 test/drbgtest.c| 45 ++
 11 files changed, 94 insertions(+), 35 deletions(-)

diff --git a/crypto/include/internal/rand_int.h 
b/crypto/include/internal/rand_int.h
index c5d0c20551..bc427e3cf4 100644
--- a/crypto/include/internal/rand_int.h
+++ b/crypto/include/internal/rand_int.h
@@ -24,7 +24,6 @@
 typedef struct rand_pool_st RAND_POOL;
 
 void rand_cleanup_int(void);
-void rand_fork(void);
 
 /* Hardware-based seeding functions. */
 size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
diff --git a/crypto/init.c b/crypto/init.c
index 36c6333877..6536bd5266 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -676,7 +676,6 @@ void OPENSSL_fork_parent(void)
 
 void OPENSSL_fork_child(void)
 {
-rand_fork();
 /* TODO(3.0): Inform all providers about a fork event */
 }
 #endif
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index f8b58d7245..c24222188f 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -415,7 +415,7 @@ static RAND_DRBG *rand_drbg_new(OPENSSL_CTX *ctx,
 
 drbg->libctx = ctx;
 drbg->secure = secure && CRYPTO_secure_allocated(drbg);
-drbg->fork_count = rand_fork_count;
+ 

[openssl] master update

2019-09-11 Thread shane . lontis
The branch master has been updated
   via  dc64dc2edd215d6cc5843c1bfe1f0b64bff26adc (commit)
  from  64115f05ac950390e80e3993703513cda439fca0 (commit)


- Log -
commit dc64dc2edd215d6cc5843c1bfe1f0b64bff26adc
Author: Shane Lontis 
Date:   Wed Sep 11 17:52:30 2019 +1000

Add EVP_CIPHER_CTX_tag_length()

There is no deprecated CTRL support for this new field.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9698)

---

Summary of changes:
 crypto/evp/evp_lib.c   | 11 +++
 crypto/evp/evp_utils.c |  2 ++
 doc/man3/EVP_EncryptInit.pod   |  9 +
 doc/man7/provider-cipher.pod   |  5 +
 include/openssl/core_names.h   |  3 ++-
 include/openssl/evp.h  |  1 +
 providers/common/ciphers/cipher_ccm.c  | 14 --
 providers/common/ciphers/cipher_common.c   |  1 +
 providers/common/ciphers/cipher_gcm.c  | 11 +++
 providers/common/include/internal/ciphers/cipher_ccm.h |  2 +-
 test/aesgcmtest.c  |  2 ++
 test/evp_extra_test.c  |  3 +++
 util/libcrypto.num |  1 +
 13 files changed, 61 insertions(+), 4 deletions(-)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 9c3edb3322..5be04b0502 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -336,6 +336,17 @@ legacy:
 return v;
 }
 
+int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
+{
+int ret;
+size_t v = 0;
+OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, );
+ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+return ret == 1 ? (int)v : 0;
+}
+
 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
 {
 return ctx->oiv;
diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c
index e5cd5b84e1..3da208a69f 100644
--- a/crypto/evp/evp_utils.c
+++ b/crypto/evp/evp_utils.c
@@ -25,6 +25,8 @@
  * use the same value, and other callers will have to compensate.
  */
 #define PARAM_CHECK(obj, func, errfunc)
\
+if (obj == NULL)   
\
+return 0;  
\
 if (obj->prov == NULL) 
\
 return EVP_CTRL_RET_UNSUPPORTED;   
\
 if (obj->func == NULL) {   
\
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 11d0250a0d..78f67bd643 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -49,6 +49,7 @@ EVP_CIPHER_CTX_settable_params,
 EVP_CIPHER_CTX_block_size,
 EVP_CIPHER_CTX_key_length,
 EVP_CIPHER_CTX_iv_length,
+EVP_CIPHER_CTX_tag_length,
 EVP_CIPHER_CTX_get_app_data,
 EVP_CIPHER_CTX_set_app_data,
 EVP_CIPHER_CTX_type,
@@ -137,6 +138,7 @@ EVP_CIPHER_do_all_ex
  int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
  int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
  int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
  void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
  void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
  int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
@@ -297,6 +299,10 @@ length of a cipher when passed an B or 
B.
 It will return zero if the cipher does not use an IV.  The constant
 B is the maximum IV length for all ciphers.
 
+EVP_CIPHER_CTX_tag_length() returns the tag length of a AEAD cipher when passed
+a B. It will return zero if the cipher does not support a tag.
+It returns a default value if the tag length has not been set.
+
 EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
 size of a cipher when passed an B or B
 structure. The constant B is also the maximum block
@@ -395,6 +401,9 @@ EVP_CIPHER_CTX_set_padding() always returns 1.
 EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
 length or zero if the cipher does not use an IV.
 
+EVP_CIPHER_CTX_tag_length() return the tag length or zero if the cipher does 
not
+use a tag.
+
 EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
 OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
 
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 1b7dff8f76..d5d2f13390 100644
--- a/doc/man7/provider-cipher.pod
+++ 

[openssl] master update

2019-09-11 Thread Matt Caswell
The branch master has been updated
   via  5840ed0cd1e6487d247efbc1a04136a41d7b3a37 (commit)
  from  fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e (commit)


- Log -
commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37
Author: Bernd Edlinger 
Date:   Sun Sep 1 00:16:28 2019 +0200

Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.

As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.

The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9777)

---

Summary of changes:
 CHANGES | 14 ++
 crypto/cms/cms_env.c| 18 +-
 crypto/cms/cms_lcl.h|  2 ++
 crypto/cms/cms_smime.c  |  4 
 crypto/pkcs7/pk7_doit.c | 12 
 5 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3d2f94303a..29ab546d91 100644
--- a/CHANGES
+++ b/CHANGES
@@ -27,6 +27,20 @@
  (CVE-2019-1547)
  [Billy Bob Brumley]
 
+  *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+ An attack is simple, if the first CMS_recipientInfo is valid but the
+ second CMS_recipientInfo is chosen ciphertext. If the second
+ recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
+ encryption key will be replaced by garbage, and the message cannot be
+ decoded, but if the RSA decryption fails, the correct encryption key is
+ used and the recipient will not notice the attack.
+ As a work around for this potential attack the length of the decrypted
+ key must be equal to the cipher default key length, in case the
+ certifiate is not given and all recipientInfo are tried out.
+ The old behaviour can be re-enabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag.
+ [Bernd Edlinger]
+
   *) Early start up entropy quality from the DEVRANDOM seed source has been
  improved for older Linux systems.  The RAND subsystem will wait for
  /dev/random to be producing output before seeding from /dev/urandom.
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index acfbf8c50a..27e98ce0a7 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -363,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo 
*cms,
 unsigned char *ek = NULL;
 size_t eklen;
 int ret = 0;
+size_t fixlen = 0;
 CMS_EncryptedContentInfo *ec;
 ec = cms->d.envelopedData->encryptedContentInfo;
 
@@ -371,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo 
*cms,
 return 0;
 }
 
+if (cms->d.envelopedData->encryptedContentInfo->havenocert
+&& !cms->d.envelopedData->encryptedContentInfo->debug) {
+X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+if (ciph == NULL) {
+CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER);
+return 0;
+}
+
+fixlen = EVP_CIPHER_key_length(ciph);
+}
+
 ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
 if (ktri->pctx == NULL)
 return 0;
@@ -401,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo 
*cms,
 
 if (EVP_PKEY_decrypt(ktri->pctx, ek, ,
  ktri->encryptedKey->data,
- ktri->encryptedKey->length) <= 0) {
+ ktri->encryptedKey->length) <= 0
+|| eklen == 0
+|| (fixlen != 0 && eklen != fixlen)) {
 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
 goto err;
 }
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
index 08f086b589..40d9c4bb7d 100644
--- a/crypto/cms/cms_lcl.h
+++ b/crypto/cms/cms_lcl.h
@@ -125,6 +125,8 @@ struct CMS_EncryptedContentInfo_st {
 size_t keylen;
 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
 int debug;
+/* Set to 1 if we have no cert and need extra safety measures for MMA */
+int havenocert;
 };
 
 struct CMS_RecipientInfo_st {
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 5f1a47d768..ae95ff2dd2 100644
--- a/crypto/cms/cms_smime.c
+++ 

[openssl] master update

2019-09-11 Thread Dr . Paul Dale
The branch master has been updated
   via  4a3dd6292385a23134e113a01463f9516004ae85 (commit)
   via  f20a59cb1c21e360f000e541e2e41aceca515929 (commit)
   via  d111712f6a7ae0ce37062d75fa3fa72e277e7455 (commit)
   via  64da55a64f141bb068f034ab0df34ec2a044e482 (commit)
   via  085f1d11a01e62c5abfe6486ee9dce00a808d977 (commit)
   via  6ce4ff19158273ccf3313d5ece6adbd8bda0ac4b (commit)
   via  7e56c626936f7070070cf989053dc0011a9bca9c (commit)
   via  92475712a9ca5e53913c4d1541ea9d044e183108 (commit)
  from  5840ed0cd1e6487d247efbc1a04136a41d7b3a37 (commit)


- Log -
commit 4a3dd6292385a23134e113a01463f9516004ae85
Author: Pauli 
Date:   Mon Sep 9 10:14:32 2019 +1000

Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS)

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9805)

commit f20a59cb1c21e360f000e541e2e41aceca515929
Author: Pauli 
Date:   Sun Sep 8 18:39:11 2019 +1000

Coverity 1453634: Resource leaks (RESOURCE_LEAK)

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9805)

commit d111712f6a7ae0ce37062d75fa3fa72e277e7455
Author: Pauli 
Date:   Mon Sep 9 08:04:45 2019 +1000

Coverity 1453633: Error handling issues (CHECKED_RETURN)

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9805)

commit 64da55a64f141bb068f034ab0df34ec2a044e482
Author: Pauli 
Date:   Sun Sep 8 18:37:13 2019 +1000

Coverity 1453632 & 1453635: Null pointer dereferences (FORWARD_NULL)

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9805)

commit 085f1d11a01e62c5abfe6486ee9dce00a808d977
Author: Pauli 
Date:   Sun Sep 8 18:33:12 2019 +1000

Coverity 1453630: Null pointer dereferences (FORWARD_NULL)

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9805)

commit 6ce4ff19158273ccf3313d5ece6adbd8bda0ac4b
Author: Pauli 
Date:   Sun Sep 8 18:29:58 2019 +1000

Coverity 1453628: Null pointer dereferences (REVERSE_INULL)

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9805)

commit 7e56c626936f7070070cf989053dc0011a9bca9c
Author: Pauli 
Date:   Sun Sep 8 18:28:56 2019 +1000

Coverity 1453627: Null pointer dereferences (REVERSE_INULL)

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9805)

commit 92475712a9ca5e53913c4d1541ea9d044e183108
Author: Pauli 
Date:   Sun Sep 8 18:25:34 2019 +1000

Coverity 1414465: Resource leaks  (RESOURCE_LEAK)

Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9805)

---

Summary of changes:
 crypto/evp/kdf_lib.c  | 2 +-
 crypto/rsa/rsa_ossl.c | 4 
 providers/common/kdfs/pbkdf2.c| 4 +++-
 providers/common/macs/gmac_prov.c | 3 ++-
 providers/common/macs/kmac_prov.c | 4 +++-
 ssl/t1_enc.c  | 3 ++-
 test/evp_test.c   | 9 ++---
 7 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
index aa0c5e341f..dedb250988 100644
--- a/crypto/evp/kdf_lib.c
+++ b/crypto/evp/kdf_lib.c
@@ -59,7 +59,7 @@ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src)
 {
 EVP_KDF_CTX *dst;
 
-if (src->data == NULL || src == NULL || src->meth->dupctx == NULL)
+if (src == NULL || src->data == NULL || src->meth->dupctx == NULL)
 return NULL;
 
 dst = OPENSSL_malloc(sizeof(*dst));
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index 29bd97bd1b..5d5efdbd69 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -470,6 +470,8 @@ static int rsa_ossl_private_decrypt(int flen, const 
unsigned char *from,
 goto err;
 
 j = BN_bn2binpad(ret, buf, num);
+if (j < 0)
+goto err;
 
 switch (padding) {
 case RSA_PKCS1_PADDING:
@@ -569,6 +571,8 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned 
char *from,
 goto err;
 
 i = BN_bn2binpad(ret, buf, num);
+if (i < 0)
+goto err;
 
 switch (padding) {
 case RSA_PKCS1_PADDING:
diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c
index ce395576dd..c8480125b2 100644
--- a/providers/common/kdfs/pbkdf2.c
+++ b/providers/common/kdfs/pbkdf2.c
@@ -107,7 +107,9 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx)
 
 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
  SN_sha1, 0);
-ossl_prov_digest_load_from_params(>digest, params, provctx);
+if (!ossl_prov_digest_load_from_params(>digest, params, provctx))
+/* This is an error, but there is no way to indicate such directly */
+

[openssl] master update

2019-09-11 Thread Dr . Paul Dale
The branch master has been updated
   via  64115f05ac950390e80e3993703513cda439fca0 (commit)
   via  69333af49d8ddba6b551506ddbbccea73aee4a6b (commit)
   via  2e548ac9a103f9366675d58dd52ced1889688231 (commit)
   via  27e27cd7ef5df70289058101df1ad2aa9b5ab139 (commit)
   via  1732c260db11273792ea465e29c2018b7bab52e5 (commit)
   via  d810cc197737cc34fac60eee04720ad3fb0088bf (commit)
  from  4a3dd6292385a23134e113a01463f9516004ae85 (commit)


- Log -
commit 64115f05ac950390e80e3993703513cda439fca0
Author: Pauli 
Date:   Mon Sep 9 11:42:22 2019 +1000

Usages of KDFs converted to use the name macros

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9814)

commit 69333af49d8ddba6b551506ddbbccea73aee4a6b
Author: Pauli 
Date:   Mon Sep 9 11:42:00 2019 +1000

Register KDF's using their name macros rather than strings

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9814)

commit 2e548ac9a103f9366675d58dd52ced1889688231
Author: Pauli 
Date:   Mon Sep 9 11:39:10 2019 +1000

Make FIPS provider use KDF name for PBKDF2

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9814)

commit 27e27cd7ef5df70289058101df1ad2aa9b5ab139
Author: Pauli 
Date:   Mon Sep 9 11:37:11 2019 +1000

Update tests to (mostly) use KDF names

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9814)

commit 1732c260db11273792ea465e29c2018b7bab52e5
Author: Pauli 
Date:   Mon Sep 9 11:36:48 2019 +1000

Convert SSL functions to use KDF names not SN_ strings

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9814)

commit d810cc197737cc34fac60eee04720ad3fb0088bf
Author: Pauli 
Date:   Mon Sep 9 11:35:25 2019 +1000

Add macros for the KDF algorithm names.

This avoids the problems with PBKDF2 and SCRYPT not being of the same form
as the rest.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9814)

---

Summary of changes:
 crypto/dh/dh_kdf.c|  2 +-
 crypto/ec/ecdh_kdf.c  |  2 +-
 crypto/evp/p5_crpt2.c |  2 +-
 crypto/evp/pbe_scrypt.c   |  2 +-
 include/openssl/core_names.h  | 10 ++
 providers/default/defltprov.c | 16 
 providers/fips/fipsprov.c | 10 +-
 ssl/t1_enc.c  |  2 +-
 ssl/tls13_enc.c   |  4 ++--
 test/evp_kdf_test.c   | 22 +++---
 10 files changed, 41 insertions(+), 31 deletions(-)

diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index 781d34a94f..a1bbea3013 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -39,7 +39,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
 if (oid_sn == NULL)
 return 0;
 
-kdf = EVP_KDF_fetch(provctx, SN_x942kdf, NULL);
+kdf = EVP_KDF_fetch(provctx, OSSL_KDF_NAME_X942KDF, NULL);
 if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL)
 goto err;
 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index 55e676d20a..a19080940a 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -24,7 +24,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
 EVP_KDF_CTX *kctx = NULL;
 OSSL_PARAM params[4], *p = params;
 const char *mdname = EVP_MD_name(md);
-EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_x963kdf, NULL);
+EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL);
 
 if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) {
 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index c12d35c8ab..96a72730f3 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -40,7 +40,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 if (salt == NULL && saltlen == 0)
 salt = (unsigned char *)empty;
 
-kdf = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL);
+kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL);
 kctx = EVP_KDF_CTX_new(kdf);
 EVP_KDF_free(kdf);
 if (kctx == NULL)
diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c
index 7a9f6f47a4..62b9687949 100644
--- a/crypto/evp/pbe_scrypt.c
+++ b/crypto/evp/pbe_scrypt.c
@@ -62,7 +62,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
 if (maxmem == 0)
 maxmem = SCRYPT_MAX_MEM;
 
-kdf = EVP_KDF_fetch(NULL, SN_id_scrypt, NULL);
+kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL);
 kctx = EVP_KDF_CTX_new(kdf);
 EVP_KDF_free(kdf);
 if (kctx == NULL)
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 27b4588ce1..b11bc614a8 100644
--- a/include/openssl/core_names.h
+++ 

[openssl] master update

2019-09-11 Thread Matt Caswell
The branch master has been updated
   via  fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e (commit)
   via  e301c147a763f67dcc5ba63eb7e2ae40d83a68aa (commit)
  from  1d3cd983f56e0a580ee4216692ee3c9c7bf14de9 (commit)


- Log -
commit fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e
Author: Bernd Edlinger 
Date:   Fri Sep 6 21:54:13 2019 +0200

Fix a potential crash in rand_unix.c

Due to the dynamic allocation that was added to rand_pool_add_begin
this function could now return a null pointer where it was previously
guaranteed to succeed. But the return value of this function does
not need to be checked by design.

Move rand_pool_grow from rand_pool_add_begin to rand_pool_bytes_needed.
Make an allocation error persistent to avoid falling back to less secure
or blocking entropy sources.

Fixes: a6a66e4511ee ("Make rand_pool buffers more dynamic in their sizing.")

Reviewed-by: Matthias St. Pierre 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9687)

commit e301c147a763f67dcc5ba63eb7e2ae40d83a68aa
Author: Bernd Edlinger 
Date:   Sat Aug 24 11:38:32 2019 +0200

Fix a strict warnings error in rand_pool_acquire_entropy

There was a warning about unused variables in this config:
./config --strict-warnings --with-rand-seed=rdcpu

Reviewed-by: Matthias St. Pierre 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9687)

---

Summary of changes:
 crypto/rand/rand_lib.c  | 115 +++-
 crypto/rand/rand_unix.c |  39 +---
 2 files changed, 106 insertions(+), 48 deletions(-)

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index c865ece978..1ab2a8246c 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -545,6 +545,42 @@ size_t rand_pool_entropy_needed(RAND_POOL *pool)
 return 0;
 }
 
+/* Increase the allocation size -- not usable for an attached pool */
+static int rand_pool_grow(RAND_POOL *pool, size_t len)
+{
+if (len > pool->alloc_len - pool->len) {
+unsigned char *p;
+const size_t limit = pool->max_len / 2;
+size_t newlen = pool->alloc_len;
+
+if (pool->attached || len > pool->max_len - pool->len) {
+RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR);
+return 0;
+}
+
+do
+newlen = newlen < limit ? newlen * 2 : pool->max_len;
+while (len > newlen - pool->len);
+
+if (pool->secure)
+p = OPENSSL_secure_zalloc(newlen);
+else
+p = OPENSSL_zalloc(newlen);
+if (p == NULL) {
+RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE);
+return 0;
+}
+memcpy(p, pool->buffer, pool->len);
+if (pool->secure)
+OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
+else
+OPENSSL_clear_free(pool->buffer, pool->alloc_len);
+pool->buffer = p;
+pool->alloc_len = newlen;
+}
+return 1;
+}
+
 /*
  * Returns the number of bytes needed to fill the pool, assuming
  * the input has 1 / |entropy_factor| entropy bits per data bit.
@@ -574,6 +610,24 @@ size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned 
int entropy_factor)
 /* to meet the min_len requirement */
 bytes_needed = pool->min_len - pool->len;
 
+/*
+ * Make sure the buffer is large enough for the requested amount
+ * of data. This guarantees that existing code patterns where
+ * rand_pool_add_begin, rand_pool_add_end or rand_pool_add
+ * are used to collect entropy data without any error handling
+ * whatsoever, continue to be valid.
+ * Furthermore if the allocation here fails once, make sure that
+ * we don't fall back to a less secure or even blocking random source,
+ * as that could happen by the existing code patterns.
+ * This is not a concern for additional data, therefore that
+ * is not needed if rand_pool_grow fails in other places.
+ */
+if (!rand_pool_grow(pool, bytes_needed)) {
+/* persistent error for this pool */
+pool->max_len = pool->len = 0;
+return 0;
+}
+
 return bytes_needed;
 }
 
@@ -583,36 +637,6 @@ size_t rand_pool_bytes_remaining(RAND_POOL *pool)
 return pool->max_len - pool->len;
 }
 
-static int rand_pool_grow(RAND_POOL *pool, size_t len)
-{
-if (len > pool->alloc_len - pool->len) {
-unsigned char *p;
-const size_t limit = pool->max_len / 2;
-size_t newlen = pool->alloc_len;
-
-do
-newlen = newlen < limit ? newlen * 2 : pool->max_len;
-while (len > newlen - pool->len);
-
-if (pool->secure)
-p = OPENSSL_secure_zalloc(newlen);
-else
-p = 

[openssl] master update

2019-09-09 Thread nic . tuv
The branch master has been updated
   via  1d3cd983f56e0a580ee4216692ee3c9c7bf14de9 (commit)
  from  d3a1128bc25ec8bf835c81821e1be68fba39ab4b (commit)


- Log -
commit 1d3cd983f56e0a580ee4216692ee3c9c7bf14de9
Author: Billy Brumley 
Date:   Mon Sep 9 11:29:09 2019 +0300

[test] ECC: check the bounds for auto computing cofactor

Reviewed-by: Matt Caswell 
Reviewed-by: Nicola Tuveri 
(Merged from https://github.com/openssl/openssl/pull/9821)

---

Summary of changes:
 test/ectest.c | 91 +++
 1 file changed, 91 insertions(+)

diff --git a/test/ectest.c b/test/ectest.c
index 4f3bfb7569..58836339af 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -2121,6 +2121,96 @@ err:
 return r;
 }
 
+/*-
+ * random 256-bit explicit parameters curve, cofactor absent
+ * order:0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit)
+ * cofactor:   0x12bc94785251297abfafddf1565100da (125 bit)
+ */
+static const unsigned char params_cf_pass[] = {
+0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86,
+0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5,
+0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d,
+0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93,
+0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5,
+0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d,
+0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93,
+0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc,
+0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27,
+0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23,
+0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77,
+0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b,
+0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4,
+0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9,
+0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a,
+0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c,
+0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96,
+0x14, 0xa8, 0x2f, 0x4f
+};
+
+/*-
+ * random 256-bit explicit parameters curve, cofactor absent
+ * order:0x045a75c0c17228ebd9b169a10e34a22101 (131 bit)
+ * cofactor:   0x2e134b4ede82649f67a2e559d361e5fe (126 bit)
+ */
+static const unsigned char params_cf_fail[] = {
+0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86,
+0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37,
+0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b,
+0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0,
+0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37,
+0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b,
+0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0,
+0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09,
+0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d,
+0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02,
+0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59,
+0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11,
+0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24,
+0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70,
+0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73,
+0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04,
+0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e,
+0x34, 0xa2, 0x21, 0x01
+};
+
+/*-
+ * Test two random 256-bit explicit parameters curves with absent cofactor.
+ * The two curves are chosen to roughly straddle the bounds at which the lib
+ * can compute the cofactor automatically, roughly 4*sqrt(p). So test that:
+ *
+ * - params_cf_pass: order is sufficiently close to p to compute cofactor
+ * - params_cf_fail: order is too far away from p to compute cofactor
+ *
+ * For standards-compliant curves, cofactor is chosen as small as possible.
+ * So you can see neither of these curves are fit for cryptographic use.
+ *
+ * Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2:
+ * h <= 2**(t/8) where t is the security level of the curve, for which the lib
+ * will always succeed in computing the cofactor. Neither of these curves
+ * conform to that -- this is just robustness testing.
+ */
+static int cofactor_range_test(void)
+{
+EC_GROUP *group = NULL;
+

[openssl] master update

2019-09-09 Thread bernd . edlinger
The branch master has been updated
   via  d3a1128bc25ec8bf835c81821e1be68fba39ab4b (commit)
  from  20bf3d8b22f8c1a3529034007d3618fd1fc4fa16 (commit)


- Log -
commit d3a1128bc25ec8bf835c81821e1be68fba39ab4b
Author: Bernd Edlinger 
Date:   Mon Sep 9 11:42:56 2019 +0200

Fix build with VS2008

crypto/rand/rand_win.c(70) : error C2065: 'BCRYPT_USE_SYSTEM_PREFERRED_RNG' 
: undeclared identifier

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9827)

---

Summary of changes:
 crypto/rand/rand_win.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 8b87419698..38852dc7a0 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -19,7 +19,8 @@
 
 # include 
 /* On Windows Vista or higher use BCrypt instead of the legacy CryptoAPI */
-# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600
+# if defined(_MSC_VER) && _MSC_VER > 1500 /* 1500 = Visual Studio 2008 */ \
+ && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600
 #  define USE_BCRYPTGENRANDOM
 # endif
 


[openssl] master update

2019-09-09 Thread Matt Caswell
The branch master has been updated
   via  20bf3d8b22f8c1a3529034007d3618fd1fc4fa16 (commit)
   via  864b89ce497c57207d04a83e23f96f50dae9d164 (commit)
   via  9c45222ddc36124b8826d98dc0794f3eef1e5f0b (commit)
   via  21fb7067228e39633755aeba251e925634e64870 (commit)
   via  4f62f5d9af4fb4c7765859967ee39252e34ceeb9 (commit)
   via  11031468c38c801b6acefe9bba9d531d92653da3 (commit)
   via  390acbebfa90500c79c5014e6659eacda861550c (commit)
   via  4889dadcb8511176c30888c748f1981adc38451d (commit)
   via  dfcb5d29b525f5d2b6bd80602dca5efe5fca77bb (commit)
  from  2b95e8efcf8b99892106070d9ac745a0a369f503 (commit)


- Log -
commit 20bf3d8b22f8c1a3529034007d3618fd1fc4fa16
Author: Matt Caswell 
Date:   Thu Sep 5 14:57:06 2019 +0100

Use simple names in core_names.h

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

commit 864b89ce497c57207d04a83e23f96f50dae9d164
Author: Matt Caswell 
Date:   Wed Sep 4 23:13:25 2019 +0100

Move EVP_PKEY algorithm implementations into a union

An EVP_PKEY can be used for multiple different algorithm operations.
Only one can be used at a time, so we move those into a union.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

commit 9c45222ddc36124b8826d98dc0794f3eef1e5f0b
Author: Matt Caswell 
Date:   Wed Sep 4 12:46:02 2019 +0100

Revise EVP_PKEY param handling

We add new functions for getting parameters and discovering the gettable
and settable parameters. We also make EVP_PKEY_CTX_get_signature_md() a
function and implement it in terms of the new functions.

This enables applications to discover the set of parameters that are
supported for a given algorithm implementation.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

commit 21fb7067228e39633755aeba251e925634e64870
Author: Matt Caswell 
Date:   Wed Sep 4 10:58:59 2019 +0100

Enable DH "keys" which only contain domain parameters

It is valid for a pub_key and priv_key to be missing from a DH "key".

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

commit 4f62f5d9af4fb4c7765859967ee39252e34ceeb9
Author: Matt Caswell 
Date:   Tue Sep 3 17:05:52 2019 +0100

Add docs for the provider interface for signature operations

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

commit 11031468c38c801b6acefe9bba9d531d92653da3
Author: Matt Caswell 
Date:   Tue Sep 3 16:15:21 2019 +0100

Add public API docs for newly added EVP_SIGNATURE related functions

Documentation for EVP_SIGNATURE_*() as well as EVP_PKEY_sign_init_ex(),
EVP_PKEY_verify_init_ex() and EVP_PKEY_verify_recover_init_ex().

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

commit 390acbebfa90500c79c5014e6659eacda861550c
Author: Matt Caswell 
Date:   Mon Sep 2 16:48:26 2019 +0100

Add support for verify/verify_recover functions to EVP_SIGNATURE

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

commit 4889dadcb8511176c30888c748f1981adc38451d
Author: Matt Caswell 
Date:   Fri Aug 30 13:33:37 2019 +0100

Implement DSA in the default provider

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

commit dfcb5d29b525f5d2b6bd80602dca5efe5fca77bb
Author: Matt Caswell 
Date:   Fri Aug 30 13:33:10 2019 +0100

Add the ability to perform signatures in a provider

This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It
also introduces the new type EVP_SIGNATURE to represent signature
algorithms. This also automatically makes the EVP_Sign* APIs provider
aware because they use EVP_Digest* (which is already provider aware)
and EVP_PKEY_sign(_init) under the covers.

At this stage there are no signature algorithms in any providers. That
will come in the following commits.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9753)

---

Summary of changes:
 crypto/cms/cms_sd.c|  24 ++
 crypto/dh/dh_ameth.c   |  25 +-
 crypto/dsa/dsa_ameth.c |  71 +++-
 crypto/dsa/dsa_gen.c   |   2 +
 crypto/dsa/dsa_key.c   |   1 +
 crypto/dsa/dsa_lib.c   |   2 +
 crypto/dsa/dsa_locl.h  |   3 +
 crypto/evp/digest.c|   9 +-
 crypto/evp/evp_locl.h  |  33 +-
 crypto/evp/exchange.c

[openssl] master update

2019-09-09 Thread bernd . edlinger
The branch master has been updated
   via  2b95e8efcf8b99892106070d9ac745a0a369f503 (commit)
   via  fa01370f7dc8f0a379483bbe74de11225857e5fe (commit)
   via  feeb7ecd2f272e1c195e51cefc0d6b0199fef1d0 (commit)
  from  bfed4fc8367b55e630c70cc038887ddf9b090dd6 (commit)


- Log -
commit 2b95e8efcf8b99892106070d9ac745a0a369f503
Author: Bernd Edlinger 
Date:   Sat Sep 7 00:58:31 2019 +0200

DH_check_pub_key_ex was accidentally calling DH_check,
so results were undefined.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9796)

commit fa01370f7dc8f0a379483bbe74de11225857e5fe
Author: Bernd Edlinger 
Date:   Sat Sep 7 00:53:24 2019 +0200

Use BN_clear_free in DH_set0_key

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9796)

commit feeb7ecd2f272e1c195e51cefc0d6b0199fef1d0
Author: Bernd Edlinger 
Date:   Fri Sep 6 23:38:49 2019 +0200

Check the DH modulus bit length

The check was missing in DH_check and DH_check_params.

[extended tests]

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9796)

---

Summary of changes:
 crypto/dh/dh_check.c| 15 ++-
 crypto/dh/dh_lib.c  |  4 ++--
 doc/man3/DH_generate_parameters.pod | 10 +-
 include/openssl/dh.h|  4 +++-
 test/dhtest.c   | 16 +---
 5 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index aff7e37181..2d19a8f120 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -31,6 +31,10 @@ int DH_check_params_ex(const DH *dh)
 DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
 if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
 DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR);
+if ((errflags & DH_MODULUS_TOO_SMALL) != 0)
+DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_MODULUS_TOO_SMALL);
+if ((errflags & DH_MODULUS_TOO_LARGE) != 0)
+DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_MODULUS_TOO_LARGE);
 
 return errflags == 0;
 }
@@ -58,6 +62,10 @@ int DH_check_params(const DH *dh, int *ret)
 goto err;
 if (BN_cmp(dh->g, tmp) >= 0)
 *ret |= DH_NOT_SUITABLE_GENERATOR;
+if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS)
+*ret |= DH_MODULUS_TOO_SMALL;
+if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+*ret |= DH_MODULUS_TOO_LARGE;
 
 ok = 1;
  err:
@@ -91,6 +99,10 @@ int DH_check_ex(const DH *dh)
 DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME);
 if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
 DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME);
+if ((errflags & DH_MODULUS_TOO_SMALL) != 0)
+DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_SMALL);
+if ((errflags & DH_MODULUS_TOO_LARGE) != 0)
+DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_LARGE);
 
 return errflags == 0;
 }
@@ -164,7 +176,8 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
 {
 int errflags = 0;
 
-(void)DH_check(dh, );
+if (!DH_check_pub_key(dh, pub_key, ))
+return 0;
 
 if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
 DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index df3166279e..0382e442d5 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -235,11 +235,11 @@ void DH_get0_key(const DH *dh, const BIGNUM **pub_key, 
const BIGNUM **priv_key)
 int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
 {
 if (pub_key != NULL) {
-BN_free(dh->pub_key);
+BN_clear_free(dh->pub_key);
 dh->pub_key = pub_key;
 }
 if (priv_key != NULL) {
-BN_free(dh->priv_key);
+BN_clear_free(dh->priv_key);
 dh->priv_key = priv_key;
 }
 
diff --git a/doc/man3/DH_generate_parameters.pod 
b/doc/man3/DH_generate_parameters.pod
index a1541caf68..4908dcf515 100644
--- a/doc/man3/DH_generate_parameters.pod
+++ b/doc/man3/DH_generate_parameters.pod
@@ -73,6 +73,14 @@ The generator B is not suitable.
 Note that the lack of this bit doesn't guarantee that B is
 suitable, unless B is known to be a strong prime.
 
+=item DH_MODULUS_TOO_SMALL
+
+The modulus is too small.
+
+=item DH_MODULUS_TOO_LARGE
+
+The modulus is too large.
+
 =back
 
 DH_check() confirms that the Diffie-Hellman parameters B are valid. The
@@ -141,7 +149,7 @@ DH_generate_parameters_ex() instead.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git 

[openssl] master update

2019-09-09 Thread nic . tuv
The branch master has been updated
   via  bfed4fc8367b55e630c70cc038887ddf9b090dd6 (commit)
   via  65936a56461fe09e8c81bca45122af5adcfabb00 (commit)
  from  3f37050e33c47b246b530ef01f0b0bda9126581c (commit)


- Log -
commit bfed4fc8367b55e630c70cc038887ddf9b090dd6
Author: Nicola Tuveri 
Date:   Mon Sep 9 04:00:37 2019 +0300

Uniform TEST_*() check usage in test/ectest.c

- Replace a `TEST_true()` with `!TEST_false()` to avoid reporting
  confusing errors
- We tend to use `if (!TEST_foo() || !TEST_bar())` and it's a bit
  confusing to switch to `if(!(TEST_foo() && TEST_bar()))`: replace it
  with the more common style

Reviewed-by: Matt Caswell 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9813)

commit 65936a56461fe09e8c81bca45122af5adcfabb00
Author: Nicola Tuveri 
Date:   Mon Sep 9 03:52:00 2019 +0300

Fix spacing nit in test/ectest.c

Reviewed-by: Matt Caswell 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9813)

---

Summary of changes:
 test/ectest.c | 28 ++--
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/test/ectest.c b/test/ectest.c
index e0081c8866..4f3bfb7569 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1679,8 +1679,8 @@ static int check_named_curve_test(int id)
  group_cofactor))
 || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
 /* The order is not an optional field, so this should fail */
-|| TEST_true(EC_GROUP_set_generator(gtest, group_gen, NULL,
-group_cofactor))
+|| !TEST_false(EC_GROUP_set_generator(gtest, group_gen, NULL,
+  group_cofactor))
 || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order,
  other_cofactor))
 || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
@@ -2137,7 +2137,7 @@ static int cardinality_test(int n)
 BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = 
NULL,
*g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL;
 
-   TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid));
+TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid));
 
 if (!TEST_ptr(ctx = BN_CTX_new())
 || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))
@@ -2214,17 +2214,17 @@ static int check_ec_key_field_public_range_test(int id)
 BIGNUM *x = NULL, *y = NULL;
 EC_KEY *key = NULL;
 
-if (!(TEST_ptr(x = BN_new())
-  && TEST_ptr(y = BN_new())
-  && TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid))
-  && TEST_ptr(group = EC_KEY_get0_group(key))
-  && TEST_ptr(meth = EC_GROUP_method_of(group))
-  && TEST_ptr(field = EC_GROUP_get0_field(group))
-  && TEST_int_gt(EC_KEY_generate_key(key), 0)
-  && TEST_int_gt(EC_KEY_check_key(key), 0)
-  && TEST_ptr(pub = EC_KEY_get0_public_key(key))
-  && TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y,
- NULL), 0)))
+if (!TEST_ptr(x = BN_new())
+|| !TEST_ptr(y = BN_new())
+|| !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid))
+|| !TEST_ptr(group = EC_KEY_get0_group(key))
+|| !TEST_ptr(meth = EC_GROUP_method_of(group))
+|| !TEST_ptr(field = EC_GROUP_get0_field(group))
+|| !TEST_int_gt(EC_KEY_generate_key(key), 0)
+|| !TEST_int_gt(EC_KEY_check_key(key), 0)
+|| !TEST_ptr(pub = EC_KEY_get0_public_key(key))
+|| !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y,
+NULL), 0))
 goto err;
 
 /*


[openssl] master update

2019-09-09 Thread Richard Levitte
The branch master has been updated
   via  3f37050e33c47b246b530ef01f0b0bda9126581c (commit)
  from  bacaa618c26411d212015493d0eb82076a3e76a1 (commit)


- Log -
commit 3f37050e33c47b246b530ef01f0b0bda9126581c
Author: Jakub Zelenka 
Date:   Sun Sep 8 17:32:07 2019 +0100

Fix typos in the OSSL_METHOD_STORE doc

Reviewed-by: Paul Yang 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9825)

---

Summary of changes:
 doc/internal/man3/OSSL_METHOD_STORE.pod | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/internal/man3/OSSL_METHOD_STORE.pod 
b/doc/internal/man3/OSSL_METHOD_STORE.pod
index afd1dd5982..f178a0ee75 100644
--- a/doc/internal/man3/OSSL_METHOD_STORE.pod
+++ b/doc/internal/man3/OSSL_METHOD_STORE.pod
@@ -76,7 +76,7 @@ the B.
 ossl_method_store_remove() removes the B identified by B from the
 B.
 
-ossl_method_store_fetch() queries B for an method identified by B
+ossl_method_store_fetch() queries B for a method identified by B
 that matches the property query B.
 The result, if any, is returned in B.
 
@@ -88,24 +88,24 @@ and the ones passed to the ossl_method_store_free().
 =head2 Cache Functions
 
 ossl_method_store_cache_get() queries the cache associated with the B
-for an method identified by B that matches the property query
+for a method identified by B that matches the property query
 B.
 The result, if any, is returned in B.
 
 ossl_method_store_cache_set() sets a cache entry identified by B with the
 property query B in the B.
-Future cache gets will return the specified B.
+Future calls to ossl_method_store_cache_get() will return the specified 
B.
 
 =head1 RETURN VALUES
 
-ossl_method_store_new() a new method store object or B on failure.
+ossl_method_store_new() returns a new method store object or B on 
failure.
 
 ossl_method_store_free(), ossl_method_store_add(),
 ossl_method_store_remove(), ossl_method_store_fetch(),
 ossl_method_store_set_global_properties(), ossl_method_store_cache_get()
 and ossl_method_store_cache_set() return B<1> on success and B<0> on error.
 
-ossl_method_store_free() and ossl_method_store_cleanup() do not return values.
+ossl_method_store_free() and ossl_method_store_cleanup() do not return any 
value.
 
 =head1 HISTORY
 


[openssl] master update

2019-09-09 Thread nic . tuv
The branch master has been updated
   via  bacaa618c26411d212015493d0eb82076a3e76a1 (commit)
  from  bd9faf117db1e53b2ad2ee9cbfe8def8c98ecb7b (commit)


- Log -
commit bacaa618c26411d212015493d0eb82076a3e76a1
Author: Nicola Tuveri 
Date:   Sat Sep 7 18:05:31 2019 +0300

[ec] Match built-in curves on EC_GROUP_new_from_ecparameters

Description
---

Upon `EC_GROUP_new_from_ecparameters()` check if the parameters match any
of the built-in curves. If that is the case, return a new
`EC_GROUP_new_by_curve_name()` object instead of the explicit parameters
`EC_GROUP`.

This affects all users of `EC_GROUP_new_from_ecparameters()`:
- direct calls to `EC_GROUP_new_from_ecparameters()`
- direct calls to `EC_GROUP_new_from_ecpkparameters()` with an explicit
  parameters argument
- ASN.1 parsing of explicit parameters keys (as it eventually
  ends up calling `EC_GROUP_new_from_ecpkparameters()`)

A parsed explicit parameter key will still be marked with the
`OPENSSL_EC_EXPLICIT_CURVE` ASN.1 flag on load, so, unless
programmatically forced otherwise, if the key is eventually serialized
the output will still be encoded with explicit parameters, even if
internally it is treated as a named curve `EC_GROUP`.

Before this change, creating any `EC_GROUP` object using
`EC_GROUP_new_from_ecparameters()`, yielded an object associated with
the default generic `EC_METHOD`, but this was never guaranteed in the
documentation.
After this commit, users of the library that intentionally want to
create an `EC_GROUP` object using a specific `EC_METHOD` can still
explicitly call `EC_GROUP_new(foo_method)` and then manually set the
curve parameters using `EC_GROUP_set_*()`.

Motivation
--

This has obvious performance benefits for the built-in curves with
specialized `EC_METHOD`s and subtle but important security benefits:
- the specialized methods have better security hardening than the
  generic implementations
- optional fields in the parameter encoding, like the `cofactor`, cannot
  be leveraged by an attacker to force execution of the less secure
  code-paths for single point scalar multiplication
- in general, this leads to reducing the attack surface

Check the manuscript at https://arxiv.org/abs/1909.01785 for an in depth
analysis of the issues related to this commit.

It should be noted that `libssl` does not allow to negotiate explicit
parameters (as per RFC 8422), so it is not directly affected by the
consequences of using explicit parameters that this commit fixes.
On the other hand, we detected external applications and users in the
wild that use explicit parameters by default (and sometimes using 0 as
the cofactor value, which is technically not a valid value per the
specification, but is tolerated by parsers for wider compatibility given
that the field is optional).
These external users of `libcrypto` are exposed to these vulnerabilities
and their security will benefit from this commit.

Related commits
---

While this commit is beneficial for users using built-in curves and
explicit parameters encoding for serialized keys, commit
b783beeadf6b80bc431e6f3230b5d5585c87ef87 (and its equivalents for the
1.0.2, 1.1.0 and 1.1.1 stable branches) fixes the consequences of the
invalid cofactor values more in general also for other curves
(CVE-2019-1547).

The following list covers commits in `master` that are related to the
vulnerabilities presented in the manuscript motivating this commit:

- d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too
- 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key 
validation.
- b783beeadf [crypto/ec] for ECC parameters with NULL or zero cofactor, 
compute it
- 724339ff44 Fix SCA vulnerability when using PVK and MSBLOB key formats

Note that the PRs that contributed the listed commits also include other
commits providing related testing and documentation, in addition to
links to PRs and commits backporting the fixes to the 1.0.2, 1.1.0 and
1.1.1 branches.

Responsible Disclosure
--

This and the other issues presented in https://arxiv.org/abs/1909.01785
were reported by Cesar Pereida GarcĂ­a, Sohaib ul Hassan, Nicola Tuveri,
Iaroslav Gridin, Alejandro Cabrera Aldaya and Billy Bob Brumley from the
NISEC group at Tampere University, FINLAND.

The OpenSSL Security Team evaluated the security risk for this
vulnerability as low, and encouraged to propose fixes using public Pull
Requests.


___


[openssl] master update

2019-09-09 Thread Richard Levitte
The branch master has been updated
   via  bd9faf117db1e53b2ad2ee9cbfe8def8c98ecb7b (commit)
  from  03e5668343078b963cc6544ad7270743de13e514 (commit)


- Log -
commit bd9faf117db1e53b2ad2ee9cbfe8def8c98ecb7b
Author: Richard Levitte 
Date:   Mon Sep 9 02:41:26 2019 +0200

Do no mention private headers in public headers

Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/9812)

---

Summary of changes:
 include/openssl/bio.h   | 2 +-
 include/openssl/ct.h| 2 --
 include/openssl/dtls1.h | 2 +-
 include/openssl/evp.h   | 2 +-
 4 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 2312ca647c..3e4fbd35b0 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -142,7 +142,7 @@ extern "C" {
 # define BIO_CTRL_DGRAM_SET_PEEK_MODE  71
 
 /*
- * internal BIO see include/internal/bio.h:
+ * internal BIO:
  * # define BIO_CTRL_SET_KTLS_SEND 72
  * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG74
  * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG   75
diff --git a/include/openssl/ct.h b/include/openssl/ct.h
index 334e1aff55..76f566304e 100644
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -463,8 +463,6 @@ __owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const 
char *file);
 
 /*
  * Loads the default CT log list into a |store|.
- * See internal/cryptlib.h for the environment variable and file path that are
- * consulted to find the default file.
  * Returns 1 if loading is successful, or 0 otherwise.
  */
 __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index f717afbe51..ef01d8b9db 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -47,7 +47,7 @@ extern "C" {
 
 # define DTLS1_AL_HEADER_LENGTH   2
 
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
+/* Timeout multipliers */
 # define DTLS1_TMO_READ_COUNT  2
 # define DTLS1_TMO_WRITE_COUNT 2
 
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index a0733b9697..d1bd0b69d0 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -186,7 +186,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX 
*ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE0x0200
-/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */
+/* NOTE: 0x0400 is reserved for internal usage */
 
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
 EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);


[openssl] master update

2019-09-09 Thread matthias . st . pierre
The branch master has been updated
   via  03e5668343078b963cc6544ad7270743de13e514 (commit)
  from  a1a0e6f28580d6a79762188128e23cca559993a8 (commit)


- Log -
commit 03e5668343078b963cc6544ad7270743de13e514
Author: Dr. Matthias St. Pierre 
Date:   Tue Jul 23 20:54:03 2019 +0200

Configure: clang: move -Wno-unknown-warning-option to the front

While gcc ignores unknown options of the type '-Wno-xxx', clang by default 
issues
a warning [-Wunknown-warning-option] (see [3]), which together with 
'-Werror'
causes the build to fail. This turned out to be a problem on the 1.0.2 
stable branch
in the case of the '-Wextended-offsetof' option, which was removed in 
version 6.0.0,
but needs to be kept here in order to support older clang versions, too 
(see #9446).

Incidentally, master and 1.1.1 branch already contained the 
-Wno-unknown-warning-option
option. Due to its special role and its importance, this commit adds an 
explaining
commit message and moves the option to the front.

[extended tests]

Reviewed-by: Richard Levitte 
Reviewed-by: Bernd Edlinger 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9447)

---

Summary of changes:
 Configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Configure b/Configure
index 21bd348d52..a5b56a0d20 100755
--- a/Configure
+++ b/Configure
@@ -144,13 +144,13 @@ my @gcc_devteam_warn = qw(
 #   -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
 #   -Wextended-offsetof -- no, needed in CMS ASN1 code
 my @clang_devteam_warn = qw(
+-Wno-unknown-warning-option
 -Wswitch-default
 -Wno-parentheses-equality
 -Wno-language-extension-token
 -Wno-extended-offsetof
 -Wconditional-uninitialized
 -Wincompatible-pointer-types-discards-qualifiers
--Wno-unknown-warning-option
 -Wmissing-variable-declarations
 );
 


[openssl] master update

2019-09-07 Thread nic . tuv
The branch master has been updated
   via  a1a0e6f28580d6a79762188128e23cca559993a8 (commit)
   via  5041ea38c96c9c8d7fc207a7fd25969f167f0f76 (commit)
  from  e97bab6929bbbc5b8364b25ca2ef4fcb02dd6e2a (commit)


- Log -
commit a1a0e6f28580d6a79762188128e23cca559993a8
Author: Billy Brumley 
Date:   Fri Sep 6 17:26:40 2019 +0300

CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it

This is a forward port from https://github.com/openssl/openssl/pull/9781
of the CHANGES entry for the functionality added in
https://github.com/openssl/openssl/pull/9727

(cherry picked from commit 4b965086cb56c24cb5d2197fc04869b95f209a11)

Reviewed-by: Nicola Tuveri 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9797)

commit 5041ea38c96c9c8d7fc207a7fd25969f167f0f76
Author: Billy Brumley 
Date:   Fri Sep 6 17:26:08 2019 +0300

[test] computing ECC cofactors: regression test

This is a forward port from
https://github.com/openssl/openssl/pull/9781
for the test logic introduced by
https://github.com/openssl/openssl/pull/9727

As @mattcaswell commented
(https://github.com/openssl/openssl/pull/9781#discussion_r321621541):

> These `TEST_true` calls should be `!TEST_false` because we are
> *expecting* a failure.
> The difference is that the test framework will print error details if
> the test doesn't give the expected answer.
> So by using `TEST_true` instead of `!TEST_false` we'll get error
> details printed, but the test will succeed anyway.

(cherry picked from commit e8aafc891d9bd7fa1cce0401d858ef842f09b49e)

Reviewed-by: Nicola Tuveri 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9797)

---

Summary of changes:
 CHANGES   |  7 +++
 test/ectest.c | 10 +-
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 369b32756c..9599c64545 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,13 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX ]
 
+  *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
+ this change, EC_GROUP_set_generator would accept order and/or cofactor as
+ NULL. After this change, only the cofactor parameter can be NULL. It also
+ does some minimal sanity checks on the passed order.
+ (CVE-2019-1547)
+ [Billy Bob Brumley]
+
   *) Early start up entropy quality from the DEVRANDOM seed source has been
  improved for older Linux systems.  The RAND subsystem will wait for
  /dev/random to be producing output before seeding from /dev/urandom.
diff --git a/test/ectest.c b/test/ectest.c
index 2cbbd4e340..b51a3b1207 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1914,19 +1914,19 @@ static int cardinality_test(int n)
 /* negative test for invalid cofactor */
 || !TEST_true(BN_set_word(g2_cf, 0))
 || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one()))
-|| TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf))
+|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf))
 /* negative test for NULL order */
-|| TEST_true(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL))
+|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL))
 /* negative test for zero order */
 || !TEST_true(BN_set_word(g1_order, 0))
-|| TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
+|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
 /* negative test for negative order */
 || !TEST_true(BN_set_word(g2_cf, 0))
 || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one()))
-|| TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
+|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
 /* negative test for too large order */
 || !TEST_true(BN_lshift(g1_order, g1_p, 2))
-|| TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)))
+|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)))
 goto err;
 ret = 1;
  err:


[openssl] master update

2019-09-07 Thread bernd . edlinger
The branch master has been updated
   via  31ca19403d56ad71d823cf62990518dfc6905bb4 (commit)
  from  d2baf88c43e5a40cfc3bcd4ca35cbae53161941c (commit)


- Log -
commit 31ca19403d56ad71d823cf62990518dfc6905bb4
Author: Bernd Edlinger 
Date:   Fri Sep 6 08:46:46 2019 +0200

Fix a SCA leak in BN_generate_dsa_nonce

Reviewed-by: Matt Caswell 
Reviewed-by: Nicola Tuveri 
(Merged from https://github.com/openssl/openssl/pull/9782)

---

Summary of changes:
 crypto/bn/bn_rand.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index fa75a3b10e..2b3e6f2076 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -264,8 +264,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
 goto err;
 
 /* We copy |priv| into a local buffer to avoid exposing its length. */
-todo = sizeof(priv->d[0]) * priv->top;
-if (todo > sizeof(private_bytes)) {
+if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) {
 /*
  * No reasonable DSA or ECDSA key should have a private key this
  * large and we don't handle this case in order to avoid leaking the
@@ -274,8 +273,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
 BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
 goto err;
 }
-memcpy(private_bytes, priv->d, todo);
-memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
 
 md = EVP_MD_fetch(libctx, "SHA512", NULL);
 if (md == NULL) {


[openssl] master update

2019-09-07 Thread Matt Caswell
The branch master has been updated
   via  d2baf88c43e5a40cfc3bcd4ca35cbae53161941c (commit)
   via  311e903d8468e2a380d371609a10eda71de16c0e (commit)
  from  c7bfb138acf6103ae6fd178eb212b110bfb39c0d (commit)


- Log -
commit d2baf88c43e5a40cfc3bcd4ca35cbae53161941c
Author: Cesar Pereida Garcia 
Date:   Fri Sep 6 10:48:00 2019 +0300

[crypto/rsa] Set the constant-time flag in multi-prime RSA too

Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9779)

commit 311e903d8468e2a380d371609a10eda71de16c0e
Author: Cesar Pereida Garcia 
Date:   Thu Sep 5 12:13:11 2019 +0300

[crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation.

This commit addresses multiple side-channel vulnerabilities present
during RSA key validation.
Private key parameters are re-computed using variable-time functions.

This issue was discovered and reported by the NISEC group at TAU Finland.

Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9779)

---

Summary of changes:
 crypto/asn1/x_bignum.c | 17 ++---
 crypto/rsa/rsa_lib.c   | 15 ---
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
index d7abca6c76..c5e892900e 100644
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
@@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char 
*cont, int len,
 static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
  int utype, char *free_cont, const ASN1_ITEM *it)
 {
-if (!*pval)
-bn_secure_new(pval, it);
-return bn_c2i(pval, cont, len, utype, free_cont, it);
+int ret;
+BIGNUM *bn;
+
+if (!*pval && !bn_secure_new(pval, it))
+return 0;
+
+ret = bn_c2i(pval, cont, len, utype, free_cont, it);
+if (!ret)
+return 0;
+
+/* Set constant-time flag for all secure BIGNUMS */
+bn = (BIGNUM *)*pval;
+BN_set_flags(bn, BN_FLG_CONSTTIME);
+return ret;
 }
 
 static int bn_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it,
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index f337a0df08..c6e570089f 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -325,6 +325,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
 if (d != NULL) {
 BN_clear_free(r->d);
 r->d = d;
+BN_set_flags(r->d, BN_FLG_CONSTTIME);
 }
 
 return 1;
@@ -342,10 +343,12 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
 if (p != NULL) {
 BN_clear_free(r->p);
 r->p = p;
+BN_set_flags(r->p, BN_FLG_CONSTTIME);
 }
 if (q != NULL) {
 BN_clear_free(r->q);
 r->q = q;
+BN_set_flags(r->q, BN_FLG_CONSTTIME);
 }
 
 return 1;
@@ -364,14 +367,17 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM 
*dmq1, BIGNUM *iqmp)
 if (dmp1 != NULL) {
 BN_clear_free(r->dmp1);
 r->dmp1 = dmp1;
+BN_set_flags(r->dmp1, BN_FLG_CONSTTIME);
 }
 if (dmq1 != NULL) {
 BN_clear_free(r->dmq1);
 r->dmq1 = dmq1;
+BN_set_flags(r->dmq1, BN_FLG_CONSTTIME);
 }
 if (iqmp != NULL) {
 BN_clear_free(r->iqmp);
 r->iqmp = iqmp;
+BN_set_flags(r->iqmp, BN_FLG_CONSTTIME);
 }
 
 return 1;
@@ -403,12 +409,15 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], 
BIGNUM *exps[],
 if (pinfo == NULL)
 goto err;
 if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) {
-BN_free(pinfo->r);
-BN_free(pinfo->d);
-BN_free(pinfo->t);
+BN_clear_free(pinfo->r);
+BN_clear_free(pinfo->d);
+BN_clear_free(pinfo->t);
 pinfo->r = primes[i];
 pinfo->d = exps[i];
 pinfo->t = coeffs[i];
+BN_set_flags(pinfo->r, BN_FLG_CONSTTIME);
+BN_set_flags(pinfo->d, BN_FLG_CONSTTIME);
+BN_set_flags(pinfo->t, BN_FLG_CONSTTIME);
 } else {
 rsa_multip_info_free(pinfo);
 goto err;


[openssl] master update

2019-09-07 Thread Matt Caswell
The branch master has been updated
   via  dc5bcb88d819de55eb37460c122e02fec91c6d86 (commit)
   via  debb64a0ca43969eb3f043aa8895a4faa7f12b6e (commit)
  from  7e8c3381937354cf171ceaf4c69315e9a45d4858 (commit)


- Log -
commit dc5bcb88d819de55eb37460c122e02fec91c6d86
Author: Matt Caswell 
Date:   Thu Sep 5 16:21:56 2019 +0100

Teach TLSProxy how to parse CertificateRequest messages

We also use this in test_tls13messages to check that the extensions we
expect to see in a CertificateRequest are there.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/9780)

commit debb64a0ca43969eb3f043aa8895a4faa7f12b6e
Author: Matt Caswell 
Date:   Thu Sep 5 16:43:57 2019 +0100

Don't send a status_request extension in a CertificateRequest message

If a TLSv1.3 server configured to respond to the status_request extension
also attempted to send a CertificateRequest then it was incorrectly
inserting a non zero length status_request extension into that message.

The TLSv1.3 RFC does allow that extension in that message but it must
always be zero length.

In fact we should not be sending the extension at all in that message
because we don't support it.

Fixes #9767

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/9780)

---

Summary of changes:
 ssl/statem/extensions_srvr.c   |  4 +
 test/recipes/70-test_sslmessages.t | 25 +-
 test/recipes/70-test_tls13kexmodes.t   | 36 -
 test/recipes/70-test_tls13messages.t   | 89 +-
 ...ncryptedExtensions.pm => CertificateRequest.pm} | 45 +--
 util/perl/TLSProxy/Message.pm  | 14 
 util/perl/TLSProxy/Proxy.pm|  1 +
 util/perl/checkhandshake.pm| 18 +++--
 8 files changed, 181 insertions(+), 51 deletions(-)
 copy util/perl/TLSProxy/{EncryptedExtensions.pm => CertificateRequest.pm} (65%)

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index e16722cbeb..1c023fc6c4 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1491,6 +1491,10 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, 
WPACKET *pkt,
  unsigned int context, X509 *x,
  size_t chainidx)
 {
+/* We don't currently support this extension inside a CertificateRequest */
+if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)
+return EXT_RETURN_NOT_SENT;
+
 if (!s->ext.status_expected)
 return EXT_RETURN_NOT_SENT;
 
diff --git a/test/recipes/70-test_sslmessages.t 
b/test/recipes/70-test_sslmessages.t
index 6fb1f8557e..9f8c3226e6 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -95,58 +95,81 @@ my $proxy = TLSProxy::Proxy->new(
 
 @extensions = (
 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+TLSProxy::Message::CLIENT,
 checkhandshake::SERVER_NAME_CLI_EXTENSION],
 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+TLSProxy::Message::CLIENT,
 checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
 (disabled("ec") ? () :
   [TLSProxy::Message::MT_CLIENT_HELLO,
TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+   TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
 (disabled("ec") ? () :
   [TLSProxy::Message::MT_CLIENT_HELLO,
TLSProxy::Message::EXT_EC_POINT_FORMATS,
+   TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
 (disabled("tls1_2") ? () :
  [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+TLSProxy::Message::CLIENT,
  checkhandshake::DEFAULT_EXTENSIONS]),
 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+TLSProxy::Message::CLIENT,
 checkhandshake::ALPN_CLI_EXTENSION],
 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+TLSProxy::Message::CLIENT,
 checkhandshake::SCT_CLI_EXTENSION],
 [TLSProxy::Message::MT_CLIENT_HELLO, 
TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+TLSProxy::Message::CLIENT,
 checkhandshake::DEFAULT_EXTENSIONS],
 [TLSProxy::Message::MT_CLIENT_HELLO, 
TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+TLSProxy::Message::CLIENT,
 checkhandshake::DEFAULT_EXTENSIONS],
 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+TLSProxy::Message::CLIENT,
 

[openssl] master update

2019-09-07 Thread nic . tuv
The branch master has been updated
   via  4fe2ee3a449a8ca2886584e221f34ff0ef5de119 (commit)
   via  e0b660c27d8d97b4ad9e2098cc957de26872c0ef (commit)
   via  1b338abe3abb8c73f004c34d4b8a9272b89dfd5d (commit)
   via  8b44198b916015f77bef1befa26edb48ad8a0238 (commit)
   via  805315d3a20f7274195eed75b06c391dacf3b197 (commit)
  from  31ca19403d56ad71d823cf62990518dfc6905bb4 (commit)


- Log -
commit 4fe2ee3a449a8ca2886584e221f34ff0ef5de119
Author: Nicola Tuveri 
Date:   Fri Sep 6 14:05:26 2019 +0300

[ec/ecp_nistp*.c] restyle: use {} around `else` too

Reviewed-by: Matt Caswell 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9511)

commit e0b660c27d8d97b4ad9e2098cc957de26872c0ef
Author: Nicola Tuveri 
Date:   Fri Sep 6 01:31:45 2019 +0300

[ec/ecp_nistp*.c] remove flip_endian()

Replace flip_endian() by using the little endian specific
BN_bn2lebinpad() and BN_lebin2bn().

Reviewed-by: Matt Caswell 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9511)

commit 1b338abe3abb8c73f004c34d4b8a9272b89dfd5d
Author: Nicola Tuveri 
Date:   Fri Sep 6 00:18:36 2019 +0300

Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations

Reviewed-by: Matt Caswell 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9511)

commit 8b44198b916015f77bef1befa26edb48ad8a0238
Author: Nicola Tuveri 
Date:   Fri Aug 2 02:08:34 2019 +0300

Make BN_num_bits() consttime upon BN_FLG_CONSTTIME

This issue was partially addressed by commit
972c87dfc7e765bd28a4964519c362f0d3a58ca4, which hardened its callee
BN_num_bits_word() to avoid leaking the most-significant word of its
argument via branching and memory access pattern.
The commit message also reported:
> There are a few places where BN_num_bits is called on an input where
> the bit length is also secret. This does *not* fully resolve those
> cases as we still only look at the top word.

BN_num_bits() is called directly or indirectly (e.g., through
BN_num_bytes() or BN_bn2binpad() ) in various parts of the `crypto/ec`
code, notably in all the currently supported implementations of scalar
multiplication (in the generic path through ec_scalar_mul_ladder() as
well as in dedicated methods like ecp_nistp{224,256,521}.c and
ecp_nistz256.c).

Under the right conditions, a motivated SCA attacker could retrieve the
secret bitlength of a secret nonce through this vulnerability,
potentially leading, ultimately, to recover a long-term secret key.

With this commit, exclusively for BIGNUMs that are flagged with
BN_FLG_CONSTTIME, instead of accessing only bn->top, all the limbs of
the BIGNUM are accessed up to bn->dmax and bitwise masking is used to
avoid branching.

Memory access pattern still leaks bn->dmax, the size of the lazily
allocated buffer for representing the BIGNUM, which is inevitable with
the current BIGNUM architecture: reading past bn->dmax would be an
out-of-bound read.
As such, it's the caller responsibility to ensure that bn->dmax does not
leak secret information, by explicitly expanding the internal BIGNUM
buffer to a public value sufficient to avoid any lazy reallocation
while manipulating it: this should be already done at the top level
alongside setting the BN_FLG_CONSTTIME.

Thanks to David Schrammel and Samuel Weiser for reporting this issue
through responsible disclosure.

Reviewed-by: Matt Caswell 
Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/9511)

commit 805315d3a20f7274195eed75b06c391dacf3b197
Author: Nicola Tuveri 
Date:   Fri Aug 2 01:33:05 2019 +0300

Fix a SCA leak using BN_bn2bin()

BN_bn2bin() is not constant-time and leaks the number of bits in the
processed BIGNUM.

The specialized methods in ecp_nistp224.c, ecp_nistp256.c and
ecp_nistp521.c internally used BN_bn2bin() to convert scalars into the
internal fixed length representation.

This can leak during ECDSA/ECDH key generation or handling the nonce
while generating an ECDSA signature, when using these implementations.
The amount and risk of leaked information useful for a SCA attack
varies for each of the three curves, as it depends mainly on the
ratio between the bitlength of the curve subgroup order (governing the
size of the secret nonce/key) and the limb size for the internal BIGNUM
representation (which depends on the compilation target architecture).

To fix this, we replace BN_bn2bin() with BN_bn2binpad(), bounding the
output length to the width of the internal representation buffer: this
length is public.

Internally the final implementation of both 

[openssl] master update

2019-09-07 Thread Dr . Paul Dale
The branch master has been updated
   via  e97bab6929bbbc5b8364b25ca2ef4fcb02dd6e2a (commit)
   via  a1de4680fbf53b0feffd27baca3c6b4caf0c6c45 (commit)
   via  0f0db4dc2520777b889968c93e054693c5c58fdc (commit)
   via  7e149b39288fdfc8d57c881536b272fae78df038 (commit)
   via  e957226a0cf2150003b5b2d0b46ab9a89011f66f (commit)
   via  86f17ed64cb881a97801405906f4da7041a6edf8 (commit)
   via  cb74317b4f525feca9129944f82e74e23b2e381f (commit)
   via  c69561de00a032f85ec92d30c1e0bfa761b81dfd (commit)
   via  96d7e2733ef66e364f89aa394a6bdd49df48f2ae (commit)
   via  103d8b0be434c293c661861bda505f35f04d288f (commit)
   via  76497acf522578827f390891cf45c87280423d32 (commit)
   via  1dcc7ee6cf816e5fba8b99d278829031d71ee9df (commit)
   via  2f17cc493cfaa5c77a77d4f174dd2403188c41da (commit)
  from  4fe2ee3a449a8ca2886584e221f34ff0ef5de119 (commit)


- Log -
commit e97bab6929bbbc5b8364b25ca2ef4fcb02dd6e2a
Author: Pauli 
Date:   Sat Sep 7 10:50:46 2019 +1000

Use common digest getter for X942 KDF

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit a1de4680fbf53b0feffd27baca3c6b4caf0c6c45
Author: Pauli 
Date:   Sat Sep 7 10:50:14 2019 +1000

Use common digest getter for SSH KDF

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit 0f0db4dc2520777b889968c93e054693c5c58fdc
Author: Pauli 
Date:   Sat Sep 7 10:49:53 2019 +1000

Use common digest getter for TLS1 PRF

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit 7e149b39288fdfc8d57c881536b272fae78df038
Author: Pauli 
Date:   Sat Sep 7 10:49:36 2019 +1000

Use common digest getter for single step KDF

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit e957226a0cf2150003b5b2d0b46ab9a89011f66f
Author: Pauli 
Date:   Sat Sep 7 10:49:18 2019 +1000

Use common digest getter for PBKDF2

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit 86f17ed64cb881a97801405906f4da7041a6edf8
Author: Pauli 
Date:   Sat Sep 7 10:48:56 2019 +1000

Use common digest getter for HKDF

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit cb74317b4f525feca9129944f82e74e23b2e381f
Author: Pauli 
Date:   Sat Sep 7 10:48:07 2019 +1000

Use common define for properties, engine, cipher and digest params

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit c69561de00a032f85ec92d30c1e0bfa761b81dfd
Author: Pauli 
Date:   Sat Sep 7 10:47:37 2019 +1000

Add 'engine' param to KDFs

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit 96d7e2733ef66e364f89aa394a6bdd49df48f2ae
Author: Pauli 
Date:   Thu Sep 5 13:55:04 2019 +1000

KMAC using common digest get code

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit 103d8b0be434c293c661861bda505f35f04d288f
Author: Pauli 
Date:   Thu Sep 5 13:54:53 2019 +1000

HMAC using common digest get code

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit 76497acf522578827f390891cf45c87280423d32
Author: Pauli 
Date:   Thu Sep 5 14:24:44 2019 +1000

GMAC using common cipher get code

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit 1dcc7ee6cf816e5fba8b99d278829031d71ee9df
Author: Pauli 
Date:   Thu Sep 5 14:15:02 2019 +1000

CMAC using common cipher get code

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

commit 2f17cc493cfaa5c77a77d4f174dd2403188c41da
Author: Pauli 
Date:   Thu Sep 5 13:53:20 2019 +1000

Unify the digest getting code inside providers.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9770)

---

Summary of changes:
 doc/man3/EVP_KDF.pod   |  20 +--
 include/openssl/core_names.h   |  23 +++-
 providers/common/build.info|   5 +-
 providers/common/include/internal/provider_util.h  |  79 +++
 providers/common/include/internal/providercommon.h |   1 +
 providers/common/kdfs/hkdf.c   |  44 ++
 providers/common/kdfs/pbkdf2.c |  41 ++
 providers/common/kdfs/sskdf.c  |  50 +++
 providers/common/kdfs/tls1_prf.c   |  68 --
 providers/common/macs/cmac_prov.c  |  97 ++---
 providers/common/macs/gmac_prov.c  

[openssl] master update

2019-09-05 Thread Richard Levitte
The branch master has been updated
   via  7e8c3381937354cf171ceaf4c69315e9a45d4858 (commit)
  from  464ac47f81c07d5630026d3ce1251da00c469e00 (commit)


- Log -
commit 7e8c3381937354cf171ceaf4c69315e9a45d4858
Author: Viktor Dukhovni 
Date:   Sun Dec 9 17:10:29 2018 -0500

Undeprecate OpenSSL_version_num and OPENSSL_VERSION_NUMBER

The OpenSSL_version_num() function returns at runtime the
OPENSSL_VERSION_NUMBER of the compiled OpenSSL library.  This is a
used and useful interface, and should not (at least yet) be
deprecated, we just introduced the new versioning schema, it seems
too early to deprecate the old.

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/7853)

---

Summary of changes:
 crypto/cversion.c  |  2 --
 include/openssl/crypto.h   |  2 +-
 include/openssl/opensslv.h | 22 +-
 util/libcrypto.num |  2 +-
 4 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/crypto/cversion.c b/crypto/cversion.c
index 2a0dcf9445..c81f56f42b 100644
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -11,12 +11,10 @@
 
 #include "buildinf.h"
 
-#if !OPENSSL_API_3
 unsigned long OpenSSL_version_num(void)
 {
 return OPENSSL_VERSION_NUMBER;
 }
-#endif
 
 unsigned int OPENSSL_version_major(void)
 {
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 05580ad93c..da62eef1b1 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -158,7 +158,7 @@ int OPENSSL_hexchar2int(unsigned char c);
 
 # define OPENSSL_MALLOC_MAX_NELEMS(type)  
(((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
 
-DEPRECATEDIN_3(unsigned long OpenSSL_version_num(void))
+unsigned long OpenSSL_version_num(void);
 const char *OpenSSL_version(int type);
 # define OPENSSL_VERSION0
 # define OPENSSL_CFLAGS 1
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index c1d4b6f9b6..6a62b495b2 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -121,21 +121,17 @@ const char *OPENSSL_version_build_metadata(void);
 /*
  * SECTION 4: BACKWARD COMPATIBILITY
  */
-# include 
-
-# if !OPENSSL_API_4
 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
-#  ifdef OPENSSL_VERSION_PRE_RELEASE
-#   define _OPENSSL_VERSION_PRE_RELEASE 0x0L
-#  else
-#   define _OPENSSL_VERSION_PRE_RELEASE 0xfL
-#  endif
-#  define OPENSSL_VERSION_NUMBER\
-  ( (OPENSSL_VERSION_MAJOR<<28)  \
-|(OPENSSL_VERSION_MINOR<<20) \
-|(OPENSSL_VERSION_PATCH<<4)  \
-|_OPENSSL_VERSION_PRE_RELEASE )
+# ifdef OPENSSL_VERSION_PRE_RELEASE
+#  define _OPENSSL_VERSION_PRE_RELEASE 0x0
+# else
+#  define _OPENSSL_VERSION_PRE_RELEASE 0xf
 # endif
+# define OPENSSL_VERSION_NUMBER  \
+( (OPENSSL_VERSION_MAJOR<<28)\
+  |(OPENSSL_VERSION_MINOR<<20)   \
+  |(OPENSSL_VERSION_PATCH<<4)\
+  |_OPENSSL_VERSION_PRE_RELEASE )
 
 # ifdef  __cplusplus
 }
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 9f7b0fd7c6..e6567aefe2 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -3150,7 +3150,7 @@ CMS_RecipientInfo_get0_pkey_ctx 3215  3_0_0   
EXIST::FUNCTION:CMS
 OCSP_REQINFO_free   3216   3_0_0   EXIST::FUNCTION:OCSP
 AUTHORITY_KEYID_new 3217   3_0_0   EXIST::FUNCTION:
 i2d_DIST_POINT_NAME 3218   3_0_0   EXIST::FUNCTION:
-OpenSSL_version_num 3219   3_0_0   
EXIST::FUNCTION:DEPRECATEDIN_3
+OpenSSL_version_num 3219   3_0_0   EXIST::FUNCTION:
 OCSP_CERTID_free3220   3_0_0   EXIST::FUNCTION:OCSP
 BIO_hex_string  3221   3_0_0   EXIST::FUNCTION:
 X509_REQ_sign_ctx   3222   3_0_0   EXIST::FUNCTION:


[openssl] master update

2019-09-05 Thread beldmit
The branch master has been updated
   via  464ac47f81c07d5630026d3ce1251da00c469e00 (commit)
  from  0220fc9921f0aa3aea43e6b672b8f89b3eb0261a (commit)


- Log -
commit 464ac47f81c07d5630026d3ce1251da00c469e00
Author: Dmitry Belyavskiy 
Date:   Thu Sep 5 15:50:58 2019 +0300

Reverting check to correct

Fixes #9773.

Reviewed-by: Richard Levitte 
Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/9776)

---

Summary of changes:
 crypto/evp/cmeth_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c
index 4d823f0f5e..ba61c52564 100644
--- a/crypto/evp/cmeth_lib.c
+++ b/crypto/evp/cmeth_lib.c
@@ -38,7 +38,7 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
 return NULL;
 
 if ((to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size,
-  cipher->key_len)) == NULL) {
+  cipher->key_len)) != NULL) {
 CRYPTO_RWLOCK *lock = to->lock;
 
 memcpy(to, cipher, sizeof(*to));


[openssl] master update

2019-09-05 Thread beldmit
The branch master has been updated
   via  0220fc9921f0aa3aea43e6b672b8f89b3eb0261a (commit)
   via  8bbc7f2211bacd201b8f2b219aad067c17b8c2ec (commit)
  from  6b4152f1896e07ed94dc82663846ae9d38d4ca42 (commit)


- Log -
commit 0220fc9921f0aa3aea43e6b672b8f89b3eb0261a
Author: Dmitry Belyavskiy 
Date:   Thu Sep 5 08:31:38 2019 +0300

Disallow change EVP_CIPHER properties once set

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9764)

commit 8bbc7f2211bacd201b8f2b219aad067c17b8c2ec
Author: Dmitry Belyavskiy 
Date:   Wed Sep 4 22:49:09 2019 +0300

Disallow change EVP_MD properties once set

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9764)

---

Summary of changes:
 crypto/evp/cmeth_lib.c | 27 +++
 crypto/evp/evp_lib.c   | 30 ++
 2 files changed, 57 insertions(+)

diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c
index 34e85f6366..4d823f0f5e 100644
--- a/crypto/evp/cmeth_lib.c
+++ b/crypto/evp/cmeth_lib.c
@@ -54,18 +54,27 @@ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
 
 int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
 {
+if (cipher->iv_len != 0)
+return 0;
+
 cipher->iv_len = iv_len;
 return 1;
 }
 
 int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
 {
+if (cipher->flags != 0)
+return 0;
+
 cipher->flags = flags;
 return 1;
 }
 
 int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
 {
+if (cipher->ctx_size != 0)
+return 0;
+
 cipher->ctx_size = ctx_size;
 return 1;
 }
@@ -76,6 +85,9 @@ int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
   const unsigned char *iv,
   int enc))
 {
+if (cipher->init != NULL)
+return 0;
+
 cipher->init = init;
 return 1;
 }
@@ -86,6 +98,9 @@ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
 const unsigned char *in,
 size_t inl))
 {
+if (cipher->do_cipher != NULL)
+return 0;
+
 cipher->do_cipher = do_cipher;
 return 1;
 }
@@ -93,6 +108,9 @@ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
 int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
 int (*cleanup) (EVP_CIPHER_CTX *))
 {
+if (cipher->cleanup != NULL)
+return 0;
+
 cipher->cleanup = cleanup;
 return 1;
 }
@@ -101,6 +119,9 @@ int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
 int (*set_asn1_parameters) 
(EVP_CIPHER_CTX *,
 ASN1_TYPE 
*))
 {
+if (cipher->set_asn1_parameters != NULL)
+return 0;
+
 cipher->set_asn1_parameters = set_asn1_parameters;
 return 1;
 }
@@ -109,6 +130,9 @@ int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
 int (*get_asn1_parameters) 
(EVP_CIPHER_CTX *,
 ASN1_TYPE 
*))
 {
+if (cipher->get_asn1_parameters != NULL)
+return 0;
+
 cipher->get_asn1_parameters = get_asn1_parameters;
 return 1;
 }
@@ -117,6 +141,9 @@ int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
  int (*ctrl) (EVP_CIPHER_CTX *, int type,
   int arg, void *ptr))
 {
+if (cipher->ctrl != NULL)
+return 0;
+
 cipher->ctrl = ctrl;
 return 1;
 }
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index acb90f222b..9c3edb3322 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -574,26 +574,41 @@ void EVP_MD_meth_free(EVP_MD *md)
 }
 int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
 {
+if (md->block_size != 0)
+return 0;
+
 md->block_size = blocksize;
 return 1;
 }
 int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
 {
+if (md->md_size != 0)
+return 0;
+
 md->md_size = resultsize;
 return 1;
 }
 int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
 {
+if (md->ctx_size != 0)
+return 0;
+
 md->ctx_size = datasize;
 return 1;
 }
 int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
 {
+if (md->flags != 0)
+return 0;
+
 md->flags = flags;
 return 1;
 }
 int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
 {
+if (md->init != NULL)
+return 0;
+
 md->init = init;
 return 1;
 }
@@ -601,29 +616,44 @@ int EVP_MD_meth_set_update(EVP_MD *md, int 
(*update)(EVP_MD_CTX *ctx,
  const void 

[openssl] master update

2019-09-05 Thread Matt Caswell
The branch master has been updated
   via  6b4152f1896e07ed94dc82663846ae9d38d4ca42 (commit)
   via  b783beeadf6b80bc431e6f3230b5d5585c87ef87 (commit)
  from  46c428d73633bc68377a3a425f22313584999365 (commit)


- Log -
commit 6b4152f1896e07ed94dc82663846ae9d38d4ca42
Author: Billy Brumley 
Date:   Mon Sep 2 15:03:26 2019 +0300

[test] computing ECC cofactors: regression test

Reviewed-by: Nicola Tuveri 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9827)

commit b783beeadf6b80bc431e6f3230b5d5585c87ef87
Author: Billy Brumley 
Date:   Mon Sep 2 15:02:30 2019 +0300

[crypto/ec] for ECC parameters with NULL or zero cofactor, compute it

The cofactor argument to EC_GROUP_set_generator is optional, and SCA 
mitigations for ECC currently use it. So the library currently falls back to 
very old SCA-vulnerable code if the cofactor is not present.

This PR allows EC_GROUP_set_generator to compute the cofactor for all 
curves of cryptographic interest. Steering scalar multiplication to more 
SCA-robust code.

This issue affects persisted private keys in explicit parameter form, where 
the (optional) cofactor field is zero or absent.

It also affects curves not built-in to the library, but constructed 
programatically with explicit parameters, then calling EC_GROUP_set_generator 
with a nonsensical value (NULL, zero).

The very old scalar multiplication code is known to be vulnerable to local 
uarch attacks, outside of the OpenSSL threat model. New results suggest the 
code path is also vulnerable to traditional wall clock timing attacks.

CVE-2019-1547

Reviewed-by: Nicola Tuveri 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9827)

---

Summary of changes:
 crypto/ec/ec_lib.c | 105 -
 test/ectest.c  |  89 +++--
 2 files changed, 182 insertions(+), 12 deletions(-)

diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index d30504de65..bc52e63443 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -274,6 +274,67 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth)
 
 static int ec_precompute_mont_data(EC_GROUP *);
 
+/*-
+ * Try computing cofactor from the generator order (n) and field cardinality 
(q).
+ * This works for all curves of cryptographic interest.
+ *
+ * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q)
+ * h_min = (q + 1 - 2*sqrt(q))/n
+ * h_max = (q + 1 + 2*sqrt(q))/n
+ * h_max - h_min = 4*sqrt(q)/n
+ * So if n > 4*sqrt(q) holds, there is only one possible value for h:
+ * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil
+ *
+ * Otherwise, zero cofactor and return success.
+ */
+static int ec_guess_cofactor(EC_GROUP *group) {
+int ret = 0;
+BN_CTX *ctx = NULL;
+BIGNUM *q = NULL;
+
+/*-
+ * If the cofactor is too large, we cannot guess it.
+ * The RHS of below is a strict overestimate of lg(4 * sqrt(q))
+ */
+if (BN_num_bits(group->order) <= (BN_num_bits(group->field) + 1) / 2 + 3) {
+/* default to 0 */
+BN_zero(group->cofactor);
+/* return success */
+return 1;
+}
+
+if ((ctx = BN_CTX_new_ex(group->libctx)) == NULL)
+return 0;
+
+BN_CTX_start(ctx);
+if ((q = BN_CTX_get(ctx)) == NULL)
+goto err;
+
+/* set q = 2**m for binary fields; q = p otherwise */
+if (group->meth->field_type == NID_X9_62_characteristic_two_field) {
+BN_zero(q);
+if (!BN_set_bit(q, BN_num_bits(group->field) - 1))
+goto err;
+} else {
+if (!BN_copy(q, group->field))
+goto err;
+}
+
+/* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor 
*/
+if (!BN_rshift1(group->cofactor, group->order) /* n/2 */
+|| !BN_add(group->cofactor, group->cofactor, q) /* q + n/2 */
+/* q + 1 + n/2 */
+|| !BN_add(group->cofactor, group->cofactor, BN_value_one())
+/* (q + 1 + n/2)/n */
+|| !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx))
+goto err;
+ret = 1;
+ err:
+BN_CTX_end(ctx);
+BN_CTX_free(ctx);
+return ret;
+}
+
 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
const BIGNUM *order, const BIGNUM *cofactor)
 {
@@ -282,6 +343,34 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT 
*generator,
 return 0;
 }
 
+/* require group->field >= 1 */
+if (group->field == NULL || BN_is_zero(group->field)
+|| BN_is_negative(group->field)) {
+ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD);
+return 0;
+}
+
+/*-
+ * - require order >= 1
+ * - enforce upper 

[openssl] master update

2019-09-05 Thread tmraz
The branch master has been updated
   via  46c428d73633bc68377a3a425f22313584999365 (commit)
  from  c70e2ec33943d3bd46d3d9950f774307feda832b (commit)


- Log -
commit 46c428d73633bc68377a3a425f22313584999365
Author: Rich Salz 
Date:   Sun Aug 18 09:04:17 2019 -0400

Make failed messages easier to find

Now that we use travis_terminate, we can make the status messages
simpler to find, and we don't need the "OK" output.

Reviewed-by: Tomas Mraz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9707)

---

Summary of changes:
 .travis.yml | 56 +---
 1 file changed, 21 insertions(+), 35 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 3cc293ea52..6f97a6bebb 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -165,33 +165,24 @@ script:
 - if [ -n "$DESTDIR" ]; then
   cd _build;
   fi
-- if $make update; then
-  echo -e '+\057 MAKE UPDATE OK';
-  else
-  echo -e '+\057 MAKE UPDATE FAILED';
+- if ! $make update; then
+  echo -e '\052\052 FAILED -- MAKE UPDATE';
   travis_terminate 1;
   fi
-- git diff --exit-code
-- if [ -n "$CHECKDOCS" ]; then
-  if $make doc-nits; then
-  echo -e '+\057\057 MAKE DOC-NITS OK';
-  else
-  echo -e '+\057\057 MAKE DOC-NITS FAILED';
-  travis_terminate 1;
-  fi;
+- if ! git diff --exit-code; then
+  echo -e '\052\052 FAILED -- UPDATED FILES NOT COMMITED';
+  travis_terminate 1;
   fi
-- if [ -n "$GENERATE" ]; then
-  if $make build_all_generated; then
-  echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED OK';
-  else
-  echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED FAILED';
-  travis_terminate 1;
-  fi;
+- if test -n "$CHECKDOCS" && ! $make doc-nits; then
+  echo -e '\052\052 FAILED -- MAKE DOC-NITS';
+  travis_terminate 1;
   fi
-- if $make2; then
-  echo -e '+\057\057\057\057 MAKE OK';
-  else
-  echo -e '+\057\057\057\057 MAKE FAILED';
+- if test -n "$GENERATE" && ! $make build_all_generated; then
+  echo -e '\052\052 FAILED -- MAKE BUILD_ALL_GENERATED';
+  travis_terminate 1;
+  fi
+- if ! $make2; then
+  echo -e '\052\052 FAILED -- MAKE';
   travis_terminate 1;
   fi;
 - if [ -z "$BUILDONLY" ]; then
@@ -204,32 +195,27 @@ script:
   if [ -e krb5/src ]; then
   sudo apt-get -yq install bison dejagnu gettext keyutils 
ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad 
slapd tcl-dev tcsh;
   fi;
-  if HARNESS_VERBOSE=yes 
BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then
-  echo -e '+\057\057\057\057\057 MAKE TEST OK';
-  else
-  echo -e '+\057\057\057\057\057 MAKE TEST FAILED';
+  if ! HARNESS_VERBOSE=yes 
BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then
+  echo -e '\052\052 FAILED -- MAKE TEST';
   travis_terminate 1;
   fi;
   else
-  if $make build_tests >~/build.log 2>&1; then
-  echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS OK';
-  else
-  echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS FAILED';
+  if ! $make build_tests >~/build.log 2>&1; then
+  echo -e '\052\052 FAILED -- MAKE BUILD_TESTS';
   cat ~/build.log
   travis_terminate 1;
   fi;
   fi
 - if [ -n "$DESTDIR" ]; then
   mkdir "$top/$DESTDIR";
-  if $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then
-  echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK';
-  else
-  echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED';
+  if ! $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then
+  echo -e '\052\052 FAILED -- MAKE INSTALL';
   cat ~/install.log;
   travis_terminate 1;
   fi;
   fi
 - cd $top
+- echo -e '\052\052 DONE'
 
 after_success:
 - if [ -n "$COVERALLS" ]; then


[openssl] master update

2019-09-05 Thread bernd . edlinger
The branch master has been updated
   via  c70e2ec33943d3bd46d3d9950f774307feda832b (commit)
  from  41ffd2ab09d24692c71850ccd7d5ff154196fe01 (commit)


- Log -
commit c70e2ec33943d3bd46d3d9950f774307feda832b
Author: Bernd Edlinger 
Date:   Mon Aug 19 17:12:22 2019 +0200

Fix error handling in x509_lu.c

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/9639)

---

Summary of changes:
 crypto/x509/x509_lu.c | 36 +++-
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 3a90ce288e..c81a00e0a7 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -318,11 +318,12 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, 
X509_LOOKUP_TYPE type,
 return 0;
 }
 
+if (!X509_OBJECT_up_ref_count(tmp))
+return 0;
+
 ret->type = tmp->type;
 ret->data.ptr = tmp->data.ptr;
 
-X509_OBJECT_up_ref_count(ret);
-
 return 1;
 }
 
@@ -343,7 +344,11 @@ static int x509_store_add(X509_STORE *store, void *x, int 
crl) {
 obj->type = X509_LU_X509;
 obj->data.x509 = (X509 *)x;
 }
-X509_OBJECT_up_ref_count(obj);
+if (!X509_OBJECT_up_ref_count(obj)) {
+obj->type = X509_LU_NONE;
+X509_OBJECT_free(obj);
+return 0;
+}
 
 X509_STORE_lock(store);
 if (X509_OBJECT_retrieve_match(store->objs, obj)) {
@@ -568,7 +573,11 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX 
*ctx, X509_NAME *nm)
 for (i = 0; i < cnt; i++, idx++) {
 obj = sk_X509_OBJECT_value(store->objs, idx);
 x = obj->data.x509;
-X509_up_ref(x);
+if (!X509_up_ref(x)) {
+X509_STORE_unlock(store);
+sk_X509_pop_free(sk, X509_free);
+return NULL;
+}
 if (!sk_X509_push(sk, x)) {
 X509_STORE_unlock(store);
 X509_free(x);
@@ -609,7 +618,11 @@ STACK_OF(X509_CRL) 
*X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
 for (i = 0; i < cnt; i++, idx++) {
 obj = sk_X509_OBJECT_value(store->objs, idx);
 x = obj->data.crl;
-X509_CRL_up_ref(x);
+if (!X509_CRL_up_ref(x)) {
+X509_STORE_unlock(store);
+sk_X509_CRL_pop_free(sk, X509_CRL_free);
+return NULL;
+}
 if (!sk_X509_CRL_push(sk, x)) {
 X509_STORE_unlock(store);
 X509_CRL_free(x);
@@ -681,9 +694,12 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, 
X509_STORE_CTX *ctx, X509 *x)
 if (ctx->check_issued(ctx, x, obj->data.x509)) {
 if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
 *issuer = obj->data.x509;
-X509_up_ref(*issuer);
+if (!X509_up_ref(*issuer)) {
+*issuer = NULL;
+ok = -1;
+}
 X509_OBJECT_free(obj);
-return 1;
+return ok;
 }
 }
 X509_OBJECT_free(obj);
@@ -720,9 +736,11 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, 
X509_STORE_CTX *ctx, X509 *x)
 }
 }
 }
+if (*issuer && !X509_up_ref(*issuer)) {
+*issuer = NULL;
+ret = -1;
+}
 X509_STORE_unlock(store);
-if (*issuer)
-X509_up_ref(*issuer);
 return ret;
 }
 


[openssl] master update

2019-09-05 Thread bernd . edlinger
The branch master has been updated
   via  41ffd2ab09d24692c71850ccd7d5ff154196fe01 (commit)
  from  1c3ace6898032b7b45d8106ba4e0d21d75b0997e (commit)


- Log -
commit 41ffd2ab09d24692c71850ccd7d5ff154196fe01
Author: Bernd Edlinger 
Date:   Wed Sep 4 11:39:54 2019 +0200

Cleanup includes in rand_unix.c

Fixes #9757

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9761)

---

Summary of changes:
 crypto/rand/rand_unix.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index e59882cde7..fb8a7b7c6d 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -19,11 +19,12 @@
 #include "internal/rand_int.h"
 #include 
 #include "internal/dso.h"
-#if defined(__linux)
-# include 
-# include 
-# include 
-# include 
+#ifdef __linux
+# include 
+# ifdef DEVRANDOM_WAIT
+#  include 
+#  include 
+# endif
 #endif
 #if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI)
 # include 


[openssl] master update

2019-09-04 Thread shane . lontis
The branch master has been updated
   via  1c3ace6898032b7b45d8106ba4e0d21d75b0997e (commit)
  from  bc5a80910dccbc1e417f96bb7f0a3814d3ad5a4d (commit)


- Log -
commit 1c3ace6898032b7b45d8106ba4e0d21d75b0997e
Author: Shane Lontis 
Date:   Thu Sep 5 11:23:57 2019 +1000

Change provider params from int to size_t

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9699)

---

Summary of changes:
 crypto/evp/evp_enc.c   | 32 +-
 crypto/evp/evp_lib.c   | 70 --
 crypto/evp/pmeth_lib.c |  3 +-
 doc/man3/EVP_PKEY_CTX_ctrl.pod |  2 +-
 doc/man7/provider-cipher.pod   | 22 +++
 doc/man7/provider-digest.pod   |  6 +-
 doc/man7/provider-keyexch.pod  |  2 +-
 include/openssl/core_names.h   | 50 
 include/openssl/mdc2.h |  2 +-
 providers/common/ciphers/cipher_ccm.c  |  4 +-
 providers/common/ciphers/cipher_common.c   | 58 +-
 providers/common/ciphers/cipher_gcm.c  | 28 +
 providers/common/ciphers/cipher_gcm_hw.c   |  2 +-
 providers/common/ciphers/cipher_locl.h |  8 +--
 providers/common/digests/digest_common.c   | 13 ++--
 providers/common/exchange/dh_exch.c| 10 ++--
 .../common/include/internal/ciphers/cipher_aead.h  |  2 +
 .../common/include/internal/ciphers/cipher_ccm.h   | 22 +++
 .../common/include/internal/ciphers/cipher_gcm.h   | 30 +-
 .../common/include/internal/ciphers/ciphercommon.h | 25 
 providers/common/include/internal/digestcommon.h   |  2 +-
 providers/legacy/digests/mdc2_prov.c   |  4 +-
 test/mdc2test.c|  7 ++-
 23 files changed, 209 insertions(+), 195 deletions(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 96dc83b2a0..466a03dbf3 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -986,8 +986,9 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int 
keylen)
 {
 int ok;
 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+size_t len = keylen;
 
-params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, );
+params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, );
 ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params);
 
 if (ok != EVP_CTRL_RET_UNSUPPORTED)
@@ -1010,13 +1011,14 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int 
pad)
 {
 int ok;
 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+unsigned int pd = pad;
 
 if (pad)
 ctx->flags &= ~EVP_CIPH_NO_PADDING;
 else
 ctx->flags |= EVP_CIPH_NO_PADDING;
 
-params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_PADDING, );
+params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, );
 ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
 
 return ok != 0;
@@ -1026,7 +1028,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, 
int arg, void *ptr)
 {
 int ret = EVP_CTRL_RET_UNSUPPORTED;
 int set_params = 1;
-size_t sz;
+size_t sz = arg;
 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
 if (ctx == NULL || ctx->cipher == NULL) {
@@ -1039,13 +1041,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, 
int arg, void *ptr)
 
 switch (type) {
 case EVP_CTRL_SET_KEY_LENGTH:
-params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, );
+params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, );
 break;
 case EVP_CTRL_RAND_KEY:  /* Used by DES */
 set_params = 0;
 params[0] =
 OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY,
-  ptr, (size_t)arg);
+  ptr, sz);
 break;
 
 case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
@@ -1055,35 +1057,29 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, 
int arg, void *ptr)
 case EVP_CTRL_GET_IV:
 set_params = 0;
 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
-  ptr, (size_t)arg);
+  ptr, sz);
 break;
 case EVP_CTRL_AEAD_SET_IVLEN:
 if (arg < 0)
 return 0;
-sz = (size_t)arg;
-params[0] =
-OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, );
+params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, );
 break;
 case 

[openssl] master update

2019-09-04 Thread Richard Levitte
The branch master has been updated
   via  bc5a80910dccbc1e417f96bb7f0a3814d3ad5a4d (commit)
  from  2ad75c6c1341db8a3122bbeaf863440057d71307 (commit)


- Log -
commit bc5a80910dccbc1e417f96bb7f0a3814d3ad5a4d
Author: Rich Salz 
Date:   Thu Aug 29 12:12:17 2019 -0400

Handle the renamed command POD files in find-doc-nits

Reviewed-by: Tomas Mraz 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9729)

---

Summary of changes:
 util/find-doc-nits | 17 ++---
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/util/find-doc-nits b/util/find-doc-nits
index 9126e73586..d6dfa5a0dc 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -533,6 +533,7 @@ my %skips = (
 
 sub checkflags() {
 my $cmd = shift;
+my $doc = shift;
 my %cmdopts;
 my %docopts;
 my $ok = 1;
@@ -548,8 +549,8 @@ sub checkflags() {
 close CFH;
 
 # Get the list of flags from the synopsis
-open CFH, " ) {
 chop;
 last if /DESCRIPTION/;
@@ -617,13 +618,15 @@ if ( $opt_c ) {
 close FH;
 
 # See if each has a manpage.
-foreach ( @commands ) {
-next if $_ eq 'help' || $_ eq 'exit';
-if ( ! -f "doc/man1/$_.pod" ) {
-print "doc/man1/$_.pod does not exist\n";
+foreach my $cmd ( @commands ) {
+next if $cmd eq 'help' || $cmd eq 'exit';
+my $doc = "doc/man1/$cmd.pod";
+$doc = "doc/man1/openssl-$cmd.pod" if -f "doc/man1/openssl-$cmd.pod";
+if ( ! -f "$doc" ) {
+print "$doc does not exist\n";
 $ok = 0;
 } else {
-$ok = 0 if not ($_);
+$ok = 0 if not ($cmd, $doc);
 }
 }
 


[openssl] master update

2019-09-04 Thread Richard Levitte
The branch master has been updated
   via  2ad75c6c1341db8a3122bbeaf863440057d71307 (commit)
  from  1e8e75d18be8856e753a57771754b9926c3f4264 (commit)


- Log -
commit 2ad75c6c1341db8a3122bbeaf863440057d71307
Author: Richard Levitte 
Date:   Wed Aug 28 22:27:47 2019 +0200

Move libapps.a source to apps/lib

This makes it clearer what's what.  The 'openssl' application and its
sub-commands remain in apps/

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/9723)

---

Summary of changes:
 apps/build.info| 39 +++---
 apps/{ => include}/vms_term_sock.h |  0
 apps/{ => lib}/app_rand.c  |  0
 apps/{ => lib}/apps.c  |  0
 apps/{ => lib}/apps_ui.c   |  0
 apps/{ => lib}/bf_prefix.c |  0
 apps/lib/build.info| 18 ++
 apps/{ => lib}/columns.c   |  0
 apps/{ => lib}/fmt.c   |  0
 apps/{ => lib}/opt.c   |  0
 apps/{ => lib}/s_cb.c  |  0
 apps/{ => lib}/s_socket.c  |  0
 apps/{ => lib}/vms_decc_argv.c |  0
 apps/{ => lib}/vms_term_sock.c |  0
 apps/{ => lib}/win32_init.c|  0
 test/build.info| 15 ---
 16 files changed, 37 insertions(+), 35 deletions(-)
 rename apps/{ => include}/vms_term_sock.h (100%)
 rename apps/{ => lib}/app_rand.c (100%)
 rename apps/{ => lib}/apps.c (100%)
 rename apps/{ => lib}/apps_ui.c (100%)
 rename apps/{ => lib}/bf_prefix.c (100%)
 create mode 100644 apps/lib/build.info
 rename apps/{ => lib}/columns.c (100%)
 rename apps/{ => lib}/fmt.c (100%)
 rename apps/{ => lib}/opt.c (100%)
 rename apps/{ => lib}/s_cb.c (100%)
 rename apps/{ => lib}/s_socket.c (100%)
 rename apps/{ => lib}/vms_decc_argv.c (100%)
 rename apps/{ => lib}/vms_term_sock.c (100%)
 rename apps/{ => lib}/win32_init.c (100%)

diff --git a/apps/build.info b/apps/build.info
index aa2c6a302d..f49edb4d44 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -1,3 +1,5 @@
+SUBDIRS=lib
+
 # Program init source, that don't have direct linkage with the rest of the
 # source, and can therefore not be part of a library.
 IF[{- !$disabled{uplink} -}]
@@ -7,37 +9,18 @@ IF[{- $config{target} =~ /^vms-/ -}]
   $INITSRC=vms_decc_init.c
 ENDIF
 
-# Auxilliary program source
-IF[{- $config{target} =~ /^(?:VC-|mingw)/ -}]
-  # It's called 'init', but doesn't have much 'init' in it...
-  $AUXLIBAPPSSRC=win32_init.c
-ENDIF
-IF[{- $config{target} =~ /^vms-/ -}]
-  $AUXLIBAPPSSRC=vms_term_sock.c vms_decc_argv.c
-ENDIF
-
 # Source for the 'openssl' program
-# We need the perl variable for the DEPEND generator further down.
-$OPENSSLSRC={-
-   our @opensslsrc =
-   qw(openssl.c progs.c
-  asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
-  dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
-  genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c 
pkcs7.c
-  pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c
-  rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c
-  spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c
-  list.c info.c provider.c fipsinstall.c);
-   join(' ', @opensslsrc); -}
-# Source for libapps
-$LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \
-bf_prefix.c columns.c lib/app_params.c
+$OPENSSLSRC=\
+openssl.c progs.c \
+asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \
+dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \
+genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c 
\
+pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \
+rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
+spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c \
+list.c info.c provider.c fipsinstall.c
 
 IF[{- !$disabled{apps} -}]
-  LIBS{noinst}=libapps.a
-  SOURCE[libapps.a]=$LIBAPPSSRC $AUXLIBAPPSSRC
-  INCLUDE[libapps.a]=.. ../include include
-
   PROGRAMS=openssl
   SOURCE[openssl]=$INITSRC $OPENSSLSRC
   INCLUDE[openssl]=.. ../include include
diff --git a/apps/vms_term_sock.h b/apps/include/vms_term_sock.h
similarity index 100%
rename from apps/vms_term_sock.h
rename to apps/include/vms_term_sock.h
diff --git a/apps/app_rand.c b/apps/lib/app_rand.c
similarity index 100%
rename from apps/app_rand.c
rename to apps/lib/app_rand.c
diff --git a/apps/apps.c b/apps/lib/apps.c
similarity index 100%
rename from apps/apps.c
rename to apps/lib/apps.c
diff --git a/apps/apps_ui.c b/apps/lib/apps_ui.c
similarity index 100%
rename from apps/apps_ui.c
rename to apps/lib/apps_ui.c
diff --git a/apps/bf_prefix.c b/apps/lib/bf_prefix.c
similarity index 

[openssl] master update

2019-09-04 Thread tmraz
The branch master has been updated
   via  1e8e75d18be8856e753a57771754b9926c3f4264 (commit)
  from  7f588d20cd9ed2bb0ee2577a4523453964f532b0 (commit)


- Log -
commit 1e8e75d18be8856e753a57771754b9926c3f4264
Author: Billy Brawner 
Date:   Tue Aug 27 17:07:17 2019 -0700

Suppress 'No server certificate CA names sent' message

Fixes #9080

Signed-off-by: Billy Brawner 

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/9710)

---

Summary of changes:
 apps/s_cb.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 935ea9022d..47b8afe9ef 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1508,7 +1508,8 @@ void print_ca_names(BIO *bio, SSL *s)
 int i;
 
 if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
-BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
+if (!SSL_is_server(s))
+BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
 return;
 }
 


[openssl] master update

2019-09-04 Thread Dr . Paul Dale
The branch master has been updated
   via  7f588d20cd9ed2bb0ee2577a4523453964f532b0 (commit)
  from  550f974a09942ace37cf3cf14021ea5e51e6dd11 (commit)


- Log -
commit 7f588d20cd9ed2bb0ee2577a4523453964f532b0
Author: Pauli 
Date:   Wed Sep 4 19:27:08 2019 +1000

OSSL_PARAM_construct_utf8_string computes the string length.

If the passed string length is zero, the function computes the string length
from the passed string.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9760)

---

Summary of changes:
 crypto/crmf/crmf_pbm.c  |  2 +-
 crypto/evp/p_lib.c  |  6 ++
 crypto/evp/pkey_mac.c   | 13 -
 crypto/kdf/sskdf.c  |  3 +--
 crypto/kdf/tls1_prf.c   |  3 +--
 crypto/modes/siv128.c   |  3 +--
 crypto/params.c |  2 ++
 doc/man3/EVP_MAC.pod|  6 ++
 doc/man3/OSSL_PARAM_int.pod | 15 +++
 test/evp_test.c |  6 ++
 10 files changed, 23 insertions(+), 36 deletions(-)

diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index aef676f252..a3ac45557d 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -208,7 +208,7 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
 
 macparams[0] =
 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
- (char *)mdname, strlen(mdname) + 1);
+ (char *)mdname, 0);
 macparams[1] =
 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, basekey, bklen);
 if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) == NULL
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 5691fffae3..5ec519d27c 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -345,14 +345,12 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned 
char *priv,
 if (engine_id != NULL)
 params[paramsn++] =
 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ENGINE,
- (char *)engine_id,
- strlen(engine_id) + 1);
+ (char *)engine_id, 0);
 # endif
 
 params[paramsn++] =
 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
- (char *)cipher_name,
- strlen(cipher_name) + 1);
+ (char *)cipher_name, 0);
 params[paramsn++] =
 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
   (char *)priv, len);
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index 05eb2b1b3a..fc600fb845 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -279,13 +279,11 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int 
p1, void *p2)
 
 params[params_n++] =
 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ENGINE,
- engineid,
- strlen(engineid) + 1);
+ engineid, 0);
 #endif
 params[params_n++] =
 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
- ciphname,
- strlen(ciphname) + 1);
+ ciphname, 0);
 params[params_n] = OSSL_PARAM_construct_end();
 
 if (!EVP_MAC_CTX_set_params(hctx->ctx, params)
@@ -403,17 +401,14 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int 
p1, void *p2)
 ? NULL : (char *)ENGINE_get_id(ctx->engine);
 
 if (engineid != NULL) {
-size_t engineid_l = strlen(engineid) + 1;
 params[params_n++] =
 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ENGINE,
- engineid,
- engineid_l);
+ engineid, 0);
 }
 #endif
 params[params_n++] =
 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
- mdname,
- strlen(mdname) + 1);
+ mdname, 0);
 params[params_n++] =
 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
   key->data, key->length);
diff --git 

[openssl] master update

2019-09-04 Thread Richard Levitte
The branch master has been updated
   via  550f974a09942ace37cf3cf14021ea5e51e6dd11 (commit)
   via  3fd7026276475d72a3b5bbbe42cd1f5ff6b0e736 (commit)
  from  8648a50a2704307fa4633b3d11724dfdae11f125 (commit)


- Log -
commit 550f974a09942ace37cf3cf14021ea5e51e6dd11
Author: Richard Levitte 
Date:   Tue Sep 3 18:11:49 2019 +0200

New function EVP_CIPHER_free()

This function re-implements EVP_CIPHER_meth_free(), but has a name that
isn't encumbered by legacy EVP_CIPHER construction functionality.

We also refactor most of EVP_CIPHER_meth_new() into an internal
evp_cipher_new() that's used when creating fetched methods.

EVP_CIPHER_meth_new() and EVP_CIPHER_meth_free() are rewritten in terms of
evp_cipher_new() and EVP_CIPHER_free().  This means that at any time, we can
deprecate all the EVP_CIPHER_meth_ functions with no harmful consequence.

Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/9758)

commit 3fd7026276475d72a3b5bbbe42cd1f5ff6b0e736
Author: Richard Levitte 
Date:   Tue Sep 3 17:47:13 2019 +0200

New function EVP_MD_free()

This function re-implements EVP_MD_meth_free(), but has a name that
isn't encumbered by legacy EVP_MD construction functionality.

We also refactor most of EVP_MD_meth_new() into an internal
evp_md_new() that's used when creating fetched methods.

EVP_MD_meth_new() and EVP_MD_meth_free() are rewritten in terms of
evp_md_new() and EVP_MD_free().  This means that at any time, we can
deprecate all the EVP_MD_meth_ functions with no harmful consequence.

Reviewed-by: Shane Lontis 
(Merged from https://github.com/openssl/openssl/pull/9758)

---

Summary of changes:
 apps/list.c   |  4 +--
 crypto/bn/bn_rand.c   |  2 +-
 crypto/ec/curve448/eddsa.c|  6 ++---
 crypto/evp/cmeth_lib.c| 41 +
 crypto/evp/digest.c   | 55 +--
 crypto/evp/evp_enc.c  | 53 -
 crypto/evp/evp_lib.c  | 40 +---
 crypto/evp/evp_locl.h |  4 +++
 crypto/rand/drbg_ctr.c|  4 +--
 crypto/rand/drbg_hash.c   |  6 ++---
 crypto/rand/drbg_hmac.c   |  6 ++---
 crypto/rand/rand_crng_test.c  |  2 +-
 doc/man3/EVP_CIPHER_meth_new.pod  | 10 +++
 doc/man3/EVP_DigestInit.pod   | 29 +
 doc/man3/EVP_EncryptInit.pod  | 22 ++--
 doc/man3/EVP_MD_meth_new.pod  | 24 +++--
 include/openssl/evp.h |  6 +++--
 providers/common/macs/cmac_prov.c |  4 +--
 providers/common/macs/gmac_prov.c |  4 +--
 providers/common/macs/hmac_prov.c |  4 +--
 providers/common/macs/kmac_prov.c |  4 +--
 providers/fips/fipsprov.c |  2 +-
 test/evp_extra_test.c | 20 +++---
 util/libcrypto.num|  2 ++
 24 files changed, 218 insertions(+), 136 deletions(-)

diff --git a/apps/list.c b/apps/list.c
index 446a6e1ab9..3e34228d1e 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -80,7 +80,7 @@ static void list_ciphers(void)
   EVP_CIPHER_CTX_settable_params(c), 4);
 }
 }
-sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_meth_free);
+sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_free);
 }
 
 static void list_md_fn(const EVP_MD *m,
@@ -143,7 +143,7 @@ static void list_digests(void)
   EVP_MD_CTX_settable_params(m), 4);
 }
 }
-sk_EVP_MD_pop_free(digests, EVP_MD_meth_free);
+sk_EVP_MD_pop_free(digests, EVP_MD_free);
 }
 
 DEFINE_STACK_OF(EVP_MAC)
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index d1743ddf7a..fa75a3b10e 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -310,7 +310,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
 
  err:
 EVP_MD_CTX_free(mdctx);
-EVP_MD_meth_free(md);
+EVP_MD_free(md);
 OPENSSL_free(k_bytes);
 OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
 return ret;
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index 58e9e92d4c..45b6c4ab69 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -41,7 +41,7 @@ static c448_error_t oneshot_hash(OPENSSL_CTX *ctx, uint8_t 
*out, size_t outlen,
 ret = C448_SUCCESS;
  err:
 EVP_MD_CTX_free(hashctx);
-EVP_MD_meth_free(shake256);
+EVP_MD_free(shake256);
 return ret;
 }
 
@@ -77,11 +77,11 @@ static c448_error_t hash_init_with_dom(OPENSSL_CTX *ctx, 
EVP_MD_CTX *hashctx,
 || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
 || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
 || !EVP_DigestUpdate(hashctx, context, context_len)) {

[openssl] master update

2019-09-04 Thread Richard Levitte
The branch master has been updated
   via  3ca9d210c94b9b88b89b224797aa403dfe97ccce (commit)
  from  7964e3709af59675795ab1f4f69a935980379a66 (commit)


- Log -
commit 3ca9d210c94b9b88b89b224797aa403dfe97ccce
Author: Richard Levitte 
Date:   Fri Aug 23 14:03:28 2019 +0200

Refactor how KEYMGMT methods get associated with other methods

KEYMGMT methods were attached to other methods after those were fully
created and registered, thereby creating a potential data race, if two
threads tried to create the exact same method at the same time.

Instead of this, we change the method creating function to take an
extra data parameter, passed all the way from the public fetching
function.  In the case of EVP_KEYEXCH, we pass all the necessary data
that evp_keyexch_from_dispatch() needs to be able to fetch the
appropriate KEYMGMT method on the fly.

Fixes #9592

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9678)

---

Summary of changes:
 crypto/err/openssl.txt  |  1 +
 crypto/evp/digest.c |  6 +--
 crypto/evp/evp_enc.c|  7 ++--
 crypto/evp/evp_err.c|  2 +
 crypto/evp/evp_fetch.c  | 21 ++
 crypto/evp/evp_locl.h   |  8 +++-
 crypto/evp/exchange.c   | 74 -
 crypto/evp/keymgmt_meth.c   |  4 +-
 crypto/evp/mac_meth.c   |  6 +--
 doc/internal/man3/evp_generic_fetch.pod |  9 +++-
 include/openssl/evperr.h|  5 +--
 11 files changed, 87 insertions(+), 56 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 58f6c4894f..9b682d5084 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2484,6 +2484,7 @@ EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid 
length
 EVP_R_NO_CIPHER_SET:131:no cipher set
 EVP_R_NO_DEFAULT_DIGEST:158:no default digest
 EVP_R_NO_DIGEST_SET:139:no digest set
+EVP_R_NO_KEYMGMT_AVAILABLE:199:no keymgmt available
 EVP_R_NO_KEYMGMT_PRESENT:196:no keymgmt present
 EVP_R_NO_KEY_SET:154:no key set
 EVP_R_NO_OPERATION_SET:149:no operation set
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index dc7f922a11..bb6d31bf4f 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -617,7 +617,7 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void 
*p2)
 }
 
 static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
-  OSSL_PROVIDER *prov)
+  OSSL_PROVIDER *prov, void *unused)
 {
 EVP_MD *md = NULL;
 int fncnt = 0;
@@ -744,7 +744,7 @@ EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char 
*algorithm,
 {
 EVP_MD *md =
 evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
-  evp_md_from_dispatch, evp_md_up_ref,
+  evp_md_from_dispatch, NULL, evp_md_up_ref,
   evp_md_free);
 
 return md;
@@ -756,5 +756,5 @@ void EVP_MD_do_all_ex(OPENSSL_CTX *libctx,
 {
 evp_generic_do_all(libctx, OSSL_OP_DIGEST,
(void (*)(void *, void *))fn, arg,
-   evp_md_from_dispatch, evp_md_free);
+   evp_md_from_dispatch, NULL, evp_md_free);
 }
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 96a15ef897..142ffecfed 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1246,7 +1246,8 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const 
EVP_CIPHER_CTX *in)
 
 static void *evp_cipher_from_dispatch(const char *name,
   const OSSL_DISPATCH *fns,
-  OSSL_PROVIDER *prov)
+  OSSL_PROVIDER *prov,
+  void *unused)
 {
 EVP_CIPHER *cipher = NULL;
 int fnciphcnt = 0, fnctxcnt = 0;
@@ -1386,7 +1387,7 @@ EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char 
*algorithm,
 {
 EVP_CIPHER *cipher =
 evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties,
-  evp_cipher_from_dispatch, evp_cipher_up_ref,
+  evp_cipher_from_dispatch, NULL, evp_cipher_up_ref,
   evp_cipher_free);
 
 return cipher;
@@ -1398,5 +1399,5 @@ void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx,
 {
 evp_generic_do_all(libctx, OSSL_OP_CIPHER,
(void (*)(void *, void *))fn, arg,
-   evp_cipher_from_dispatch, evp_cipher_free);
+   evp_cipher_from_dispatch, NULL, evp_cipher_free);
 }
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 749f189be3..63174f98f6 100644
--- a/crypto/evp/evp_err.c
+++ 

[openssl] master update

2019-09-04 Thread Dr . Paul Dale
The branch master has been updated
   via  7964e3709af59675795ab1f4f69a935980379a66 (commit)
  from  363e941ed43c648adf4d6d0874077ddd80041e1f (commit)


- Log -
commit 7964e3709af59675795ab1f4f69a935980379a66
Author: Pauli 
Date:   Mon Sep 2 09:12:53 2019 +1000

Fix Coverity 1453452: Control flow issues (DEADCODE)

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9749)

---

Summary of changes:
 apps/provider.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/apps/provider.c b/apps/provider.c
index 932bc40931..fe5ca1d1f7 100644
--- a/apps/provider.c
+++ b/apps/provider.c
@@ -165,8 +165,7 @@ int provider_main(int argc, char **argv)
 prog = opt_init(argc, argv, provider_options);
 while ((o = opt_next()) != OPT_EOF) {
 switch (o) {
-case OPT_EOF:
-case OPT_ERR:
+default: /* Catching OPT_ERR & covering OPT_EOF which isn't possible */
 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
 goto end;
 case OPT_HELP:


[openssl] master update

2019-09-04 Thread Richard Levitte
The branch master has been updated
   via  8648a50a2704307fa4633b3d11724dfdae11f125 (commit)
  from  3ca9d210c94b9b88b89b224797aa403dfe97ccce (commit)


- Log -
commit 8648a50a2704307fa4633b3d11724dfdae11f125
Author: Richard Levitte 
Date:   Tue Sep 3 15:10:43 2019 +0200

test/errtest.c: more conditions for checking __FILE__ and __LINE__

When at least one of OPENSSL_NO_ERR or OPENSSL_NO_FILENAMES is
defined, __FILE__ and __LINE__ are not saved with the error record.
This test only checked OPENSSL_NO_FILENAMES.  Now fixed.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9755)

---

Summary of changes:
 test/errtest.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/test/errtest.c b/test/errtest.c
index 37e9686663..ffe6532240 100644
--- a/test/errtest.c
+++ b/test/errtest.c
@@ -44,13 +44,17 @@ static int vdata_appends(void)
 return TEST_str_eq(data, "hello world");
 }
 
-/* Test that setting a platform error sets the right values. */
-static int platform_error(void)
+static int raised_error(void)
 {
 const char *f, *data;
 int l;
 unsigned long e;
-#ifndef OPENSSL_NO_FILENAMES
+
+/*
+ * When OPENSSL_NO_ERR or OPENSSL_NO_FILENAMES, no file name or line
+ * number is saved, so no point checking them.
+ */
+#if !defined(OPENSSL_NO_FILENAMES) && !defined(OPENSSL_NO_ERR)
 const char *file;
 int line;
 
@@ -61,7 +65,7 @@ static int platform_error(void)
"calling exit()");
 if (!TEST_ulong_ne(e = ERR_get_error_line_data(, , , NULL), 0)
 || !TEST_int_eq(ERR_GET_REASON(e), ERR_R_INTERNAL_ERROR)
-#ifndef OPENSSL_NO_FILENAMES
+#if !defined(OPENSSL_NO_FILENAMES) && !defined(OPENSSL_NO_ERR)
 || !TEST_int_eq(l, line)
 || !TEST_str_eq(f, file)
 #endif
@@ -74,6 +78,6 @@ int setup_tests(void)
 {
 ADD_TEST(preserves_system_error);
 ADD_TEST(vdata_appends);
-ADD_TEST(platform_error);
+ADD_TEST(raised_error);
 return 1;
 }


  1   2   3   4   5   6   7   8   9   10   >