- 13 Apr, 2018 10 commits
-
-
Dr. Matthias St. Pierre authored
Fixes #5849 In pull request #5503 a fallback was added which adds a random nonce of security_strength/2 bits if no nonce callback is provided. This change raised the entropy requirements form 256 to 384 bit, which can cause problems on some platforms (e.g. VMS, see issue #5849). The requirements for the nonce are given in section 8.6.7 of NIST SP 800-90Ar1: A nonce may be required in the construction of a seed during instantiation in order to provide a security cushion to block certain attacks. The nonce shall be either: a) A value with at least (security_strength/2) bits of entropy, or b) A value that is expected to repeat no more often than a (security_strength/2)-bit random string would be expected to repeat. Each nonce shall be unique to the cryptographic module in which instantiation is performed, but need not be secret. When used, the nonce shall be considered to be a critical security parameter. This commit implements a nonce of type b) in order to lower the entropy requirements during instantiation back to 256 bits. The formulation "shall be unique to the cryptographic module" above implies that the nonce needs to be unique among (with high probability) among all DRBG instances in "space" and "time". We try to achieve this goal by creating a nonce of the following form nonce = app-specific-data || high-resolution-utc-timestamp || counter Where || denotes concatenation. The application specific data can be something like the process or group id of the application. A utc timestamp is used because it increases monotonically, provided the system time is synchronized. This approach may not be perfect yet for a FIPS evaluation, but it should be good enough for the moment. This commit also harmonizes the implementation of the get_nonce() and the get_additional_data() callbacks and moves the platform specific parts from rand_lib.c into rand_unix.c, rand_win.c, and rand_vms.c. Reviewed-by:Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5920)
-
Bernd Edlinger authored
Address the concern that commit c53c2fec raised differently. The original direction of the traffic is encoded in bit 0 of the flight number. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5923)
-
Richard Levitte authored
There is a test to check that 'genrsa' doesn't accept absurdly low number of bits. Apart from that, this test is designed to check the working functionality of 'openssl genrsa', so instead of having a hard coded lower limit on the size key, let's figure out what it is. Partially fixes #5751 Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5754) (cherry picked from commit ec46830f)
-
Richard Levitte authored
The scrypt and RSA-PSS documents were a mixture of section 3 and section 7 material. With pre-1.1.1 OpenSSL, this is understandable, since we had a different directory layout. With 1.1.1, we've moved to the typical man-page directory layout, and the documents need to be updated accordingly. Also, the scrypt document contained a description of EVP_PKEY_CTX_set1_pbe_pass(), which is a generic function rather than an scrypt specific function, and therefore should be documented separately. Fixes #5802 Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5942)
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Historically we used to implement standalone base64 code for SRP. This was replaced by commit 3d3f21aa with the standard base64 processing code. However, the SRP base64 code was designed to be compatible with other SRP libraries (notably libsrp, but also others) that use a variant of standard base64. Specifically a different alphabet is used and no padding '=' characters are used. Instead 0 padding is added to the front of the string. By changing to standard base64 we change the behaviour of the API which may impact interoperability. It also means that SRP verifier files created prior to 1.1.1 would not be readable in 1.1.1 and vice versa. Instead we expand our standard base64 processing with the capability to be able to read and generate the SRP base64 variant. Reviewed-by:
-
Matt Caswell authored
Previously they were using EVP_EncodeBlock/EVP_DecodeBlock. These are low level functions that do not handle padding characters. This was causing the SRP code to fail. One side effect of using EVP_EncodeUpdate is that it inserts newlines which is not what we need in SRP so we add a flag to avoid that. Reviewed-by:
-
Richard Levitte authored
The documentation erroneously stated that one can change the default configuration file name. Fixes #5939 Reviewed-by:
-
Andy Polyakov authored
The failure is "impossible", because we have confirmation that s_server listens, yet Mac OS X fails to connect. This avoids 10 minutes timeout on Travis CI. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
Andy Polyakov authored
On rare occasion 's_server | perl -ne print' can complete before corresponding waitpid, which on Windows can results in -1 return value. This is not an error, don't treat it like one. Collect even return value from s_server. Reviewed-by:
-
- 12 Apr, 2018 4 commits
-
-
Richard Levitte authored
X509_get_default_cert_dir_env() returns the default environment variable to check for certificate directories. X509_get_default_cert_dir() returns the default configured certificate directory. Use these instead of hard coding our own values, and thereby be more integrated with the rest of OpenSSL. Reviewed-by:
-
Richard Levitte authored
Fixes #5902 Reviewed-by:
-
Andy Polyakov authored
Purpose of build_all_generated is to execute all the rules that require perl, so that one can copy the tree to system with compiler but without perl. This commit removes last dependencies on perl. Reviewed-by:
-
Daniel Bevenius authored
This is a minor update which hopefully makes these particular lines read a little easier. Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
- 11 Apr, 2018 7 commits
-
-
Andy Polyakov authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Computing the value of the GENERATED variable in the build file templates is somewhat overcomplicated, and because of possible duplication errors, changes are potentially error prone. Looking more closely at how this list is determined, it can be observed that the exact list of files to check is consistently available in all the values found in the %unified_info tables 'depends', 'sources' and 'shared_sources', and all that's needed is to filter those values so only those present as keys in the 'generate' table are left. This computation is also common for all build files, so due to its apparent complexity, we move it to common0.tmpl, with the result left in a global variable (@generated), to be consumed by all build file templates. common0.tmpl is included among the files to process when creating build files, but unlike common.tmpl, it comes first of all. Reviewed-by:
-
Theo Buehler authored
The EVP_MD_CTX_cleanup() function was merged into EVP_MD_CTX_reset() which is called by EVP_MD_CTX_free(). Adjust the documentation to say that the latter should be used to avoid leaking memory. CLA: trivial Reviewed-by:
-
Daniel Bevenius authored
Reviewed-by:
-
Dr. Matthias St. Pierre authored
- added some explaining text to a sentence that lost its context. - removed mention of per-ssl drbg - fix whitespace errors Reviewed-by:
-
Richard Levitte authored
For test recipes that want to use the directory of the data directory or a subdirectory thereof, rather than just individual files. Reviewed-by:
-
- 10 Apr, 2018 1 commit
-
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
- 09 Apr, 2018 3 commits
-
-
Andy Polyakov authored
The warning reads "[cast] may cause misaligned access". Even though this can be application-supplied pointer, misaligned access shouldn't happen, because structure type is "encoded" into data itself, and application would customarily pass correctly aligned pointer. But there is no harm in resolving the warning... Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Kunxian Xia authored
CLA: trivial Reviewed-by:
-
- 08 Apr, 2018 10 commits
-
-
Dr. Matthias St. Pierre authored
Fixes #5778, #5840 The various IS_*() macros did not work correctly for 8-bit ASCII characters with the high bit set, because the CVT(a) preprocessor macro and'ed the given ASCII value with 0x7F, effectively folding the high value range 128-255 over the low value range 0-127. As a consequence, some of the IS_*() erroneously returned TRUE. This commit fixes the issue by adding range checks instead of cutting off high order bits using a mask. In order avoid multiple evaluation of macro arguments, most of the implementation was moved from macros into a static function is_keytype(). Thanks to Румен Петров for reporting and analyzing the UTF-8 parsing issue #5840. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Original logic was "if no records found *or* last one is truncated, then leave complete records in queue." Trouble is that if we don't pass on complete records and get complete packet in opposite direction, then queued records will go back to sender. In other words complete records should always be passed on. [Possible alternative would be to match direction in reconstruct_record.] Reviewed-by:
-
Andy Polyakov authored
Even though removed calls were oiriginally added on Windows, problem they tried to mitigate is not Windows-specific. Reviewed-by:
-
Andy Polyakov authored
Without TCP_NODELAY alerts risk to be dropped between shutdown and close. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
HP-UX provides sockets symbols with incompatible prototypes under same name. This caused problems in 64-bit builds. Additional macros force unambiguous symbols with unambiguous prototypes. Reviewed-by:
-
Andy Polyakov authored
hpux64-parisc2-gcc is chosen based on gcc's bitness, and it was overriden unconditionally. Reviewed-by:
-
Andy Polyakov authored
HP-UX gmtime fails with ERANGE past 19011213204552Z, so skip some tests. Reviewed-by:
-
- 07 Apr, 2018 1 commit
-
-
Rich Salz authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5889)
-
- 06 Apr, 2018 4 commits
-
-
Kaoru Toda authored
add_attribute_object and add_DN_object have similar code, so move it into a common function build_data. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Matt Caswell authored
Fixes #5873 Reviewed-by:
-
Matt Caswell authored
Adding support for these operations for the EdDSA implementations makes pkeyutl usable for signing/verifying for these algorithms. Reviewed-by:
-
Rich Salz authored
The wrong "set" field was incremented in the wrong place and would create a new RDN, not a multi-valued RDN. RDN inserts would happen after not before. Prepending an entry to an RDN incorrectly created a new RDN Anything which built up an X509_NAME could get a messed-up structure, which would then be "wrong" for anyone using that name. Thanks to Ingo Schwarze for extensive debugging and the initial fix (documented in GitHub issue #5870). Reviewed-by:
-
