openssl.git
8 months agoAPPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible
Richard Levitte [Thu, 9 Jan 2020 20:37:32 +0000 (21:37 +0100)]
APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible

Some uses were going against documented recommendations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10798)

8 months agomdc2: use evp_test instead of a separate test application.
Pauli [Mon, 13 Jan 2020 22:01:34 +0000 (08:01 +1000)]
mdc2: use evp_test instead of a separate test application.

One of the MDC2 test applications can be done using evp_test.
This makes it so.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10831)

8 months agoapps: Fix deprecation conditional in speed.c
Pauli [Thu, 16 Jan 2020 04:15:19 +0000 (14:15 +1000)]
apps: Fix deprecation conditional in speed.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10819)

8 months agoDeprecate the low level IDEA functions.
Pauli [Mon, 13 Jan 2020 03:02:45 +0000 (13:02 +1000)]
Deprecate the low level IDEA functions.

Use of the low level IDEA functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10819)

8 months agoidea: fix preprocessor indention
Pauli [Mon, 13 Jan 2020 02:50:08 +0000 (12:50 +1000)]
idea: fix preprocessor indention

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10819)

8 months agoparam_bld: add a padded BN call.
Pauli [Tue, 14 Jan 2020 09:36:39 +0000 (19:36 +1000)]
param_bld: add a padded BN call.

To aviod leaking size information when passing private value using the
OSSL_PARAM builder, a padded BN call is required.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10840)

8 months agoTODO: undo md5.h and sha.h changes temporarily
Pauli [Fri, 10 Jan 2020 02:43:47 +0000 (12:43 +1000)]
TODO: undo md5.h and sha.h changes temporarily

Undo the changes to md5.h and sha.h so that the low level symbols are
exported from libcrypto again.  This allows libssl to build and link.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)

8 months agoDeprecate the low level MD5 functions.
Pauli [Wed, 15 Jan 2020 01:13:03 +0000 (11:13 +1000)]
Deprecate the low level MD5 functions.

Use of the low level MD5 functions has been informally discouraged for a long
time.  We now formally deprecate them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)

8 months agoDeprecate the low level SHA functions.
Pauli [Thu, 9 Jan 2020 03:14:13 +0000 (13:14 +1000)]
Deprecate the low level SHA functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)

8 months agosha: fix preprocessor indentation
Pauli [Thu, 9 Jan 2020 02:04:54 +0000 (12:04 +1000)]
sha: fix preprocessor indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)

8 months agoAdd GNU properties note for Intel CET in x86_64-xlate.pl
Richard Levitte [Fri, 17 Jan 2020 07:29:28 +0000 (08:29 +0100)]
Add GNU properties note for Intel CET in x86_64-xlate.pl

This appears to be emitted with gcc and clang with -fcf-protection
selected, so we should do the same.

We're trying to be smart, and only emit this when the 'endbranch'
pseudo-mnemonic has been used at least once.

This is inspired by and owes to work done by @hjl-tools (github)

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10875)

8 months agoEVP: Add evp_pkey_make_provided() and refactor around it
Richard Levitte [Tue, 14 Jan 2020 13:11:47 +0000 (14:11 +0100)]
EVP: Add evp_pkey_make_provided() and refactor around it

The code to ensure that an EVP_PKEY is exported to providers is
repeated all over the place, enough that copying it again has the
usual future hazards with code copying.

Instead, we refactor that code into one function,
evp_pkey_make_provided(), and make sure to use that everywhere.
It relies on the creation of EVP_PKEY_CTX to figure out facts about
the input key, should it need to.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10850)

8 months agoCORE: renumber OSSL_FUNC_KEYMGMT macros
Richard Levitte [Fri, 10 Jan 2020 17:02:05 +0000 (18:02 +0100)]
CORE: renumber OSSL_FUNC_KEYMGMT macros

An amount of upcoming work does this to make space for new functions
in different groups.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/10804)

8 months agoDSA: Move DSA_security_bits() and DSA_bits()
Richard Levitte [Mon, 13 Jan 2020 11:28:05 +0000 (12:28 +0100)]
DSA: Move DSA_security_bits() and DSA_bits()

... to make them accessible from the FIPS provider module.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

8 months agoAdd CHANGES entry regarding the documentation of EVP_PKEY_size() et al
Richard Levitte [Sun, 12 Jan 2020 00:23:43 +0000 (01:23 +0100)]
Add CHANGES entry regarding the documentation of EVP_PKEY_size() et al

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

8 months agoDOC: Make EVP_SignInit.pod conform with man-pages(7)
Richard Levitte [Wed, 8 Jan 2020 10:08:06 +0000 (11:08 +0100)]
DOC: Make EVP_SignInit.pod conform with man-pages(7)

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

8 months agoDOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()
Richard Levitte [Wed, 8 Jan 2020 10:04:15 +0000 (11:04 +0100)]
DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()

We change the description to be about the key rather than the
signature.  How the key size is related to the signature is explained
in the description of EVP_SignFinal() anyway.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

8 months agoTEST: Adapt test/evp_pkey_provided_test.c to check the key size
Richard Levitte [Wed, 8 Jan 2020 02:50:33 +0000 (03:50 +0100)]
TEST: Adapt test/evp_pkey_provided_test.c to check the key size

This is for the case where we build keys from user data

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

8 months agoPROV: Adapt the RSA, DSA and DH KEYMGMT implementations
Richard Levitte [Wed, 8 Jan 2020 02:49:08 +0000 (03:49 +0100)]
PROV: Adapt the RSA, DSA and DH KEYMGMT implementations

They now all respond to requests for key size, bits and security bits.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

8 months agoEVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys
Richard Levitte [Wed, 8 Jan 2020 02:44:28 +0000 (03:44 +0100)]
EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys

These functions relied entirely on the presence of 'pkey->pmeth',
which is NULL on provider only keys.  This adds an interface to get
domparam and key data from a provider, given corresponding provider
data (the actual domparam or key).

The retrieved data is cached in the EVP_PKEY structure (lending the
idea from provided EVP_CIPHER).

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

8 months agoModify EVP_CIPHER_is_a() and EVP_MD_is_a() to handle legacy methods too
Richard Levitte [Wed, 15 Jan 2020 00:04:37 +0000 (01:04 +0100)]
Modify EVP_CIPHER_is_a() and EVP_MD_is_a() to handle legacy methods too

These functions would only handle provided methods, but there are
cases where the caller just passes along a received method without
knowing the underlying method tech, so might pass along a legacy
method.  We therefore need to have them handle this case as well so
they don't cause any unnecessary surprises.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10845)

8 months agoFor all assembler scripts where it matters, recognise clang > 9.x
Richard Levitte [Wed, 15 Jan 2020 20:14:05 +0000 (21:14 +0100)]
For all assembler scripts where it matters, recognise clang > 9.x

Fixes #10853

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10855)

8 months agoBuild file templates: Use explicit files instead of $< or $? for pods
Richard Levitte [Wed, 15 Jan 2020 07:28:46 +0000 (08:28 +0100)]
Build file templates: Use explicit files instead of $< or $? for pods

When generating html or manpages from POD files, we used $< or $? to
get the file name to process.  It turns out, though, that some make
implementations only define $< with implicit rules, so its expansion
remains empty in explicit rules.  $? is a fine replacement, but only
as long as we have one dependency, so it may cause problems in the
future.

The final solution seems to be to use explicit POD file names
instead.  That leaves no doubts.

Fixes #10817

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/10849)

8 months agonews: combined NEWS entry for deprecated low level cipher functions
Pauli [Thu, 16 Jan 2020 04:05:05 +0000 (14:05 +1000)]
news: combined NEWS entry for deprecated low level cipher functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10820)

8 months agochanges: combined CHANGES entry for deprecated low level cipher functions.
Pauli [Mon, 13 Jan 2020 03:19:00 +0000 (13:19 +1000)]
changes: combined CHANGES entry for deprecated low level cipher functions.

[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10820)

8 months agoAdd duplication APIs to ASN1_TIME and related types
Paul Yang [Mon, 13 Jan 2020 06:26:11 +0000 (14:26 +0800)]
Add duplication APIs to ASN1_TIME and related types

Fixes #10600.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10823)

8 months agoDigest function deprecation CHANGES.
Pauli [Fri, 10 Jan 2020 12:14:27 +0000 (22:14 +1000)]
Digest function deprecation CHANGES.

Add a changes entry to cover the deprecation of the low level digest functions:
    MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and
    Whirlpool

[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10802)

8 months agoUpdate SSL_CTX_sess_set_new_cb(3) docs for refcounts
Benjamin Kaduk [Wed, 15 Jan 2020 00:22:52 +0000 (16:22 -0800)]
Update SSL_CTX_sess_set_new_cb(3) docs for refcounts

The existing documentation for the new-session callback was unclear
about the requirements on the callback with respect to reference-handling
of the session object being created.  Be more explicit about the
(non-)requirements on the callback code for "success" (1) and "ignore"
(0) return values.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10848)

8 months agoMove the stored namemap pre-population to namemap construction
Richard Levitte [Wed, 15 Jan 2020 00:10:42 +0000 (01:10 +0100)]
Move the stored namemap pre-population to namemap construction

Prepopulation of the stored namemap from the legacy method object
database happened on first EVP fetch.  However, there are moments when
that prepopulation needs to happen even though no fetching has been
performed yet.  We therefore move pre-population to happen when the
namemap is constructed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10846)

8 months agoAdd doc for TS_VERIFY_CTX_set_certs()
Paul Yang [Tue, 10 Sep 2019 05:08:29 +0000 (13:08 +0800)]
Add doc for TS_VERIFY_CTX_set_certs()

This addition is based on PR #9472.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9838)

8 months agoPROV: Adapt the DSA keymgmt implementation to no ex_fields
Richard Levitte [Tue, 14 Jan 2020 01:35:29 +0000 (02:35 +0100)]
PROV: Adapt the DSA keymgmt implementation to no ex_fields

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10837)

8 months agoCRYPTO: Remove support for ex_data fields when building the FIPS module
Richard Levitte [Tue, 14 Jan 2020 01:32:42 +0000 (02:32 +0100)]
CRYPTO: Remove support for ex_data fields when building the FIPS module

These fields are purely application data, and applications don't reach
into the bowels of the FIPS module, so these fields are never used
there.

Fixes #10835

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10837)

8 months agoDeprecate the low level RC5 functions
Pauli [Tue, 14 Jan 2020 00:33:03 +0000 (10:33 +1000)]
Deprecate the low level RC5 functions

Use of the low level RC5 functions has been informally discouraged for a long
time.  We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

8 months agorc5: fix preprocessor indentation
Pauli [Mon, 13 Jan 2020 23:03:55 +0000 (09:03 +1000)]
rc5: fix preprocessor indentation

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

8 months agoDeprecate the low level RC4 functions
Pauli [Mon, 13 Jan 2020 23:38:09 +0000 (09:38 +1000)]
Deprecate the low level RC4 functions

Use of the low level RC4 functions has been informally discouraged for a long
time.  We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

8 months agorc4: fix preprocessor indentation
Pauli [Mon, 13 Jan 2020 23:03:55 +0000 (09:03 +1000)]
rc4: fix preprocessor indentation

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

8 months agoDeprecate the low level RC2 functions
Pauli [Mon, 13 Jan 2020 23:15:18 +0000 (09:15 +1000)]
Deprecate the low level RC2 functions

Use of the low level RC2 functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

8 months agorc2: fix preprocessor indentation
Pauli [Mon, 13 Jan 2020 23:03:54 +0000 (09:03 +1000)]
rc2: fix preprocessor indentation

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

8 months agoDeprecate the low level SEED functions
Pauli [Mon, 13 Jan 2020 22:35:12 +0000 (08:35 +1000)]
Deprecate the low level SEED functions

Use of the low level SEED functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10833)

8 months agoseed: fix preprocessor indentation
Pauli [Mon, 13 Jan 2020 22:18:58 +0000 (08:18 +1000)]
seed: fix preprocessor indentation

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10833)

8 months agoRestoring correct check for legacy PKEY
Dmitry Belyavskiy [Tue, 14 Jan 2020 08:09:30 +0000 (11:09 +0300)]
Restoring correct check for legacy PKEY

The fix inroduced in #10758 was rolled back by accident.
Restoring it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10839)

8 months agoAdd FIPS Self test kats for digests
Shane Lontis [Wed, 15 Jan 2020 00:48:01 +0000 (10:48 +1000)]
Add FIPS Self test kats for digests

Added an API to optionally set a self test callback.
The callback has the following 2 purposes
(1) Output information about the KAT tests.
(2) Allow the ability to corrupt one of the KAT's
The fipsinstall program uses the API.

Some KATS are not included in this PR since the required functionality did not yet exist in the provider.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10374)

8 months agoChange returned -2 to 0 in EVP_Digest{Sign,Verify}Init()
Richard Levitte [Sun, 12 Jan 2020 00:05:01 +0000 (01:05 +0100)]
Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()

The returned -2 was to mark when these operations are unsupported.
However, that breaks away from the previous API and expectations, and
there's not enough justification for that not being zero.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10815)

8 months agoAvoid leak in error path of asn1_parse2
kinichiro [Thu, 9 Jan 2020 14:22:25 +0000 (23:22 +0900)]
Avoid leak in error path of asn1_parse2

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10794)

8 months agoPROV: Fix mixup between general and specialized GCM implementations
Richard Levitte [Wed, 8 Jan 2020 13:58:34 +0000 (14:58 +0100)]
PROV: Fix mixup between general and specialized GCM implementations

providers/implementations/ciphers/ciphercommon_gcm_hw.c had an AES
specific GCM update function, while
providers/implementations/ciphers/cipher_aria_gcm_hw.c had the more
general implementation.

This moves them around to have the more general implementation in the
common source, and place the AES specialiation where it belongs.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10783)

8 months agoFix EVP_Digest{Sign,Verify}Final() and EVP_Digest{Sign,Verify}() for provider only...
Richard Levitte [Fri, 10 Jan 2020 19:40:11 +0000 (20:40 +0100)]
Fix EVP_Digest{Sign,Verify}Final() and EVP_Digest{Sign,Verify}() for provider only keys

For provider only keys where the initialization didn't catch, we may
end up crashing because the legacy code path didn't check that it had
support carefully enough.  This only happens if the caller didn't
check if initialization worked or not.

For the one-shot case, it's very simply handling the case where the
key has no legacy implementation an fall back to the standard
init+update+final mechanism.

While at it, EVP_DigestSignFinal() and EVP_DigestVerifyFinal() got a
slight code cleanup.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10806)

8 months agoThe MD2 test uses the EVP APIs not the low level ones.
Pauli [Mon, 13 Jan 2020 05:42:46 +0000 (15:42 +1000)]
The MD2 test uses the EVP APIs not the low level ones.
The test can be moved into the EVP tests and the separate executable removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10821)

8 months agoRemove duplicates
Rich Salz [Wed, 8 Jan 2020 14:03:00 +0000 (09:03 -0500)]
Remove duplicates

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10134)

8 months agoBetter documentation of -www,-WWW,-HTTP flags
Rich Salz [Thu, 12 Dec 2019 18:34:32 +0000 (13:34 -0500)]
Better documentation of -www,-WWW,-HTTP flags

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10134)

8 months agoRefactor the tls/dlts version options
Rich Salz [Sat, 12 Oct 2019 21:45:56 +0000 (17:45 -0400)]
Refactor the tls/dlts version options

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10134)

8 months agoAdd a test for HMAC via EVP_DigestSign*
Matt Caswell [Thu, 9 Jan 2020 15:21:14 +0000 (15:21 +0000)]
Add a test for HMAC via EVP_DigestSign*

We test with both an implicitly fetched digest and an explicitly fetched
digest.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10796)

8 months agoAlways go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set
Matt Caswell [Thu, 9 Jan 2020 15:58:19 +0000 (15:58 +0000)]
Always go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set

If we're using an explicitly fetched digest in an EVP_DigestUpdate
operation, then we should still go the legacy route if
EVP_MD_CTX_FLAG_NO_INIT has been set because we are being used in the
context of a legacy signature algorithm and EVP_DigestInit has not been
called.

This fixes a seg fault in EVP_DigestSignUpdate()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10796)

8 months agoDeprecate the Low Level CAST APIs
Matt Caswell [Thu, 2 Jan 2020 16:15:26 +0000 (16:15 +0000)]
Deprecate the Low Level CAST APIs

Applications should instead use the higher level EVP APIs, e.g.
EVP_Encrypt*() and EVP_Decrypt*().

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10742)

8 months agoDeprecate Low Level Camellia APIs
Matt Caswell [Thu, 2 Jan 2020 15:22:19 +0000 (15:22 +0000)]
Deprecate Low Level Camellia APIs

Applications should instead use the higher level EVP APIs, e.g.
EVP_Encrypt*() and EVP_Decrypt*().

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10741)

8 months agohandle new findings of find-doc-nits on fn typedefs w/ extra space
Dr. David von Oheimb [Sat, 21 Dec 2019 19:46:07 +0000 (20:46 +0100)]
handle new findings of find-doc-nits on fn typedefs w/ extra space

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10673)

8 months agomake find-doc-nits report function typedef w/ space before arg list
Dr. David von Oheimb [Sat, 21 Dec 2019 19:42:10 +0000 (20:42 +0100)]
make find-doc-nits report function typedef w/ space before arg list

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10673)

8 months agohandle new findings of find-doc-nits for certain typedefs
Dr. David von Oheimb [Sat, 21 Dec 2019 18:48:19 +0000 (19:48 +0100)]
handle new findings of find-doc-nits for certain typedefs

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10673)

8 months agoimprove 'typedef' patterns of find-doc-nits
Dr. David von Oheimb [Sat, 21 Dec 2019 18:35:45 +0000 (19:35 +0100)]
improve 'typedef' patterns of find-doc-nits

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10673)

8 months agoConfigure: use $list_separator_re only for defines and includes
Richard Levitte [Thu, 9 Jan 2020 13:49:53 +0000 (14:49 +0100)]
Configure: use $list_separator_re only for defines and includes

This regexp was used a bit too uncontrolled, which had it split flag
values where it should not have.

Fixes #10792

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10793)

8 months agoWhen deprecated symbols are removed, ensure liblegacy has WHIRLPOOL
Richard Levitte [Wed, 8 Jan 2020 10:52:38 +0000 (11:52 +0100)]
When deprecated symbols are removed, ensure liblegacy has WHIRLPOOL

The legacy module implements WHIRLPOOL, so we must ensure it has the
full functionality, even when libcrypto stops exporting the symbols.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10779)

8 months agoDeprecate the low level Whirlpool functions.
Pauli [Wed, 8 Jan 2020 05:13:11 +0000 (15:13 +1000)]
Deprecate the low level Whirlpool functions.

Use of the low level Whirlpool functions has been informally discouraged for a
long time.  We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_Digest,
EVP_DigestInit_ex, EVP_DigestUpdate and EVP_DigestFinal_ex.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10779)

8 months agowhirlpool: fix preprocessor indentation
Pauli [Wed, 8 Jan 2020 02:50:56 +0000 (12:50 +1000)]
whirlpool: fix preprocessor indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10779)

8 months agoDeprecate the low level MDC2 functions.
Pauli [Thu, 9 Jan 2020 01:18:58 +0000 (11:18 +1000)]
Deprecate the low level MDC2 functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)

8 months agomdc2: fix preprocessor indentation
Pauli [Thu, 9 Jan 2020 00:48:01 +0000 (10:48 +1000)]
mdc2: fix preprocessor indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)

8 months agoDeprecate the low level MD4 functions.
Pauli [Thu, 9 Jan 2020 00:37:28 +0000 (10:37 +1000)]
Deprecate the low level MD4 functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)

8 months agomd4: fix preprocessor indentation
Pauli [Thu, 9 Jan 2020 00:30:54 +0000 (10:30 +1000)]
md4: fix preprocessor indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)

8 months agoDeprecate the low level MD2 functions.
Pauli [Thu, 9 Jan 2020 00:16:21 +0000 (10:16 +1000)]
Deprecate the low level MD2 functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)

8 months agomd2: fix preprocessor indentation
Pauli [Wed, 8 Jan 2020 23:46:13 +0000 (09:46 +1000)]
md2: fix preprocessor indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)

8 months agoDeprecate the low level RIPEMD160 functions.
Pauli [Wed, 8 Jan 2020 23:08:31 +0000 (09:08 +1000)]
Deprecate the low level RIPEMD160 functions.

Use of the low level RIPEMD160 functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_Digest,
EVP_DigestInit_ex, EVP_DigestUpdate and EVP_DigestFinal_ex.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10789)

8 months agoripemd: fix preprocessor indentation
Pauli [Wed, 8 Jan 2020 22:20:30 +0000 (08:20 +1000)]
ripemd: fix preprocessor indentation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10789)

8 months agoAdd dsa signature alg to fips provider
Shane Lontis [Sun, 12 Jan 2020 01:32:12 +0000 (11:32 +1000)]
Add dsa signature alg to fips provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10615)

8 months agoTweak option error messages
Rich Salz [Tue, 7 Jan 2020 17:44:25 +0000 (12:44 -0500)]
Tweak option error messages

Better messages for unknown option, unknown cipher, unknown digest.

Fixes #10773

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10774)

8 months agotestutil_init.c: fix compilation error with enable-trace
Dr. Matthias St. Pierre [Tue, 31 Dec 2019 11:30:01 +0000 (12:30 +0100)]
testutil_init.c: fix compilation error with enable-trace

In commit e79ae962fbed the tests were adapted to use the
new BIO_f_prefix() API which was introduced in 319cee9e2fc6.
This location was missed, because it is compiled only when
tracing is enabled.

Fixes #10731

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10732)

8 months agoAdd GCM support for EVP_CTRL_GCM_IV_GEN and EVP_CTRL_GCM_SET_IV_INV to providers
Shane Lontis [Mon, 14 Oct 2019 10:59:31 +0000 (20:59 +1000)]
Add GCM support for EVP_CTRL_GCM_IV_GEN and EVP_CTRL_GCM_SET_IV_INV to providers

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10173)

8 months agoAdd test/bio_prefix_text to .gitignore
Nicola Tuveri [Sun, 5 Jan 2020 23:14:24 +0000 (01:14 +0200)]
Add test/bio_prefix_text to .gitignore

A new test binary was added as part of
51a7c4b5f2a0b2d0f6bc0c87ec2ee44b9697dc78
(from https://github.com/openssl/openssl/pull/10531 ).

This commit adds said binary to .gitignore to avoid cluttering of the
worktree.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10768)

8 months agoPROV: Adjust the KEYMGMT name specs to include all names
Richard Levitte [Wed, 18 Dec 2019 12:26:47 +0000 (13:26 +0100)]
PROV: Adjust the KEYMGMT name specs to include all names

This is very simply to allow the common case, where the KEYMGMT is
fetched first, and all names are needed at that time to secure that
they are found.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10647)

8 months agoEVP: Adapt KEYEXCH, SIGNATURE and ASYM_CIPHER to handle key types better
Richard Levitte [Wed, 18 Dec 2019 12:24:27 +0000 (13:24 +0100)]
EVP: Adapt KEYEXCH, SIGNATURE and ASYM_CIPHER to handle key types better

The adaptation is to handle the case when key types and operations
that use these keys have different names.  For example, EC keys can be
used for ECDSA and ECDH.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10647)

8 months agoCORE & EVP: Specify OP_query_operation_name() for KEYMGMT
Richard Levitte [Wed, 18 Dec 2019 12:20:55 +0000 (13:20 +0100)]
CORE & EVP: Specify OP_query_operation_name() for KEYMGMT

This will allow keymgmt implementation for key types that need it to
specify the names of the diverse operation algorithms it can be used
with.  Currently, only one name per key type and operation is allowed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10647)

8 months agoDOCS: The interpretation of OPENSSL_API_COMPAT has changed, update docs
Richard Levitte [Mon, 6 Jan 2020 18:49:26 +0000 (19:49 +0100)]
DOCS: The interpretation of OPENSSL_API_COMPAT has changed, update docs

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/10765)

8 months agoadd missing load_pkimsg() in test/cmp_testlib.c
Dr. David von Oheimb [Tue, 17 Dec 2019 05:07:51 +0000 (06:07 +0100)]
add missing load_pkimsg() in test/cmp_testlib.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)

8 months agofix obsolete error codes in test/cmp_msg_test.c
Dr. David von Oheimb [Tue, 17 Dec 2019 05:07:17 +0000 (06:07 +0100)]
fix obsolete error codes in test/cmp_msg_test.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)

8 months agofix dependencies of cmp_{msg,protect}_test.c in test/build.info
Dr. David von Oheimb [Tue, 17 Dec 2019 04:47:50 +0000 (05:47 +0100)]
fix dependencies of cmp_{msg,protect}_test.c in test/build.info

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)

8 months agoAdd the DSA serializers to the default provider tools
Richard Levitte [Tue, 7 Jan 2020 15:00:19 +0000 (16:00 +0100)]
Add the DSA serializers to the default provider tools

The DSA serializers are implemented, but didn't get added to the
default provider's serializer algorithm table.

Fixes #10645

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10772)

8 months agoEVP: If a key can't be exported to provider, fallback to legacy
Richard Levitte [Tue, 7 Jan 2020 10:49:08 +0000 (11:49 +0100)]
EVP: If a key can't be exported to provider, fallback to legacy

Currently, the operations that do try to export a legacy key to
providers will fail if the export failed.  It makes more sense to
simply use the legacy method instead, as a fallback for things not
being implemented (yet) in a provider.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10771)

8 months agonmake: fix install_html_docs target
Dr. Matthias St. Pierre [Sat, 28 Dec 2019 22:03:29 +0000 (23:03 +0100)]
nmake: fix install_html_docs target

The nmake rule contains actually two errors:

1. The $< target[1] does not work for regular rules and is
expanded to an empty string after issuing the warning

    NMAKE : warning U4006: special macro undefined : '$<"'

Solution: replace $< by $?

2. The substitution regex is not quoted correctly, which leads
to the following error message by cmd.exe:

    'href' is not recognized as an internal or external command,
    operable program or batch file.

Solution: Quoting arguments for cmd.exe is really a nightmare,
but with the help of the excellent description [2] I was able to
properly quote the regex. Things were complicated by the fact that
a lot of levels of unquoting needed to be considered:

 * perl (windows-makefile.tmpl -> makefile)
 * make (reading the makefile)
 * cmd.exe (executed by make)
 * perl (scanning command line using CommandLineToArgvW())

The fix works, but the regex has become unmaintainable. It would actually
be better to wrap the entire command (including the regex) into a little
perl script which can be called by make directly.

[1] https://docs.microsoft.com/en-us/cpp/build/reference/filename-macros
[2] https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/

Fixes #10648
Fixes #10749

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10719)

8 months agoDeprecate Low Level Blowfish APIs
Matt Caswell [Thu, 2 Jan 2020 14:25:27 +0000 (14:25 +0000)]
Deprecate Low Level Blowfish APIs

Applications should instead use the higher level EVP APIs, e.g.
EVP_Encrypt*() and EVP_Decrypt*().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10740)

8 months agoMake generated copyright year be "now"
Rich Salz [Tue, 7 Jan 2020 20:50:20 +0000 (15:50 -0500)]
Make generated copyright year be "now"

Always use the current year in generating output files, rather than
trying to base is on the modtime of the script or input, as that can
vary depending on the ability of the local OS to keep those accurate.

Fixes #10744

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10776)

8 months agoRefactor -engine documentation
Rich Salz [Sat, 12 Oct 2019 21:45:56 +0000 (17:45 -0400)]
Refactor -engine documentation

Common wording courtesy Richard Levitte.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10128)

8 months agoModify the add_seeds_stringlist() macro to fix a preprocessor error
Dr. Matthias St. Pierre [Mon, 6 Jan 2020 01:38:14 +0000 (02:38 +0100)]
Modify the add_seeds_stringlist() macro to fix a preprocessor error

When OpenSSL is configured using `--with-rand-seed=devrandom`, the preprocessor
reports the following error

    crypto/info.c:104:66: error:
            macro "add_seeds_stringlist" passed 3 arguments, but takes just 2
            add_seeds_stringlist("random-device", { DEVRANDOM, NULL });

The reason why the preprocessor complains about three arguments being passed
is that according to [1], balanced braces in macro arguments don't prevent the
comma from acting as an argument separator:

    3.3 Macro Arguments
    ...
    Parentheses within each argument must balance;
    a comma within such parentheses does not end the argument.
    However, there is no requirement for square brackets or braces to balance,
    and they do not prevent a comma from separating arguments.

Also introduced an iteration pointer `p`, because `dev` is not an lvalue:

    crypto/info.c:78:41: error:
            lvalue required as increment operand
            for (; *dev != NULL; dev++) {

[1] https://gcc.gnu.org/onlinedocs/cpp/Macro-Arguments.html

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10762)

8 months agoMove random-related defines to "crypto/rand.h"
Dr. Matthias St. Pierre [Mon, 6 Jan 2020 00:50:43 +0000 (01:50 +0100)]
Move random-related defines to "crypto/rand.h"

This fixes commit 01036e2afbe116d608be048ed15930fc885ab2a8, which moved the
DEVRANDOM and DEVRANDOM_EGD defines into rand_unix.c. That change introduced
the regression that the compiler complains about missing declarations in
crypto/info.c when OpenSSL is configured using `--with-rand-seed=devrandom`
(resp. `--with-rand-seed=egd`)

Fixes #10759

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10762)

8 months agoConfiguration: synchronise the variables on the build file templates
Richard Levitte [Sat, 4 Jan 2020 05:39:50 +0000 (06:39 +0100)]
Configuration: synchronise the variables on the build file templates

For some reason, we didn't use some of the possible target attributes
in the Unix Makefile template, and there was a similar but much
smaller lack of use in the Windows makefile template as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10753)

8 months agoMake ECDSA_size() use consistent asn1 encoder.
Shane Lontis [Thu, 5 Dec 2019 00:41:43 +0000 (10:41 +1000)]
Make ECDSA_size() use consistent asn1 encoder.

ECDSA signature lengths are calculated using i2d_ECDSA_SIG().
i2d_ECDSA_SIG() was changed in a previous PR to use a custom ASN1 encoder (using WPACKET)
so that the normal ASN1 encoder does not need to be pulled into the provider boundary.
For consistency ECDSA_size() has been changed to also use i2d_ECDSA_SIG() - this can now
be used directly inside the FIPS provider.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10577)

8 months agocoverity 1201462: check error returns
Pauli [Mon, 6 Jan 2020 01:23:21 +0000 (11:23 +1000)]
coverity 1201462: check error returns

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10760)

8 months agocoverity 1201478: check BIO_indent returns
Pauli [Mon, 6 Jan 2020 01:21:14 +0000 (11:21 +1000)]
coverity 1201478: check BIO_indent returns

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10760)

8 months agoFix KMAC docs
Shane Lontis [Sat, 21 Sep 2019 23:19:05 +0000 (09:19 +1000)]
Fix KMAC docs

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9970)

8 months agoAdd missing inclusion of "internal/deprecated.h"
Richard Levitte [Mon, 6 Jan 2020 19:25:08 +0000 (20:25 +0100)]
Add missing inclusion of "internal/deprecated.h"

A few provider implementations need this to build correctly with a
'no-deprecated' configuration.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10766)

8 months agoAdd `-passin` arg to `ocsp`
kaysond [Thu, 26 Dec 2019 04:20:46 +0000 (20:20 -0800)]
Add `-passin` arg to `ocsp`
Fix #10682

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10718)

8 months agoDeprecate the low level AES functions
Matt Caswell [Thu, 5 Dec 2019 17:09:49 +0000 (17:09 +0000)]
Deprecate the low level AES functions

Use of the low level AES functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)

8 months agoDon't use the low level AES key wrap APIs in CMS
Matt Caswell [Thu, 5 Dec 2019 18:01:44 +0000 (18:01 +0000)]
Don't use the low level AES key wrap APIs in CMS

We should not be using the low level AES APIs in CMS. Instead we should
be using EVP. There was a small amount of use of the low level key
wrap APIs - so we convert that to EVP.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)

8 months agoDon't store an HMAC key for longer than we need
Matt Caswell [Fri, 3 Jan 2020 09:37:19 +0000 (09:37 +0000)]
Don't store an HMAC key for longer than we need

The HMAC_CTX structure stores the original key in case the ctx is reused
without changing the key.

However, HMAC_Init_ex() checks its parameters such that the only code path
where the stored key is ever used is in the case where HMAC_Init_ex is
called with a NULL key and an explicit md is provided which is the same as
the md that was provided previously. But in that case we can actually reuse
the pre-digested key that we calculated last time, so we can refactor the
code not to use the stored key at all.

With that refactor done it is no longer necessary to store the key in the
ctx at all. This means that long running ctx's will not keep the key in
memory for any longer than required. Note though that the digested key
*is* still kept in memory for the duration of the life of the ctx.

Fixes #10743

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10747)