Matt Caswell [Wed, 20 Jan 2021 12:38:43 +0000 (12:38 +0000)]
Add the nist group names as aliases for the normal TLS group names
By recognising the nist group names directly we can avoid having to call
EC_curve_nist2nid in libssl, which is not available in a no-ec build.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Matt Caswell [Fri, 15 Jan 2021 16:10:52 +0000 (16:10 +0000)]
Remove compile time guard checking from ssl3_get_req_cert_type
With 3.0 we need to know whether algs are available at run time not
at compile time. Actually the code as written is sufficient to do this,
so we can simply remove the guards.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Matt Caswell [Fri, 15 Jan 2021 15:43:28 +0000 (15:43 +0000)]
Check for availability of ciphersuites at run time
In 1.1.1 and below we would check for the availability of certain
algorithms based on compile time guards. However with 3.0 this is no
longer sufficient. Some algorithms that are unavailable at compile time
may become available later if 3rd party providers are loaded. Similarly,
algorithms that exist in our built-in providers at compile time may not
be available at run time if those providers are not loaded.
Fixes #13184
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Matt Caswell [Thu, 14 Jan 2021 15:50:20 +0000 (15:50 +0000)]
Stop disabling TLSv1.3 if ec and dh are disabled
Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provider.
Fixes #13767
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Matt Caswell [Wed, 13 Jan 2021 17:27:10 +0000 (17:27 +0000)]
Make supported_groups code independent of EC and DH
The supported groups code was checking the OPENSSL_NO_EC and
OPENSSL_NO_DH guards in order to work, and the list of default groups was
based on those guards. However we now need it to work even in a no-ec
and no-dh build, because new groups might be added from providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Matt Caswell [Wed, 13 Jan 2021 15:50:36 +0000 (15:50 +0000)]
Ensure default supported groups works even with no-ec and no-dh
The default supported groups code was disabled in the event of a build
with no-ec and no-dh. However now that providers can add there own
groups (which might not fit into either of these categories), this is
no longer appropriate.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Matt Caswell [Wed, 13 Jan 2021 12:39:40 +0000 (12:39 +0000)]
Remove OPENSSL_NO_DH guards from libssl
This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged
in via providers it is no longer needed to disable DH at compile time in
libssl. Instead it should detect at runtime whether DH is available from
the loaded providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Richard Levitte [Thu, 4 Feb 2021 14:32:37 +0000 (15:32 +0100)]
Makefile template: Allow separate generation of .pod.in -> .pod
We do this by adding the attribute 'pod' to all .pod.in -> .pod
generations, like this:
DEPEND[NAME.pod]{pod}=NAME.pod.in,
... and selecting out the target files for those dependencies into a
dedicated target 'build_generated_pods', which the 'doc-nits' and
'cmd-nits' make targets are made to depend on.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14067)
Richard Levitte [Thu, 4 Feb 2021 11:58:35 +0000 (12:58 +0100)]
DOCS: Remove the "global" dependency on writing .pod files from .pod.in
The dependency was made in such a way that .pod.in -> .pod generation
would always be done, no matter what. This changes the procedure so
that the generation is made "on demand", i.e. when the resulting .pod
files are needed.
This turned out to be duplicated dependencies, as the .pod -> .pod.in
dependencies were already in place. Just removing the duplicate fixes
the situation.
'make build_all_generated' still works, for those who do want to have
all file generations performed. (as a reminder, this is suitable to
generate the files a fast system and then copy the result to a slower
system, or system where there's no perl)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14067)
Richard Levitte [Tue, 2 Feb 2021 14:13:08 +0000 (15:13 +0100)]
TEST: Add an algorithm ID tester for libcrypto vs provider
Providers produce algorithm IDs of their own, and we need to compare
them against the same thing produced by libcrypto's ASN.1 code and
with legacy keys.
This tester can compare algorithm IDs for signatures and for keys,
given certificates that hold such data.
To verify key algorithm IDs, only one certificate is necessary, and
its public key is used.
To verify certificate algorithm IDs, we need to launch the signature
operation that would verify a certificate against the public key of
its signing CA, so that test needs two files.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14049)
Richard Levitte [Sat, 7 Nov 2020 10:31:35 +0000 (11:31 +0100)]
EVP: use evp_pkey_copy_downgraded() in EVP_PKEY_copy_parameters()
We used evp_pkey_downgrade() on 'from', which permanently converts 'from'
to have a legacy internal key. Now that we have evp_pkey_copy_downgraded(),
it's better to use that (and thereby restore the constness contract).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13341)
Richard Levitte [Mon, 9 Nov 2020 07:39:39 +0000 (08:39 +0100)]
dev/release.sh: Fix typo
tagley -> tagkey
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14061)
Richard Levitte [Fri, 20 Nov 2020 10:07:35 +0000 (11:07 +0100)]
Remove the old DEPRECATEDIN macros
They serve no purpose any more
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13461)
Richard Levitte [Thu, 12 Nov 2020 10:36:38 +0000 (11:36 +0100)]
ERR: Rebuild all generated error headers and source files
This is the result of 'make errors ERROR_REBUILD=-rebuild'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)
Richard Levitte [Thu, 12 Nov 2020 08:21:05 +0000 (09:21 +0100)]
ERR: clean away everything related to _F_ macros from util/mkerr.pl
Instead, we preserve all the pre-3.0 _F_ macros in the backward
compatibility headers include/openssl/cryptoerr_legacy.h and
include/openssl/sslerr_legacy.h
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)
Tomas Mraz [Fri, 29 Jan 2021 16:02:32 +0000 (17:02 +0100)]
RSA: properly generate algorithm identifier for RSA-PSS signatures
Fixes #13969
- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
reflects the actual parameters set
- when generating keys do not override previously set parameters
with defaults
- tests added to the test_req recipe that should cover the PSS signature
handling
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
Tomas Mraz [Wed, 27 Jan 2021 09:22:41 +0000 (10:22 +0100)]
provider-signature.pod: Fix formatting.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
Rich Salz [Thu, 21 Jan 2021 17:32:27 +0000 (12:32 -0500)]
Don't make pthreads mutexes recursive.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13924)
Jon Spillett [Thu, 4 Feb 2021 05:13:18 +0000 (15:13 +1000)]
Switch to BIO_snprintf to avoid missing symbol problems on Windows
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14063)
Richard Levitte [Wed, 3 Feb 2021 15:48:21 +0000 (16:48 +0100)]
EVP: Adapt EVP_PKEY_{set1,get1}_encoded_public_key()
These functions are modified to use EVP_PKEY_set_octet_string_param()
and EVP_PKEY_get_octet_string_param() instead of evp_keymgmt_set_params()
and evp_keymgmt_get_params().
To accomplish this fully, EVP_PKEY_get_octet_string_param() is changed
slightly to populate |*out_sz| with the return size, even if getting
the params resulted in an error.
We also modify EVP_PKEY_get_utf8_string_param() to match
EVP_PKEY_get_octet_string_param()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
Richard Levitte [Wed, 3 Feb 2021 13:10:08 +0000 (14:10 +0100)]
EVP: Modify the checks in EVP_PKEY_{set,get}_xxx_param() functions
The checks of the type of EVP_PKEY were from before we had the macro
evp_pkey_is_provided().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
Richard Levitte [Wed, 3 Feb 2021 12:55:30 +0000 (13:55 +0100)]
EVP: Adapt the other EVP_PKEY_set_xxx_param() functions
They were calling evp_keymgmt_set_params() directly. Those calls are
changed to go through EVP_PKEY_set_params().
We take the opportunity to constify these functions. They have to
unconstify internally for the compiler to stop complaining when
placing those pointers in an OSSL_PARAM element, but that's still
better than forcing the callers to do that cast.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
Richard Levitte [Wed, 3 Feb 2021 12:50:23 +0000 (13:50 +0100)]
EVP: Make EVP_PKEY_set_params() increment the dirty count
When the internal key is changed, we must count it as muted, so that
next time the affected key is considered for an operation, it gets
re-exported to the signing provider. In other words, this will clear
the EVP_PKEY export cache when the next export attempt occurs.
This also updates evp_keymgmt_util_export_to_provider() to actually
look at the dirty count for provider native origin keys, and act
appropriately.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
Petr Gotthard [Sat, 26 Dec 2020 20:32:14 +0000 (21:32 +0100)]
apps/openssl: add -propquery command line option
Fixes #13656. Right now all openssl commands use a NULL propq. This
patch adds a possibility to specify a custom propq.
The implementation follows the example of set_nameopt/get_nameopt.
Various tools had to be modified to call app_get0_propq after it has
been populated. Otherwise the -propquery has no effect.
The tests then verify the -propquery affects the tool behaviour by
requesting a non-existing property.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13707)
Dr. David von Oheimb [Sun, 4 Oct 2020 19:55:49 +0000 (21:55 +0200)]
x509_vfy.c: Improve coding style and comments all over the file
No changes in semantics.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13070)
Matt Caswell [Mon, 1 Feb 2021 17:31:05 +0000 (17:31 +0000)]
Remove a DSA related TODO
There are no instances of the macros that this comment is referring to
being used anywhere within current master. All of the macros were
deprecated by commit
f41ac0e. Therefore this TODO should just be removed.
Fixes #13020
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14038)
Matt Caswell [Mon, 1 Feb 2021 15:45:44 +0000 (15:45 +0000)]
Remove some TODO(OpenSSL1.2) references
We had a couple of stray references to OpenSSL1.2 in libssl. We just
reword the comments to remove those references without changing any
behaviour.
The first one in t1_lib.c is a technical non-compliance in the TLSv1.3
spec where, under some circumstances, we offer DSA sigalgs even in a
ClientHello that eventually negotiates TLSv1.3. We explicitly chose to
accept this behaviour in 1.1.1 and we're not planning to change it for
3.0.
The second one in s3_lib.c is regarnding the behaviour of
SSL_set_tlsext_host_name(). Technically you shouldn't be able to call
this from a server - but we allow it and just ignore it rather than
raising an error. The TODO suggest we consider raising an error instead.
However, with 3.0 we are trying to minimise breaking changes so I suggest
not making this change now.
Fixes #13161
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14037)
Dmitry Belyavskiy [Fri, 22 Jan 2021 13:54:09 +0000 (14:54 +0100)]
DH/DHX parameter check using pkeyparam
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13930)
Dr. David von Oheimb [Wed, 23 Dec 2020 18:33:03 +0000 (19:33 +0100)]
Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack
This simplifies many usages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14040)
Dr. David von Oheimb [Wed, 2 Dec 2020 08:05:22 +0000 (09:05 +0100)]
run_tests.pl: Improve diagnostics on the use of HARNESS_JOBS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
Dr. David von Oheimb [Fri, 27 Nov 2020 09:08:31 +0000 (10:08 +0100)]
test/recipes: split 81_test_cmp_cli.t, add test using -engine loader_attic
The HTTP-based tests are now in 80_test_cmp_http.t, to start a little earlier.
This should decrease total test run time due to better parallelization.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
Dr. David von Oheimb [Fri, 27 Nov 2020 19:45:21 +0000 (20:45 +0100)]
apps/cmp.c: check and exit on engine load error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
Dr. David von Oheimb [Fri, 27 Nov 2020 13:09:22 +0000 (14:09 +0100)]
openssl.pod: Add documentation for using the loader_attic engine
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
Pauli [Wed, 3 Feb 2021 07:47:38 +0000 (17:47 +1000)]
Fix a use after free issue when a provider context is being used and isn't cached
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14053)
Richard Levitte [Wed, 27 Jan 2021 13:55:28 +0000 (14:55 +0100)]
EC: Reverse the default asn1_flag in a new EC_GROUP
The default was OPENSSL_EC_NAMED_CURVE, but that's not true until a
curve name has been set, so we change the initial value to
OPENSSL_EC_EXPLICIT_CURVE and let EC_GROUP_set_curve_name() change it
to OPENSSL_EC_NAMED_CURVE.
Submitted by Matt Caswell
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13973)
Richard Levitte [Wed, 27 Jan 2021 10:07:38 +0000 (11:07 +0100)]
EVP: Fix evp_pkey_ctx_store_cached_data() to handle provider backed EVP_PKEY_CTX
It assumed there would always be a non-NULL ctx->pmeth, leading to a
crash when that isn't the case. Since it needs to check 'keytype'
when that one isn't -1, we also add a corresponding check for the
provider backed EVP_PKEY_CTX case.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13973)
Richard Levitte [Tue, 26 Jan 2021 16:01:15 +0000 (17:01 +0100)]
EVP: Don't find standard EVP_PKEY_METHODs automatically
EVP_PKEY_meth_find() got called automatically any time a new
EVP_PKEY_CTX allocator was called with some sort of key type data.
Since we have now moved all our standard algorithms to our providers,
this is no longer necessary.
We do retain looking up EVP_PKEY_METHODs that are added by the calling
application.
Fixes #11424
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13973)
Richard Levitte [Tue, 2 Feb 2021 12:42:55 +0000 (13:42 +0100)]
CORE & PROV: clean away OSSL_FUNC_mac_size()
There was a remaining function signature declaration, but no
OSSL_DISPATCH number for it nor any way it's ever used. It did exist
once, but was replaced with an OSSL_PARAM item to retrieve.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14048)
Tomas Mraz [Mon, 1 Feb 2021 14:15:43 +0000 (15:15 +0100)]
apps/ecparam: Avoid crash when parameters fail to load
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14043)
Armin Fuerst [Fri, 29 Jan 2021 18:16:14 +0000 (19:16 +0100)]
apps/ca: Properly handle certificate expiration times in do_updatedb
Fixes #13944
+ changed ASN1_UTCTIME to ASN1_TIME
+ removed all Y2K code from do_updatedb
+ changed compare to ASN1_TIME_compare
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14026)
(cherry picked from commit
dabea5447dc487983a50a40856f731db0db17a8e)
Rich Salz [Thu, 28 Jan 2021 20:47:53 +0000 (15:47 -0500)]
Deprecate EVP_MD_CTX_{set_}update_fn()
They are still used internally in legacy code.
Also fixed up some minor things in EVP_DigestInit.pod
Fixes: #14003
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14008)
Tomas Mraz [Mon, 1 Feb 2021 21:07:17 +0000 (22:07 +0100)]
Add diacritics to my name in CHANGES.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14044)
Tomas Mraz [Mon, 25 Jan 2021 18:12:43 +0000 (19:12 +0100)]
dh_cms_set_peerkey: Pad the public key to p size
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13958)
Dr. Matthias St. Pierre [Sun, 31 Jan 2021 21:08:33 +0000 (22:08 +0100)]
Add some missing committers to the AUTHORS list
Fixes #13815
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14029)
Matt Caswell [Wed, 27 Jan 2021 17:23:13 +0000 (17:23 +0000)]
Add a CI job to run the threads test with threads sanitizer on
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
Matt Caswell [Wed, 27 Jan 2021 17:18:27 +0000 (17:18 +0000)]
Ensure the EVP_PKEY operation_cache is appropriately locked
The EVP_PKEY operation_cache caches references to provider side key
objects that have previously been exported for this EVP_PKEY, and their
associated key managers. The cache may be updated from time to time as the
EVP_PKEY is exported to more providers. Since an EVP_PKEY may be shared by
multiple threads simultaneously we must be careful to ensure the cache
updates are locked.
Fixes #13818
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
Matt Caswell [Wed, 27 Jan 2021 15:51:48 +0000 (15:51 +0000)]
Ensure access to FIPS_state and rate_limit is appropriately locked
These variables can be accessed concurrently from multiple threads so
we ensure that we properly lock them before read or write.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
Matt Caswell [Tue, 26 Jan 2021 17:00:25 +0000 (17:00 +0000)]
Always ensure we hold ctx->lock when calling CRYPTO_get_ex_data()
Otherwise we can get data races.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
Matt Caswell [Tue, 26 Jan 2021 15:23:19 +0000 (15:23 +0000)]
Avoid races by caching exported ciphers in the init function
TSAN was reporting a race of the exported ciphers cache that we create in
the default and fips providers. This was because we cached it in the query
function rather than the init function, so this would cause a race if multiple
threads queried at the same time. In practice it probably wouldn't make much
difference since different threads should come up with the same answer.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
Matt Caswell [Tue, 26 Jan 2021 15:14:02 +0000 (15:14 +0000)]
Refactor RAND_get0_primary() locking
Make sure we never read or write to dgbl->primary outside of a lock.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
Matt Caswell [Tue, 26 Jan 2021 13:30:06 +0000 (13:30 +0000)]
Add a multi-thread test for shared EVP_PKEYs
EVP_PKEYs may be shared across mutliple threads. For example this is
common for users of libssl who provide a single EVP_PKEY private key for
an SSL_CTX, which is then shared between multiple threads for each SSL
object.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
Rich Salz [Thu, 28 Jan 2021 15:17:13 +0000 (10:17 -0500)]
Deprecate X509_certificate_type
Fixes: #13997
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14002)
Job Snijders [Sun, 24 Jan 2021 14:00:02 +0000 (14:00 +0000)]
Add some PKIX-RPKI objects
References:
RFC6482 - A Profile for Route Origin Authorizations (ROAs)
RFC6484 - Certificate Policy (CP) for the RPKI
RFC6493 - The RPKI Ghostbusters Record
RFC8182 - The RPKI Repository Delta Protocol (RRDP)
RFC8360 - RPKI Validation Reconsidered
draft-ietf-sidrops-rpki-rta - A profile for RTAs
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13948)
Dr. David von Oheimb [Mon, 25 Jan 2021 19:44:39 +0000 (20:44 +0100)]
OSSL_HTTP_REQ_CTX.pod and OSSL_HTTP_transfer.pod: various improvements
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)
Dr. David von Oheimb [Fri, 29 Jan 2021 18:08:45 +0000 (19:08 +0100)]
Constify OSSL_HTTP_REQ_CTX_get0_mem_bio()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)
Dr. David von Oheimb [Mon, 25 Jan 2021 21:54:17 +0000 (22:54 +0100)]
HTTP: add more error detection to low-level API
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)
Dr. David von Oheimb [Mon, 25 Jan 2021 18:49:58 +0000 (19:49 +0100)]
HTTP: Fix mistakes and unclarities on maxline and max_resp_len params
Also rename internal structure fields iobuf(len) to readbuf(len) for clarity
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)
Dr. David von Oheimb [Mon, 25 Jan 2021 18:25:18 +0000 (19:25 +0100)]
Fix not backwards-compat X509_http_nbio() and X509_CRL_http_nbio()
Provides partial fix of #13127.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)
Dr. David von Oheimb [Mon, 25 Jan 2021 15:18:40 +0000 (16:18 +0100)]
OSSL_HTTP_REQ_CTX_nbio(): Revert to having state var that keeps req len still to send
Otherwise, sending goes wrong in case BIO_write(rctx->wbio, ...) is incomplete at first.
Fixes #13938
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)
Richard Levitte [Thu, 28 Jan 2021 07:22:09 +0000 (08:22 +0100)]
PROV: Add SM2 encoders and decoders, as well as support functionality
The EC KEYMGMT implementation handled SM2 as well, except what's
needed to support decoding: loading functions for both EC and SM2 that
checks for the presence or absence of the SM2 curve the same way as
the EC / SM2 import functions.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14028)
Richard Levitte [Thu, 28 Jan 2021 07:01:52 +0000 (08:01 +0100)]
Fix some odd names in our provider source code
ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions
ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions
sm2_asym_cipher_functions -> ossl_sm2_asym_cipher_functions
sm2_keymgmt_functions -> ossl_sm2_keymgmt_functions
sm2_signature_functions -> ossl_sm2_signature_functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14028)
Matt Caswell [Thu, 21 Jan 2021 15:14:15 +0000 (15:14 +0000)]
Test that EC keys without a public key in them work as expected
We create EC keys via both the "fromdata" and legacy key routes to make
sure that they can be used without a public key.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13922)
Matt Caswell [Thu, 21 Jan 2021 15:12:30 +0000 (15:12 +0000)]
Ensure EC keys with a private key but without a public key can be created
In 1.1.1 and earlier it was possible to create EC_KEYs that did not have
the public key in it. We need to ensure that this continues to work in 3.0.
Fixes #12612
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13922)
Tomas Mraz [Tue, 26 Jan 2021 10:39:27 +0000 (11:39 +0100)]
rsa_kmgmt: Return OSSL_PKEY_PARAM_DEFAULT_DIGEST for unrestricted PSS keys
Add a testcase to the test_req covering the issue.
Fixes #13957
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13967)
Daniel Bevenius [Fri, 9 Oct 2020 04:07:43 +0000 (06:07 +0200)]
EVP: fix keygen for EVP_PKEY_RSA_PSS
This commit attempts to fix the an issue when generating a key of type
EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will
return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds
EVP_PKEY_RSA_PSS to also be accepted.
The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a
function and it is now called in legacy_ctrl_to_param.
Fixes #12384
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13099)
Juergen Christ [Tue, 26 Jan 2021 16:06:54 +0000 (17:06 +0100)]
Remove superfluous EVP_KDF_CTRL_ defines.
These defines were never used and not needed.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
Juergen Christ [Mon, 14 Dec 2020 16:36:22 +0000 (17:36 +0100)]
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
Juergen Christ [Wed, 27 Jan 2021 10:04:52 +0000 (11:04 +0100)]
Fix cipher reinit on s390x if no key is specified
If key==null on EVP_CipherInit_ex, the init functions for the hardware
implementation is not called. The s390x implementation of OFB and CFB mode
used the init function to copy the IV into the hardware causing test failures
on cipher reinit. Fix this by moving the copy operation into the cipher
operation.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13984)
Dr. David von Oheimb [Tue, 26 Jan 2021 10:53:15 +0000 (11:53 +0100)]
check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS
This is an upstream fix for #13931
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)
Dr. David von Oheimb [Wed, 27 Jan 2021 09:30:58 +0000 (10:30 +0100)]
Fix rsa_pss_asn1_meth to refert to rsa_sig_info_set
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)
Dr. David von Oheimb [Wed, 27 Jan 2021 09:30:03 +0000 (10:30 +0100)]
obj_xref: rsassaPss must map to 'undef rsassaPss' (not 'undef rsaEncryption')
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)
Richard Levitte [Thu, 28 Jan 2021 13:08:31 +0000 (14:08 +0100)]
Prepare for 3.0 alpha 12
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Richard Levitte [Thu, 28 Jan 2021 13:07:51 +0000 (14:07 +0100)]
Prepare for release of 3.0 alpha 11
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Richard Levitte [Thu, 28 Jan 2021 12:54:57 +0000 (13:54 +0100)]
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
Richard Levitte [Thu, 28 Jan 2021 09:53:30 +0000 (10:53 +0100)]
Update NEWS.md before alpha11 release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13996)
Richard Levitte [Wed, 27 Jan 2021 18:45:51 +0000 (19:45 +0100)]
APPS: Restore inclusions
An '#include <string.h>' was mistakenly removed from apps/ec.c and
apps/ecparam.c
Fixes #13986
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13989)
Matt Caswell [Thu, 21 Jan 2021 16:55:42 +0000 (16:55 +0000)]
Fix running mingw dhparam test under wine
The dhparam test was failing to properly handle line endings when
running a mingw configured build under wine.
Fixes #13557
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13923)
Daniel Bevenius [Tue, 26 Jan 2021 08:19:03 +0000 (09:19 +0100)]
Fix typo in thread_once comments
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13964)
Richard Levitte [Tue, 26 Jan 2021 05:48:11 +0000 (06:48 +0100)]
Fix OSSL_PARAM_allocate_from_text() for EBCDIC
OSSL_PARAM_allocate_from_text() converted text values to UTF-8
OSSL_PARAMs with a simple strncpy(). However, if the text is EBCDIC,
that won't become UTF-8. Therefore, it's made to convert from EBCDIC
to ASCII on platforms where the native character encoding is the
former.
One might argue that the conversion should be the responsibility of
the application. However, this is a helper function, and the calling
application can't easily know what sort of OSSL_PARAM the input values
are going to be used for.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13961)
Dr. David von Oheimb [Sat, 16 Jan 2021 19:43:00 +0000 (20:43 +0100)]
TLS client: allow cert verify callback return -1 for SSL_ERROR_WANT_RETRY_VERIFY
The client-side cert verification callback function may not only return
as usual for success or 0 for failure, but also -1,
typically on failure verifying the server certificate.
This makes the handshake suspend and return control to the calling application
with SSL_ERROR_WANT_RETRY_VERIFY.
The app can for instance fetch further certificates or cert status information
needed for the verification.
Calling SSL_connect() again resumes the connection attempt
by retrying the server certificate verification step.
This process may even be repeated if need be.
The core implementation of the feature is in ssl/statem/statem_clnt.c,
splitting tls_process_server_certificate() into a preparation step
that just copies the certificates received from the server to s->session->peer_chain
(rather than having them in a local variable at first) and returns to the state machine,
and a post-processing step in tls_post_process_server_certificate() that can be repeated:
Try verifying the current contents of s->session->peer_chain basically as before,
but give the verification callback function the chance to pause connecting and
make the TLS state machine later call tls_post_process_server_certificate() again.
Otherwise processing continues as usual.
The documentation of the new feature is added to SSL_CTX_set_cert_verify_callback.pod
and SSL_want.pod.
This adds two tests:
* A generic test in test/helpers/handshake.c
on the usability of the new server cert verification retry feature.
It is triggered via test/ssl-tests/03-custom_verify.cnf.in (while the bulky auto-
generated changes to test/ssl-tests/03-custom_verify.cnf can be basically ignored).
* A test in test/sslapitest.c that demonstrates the effectiveness of the approach
for augmenting the cert chain provided by the server in between SSL_connect() calls.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13906)
Daiki Ueno [Sun, 24 Jan 2021 16:45:57 +0000 (17:45 +0100)]
params: OSSL_PARAM_utf8_ptr: don't automatically reference `address`
Since the pointer can be later be modified, the caller should have the
responsibility to supply the address of that.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13951)
Richard Levitte [Mon, 25 Jan 2021 13:16:05 +0000 (14:16 +0100)]
DOC: Fix a few minor issues in OSSL_ENCODER / OSSL_DECODER docs
Partially fixes #13949
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13954)
Richard Levitte [Sun, 24 Jan 2021 19:37:09 +0000 (20:37 +0100)]
Clean away unnecessary length related OSSL_PARAM key names
This cleans away old misunderstandings of what can be done with OSSL_PARAM.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13946)
Tomas Mraz [Fri, 22 Jan 2021 14:52:07 +0000 (15:52 +0100)]
Check that the ecparam and pkeyparam do not mangle the parameters
Just comparison of the original parameter file with the -out output.
Some test files have non-canonical encoding, so they are moved
to a different directory.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Tomas Mraz [Fri, 22 Jan 2021 12:59:54 +0000 (13:59 +0100)]
Add checks for NULL return from EC_KEY_get0_group()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Tomas Mraz [Thu, 21 Jan 2021 13:38:36 +0000 (14:38 +0100)]
ec: Document that -conv_form and -no_public are not supported with engine
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Tomas Mraz [Thu, 21 Jan 2021 11:37:21 +0000 (12:37 +0100)]
ssl_old_test.c: Replace use of deprecated EC functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Tomas Mraz [Wed, 20 Jan 2021 14:37:32 +0000 (15:37 +0100)]
EVP_PKEY_get_group_name works with public keys as well
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Tomas Mraz [Wed, 20 Jan 2021 14:35:50 +0000 (15:35 +0100)]
Add manpage for EVP_PKEY_get_field_type and EVP_PKEY_get_point_conv_form
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Tomas Mraz [Wed, 20 Jan 2021 13:01:01 +0000 (14:01 +0100)]
Avoid using OSSL_PKEY_PARAM_GROUP_NAME when the key might be legacy
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Tomas Mraz [Wed, 20 Jan 2021 11:59:53 +0000 (12:59 +0100)]
Disable the test-ec completely when building with no-ec
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Matt Caswell [Mon, 18 Jan 2021 16:05:43 +0000 (16:05 +0000)]
Add EVP_PKEY functions to get EC conv form and field type
libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order
to get the conv form and field type. Instead we provide EVP_PKEY level
functions to do this.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Shane Lontis [Thu, 15 Oct 2020 03:41:59 +0000 (13:41 +1000)]
Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Shane Lontis [Thu, 15 Oct 2020 03:39:02 +0000 (13:39 +1000)]
Add functions to set values into an EVP_PKEY
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Tomas Mraz [Wed, 13 Nov 2019 10:04:08 +0000 (11:04 +0100)]
krb5kdf: Do not dereference NULL ctx when allocation fails
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13953)
Richard Levitte [Sun, 24 Jan 2021 07:42:52 +0000 (08:42 +0100)]
Drop Travis
At this point, we have transitioned completely from Travis to GitHub Actions
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13940)
Richard Levitte [Sat, 23 Jan 2021 10:57:08 +0000 (11:57 +0100)]
Github CI: Add a job for out-of-source build + install
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13935)
Richard Levitte [Fri, 22 Jan 2021 22:01:18 +0000 (23:01 +0100)]
Unix Makefile generator: Fix empty basename calls
Fixes #13933
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13935)
Tomas Mraz [Thu, 21 Jan 2021 15:37:26 +0000 (16:37 +0100)]
bn: Deprecate the X9.31 RSA key generation related functions
This key generation method is obsolete.
Fixes #10111
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13921)
Dr. David von Oheimb [Mon, 18 Jan 2021 11:53:55 +0000 (12:53 +0100)]
OCSP HTTP: Restore API of undocumented and recently deprecated functions
Restore parameters of OCSP_REQ_CTX_new(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_i2d().
Fix a bug (wrong HTTP method selected on req == NULL in OCSP_sendreq_new().
Minor further fixes in OSSL_HTTP_REQ_CTX.pod
Fixes #13873
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)