openssl.git
6 months agoPrune low-level ASN.1 parse errors from error queue in decoder_process()
Dr. David von Oheimb [Wed, 16 Sep 2020 10:52:09 +0000 (12:52 +0200)]
Prune low-level ASN.1 parse errors from error queue in decoder_process()

Fixes #12840

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)

6 months agoload_key_certs_crls(): Restore output of fatal errors
Dr. David von Oheimb [Wed, 16 Sep 2020 23:39:00 +0000 (01:39 +0200)]
load_key_certs_crls(): Restore output of fatal errors

Also improve credentials loading diagnostics for many apps.

Fixes #12840

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)

6 months agoACVP: add test case for DRBG
Pauli [Fri, 18 Sep 2020 02:12:33 +0000 (12:12 +1000)]
ACVP: add test case for DRBG

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12905)

6 months agoUse OPENSSL_SYS_TANDEM instead of OPENSSL_SYSNAME_TANDEM
Richard Levitte [Mon, 21 Sep 2020 11:14:26 +0000 (13:14 +0200)]
Use OPENSSL_SYS_TANDEM instead of OPENSSL_SYSNAME_TANDEM

This streamlines with all other config targets, and draws from the
'sys_id' config attribute.

Fixes #12858

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)

6 months agoConfigure: Show 'enable' and 'disable' config attributes
Richard Levitte [Mon, 21 Sep 2020 11:13:25 +0000 (13:13 +0200)]
Configure: Show 'enable' and 'disable' config attributes

This makes a difference for './Configure HASH' and './Configure TABLE'

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)

6 months agoConfiguration: Streamline NonStop entries
Richard Levitte [Mon, 21 Sep 2020 11:11:28 +0000 (13:11 +0200)]
Configuration: Streamline NonStop entries

Because there are many combinations and much repetition, we add a large
number of templates to cover all aspects, and make the actual config
entries inherit from the templates combined.

Fixes #12858

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)

6 months agoSimplify the tarball generating scripts
Hu Keping [Wed, 9 Sep 2020 16:01:17 +0000 (16:01 +0000)]
Simplify the tarball generating scripts

As per discussed in issue #12364 [1], since the format of git archive is
inferred from the output file, it's safe to remove the pipe for gzip.

[1] https://github.com/openssl/openssl/issues/12364

Fixes #12364

Signed-off-by: Hu Keping <hukeping@huawei.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12841)

6 months agodrbg: revert renamings of the generate and reseed counter
Dr. Matthias St. Pierre [Sun, 13 Sep 2020 22:47:26 +0000 (00:47 +0200)]
drbg: revert renamings of the generate and reseed counter

The original names were more intuitive: the generate_counter counts the
number of generate requests, and the reseed_counter counts the number
of reseedings (of the principal DRBG).

    reseed_gen_counter  -> generate_counter
    reseed_prop_counter -> reseed_counter

This is the anologue to commit 8380f453ec81 on the 1.1.1 stable branch.
The only difference is that the second renaming has already been reverted
on the master branch.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12941)

6 months agoConfigurations/unix-Makefile.tmpl: make cleanup kinder
Richard Levitte [Mon, 21 Sep 2020 18:56:34 +0000 (20:56 +0200)]
Configurations/unix-Makefile.tmpl: make cleanup kinder

The removal of certain types of files we structured like this:

    -$(RM) `find . {{options}} -print`

This isn't very kind for shells with limited command line lengths
(even when that limit is generous, in our case), so we rewrite those
like this:

    -find . {{options}} -exec $(RM) {} \;

Fixes #12938

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12939)

6 months agoFix propq in x942kdf
Shane Lontis [Tue, 22 Sep 2020 05:57:19 +0000 (15:57 +1000)]
Fix propq in x942kdf

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

6 months agoFix missing propq in sm2
Shane Lontis [Tue, 22 Sep 2020 05:56:11 +0000 (15:56 +1000)]
Fix missing propq in sm2

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

6 months agoFix missing propq in ffc_params_generate
Shane Lontis [Tue, 22 Sep 2020 05:53:58 +0000 (15:53 +1000)]
Fix missing propq in ffc_params_generate

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

6 months agoFix missing propq in ecdh_cms_set_shared_info()
Shane Lontis [Tue, 22 Sep 2020 05:53:27 +0000 (15:53 +1000)]
Fix missing propq in ecdh_cms_set_shared_info()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

6 months agoFix ecx so that is uses a settable propertyquery
Shane Lontis [Tue, 22 Sep 2020 05:51:49 +0000 (15:51 +1000)]
Fix ecx so that is uses a settable propertyquery

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

6 months agoFix ssl_hmac_new() so that it uses the propq
Shane Lontis [Tue, 22 Sep 2020 05:48:45 +0000 (15:48 +1000)]
Fix ssl_hmac_new() so that it uses the propq

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

6 months agoFix EVP_KDF_scrypt so that is uses a propq for its fetch.
Shane Lontis [Tue, 22 Sep 2020 05:45:17 +0000 (15:45 +1000)]
Fix EVP_KDF_scrypt so that is uses a propq for its fetch.

The parameter can be set via settable parameter OSSL_KDF_PARAM_PROPERTIES

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

6 months agoChange rsa gen so it can use the propq from OSSL_PKEY_PARAM_RSA_DIGEST
Shane Lontis [Tue, 22 Sep 2020 05:43:32 +0000 (15:43 +1000)]
Change rsa gen so it can use the propq from OSSL_PKEY_PARAM_RSA_DIGEST

rsa_pss_params_30_fromdata() now uses the OSSL_PKEY_PARAM_RSA_DIGEST_PROPS parameter also.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

6 months agoFix CID 1466709 : Negative value passed to a function that cant be negative in cms_sd.c
Shane Lontis [Mon, 21 Sep 2020 01:42:41 +0000 (11:42 +1000)]
Fix CID 1466709 : Negative value passed to a function that cant be negative in cms_sd.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)

6 months agoFix CID 1466710 : Resource leak in ec_kmgmt due to new call to ossl_prov_is_running()
Shane Lontis [Mon, 21 Sep 2020 01:39:04 +0000 (11:39 +1000)]
Fix CID 1466710 : Resource leak in ec_kmgmt due to new call to ossl_prov_is_running()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)

6 months agoFix CID 1466712 : Resource leak in ec_kmgmt due to new callto ossl_prov_is_running()
Shane Lontis [Mon, 21 Sep 2020 01:29:30 +0000 (11:29 +1000)]
Fix CID 1466712 : Resource leak in ec_kmgmt due to new callto ossl_prov_is_running()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)

6 months agoFix CID 1466713 : Dead code in encode_key2text.c
Shane Lontis [Mon, 21 Sep 2020 01:09:10 +0000 (11:09 +1000)]
Fix CID 1466713 : Dead code in encode_key2text.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)

6 months agoFix CID 1466714 : Null pointer dereference in EVP_PKEY_CTX_ctrl() due to new call...
Shane Lontis [Mon, 21 Sep 2020 00:59:20 +0000 (10:59 +1000)]
Fix CID 1466714 : Null pointer dereference in EVP_PKEY_CTX_ctrl() due to new call to evp_pkey_ctx_store_cached_data()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)

6 months agoFix CID 1467068 : Null pointer dereference in self_test.c
Shane Lontis [Mon, 21 Sep 2020 00:47:03 +0000 (10:47 +1000)]
Fix CID 1467068 : Null pointer dereference in self_test.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)

6 months agorand: add a test case for configuration based random
Pauli [Tue, 22 Sep 2020 05:09:25 +0000 (15:09 +1000)]
rand: add a test case for configuration based random

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)

6 months agolist: add capability to print details about the current DRBGs
Pauli [Mon, 21 Sep 2020 23:36:53 +0000 (09:36 +1000)]
list: add capability to print details about the current DRBGs

This allows a user to confirm that the DRBG their configuration specified is
being used.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)

6 months agodrbg: gettable parameters for cipher/digest/mac type.
Pauli [Mon, 21 Sep 2020 23:26:23 +0000 (09:26 +1000)]
drbg: gettable parameters for cipher/digest/mac type.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)

6 months agokdf/mac: add name query calls for KDFs and MACs
Pauli [Mon, 21 Sep 2020 23:25:35 +0000 (09:25 +1000)]
kdf/mac: add name query calls for KDFs and MACs

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)

6 months agoevp_rand: fix bug in gettable_ctx/settable_ctx calls
Pauli [Mon, 21 Sep 2020 22:29:58 +0000 (08:29 +1000)]
evp_rand: fix bug in gettable_ctx/settable_ctx calls

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)

6 months agoAdd a "random" configuration section.
Pauli [Mon, 21 Sep 2020 06:07:34 +0000 (16:07 +1000)]
Add a "random" configuration section.

This permits the default trio of DRBGs to have their type and parameters set
using configuration.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)

6 months agoDOC: remove OPENSSL_CTX from OSSL_DECODER_CTX_new
Daniel Bevenius [Mon, 21 Sep 2020 13:48:55 +0000 (15:48 +0200)]
DOC: remove OPENSSL_CTX from OSSL_DECODER_CTX_new

This commit changes the man page for OSSL_DECODER_CTX_new by removing
the OPENSSL_CTX parameter which matches the declaration in decoder.h.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12935)

6 months agorand: reference count the EVP_RAND contexts.
Pauli [Wed, 16 Sep 2020 01:10:01 +0000 (11:10 +1000)]
rand: reference count the EVP_RAND contexts.

This is required before the RAND/DRBG framework can be made user mutable.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12904)

6 months agoAdd auto-gen SM2 der files into .gitignore
Paul Yang [Fri, 18 Sep 2020 02:27:42 +0000 (10:27 +0800)]
Add auto-gen SM2 der files into .gitignore

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

6 months agorefactor get params functions
Paul Yang [Mon, 14 Sep 2020 10:17:35 +0000 (18:17 +0800)]
refactor get params functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

6 months agosupport PARAM_SECURITY_BITS for SM2
Paul Yang [Sun, 13 Sep 2020 12:47:00 +0000 (20:47 +0800)]
support PARAM_SECURITY_BITS for SM2

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

6 months agoAddress review comments
Paul Yang [Sun, 13 Sep 2020 12:31:13 +0000 (20:31 +0800)]
Address review comments

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

6 months agoAdd SM2 signature algorithm to default provider
Paul Yang [Wed, 4 Mar 2020 15:49:43 +0000 (23:49 +0800)]
Add SM2 signature algorithm to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

6 months agoAdd SM2 key management
Paul Yang [Sun, 26 Jul 2020 15:25:49 +0000 (23:25 +0800)]
Add SM2 key management

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

6 months agoAdded FIPS DEP initialization for the NonStop platform in fips/self_test.c.
Randall S. Becker [Sun, 20 Sep 2020 22:30:14 +0000 (16:30 -0600)]
Added FIPS DEP initialization for the NonStop platform in fips/self_test.c.

CLA: Permission is granted by the author to the OpenSSL team to use these modifications.
Fixes #12918

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12928)

6 months agoAdd const to 'ppin' function parameter
olszomal [Fri, 19 Jun 2020 13:00:32 +0000 (15:00 +0200)]
Add const to 'ppin' function parameter

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #12205

6 months agoDOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in
Richard Levitte [Sat, 19 Sep 2020 07:22:34 +0000 (09:22 +0200)]
DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12924)

6 months agoSupport keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign
Norman Ashley [Fri, 10 Jul 2020 23:01:32 +0000 (19:01 -0400)]
Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign

OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for RSA_METHOD_FLAG_NO_CHECK.
If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail
because the X509_check_private_key() can fail.

The check for the RSA_METHOD_FLAG_NO_CHECK was moved to crypto/rsa/rsa_ameth.c
as a common place to check. Checks in ssl_rsa.c were removed.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12419)

(cherry picked from commit 56e8fe0b4efbf582e40ae91319727c9d176c5e1e)

6 months agoIncrease PSK_MAX_IDENTITY_LEN from 128 to 256
Eric Curtin [Wed, 2 Sep 2020 09:49:47 +0000 (10:49 +0100)]
Increase PSK_MAX_IDENTITY_LEN from 128 to 256

We are considering using the format "host-nqn controller-nqn" for
psk-id in the NVMe-oF/TCP over TLS spec, it's in the current version,
but openssl's limit was 128 upto now, we need a little longer than that.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12771)

6 months agoapps/ocsp: Return non zero exit code with invalid certID
Tomas Mraz [Fri, 18 Sep 2020 14:43:00 +0000 (16:43 +0200)]
apps/ocsp: Return non zero exit code with invalid certID

Fixes #7151

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12916)

6 months agoIncrease PSK_MAX_PSK_LEN to 512
Rutger Hendriks [Mon, 31 Aug 2020 11:59:51 +0000 (13:59 +0200)]
Increase PSK_MAX_PSK_LEN to 512

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12777)

6 months agoCorrect certificate and key names for explicit ec param test
Tomas Mraz [Fri, 18 Sep 2020 11:59:55 +0000 (13:59 +0200)]
Correct certificate and key names for explicit ec param test

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12915)

6 months agoFixed EVP_MAC_final argument count in example
ozppupbg [Mon, 13 Jul 2020 05:04:28 +0000 (07:04 +0200)]
Fixed EVP_MAC_final argument count in example

EVP_MAC_final had only three arguments / the buffer/tag size was missing.
Fixes #12424

Note, that I didn't try to compile the example to look for other problems.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12429)

6 months agoFix merge error with libcrypto.num
Shane Lontis [Mon, 21 Sep 2020 01:14:47 +0000 (11:14 +1000)]
Fix merge error with libcrypto.num

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12929)

6 months agoutil/find-doc-nits: Add a regexp for C symbols and use it
Richard Levitte [Tue, 15 Sep 2020 08:02:34 +0000 (10:02 +0200)]
util/find-doc-nits: Add a regexp for C symbols and use it

Our matching of C symbols here was inconsistent and could therefore
give false negatives when the SYNOPSIS was parsed.  Now we have
$C_symbol, which is a simple regexp that matches the common C symbol.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)

6 months agoDECODER: Some cleanups, and aligning with OSSL_ENCODER
Richard Levitte [Mon, 14 Sep 2020 09:35:07 +0000 (11:35 +0200)]
DECODER: Some cleanups, and aligning with OSSL_ENCODER

Mostly source nits, but also removing a couple of OSSL_DECODER_PARAM
macros that are never used or even make sense.

Also, some function names weren't quite consistent.  They were made a
bit more consistent in the OSSL_ENCODER API, now we bring that back to
OSSL_DECODER.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)

6 months agoTEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY()
Richard Levitte [Mon, 14 Sep 2020 09:21:37 +0000 (11:21 +0200)]
TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY()

This adds the convenience function EVP_PKEY_typenames_do_all(), which
does the same as EVP_KEYMGMT_names_do_all(), but without having to
expose all the internal ways to find out if the internal EVP_PKEY key
is legacy or provider-native.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)

6 months agoENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY()
Richard Levitte [Mon, 14 Sep 2020 08:42:05 +0000 (10:42 +0200)]
ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)

6 months agoENCODER: Refactor our provider encoder implementations
Richard Levitte [Mon, 14 Sep 2020 07:31:36 +0000 (09:31 +0200)]
ENCODER: Refactor our provider encoder implementations

This only refactors them for the changed API, there's not yet a
separate DER to PEM encoder and therefore no chaining possibility
yet.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)

6 months agoENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER
Richard Levitte [Mon, 14 Sep 2020 07:20:41 +0000 (09:20 +0200)]
ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER

OSSL_ENCODER was developed before OSSL_DECODER, so the idea of
chaining and the resulting API came later.  This series of changes
brings the same sort of API and functionality back to OSSL_ENCODER,
making the two APIs more consistent with each other.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)

6 months agoENCODER: Redefine the libcrypto <-> provider interface
Richard Levitte [Mon, 14 Sep 2020 06:29:45 +0000 (08:29 +0200)]
ENCODER: Redefine the libcrypto <-> provider interface

This is part of an effort to make OSSL_ENCODER work more like OSSL_DECODER.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)

6 months agoocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies
Dr. David von Oheimb [Tue, 18 Aug 2020 12:44:33 +0000 (14:44 +0200)]
ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12669)

6 months agoFix: ecp_nistz256-armv4.S bad arguments
Henry N [Thu, 10 Sep 2020 21:55:28 +0000 (23:55 +0200)]
Fix: ecp_nistz256-armv4.S bad arguments

Fix this error:

crypto/ec/ecp_nistz256-armv4.S:3853: Error: bad arguments to instruction -- `orr r11,r10'
crypto/ec/ecp_nistz256-armv4.S:3854: Error: bad arguments to instruction -- `orr r11,r12'
crypto/ec/ecp_nistz256-armv4.S:3855: Error: bad arguments to instruction -- `orrs r11,r14'

CLA: trivial

Fixes #12848

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
GH: #12854

6 months agoDeprecate ASN1_STRING_length_set in OpenSSL 3.0.
David Benjamin [Fri, 18 Sep 2020 19:21:43 +0000 (15:21 -0400)]
Deprecate ASN1_STRING_length_set in OpenSSL 3.0.

Fixes #12885

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
GH: #12922

6 months agoutil/mkerr.h: Restore header file rename
Richard Levitte [Fri, 18 Sep 2020 09:00:31 +0000 (11:00 +0200)]
util/mkerr.h: Restore header file rename

With '-internal', we commonly write the reason code macros to header
file renamed 'name.h' to 'nameerr.h'.  That renaming was removed by
mistake, this restores it.

Fixes #12891

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12910)

6 months agoFix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback().
Shane Lontis [Tue, 15 Sep 2020 04:45:49 +0000 (14:45 +1000)]
Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback().

This was written before the ec key contained a library context,
now that it contains a libctx it can be passed correctly to the callback.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12877)

6 months agoAdd a copy of OSSL_SELF_TEST_get_callback() to the fips module.
Shane Lontis [Tue, 15 Sep 2020 04:32:40 +0000 (14:32 +1000)]
Add a copy of OSSL_SELF_TEST_get_callback() to the fips module.

The user can set up a self test callback that should be activated when a keygen operation (e.g ec) occurs for the fips module.
The callback information is stored inside the applications library context, but this was not being triggered since the
library context used for the key generation operation was the internal library context used by the fips module (which is not
the same as the application's library context). During the keygen operation the OSSL_SELF_TEST_get_callback() function is used
to retrieve the callback info.
By having a seperate copy of OSSL_SELF_TEST_get_callback() for the fips module we can ensure that the parent library context
is used instead.
The core OSSL_SELF_TEST_get_callback() function pointer is passed across the boundary during the fips modules entry point
such that the fips version of the function can call it after changing the libctx.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12877)

6 months agoAdd KEM (Key encapsulation mechanism) support to providers
Shane Lontis [Sat, 19 Sep 2020 08:08:46 +0000 (18:08 +1000)]
Add KEM (Key encapsulation mechanism) support to providers

SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover.
As these are simple KEM operations another operation type has been added that can support future extensions.

Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate()
Added EVP_KEM_* functions.
Added OSSL_FUNC_kem_* dispatch functions

Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to
"RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value.
This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations.

The design of the public API's resulted from contributions from @romen & @levitte.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12750)

6 months agoUpdate the EdDSA docs with information about Algorithm Identifiers
Matt Caswell [Thu, 17 Sep 2020 13:11:21 +0000 (14:11 +0100)]
Update the EdDSA docs with information about Algorithm Identifiers

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)

6 months agoMake sure we properly test for EdDSA with alg ids
Matt Caswell [Tue, 15 Sep 2020 15:48:55 +0000 (16:48 +0100)]
Make sure we properly test for EdDSA with alg ids

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)

6 months agoTeach EdDSA signature algorithms about AlgorithmIdentifiers
Matt Caswell [Tue, 15 Sep 2020 15:20:51 +0000 (16:20 +0100)]
Teach EdDSA signature algorithms about AlgorithmIdentifiers

The other signature algorithms know how to create their own
AlgorithmIdentifiers, but the EdDSA algorithms missed this.

Fixes #11875

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)

6 months agoAdd option to fipsinstall to disable fips security checks at run time.
Shane Lontis [Sat, 5 Sep 2020 03:08:27 +0000 (13:08 +1000)]
Add option to fipsinstall to disable fips security checks at run time.

Changes merged from a patch by @richsalz.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd 'fips-securitychecks' option and plumb this into the actual fips checks
Shane Lontis [Fri, 4 Sep 2020 07:55:28 +0000 (17:55 +1000)]
Add 'fips-securitychecks' option and plumb this into the actual fips checks

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agofix provider exchange operations
Shane Lontis [Sat, 29 Aug 2020 08:04:13 +0000 (18:04 +1000)]
fix provider exchange operations

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agofix provider signatures
Shane Lontis [Sat, 29 Aug 2020 08:03:17 +0000 (18:03 +1000)]
fix provider signatures

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoSeparate fips and non fips code for key operations
Shane Lontis [Sat, 29 Aug 2020 07:59:07 +0000 (17:59 +1000)]
Separate fips and non fips code for key operations

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd missing 'ossl_unused' tags to some gettable and settable methods.
Shane Lontis [Sat, 29 Aug 2020 02:33:34 +0000 (12:33 +1000)]
Add missing 'ossl_unused' tags to some gettable and settable methods.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd error message to genpkey app for the '-genparam' option
Shane Lontis [Sat, 29 Aug 2020 02:06:05 +0000 (12:06 +1000)]
Add error message to genpkey app for the '-genparam' option

The ordering of this option is important so inform the user if they do it incorrectly.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd fips checks for ecdh key agreement
Shane Lontis [Sat, 29 Aug 2020 02:59:04 +0000 (12:59 +1000)]
Add fips checks for ecdh key agreement

For key agreement only NIST curves that have a security strength of 112 bits or more are allowed.
Fixed tests so they obey these restrictions when testing in fips mode.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd fips checks for rsa encryption
Shane Lontis [Sat, 29 Aug 2020 02:55:43 +0000 (12:55 +1000)]
Add fips checks for rsa encryption

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd fips checks for dh key agreement
Shane Lontis [Sat, 29 Aug 2020 02:54:00 +0000 (12:54 +1000)]
Add fips checks for dh key agreement

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd fips checks for ecdsa signatures
Shane Lontis [Sat, 29 Aug 2020 02:51:14 +0000 (12:51 +1000)]
Add fips checks for ecdsa signatures

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd fips checks for dsa signatures
Shane Lontis [Sat, 29 Aug 2020 02:37:46 +0000 (12:37 +1000)]
Add fips checks for dsa signatures

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoAdd fips checks for rsa signatures.
Shane Lontis [Sat, 29 Aug 2020 02:25:54 +0000 (12:25 +1000)]
Add fips checks for rsa signatures.

In fips mode SHA1 should not be allowed for signing, but may be present for verifying.
Add keysize check.
Add missing 'ossl_unused' to gettable and settable methods.
Update fips related tests that have these restrictions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)

6 months agoFix some doc-nits and make update errors
Matt Caswell [Tue, 15 Sep 2020 13:00:37 +0000 (14:00 +0100)]
Fix some doc-nits and make update errors

The new lhash changes have confused some of the perl scripts so we add
some fixes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)

6 months agoRemove some unneeded code from lhash.h
Matt Caswell [Fri, 11 Sep 2020 13:04:51 +0000 (14:04 +0100)]
Remove some unneeded code from lhash.h

lhash.h had some workaround code for the issue where static inline
functions contained references to libcrypto symbols in public header
files. Since this issue no longer exists this workaround code can be
removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)

6 months agoUpdate err.h to use the new lhash generation code
Matt Caswell [Fri, 11 Sep 2020 12:51:58 +0000 (13:51 +0100)]
Update err.h to use the new lhash generation code

Generate the lhash macros for the ERR_STRING_DATA type

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)

6 months agoUpdate conf.h.in to use the new lhash generation code
Matt Caswell [Fri, 11 Sep 2020 12:48:31 +0000 (13:48 +0100)]
Update conf.h.in to use the new lhash generation code

Generate the lhash macros for the CONF_VALUE type

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)

6 months agoProvide basis for fixing lhash code
Matt Caswell [Fri, 11 Sep 2020 12:22:40 +0000 (13:22 +0100)]
Provide basis for fixing lhash code

Following on from the earlier safestack work we provide the basis for
fixing the lhash code such that unused static inline functions do not
cause linker errors for applications including those headers.

This brings the lhash code into line with the safestack code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)

6 months agos_client.pod: Fix grammar in NOTES section.
Alexander Borkowski [Sat, 20 Jul 2019 05:47:11 +0000 (07:47 +0200)]
s_client.pod: Fix grammar in NOTES section.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9421)

6 months agoAdd selftest callback to CRNG output test
Shane Lontis [Tue, 1 Sep 2020 23:08:09 +0000 (09:08 +1000)]
Add selftest callback to CRNG output test

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12795)

6 months agoFix AES_XTS on x86-64 platforms with BSAES and VPAES support.
Shane Lontis [Wed, 16 Sep 2020 01:07:02 +0000 (11:07 +1000)]
Fix AES_XTS on x86-64 platforms with BSAES and VPAES support.

Fixes #11622
Fixes #12378

Due to a missing else it was setting up the stream for BSAES and then using this incorrect stream with VPAES.
The correct behaviour is not to use VPAES at all in this case.
Also note that the original code in e_aes could set up VPAES and then would overwrite it with the generic implementation.
On a machine that supported both BSAES and VPAES the code was changed locally to force it to run both cases to verify
both paths produce the correct known answers.

Debugged using mageia 7.1, but is also highly likely to fix FreeBSD also.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12887)

6 months agoHMAC should work with non-provided digests
Dmitry Belyavskiy [Mon, 14 Sep 2020 15:33:29 +0000 (18:33 +0300)]
HMAC should work with non-provided digests

Fixes #12839

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12874)

6 months agoRename check_chain_extensions to check_chain
Tomas Mraz [Fri, 11 Sep 2020 13:27:23 +0000 (15:27 +0200)]
Rename check_chain_extensions to check_chain

The function does much more than just checking extensions.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)

6 months agoDisallow certs with explicit curve in verification chain
Tomas Mraz [Fri, 11 Sep 2020 07:09:29 +0000 (09:09 +0200)]
Disallow certs with explicit curve in verification chain

The check is applied only with X509_V_FLAG_X509_STRICT.

Fixes #12139

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)

6 months agoEC_KEY: add EC_KEY_decoded_from_explicit_params()
Tomas Mraz [Fri, 21 Aug 2020 12:50:52 +0000 (14:50 +0200)]
EC_KEY: add EC_KEY_decoded_from_explicit_params()

The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)

6 months agoFix Coverity CID 1466708 - correct pointer calculation in one case
Dr. David von Oheimb [Wed, 16 Sep 2020 11:29:05 +0000 (13:29 +0200)]
Fix Coverity CID 1466708 - correct pointer calculation in one case

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12894)

6 months agoFIX strncpy warning in apps/cmp.c.
Xiaofei Bai [Tue, 15 Sep 2020 01:59:02 +0000 (01:59 +0000)]
FIX strncpy warning in apps/cmp.c.

bugfix: #12872

strncpy here has compiling warning of -Wstringop-truncation, change
into BIO_snprintf as before.

Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12889)

6 months agoMake KDFs fail if requesting a zero-length key.
Jon Spillett [Mon, 14 Sep 2020 07:03:01 +0000 (17:03 +1000)]
Make KDFs fail if requesting a zero-length key.

Also add more test cases

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12826)

6 months agoAllow zero-length secret for EVP_KDF API
Jon Spillett [Tue, 8 Sep 2020 06:46:13 +0000 (16:46 +1000)]
Allow zero-length secret for EVP_KDF API

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12826)

6 months agoFix typo in bind_loader_attic comment
Daniel Bevenius [Wed, 16 Sep 2020 06:55:52 +0000 (08:55 +0200)]
Fix typo in bind_loader_attic comment

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12890)

6 months agoDocument 2 newly added functions
Matt Caswell [Mon, 14 Sep 2020 15:30:50 +0000 (16:30 +0100)]
Document 2 newly added functions

Adds documentation for EVP_PKEY_get0_first_alg_name() and
EVP_KEYMGMT_get0_first_name().

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

6 months agoTest HMAC output from the dgst CLI
Matt Caswell [Mon, 14 Sep 2020 15:13:54 +0000 (16:13 +0100)]
Test HMAC output from the dgst CLI

We run two HMAC operations on the same file and confirm that both provide
us with the expected values.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

6 months agoCorrectly display the signing/hmac algorithm in the dgst app
Matt Caswell [Sun, 13 Sep 2020 10:09:20 +0000 (11:09 +0100)]
Correctly display the signing/hmac algorithm in the dgst app

In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:

HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1

Prior to this change master would instead display this like so:

SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1

The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get
the algorithm name from the EVP_PKEY. This doesn't work with provider
based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name()
function, and an equivalent EVP_KEYMGMT_get0_first_name() function.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

6 months agoRedirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate
Matt Caswell [Fri, 11 Sep 2020 15:47:53 +0000 (16:47 +0100)]
Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate

Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx previously
initialised with EVP_DigestSignInit() would retain information about the
key, and re-initialise for another sign operation. To emulate that we
redirect calls to EVP_DigestInit() to EVP_DigestSignInit_ex() if
appropriate.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

6 months agoDon't send -1 as the length of the hmac key
Matt Caswell [Thu, 10 Sep 2020 13:46:41 +0000 (14:46 +0100)]
Don't send -1 as the length of the hmac key

The dgst app was using an undocumented behaviour in the
EVP_PKEY_new_raw_private_key() function when setting a key length for
a MAC. The old EVP_PKEY to MAC bridge, probably by accident, converts a
-1 length to a strlen() call, by virtue of the fact that it eventually
calls ASN1_STRING_set() which has this feature.

As noted above this is undocumented, and unexpected since the len
parameter to EVP_PKEY_new_raw_private_key() is an unsigned value (size_t).
In the old bridge it was later (silently) cast to an int, and therefore
the original -1 value was restored. This only works because sizeof(int) <=
sizeof(size_t). If we ever run on a platform where sizeof(int) >
sizeof(size_t) then it would have failed. The behaviour also doesn't hold
for EVP_PKEY_new_raw_private_key() in general - only when the old MAC
bridge was in use.

Rather than restore the original behaviour I think it is best to simply
fix the dgst app to not assume it exists. We should not bake in this
backwards and inconsistent behaviour.

Fixes #12837

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

6 months agoAnnotate potential -Wunused-function violations in err.h
jwalch [Thu, 10 Sep 2020 16:14:40 +0000 (12:14 -0400)]
Annotate potential -Wunused-function violations in err.h

Fixes #12792

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12851)