openssl.git
5 months agoPROV: Re-implement all the keypair decoders
Richard Levitte [Mon, 26 Oct 2020 12:22:54 +0000 (13:22 +0100)]
PROV: Re-implement all the keypair decoders

The base functionality to implement the keypair decoders doesn't
change much, but this results in a more massive amount of
OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained
selection of implementation based on what parts of the keypair
structure (combinations of key parameters, public key and private key)
should be expected as input, the input type ("DER", "PEM", ...) and the
outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key
type specific structures, ...).

We add support for the generic structure name "type-specific", to
allow selecting that without knowing the exact name of that structure.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

5 months agoDECODER: Add tracing
Richard Levitte [Wed, 28 Oct 2020 09:13:24 +0000 (10:13 +0100)]
DECODER: Add tracing

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

5 months agoDECODER: Add input structure support for EVP_PKEY decoding
Richard Levitte [Mon, 26 Oct 2020 12:17:42 +0000 (13:17 +0100)]
DECODER: Add input structure support for EVP_PKEY decoding

OSSL_DECODER_CTX_new_by_EVP_PKEY() takes one more argument to express
the desired outermost structure for the input.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

5 months agoDECODER: Add support for OSSL_FUNC_decoder_does_selection()
Richard Levitte [Mon, 26 Oct 2020 12:08:54 +0000 (13:08 +0100)]
DECODER: Add support for OSSL_FUNC_decoder_does_selection()

OSSL_FUNC_decoder_does_selection() is a dispatchable decoder implementation
function that should return 1 if the given |selection| is supported by an
decoder implementation and 0 if not.  This can be used by libcrypto
functionality to figure out if an encoder implementation should be
considered or not.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

5 months agoDECODER: Add support for specifying the outermost input structure
Richard Levitte [Mon, 26 Oct 2020 12:06:01 +0000 (13:06 +0100)]
DECODER: Add support for specifying the outermost input structure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

5 months ago25-test_x509.t: Re-add and improve a test on non-existence of ASN.1 parse errors
Dr. David von Oheimb [Mon, 9 Nov 2020 09:08:23 +0000 (10:08 +0100)]
25-test_x509.t: Re-add and improve a test on non-existence of ASN.1 parse errors

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13353)

5 months agocmp_msg.c: Use issuer of reference cert as default issuer entry in certTemplate
Dr. David von Oheimb [Tue, 27 Oct 2020 11:00:22 +0000 (12:00 +0100)]
cmp_msg.c: Use issuer of reference cert as default issuer entry in certTemplate

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13357)

5 months agoAdd support for making all of KBKDF FixedInput fields optional.
Shane Lontis [Wed, 28 Oct 2020 05:33:05 +0000 (15:33 +1000)]
Add support for making all of KBKDF FixedInput fields optional.

Added settable integer parameters OSSL_KDF_PARAM_KBKDF_USE_L, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR.
This is required for CAVS tests that only use a combined blob of
inputdata. A test showing this use case has been added.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13258)

5 months agoRemove some redundant error messages in the apps
Matt Caswell [Mon, 9 Nov 2020 10:48:56 +0000 (10:48 +0000)]
Remove some redundant error messages in the apps

We change the load_key() and load_pubkey() functions to make them more
consistent with the load_keyparams() function modified as a result of
PR #13317.

The error message on a NULL key is removed, because an error message has
already been displayed by load_key_certs_crls().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13355)

5 months agoFix the reading of DSA parameters files using the dsaparam app
Matt Caswell [Wed, 4 Nov 2020 14:20:36 +0000 (14:20 +0000)]
Fix the reading of DSA parameters files using the dsaparam app

DSA parameters files were failing to load correctly. We also fix a number
of follow on issues which resulted in multiple similar errors messages
being displayed for the same problem, as well as a seg-fault.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13317)

5 months agoDocument pkcs12 alg NONE
Pali Rohár [Sun, 12 Jul 2020 22:52:26 +0000 (00:52 +0200)]
Document pkcs12 alg NONE

To generate unencrypted PKCS#12 file it is needed to use options: -keypbe NONE -certpbe NONE

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12426)

5 months agoopenssl-cmp.pod.in: Clean up doc of -verify_email, -verify_hostname, and -verify_ip
Dr. David von Oheimb [Mon, 28 Sep 2020 10:01:04 +0000 (12:01 +0200)]
openssl-cmp.pod.in: Clean up doc of -verify_email, -verify_hostname, and -verify_ip

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

5 months agoopenssl.pod: Improve doc of -verify_email, -verify_hostname, and -verify_ip
Dr. David von Oheimb [Mon, 28 Sep 2020 09:28:08 +0000 (11:28 +0200)]
openssl.pod: Improve doc of -verify_email, -verify_hostname, and -verify_ip

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

5 months agoopenssl-*.pod.in: Prevent newlines on empty engine_synopsis causing layout errors
Dr. David von Oheimb [Mon, 21 Sep 2020 09:56:01 +0000 (11:56 +0200)]
openssl-*.pod.in: Prevent newlines on empty engine_synopsis causing layout errors

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

5 months agoopenssl-cmp.pod.in: Align order of options with apps/cmp.c; improve structuring of...
Dr. David von Oheimb [Mon, 21 Sep 2020 09:54:46 +0000 (11:54 +0200)]
openssl-cmp.pod.in: Align order of options with apps/cmp.c; improve structuring of SYNOPSIS

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

5 months agoapps/cmp.c: Improve order of -path option: just after -server
Dr. David von Oheimb [Mon, 21 Sep 2020 09:53:10 +0000 (11:53 +0200)]
apps/cmp.c: Improve order of -path option: just after -server

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)

5 months agoPEM: Always use PEM_def_callback() when cb == NULL in pem_read_bio_key()
Richard Levitte [Sun, 8 Nov 2020 09:25:47 +0000 (10:25 +0100)]
PEM: Always use PEM_def_callback() when cb == NULL in pem_read_bio_key()

Too many other functions depend on this being done.

Fixes #13340

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13346)

5 months agoUI: Use OPENSSL_zalloc() in general_allocate_prompt()
Richard Levitte [Sun, 8 Nov 2020 09:23:54 +0000 (10:23 +0100)]
UI: Use OPENSSL_zalloc() in general_allocate_prompt()

This is to ensure that fields we don't set explicitly are always zero.

Fixes #13340

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13346)

5 months agoFix REF_PRINT_COUNT argument in ecx_key_free
Daniel Bevenius [Mon, 2 Nov 2020 12:33:01 +0000 (13:33 +0100)]
Fix REF_PRINT_COUNT argument in ecx_key_free

Currently, when configuring OpenSSL using -DREF_PRINT the following
compilation error is generated:

In file included from include/crypto/ecx.h:21,
                 from crypto/ec/ecx_key.c:11:
crypto/ec/ecx_key.c: In function 'ecx_key_free':
crypto/ec/ecx_key.c:65:32: error: 'r' undeclared
(first use in this function)
   65 |     REF_PRINT_COUNT("ECX_KEY", r);
      |                                ^
include/internal/refcount.h:169:40: note: in definition of macro
'REF_PRINT_COUNT'
  169 |         fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
      |                                        ^
crypto/ec/ecx_key.c:65:32: note: each undeclared identifier is reported
only once for each function it appears in
   65 |     REF_PRINT_COUNT("ECX_KEY", r);
      |                                ^
include/internal/refcount.h:169:40: note: in definition of macro
'REF_PRINT_COUNT'
  169 |         fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
      |                                        ^
make[1]: *** [Makefile:14929: crypto/ec/libcrypto-lib-ecx_key.o] Error 1

This commit updates the argument passed in to be the ECX_KEY* key.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13298)

5 months agoRemove test that breaks on AIX.
Shane Lontis [Wed, 4 Nov 2020 02:48:03 +0000 (12:48 +1000)]
Remove test that breaks on AIX.

The offending test checks that fopen("anydir/") fails. This looks fairly platform
specific. For the test involved this creates a file called
"anydir" on an AIX test machine.

This change was introduced on (Sept 24)
https://github.com/openssl/openssl/commit/29844ea5b3d2b7240d99b043a0d82cb177f0762d

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13309)

5 months agoThis should fix a lock-order-inversion
Bernd Edlinger [Wed, 4 Nov 2020 19:55:36 +0000 (20:55 +0100)]
This should fix a lock-order-inversion

Calling OPENSSL_init_crypto before acquiring the
ossl_property_read_lock in ossl_method_store_fetch
makes the second call to OPENSSL_init_crypto
from ossl_ctx_global_properties unnecessary.

Fixes #12869

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13321)

5 months agotest/evp_extra_test.c: Modify to reflect provider support in test_EVP_PKEY_check
Richard Levitte [Fri, 6 Nov 2020 09:37:43 +0000 (10:37 +0100)]
test/evp_extra_test.c: Modify to reflect provider support in test_EVP_PKEY_check

With our providers, RSA now supports public key check and key parameter check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)

5 months agoEVP: Have all EVP_PKEY check functions export to provider if possible
Richard Levitte [Fri, 6 Nov 2020 07:04:59 +0000 (08:04 +0100)]
EVP: Have all EVP_PKEY check functions export to provider if possible

Fixes #13322

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)

5 months agoFix test/recipes/80-test_ca.t to skip_all properly in a subtest
Richard Levitte [Thu, 5 Nov 2020 20:54:36 +0000 (21:54 +0100)]
Fix test/recipes/80-test_ca.t to skip_all properly in a subtest

It's perfectlt ok to 'plan skip_all' in a subtest, but in that case,
it must really be inside the subtest.

Fixes #13330

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13331)

5 months agoCorrect system guessing for solaris64-x86_64-* targets
Matt Caswell [Thu, 5 Nov 2020 15:13:25 +0000 (15:13 +0000)]
Correct system guessing for solaris64-x86_64-* targets

Previously the system guessing script was choosing a target that did not
exist for these platforms.

Fixes #13323

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13327)

5 months agoDon't complain about uninitialized values when running Configure
Matt Caswell [Thu, 5 Nov 2020 14:56:45 +0000 (14:56 +0000)]
Don't complain about uninitialized values when running Configure

If a system understands `uname -X` then the Configure script will attempt
to use uninitialized values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13327)

5 months agoDon't clear the whole error stack when loading engines
Matt Caswell [Wed, 4 Nov 2020 11:34:15 +0000 (11:34 +0000)]
Don't clear the whole error stack when loading engines

Loading the various built-in engines was unconditionally clearing the
whole error stack. During config file processing processing a .include
directive which fails results in errors being added to the stack - but
we carry on anyway. These errors were then later being removed by the
engine loading code, meaning that problems with the .include directive
never get shown.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13311)

5 months agoDon't clear errors on failure in CONF_modules_load_file_ex()
Matt Caswell [Wed, 4 Nov 2020 11:31:55 +0000 (11:31 +0000)]
Don't clear errors on failure in CONF_modules_load_file_ex()

The call to CONF_modules_load() in CONF_modules_load_file_ex() can
return a negative number to indicate failure. This was incorrectly
being interpreted as "success" and therefore errors were being cleared
incorrectly.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13311)

5 months agox509_vfy.c: Call verification callback individually per strict check in check_chain()
David von Oheimb [Wed, 4 Nov 2020 12:07:08 +0000 (13:07 +0100)]
x509_vfy.c: Call verification callback individually per strict check in check_chain()

Fixes #13283

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)

5 months agox509_vfy.c: Introduce CHECK_CB macro simplifying use of cert verification cb function
David von Oheimb [Wed, 4 Nov 2020 11:24:41 +0000 (12:24 +0100)]
x509_vfy.c: Introduce CHECK_CB macro simplifying use of cert verification cb function

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)

5 months agoCHANGES.md: Mention (strict) checks recently added to X509_verify_cert()
David von Oheimb [Wed, 4 Nov 2020 11:23:34 +0000 (12:23 +0100)]
CHANGES.md: Mention (strict) checks recently added to X509_verify_cert()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)

5 months agoImprove doc of X509_verify_cert(), also in openssl.pod
David von Oheimb [Wed, 4 Nov 2020 11:21:10 +0000 (12:21 +0100)]
Improve doc of X509_verify_cert(), also in openssl.pod

in particular regarding the checks due to X509_V_FLAG_X509_STRICT/-x509_strict

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13312)

5 months agoCheck the configuration file by default
Dmitry Belyavskiy [Wed, 4 Nov 2020 09:25:58 +0000 (12:25 +0300)]
Check the configuration file by default

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13310)

5 months agoPrepare for 3.0 alpha 9
Matt Caswell [Thu, 5 Nov 2020 14:04:11 +0000 (14:04 +0000)]
Prepare for 3.0 alpha 9

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
5 months agoPrepare for release of 3.0 alpha 8 openssl-3.0.0-alpha8
Matt Caswell [Thu, 5 Nov 2020 14:03:50 +0000 (14:03 +0000)]
Prepare for release of 3.0 alpha 8

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
5 months agoUpdate copyright year
Matt Caswell [Thu, 5 Nov 2020 13:37:26 +0000 (13:37 +0000)]
Update copyright year

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13324)

5 months agodefltprov: remove duplicate algorithm names.
Pauli [Wed, 4 Nov 2020 02:31:19 +0000 (12:31 +1000)]
defltprov: remove duplicate algorithm names.

Ed25519 and Ed448 contained aliases that were the same as the primary name.
This removes the aliases leaving ED25519 and ED448 as the canonical names.

Matching is case insensitive, so no functionality is lost.  The FIPS provider
didn't include the duplicates.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13308)

5 months agoMoved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c.
Randall S. Becker [Thu, 29 Oct 2020 15:17:25 +0000 (10:17 -0500)]
Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c.

These methods should ultimately be deprecated. The move is to insulate
non-UNIX platforms from these undefined symbols.

CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.

Fixes #13273

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13276)

5 months agoDo not export the submodules gost-engine
Hu Keping [Tue, 3 Nov 2020 20:14:36 +0000 (20:14 +0000)]
Do not export the submodules gost-engine

Remove gost-engine from the distribution tarball.

Signed-off-by: Hu Keping <hukeping@huawei.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13301)

5 months agofix typo in README
Ichinose Shogo [Sun, 1 Nov 2020 06:14:02 +0000 (15:14 +0900)]
fix typo in README

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13289)

5 months agoAdd more diagnostics to ossl_shim
Benjamin Kaduk [Mon, 26 Oct 2020 19:20:31 +0000 (12:20 -0700)]
Add more diagnostics to ossl_shim

We had several cases where the connection failed but we did not
have an error message to differentiate which failure condition had
been triggered.  Add some more messages to help clarify what is
going wrong.

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)

5 months agoAdjust error reason for ssl_get_min_max_version() failure
Benjamin Kaduk [Mon, 26 Oct 2020 19:35:55 +0000 (12:35 -0700)]
Adjust error reason for ssl_get_min_max_version() failure

Use SSL_R_NO_PROTOCOLS_AVAILABLE instead of ERR_R_INTERNAL_ERROR,
to match what the BoringSSL tests expect for this case.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)

5 months agoClear error queue entries from bad DLTS records
Benjamin Kaduk [Mon, 26 Oct 2020 19:30:16 +0000 (12:30 -0700)]
Clear error queue entries from bad DLTS records

DTLS by design ignores records/packets with bad MAC or failed AEAD tag
validation.  However, recent changes to have provided cipher
implementations caused tls1_enc() to leave an entry on the error queue
for invalid GCM tags, e.g.:

800BEAEF487F0000:error::Provider routines:gcm_stream_update:cipher operation failed:providers/implementations/ciphers/ciphercommon_gcm.c:306

The BoringSSL tests check for entries on the error queue with
SSL_get_error() and so we were seeing spurious test failures
due to the additional item on the error queue.  To avoid leaving
such spurious entries on the error queue, set a mark before calling
the ssl3_enc 'enc' method, and pop to that mark before ignoring
invalid packets.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)

5 months agoPrevent potential UAF in init_thread_deregister()
jwalch [Thu, 29 Oct 2020 17:32:49 +0000 (13:32 -0400)]
Prevent potential UAF in init_thread_deregister()

I discovered the potential for use-after-free on glob_tevent_reg &
its members in this function as a consequence of some static (de-)initialization
fiasco in C++ client code.

Long story short, an EVP_PKEY_free() was happening after
OPENSSL_cleanup(). Aside from being freed the EVP_PKEY object wasn't
actually being used after cleanup, it was basically just an
ordering issue.

Obviously the application behavior here is somewhat suspect,
but IMO is basically benign. Crashing (most typical outcome
of a UAF) doesn't seem the optimal response.

At any rate, the issue can be avoided (at least with regard to this function)
by simply updating the pointer to NULL rather than leaving it pointing
to the freed memory, as is the typical practice.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13267)

5 months agoEVP: Fix typo in EVP_PKEY_gen comment
Daniel Bevenius [Fri, 30 Oct 2020 12:34:06 +0000 (13:34 +0100)]
EVP: Fix typo in EVP_PKEY_gen comment

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13282)

5 months agoInitialize outl in evp_enc.c to 0, protect against NULL
jwalch [Thu, 29 Oct 2020 18:05:19 +0000 (14:05 -0400)]
Initialize outl in evp_enc.c to 0, protect against NULL

Fixes #12734

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13268)

5 months agoAdd AES KW inverse ciphers to the EVP layer
Shane Lontis [Thu, 29 Oct 2020 08:20:36 +0000 (18:20 +1000)]
Add AES KW inverse ciphers to the EVP layer

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13272)

5 months agoRemove FLOSS from all OSS builds on NonStop except for SPT threading.
Randall S. Becker [Thu, 29 Oct 2020 15:37:05 +0000 (10:37 -0500)]
Remove FLOSS from all OSS builds on NonStop except for SPT threading.

The Standard POSIX Threads (SPT) implementation hangs in some test cases
if FLOSS is not used.

CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.

Fixes #13277

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13279)

5 months agotest/recipes/90-test_shlibload.t: Skip when address sanitizer enabled
Richard Levitte [Fri, 30 Oct 2020 12:16:46 +0000 (13:16 +0100)]
test/recipes/90-test_shlibload.t: Skip when address sanitizer enabled

Because this test loads the shared libraries dynamically, there are
cases where that results in errors because the ASAN library wasn't
loaded first.  That makes this test unsuitable in an ASAN build.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13281)

5 months agoutil/find-doc-nits: ignore OSSL_DEPRECATED*, alongside other reserved symbols
Richard Levitte [Mon, 26 Oct 2020 17:38:35 +0000 (18:38 +0100)]
util/find-doc-nits: ignore OSSL_DEPRECATED*, alongside other reserved symbols

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13240)

5 months agoSimplify and clarify doc/internal/man7/deprecation.pod
Richard Levitte [Sun, 25 Oct 2020 11:20:13 +0000 (12:20 +0100)]
Simplify and clarify doc/internal/man7/deprecation.pod

doc/internal/man7/deprecation.pod was unclear in some areas, and
included general documentation that has no place there.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13240)

5 months agoPatch leak in EVP_PKEY2PKCS8() error path
jwalch [Thu, 29 Oct 2020 14:52:52 +0000 (10:52 -0400)]
Patch leak in EVP_PKEY2PKCS8() error path

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13278)

5 months agoAllow empty deprecation macros to be passed as macro arguments
Matt Caswell [Fri, 23 Oct 2020 13:26:48 +0000 (14:26 +0100)]
Allow empty deprecation macros to be passed as macro arguments

The OSSL_DEPRECATEDIN_3_0 macro introduced in PR #13074 is intended to
be passed as a parameter to the various PEM declaration macros. However,
in some cases OSSL_DEPRECATEDIN_3_0 is defined to be empty, and it is
not allowed to pass empty macro arguments in C90. Therefore we ensure
these macros are always defined. In the case where they were empty
previously we use a no-op value instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13227)

5 months agoFix some missed usage of DEFINE_LHASH_OF()
Matt Caswell [Thu, 29 Oct 2020 12:46:28 +0000 (12:46 +0000)]
Fix some missed usage of DEFINE_LHASH_OF()

PR#12860 fixed issues with the Lhash code. It replaced usage of
DEFINE_LHASH_OF() in the public headers. Unfortunately it missed a couple
of instances.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13274)

5 months agoAdd easy to digest selector macros for EVP_PKEYs
Richard Levitte [Fri, 9 Oct 2020 11:02:58 +0000 (13:02 +0200)]
Add easy to digest selector macros for EVP_PKEYs

These are meant to be used with functions like
OSSL_ENCODER_CTX_new_by_EVP_PKEY()

The OSSL_ENCODER_CTX_new_by_EVP_PKEY() manual is also expanded on the
topics of output types and selections.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13189)

5 months agotest/recipes/15-test_gendh.t: don't try DER params
Richard Levitte [Wed, 28 Oct 2020 18:15:40 +0000 (19:15 +0100)]
test/recipes/15-test_gendh.t: don't try DER params

There is no option to output DH params in DER form.  -outform doesn't
apply to -genparam with 'openssl genpkey', and it shouldn't.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13266)

5 months agoUnify ssl3_get_cipher_by_std_name() implementation
Benjamin Kaduk [Sun, 27 Sep 2020 22:01:12 +0000 (15:01 -0700)]
Unify ssl3_get_cipher_by_std_name() implementation

The handling for the SCSVs was the same as for regular ciphers;
just merge them into the same table-driven handler.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13010)

5 months agocrypto/poly1305/asm: fix armv8 pointer authentication
Ard Biesheuvel [Tue, 27 Oct 2020 17:02:40 +0000 (18:02 +0100)]
crypto/poly1305/asm: fix armv8 pointer authentication

PAC pointer authentication signs the return address against the value
of the stack pointer, to prevent stack overrun exploits from corrupting
the control flow. However, this requires that the AUTIASP is issued with
SP holding the same value as it held when the PAC value was generated.
The Poly1305 armv8 code got this wrong, resulting in crashes on PAC
capable hardware.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13256)

5 months agoafalg: add a NULL pointer check
Pauli [Wed, 28 Oct 2020 09:35:38 +0000 (19:35 +1000)]
afalg: add a NULL pointer check

Fixes #13260

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13261)

5 months agoRewrite the HPE NonStop Notes file in Markdown with more explanations.
Randall S. Becker [Sat, 24 Oct 2020 21:58:27 +0000 (17:58 -0400)]
Rewrite the HPE NonStop Notes file in Markdown with more explanations.

CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.

Fixes #13237

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13238)

5 months agoDH: stop setting the private key length arbitrarily
Richard Levitte [Thu, 15 Oct 2020 05:14:16 +0000 (07:14 +0200)]
DH: stop setting the private key length arbitrarily

The private key length is supposed to be a user settable parameter.
We do check if it's set or not, and if not, we do apply defaults.

Fixes #12071

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13140)

5 months agoconfigdata.pm.in, util/dofile.pl: Make a HERE document stricter.
Richard Levitte [Fri, 23 Oct 2020 01:05:49 +0000 (03:05 +0200)]
configdata.pm.in, util/dofile.pl: Make a HERE document stricter.

Fixes #13221
Fixes #12743
Fixes #12078

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13225)

5 months agoFix sparc t4 build error 'undefined symbol: cipher_hw_generic_cbc'
Shane Lontis [Thu, 22 Oct 2020 01:07:58 +0000 (11:07 +1000)]
Fix sparc t4 build error 'undefined symbol: cipher_hw_generic_cbc'

cipher_hw_generic_##mode has been renamed to ossl_cipher_hw_generic_##mode.
There were a few missing renames for t4 in .inc files.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13213)

5 months agoEnsure we raise SSLfatal on error
Matt Caswell [Thu, 22 Oct 2020 12:53:27 +0000 (13:53 +0100)]
Ensure we raise SSLfatal on error

We were missing a call to SSLfatal. A comment claimed that we had already
called it - but that is incorrect.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13229)

5 months agoAPPS: Remove the format argument where it's not used
Richard Levitte [Sat, 24 Oct 2020 14:31:57 +0000 (16:31 +0200)]
APPS: Remove the format argument where it's not used

Also, restore a behaviour change, where load_cert() would look at
stdin when the input file name is NULL, and make sure to call
load_cert_pass() with a corresponding argument where load_cert() was
used in OpenSSL 1.1.1.

Fixes #13235

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13236)

5 months agoAdd parentheses to fix PCLINT Info:773
Kan [Sun, 20 Sep 2020 16:27:29 +0000 (00:27 +0800)]
Add parentheses to fix PCLINT Info:773

Fixes #7930
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12927)

5 months agoConstify OSSL_FUNC_keymgmt_validate()
Nicola Tuveri [Tue, 20 Oct 2020 22:38:44 +0000 (01:38 +0300)]
Constify OSSL_FUNC_keymgmt_validate()

The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13201)

5 months agoRemove EVP_aes_(128|192|256)_siv functions
Pauli [Tue, 20 Oct 2020 12:15:10 +0000 (22:15 +1000)]
Remove EVP_aes_(128|192|256)_siv functions

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13195)

5 months agoenc: change the text to reference `-list` instead of the deprecated `-ciphers`
Pauli [Wed, 21 Oct 2020 04:30:31 +0000 (14:30 +1000)]
enc: change the text to reference `-list` instead of the deprecated `-ciphers`

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13204)

5 months agoRename EVP_KDF_reset() to EVP_KDF_CTX_reset().
Shane Lontis [Tue, 13 Oct 2020 04:33:01 +0000 (14:33 +1000)]
Rename EVP_KDF_reset() to EVP_KDF_CTX_reset().

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116)

5 months agoRename EVP_KDF_size() to EVP_KDF_CTX_get_kdf_size().
Shane Lontis [Tue, 13 Oct 2020 04:30:12 +0000 (14:30 +1000)]
Rename EVP_KDF_size() to EVP_KDF_CTX_get_kdf_size().

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116)

5 months agoRename EVP_MAC_size() to EVP_MAC_CTX_get_mac_size().
Shane Lontis [Tue, 13 Oct 2020 04:22:17 +0000 (14:22 +1000)]
Rename EVP_MAC_size() to EVP_MAC_CTX_get_mac_size().

Fixes #11320

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116)

5 months agoRemove ossl_prov_util_nid_to_name()
Shane Lontis [Wed, 21 Oct 2020 00:57:52 +0000 (10:57 +1000)]
Remove ossl_prov_util_nid_to_name()

This removes a TODO.
This function is not needed since any place that needs to do the
conversion normally has a special case name2nid table.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13202)

5 months agoConstify OSSL_FUNC_keymgmt_has()
Nicola Tuveri [Tue, 20 Oct 2020 22:02:04 +0000 (01:02 +0300)]
Constify OSSL_FUNC_keymgmt_has()

The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13200)

5 months agoFix aarch64 static linking into shared libraries (see issue #10842 and pull request...
Romain Geissler [Fri, 2 Oct 2020 00:07:32 +0000 (00:07 +0000)]
Fix aarch64 static linking into shared libraries (see issue #10842 and pull request #11464)

This tries to fix the following link errors on aarch64 when using OpenSSL
3.0.0 alpha 6, compiling it with "no-shared" and -fPIC in CFLAGS, then
trying to use the resulting OpenSSL static libraries in the build of
elfutils, which embed libcrypto.a into libdebuginfo.so, which hides all
symbols (except the libdebuginfod ones) by default:

/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha1-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC
/workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha1-armv8.o): in function `sha1_block_data_order':
(.text+0x0): dangerous relocation: unsupported relocation
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-chacha-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC
/workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-chacha-armv8.o): in function `ChaCha20_ctr32':
(.text+0x6c): dangerous relocation: unsupported relocation
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha256-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha256-armv8.o): in function `sha256_block_data_order':
(.text+0x0): dangerous relocation: unsupported relocation
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha512-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-sha512-armv8.o): in function `sha512_block_data_order':
(.text+0x0): dangerous relocation: unsupported relocation
/opt/1A/toolchain/aarch64-v4.0.86/lib/gcc/aarch64-1a-linux-gnu/8.4.1/../../../../aarch64-1a-linux-gnu/bin/ld: /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `OPENSSL_armcap_P' which may bind externally can not be used when making a shared object; recompile with -fPIC
/workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): in function `poly1305_init':
(.text+0x14): dangerous relocation: unsupported relocation
/workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o): in function `poly1305_emit_neon':
(.text+0x8e4): relocation truncated to fit: R_AARCH64_CONDBR19 against symbol `poly1305_emit' defined in .text section in /workdir/build/build-pack/build-pack-temporary-static-dependencies/install/lib/libcrypto.a(libcrypto-lib-poly1305-armv8.o)

In poly1305-armv8.pl, hide symbols the same way they are hidden in poly1305-x86_64.pl.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13056)

5 months agoAPPS: Implement load_keyparams() to load key parameters
Richard Levitte [Tue, 20 Oct 2020 09:56:22 +0000 (11:56 +0200)]
APPS: Implement load_keyparams() to load key parameters

'openssl dsaparam' is affected as an obvious usage example.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191)

5 months agoImplement OpenSSL secure memory for Windows
Jeremiah Gowdy [Sun, 18 Oct 2020 21:12:35 +0000 (14:12 -0700)]
Implement OpenSSL secure memory for Windows

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13172)

5 months agoUnexport internal MSBLOB and PVK functions
Richard Levitte [Tue, 20 Oct 2020 16:11:30 +0000 (18:11 +0200)]
Unexport internal MSBLOB and PVK functions

The following internal functions are affected:

    ossl_do_blob_header
    ossl_do_PVK_header
    ossl_b2i
    ossl_b2i_bio

This is reflected by moving include/internal/pem.h to include/crypto/pem.h
engines/e_loader_attic gets the source code added to it to have
continued access to those functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13195)

5 months agoWork around Windows ftell() bug as per Microsoft engineering's suggestion
Richard Levitte [Tue, 20 Oct 2020 04:48:10 +0000 (06:48 +0200)]
Work around Windows ftell() bug as per Microsoft engineering's suggestion

See
https://developercommunity.visualstudio.com/content/problem/425878/fseek-ftell-fail-in-text-mode-for-unix-style-text.html

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13190)

5 months agoDeprecate EVP_PKEY_set1_tls_encodedpoint()
Matt Caswell [Fri, 9 Oct 2020 15:24:07 +0000 (16:24 +0100)]
Deprecate EVP_PKEY_set1_tls_encodedpoint()

Also deprecate EVP_PKEY_get1_tls_encodedpoint().

The preferred alternative is EVP_PKEY_set1_encoded_public_key() and
EVP_PKEY_get1_encoded_public_key().

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13105)

5 months agoDocument EVP_PKEY_set1_encoded_public_key()
Matt Caswell [Fri, 9 Oct 2020 14:43:24 +0000 (15:43 +0100)]
Document EVP_PKEY_set1_encoded_public_key()

Also documented EVP_PKEY_get1_encoded_public_key

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13105)

5 months agoRename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key
Matt Caswell [Fri, 9 Oct 2020 13:19:42 +0000 (14:19 +0100)]
Rename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key

We do the same thing for the "get1" version. In reality this has broader
use than just TLS (it can also be used in CMS), and "encodedpoint" only
makes sense when you are talking about EC based algorithms.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13105)

5 months agoresolve defects: reverse_inull; row[DB_exp_date] referenced before checking
xuyunjia [Sun, 18 Oct 2020 15:33:54 +0000 (23:33 +0800)]
resolve defects: reverse_inull; row[DB_exp_date] referenced before checking

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13170)

5 months agoFix Aes-xts potential failure on aarch64
XiaokangQian [Tue, 13 Oct 2020 09:53:58 +0000 (09:53 +0000)]
Fix Aes-xts potential failure on aarch64

Add return value for aarch64 in the init key function.
This will avoid overwriting the stream pointers of aarch64.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13133)

5 months agoPrefix crlNumber output with 0x.
Jacob Hoffman-Andrews [Mon, 13 Jul 2020 22:04:04 +0000 (15:04 -0700)]
Prefix crlNumber output with 0x.

When the crlNumber field contains only 0-9 digits, the output is
ambiguous as to what base it's in, which can be confusing. Adding this
prefix makes it explicit that it's in hex.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12434)

5 months agoFix no-dh
Matt Caswell [Fri, 16 Oct 2020 16:16:30 +0000 (17:16 +0100)]
Fix no-dh

One of the x509 tests checks to make sure spurious errors don't appear on
the stack. The x509 app uses the OSSL_STORE code to load things. The
OSSL_STORE code will try various different formats - which results in
lots of failures. However those failures are typically suppressed by
OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what
kind of errors are uninteresting (ASN.1 errors) but gets confused if
upper levels of code add additional errors to the stack. This was
happening in the DSA code which confused OSSL_STORE and meant the errors
were not being suppressed properly - and hence the x509 test failed.

Interestingly this only impacts a no-dh build, because in a no-dh build
the DSA param decoder suddenly becomes the last to be tried. If it
happens earlier in the list the errors end up getting suppressed anyway.

The simplest solution is to just to remove the error from the DSA param
decoder code. It's not adding any useful information anyway.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13162)

5 months agoTEST: fix the DH tests to reproduce the priv_len settings
Richard Levitte [Thu, 15 Oct 2020 06:30:49 +0000 (08:30 +0200)]
TEST: fix the DH tests to reproduce the priv_len settings

Some DH tests are done against files generated with '-pkeyopt priv_len:224'
This parameter must of course be reproduced when creating the key with
EVP_PKEY_fromdata(), or there will be a default that's guaranteed to
differ from the key parameters on file.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13166)

5 months agoDH: have DH_set_length() increment the dirty count.
Richard Levitte [Thu, 15 Oct 2020 05:14:16 +0000 (07:14 +0200)]
DH: have DH_set_length() increment the dirty count.

The recommended private key length is a key parameter among other key
parameters, and is included in the key data transferred in an import
or export between legacy implementations and provider implementations.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13166)

5 months agoDH: make the private key length importable / exportable
Richard Levitte [Thu, 15 Oct 2020 05:10:29 +0000 (07:10 +0200)]
DH: make the private key length importable / exportable

The DH private key length, which is an optional parameter, wasn't
properly imported / exported between legacy and provider side
implementations.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13166)

6 months agoChange markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING
Dr. Matthias St. Pierre [Sat, 17 Oct 2020 08:45:49 +0000 (10:45 +0200)]
Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING

Replace [collapsed reference links][] by [shortcut reference links],
in order to to improve the readability of the raw markdown text,
see also commit d8dc853825 (Change CVE link style in CHANGES and NEWS).

[collapsed reference links]:
  https://github.github.com/gfm/#collapsed-reference-link

[shortcut reference links]:
  https://github.github.com/gfm/#shortcut-reference-link

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13165)

6 months agoREADME: make the link to the OpenSSL 3.0 Wiki page more prominent
Dr. Matthias St. Pierre [Sat, 17 Oct 2020 08:40:25 +0000 (10:40 +0200)]
README: make the link to the OpenSSL 3.0 Wiki page more prominent

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13164)

6 months agoENCODER & DECODER: set params on all encoder/decoder instances, unconditionally
Richard Levitte [Fri, 16 Oct 2020 05:58:33 +0000 (07:58 +0200)]
ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally

OSSL_DECODER_CTX_set_params() and OSSL_ENCODER_CTX_set_params() would
stop as soon as a decoder / encoder instance failed, which leaves the
rest of them with a possibly previous and different value.

Instead, these functions will now call them all, but will return 0 if
any of the instance calls failed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13156)

6 months agodev/release.sh: improve instruction for pushing the tag
Richard Levitte [Fri, 16 Oct 2020 08:24:18 +0000 (10:24 +0200)]
dev/release.sh: improve instruction for pushing the tag

'git push --follow-tags' does a little too much, any spurious tag
object that the releaser have in their local repository will come
along, even though they have nothing to do with the commits being
pushed.

Therefore, we modify the instructions to show a separate and explicit
push of the release tag.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13159)

6 months agoTEST: modify tconversion.pl for forensics
Richard Levitte [Thu, 15 Oct 2020 14:53:29 +0000 (16:53 +0200)]
TEST: modify tconversion.pl for forensics

In the interest of finding out what went wrong with a test by looking
at its output, tconversion.pl is modified to take arguments in option
form, and gets an additional -prefix option that callers can use to
ensure output files are uniquely named.

Test recipes are modified to use these new options.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13147)

6 months agoAdd a CHANGES entry for the SSL_SECOP_TMP_DH change
Matt Caswell [Thu, 15 Oct 2020 10:37:38 +0000 (11:37 +0100)]
Add a CHANGES entry for the SSL_SECOP_TMP_DH change

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)

6 months agoPass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
Matt Caswell [Wed, 14 Oct 2020 14:13:28 +0000 (15:13 +0100)]
Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback

The security operation SSL_SECOP_TMP_DH is defined to take an EVP_PKEY
in the "other" parameter:

 /* Temporary DH key */
 # define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)

In most places this is what is passed. All these places occur server side.
However there is one client side call of this security operation and it
passes a DH object instead. This is incorrect according to the
definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other
locations.

Our own default security callback, and the debug callback in the apps,
never look at this value and therefore this issue was never noticed
previously. In theory a client side application could be relying on this
behaviour and could be broken by this change. This is probably fairly
unlikely but can't be ruled out.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)

6 months agoConcentrate deprecated libssl API usage in one file
Matt Caswell [Wed, 14 Oct 2020 09:45:21 +0000 (10:45 +0100)]
Concentrate deprecated libssl API usage in one file

We create a new file ssl/tls_depr.c to contain functions that need to call
deprecated APIs in libssl. This enables us to remove
OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files.

The deprecated API usage is either related to ENGINEs and is needed to
continue to support applications that use such ENGINEs. Or they are needed
to support some deprecated public libssl APIs.

One other file remains in libssl that still uses deprecated APIs: s3_cbc.c
This is needed to support the deprecated SSLv3.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13135)

6 months agoFix missing include of string.h in apps/lib/engine.c for strcmp.
Randall S. Becker [Fri, 9 Oct 2020 15:27:20 +0000 (09:27 -0600)]
Fix missing include of string.h in apps/lib/engine.c for strcmp.

This include is required for c99 on the NonStop TNS/X platform.

CLA: trivial

Fixes #13102

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13103)

6 months agolist: add a -provider-info option.
Pauli [Wed, 7 Oct 2020 02:19:04 +0000 (12:19 +1000)]
list: add a -provider-info option.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13084)

6 months agonull prov: fix gettable param array type.
Pauli [Wed, 7 Oct 2020 02:18:36 +0000 (12:18 +1000)]
null prov: fix gettable param array type.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13084)