Matt Caswell [Thu, 18 Feb 2021 14:57:13 +0000 (14:57 +0000)]
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
Shane Lontis [Wed, 17 Feb 2021 10:01:34 +0000 (20:01 +1000)]
Fix external symbols related to provider related security checks for
keys and digests.
Partial fix for #12964
This adds ossl_ names for the following symbols:
digest_get_approved_nid, digest_get_approved_nid_with_sha1
digest_is_allowed, digest_md_to_nid, digest_rsa_sign_get_md_nid,
securitycheck_enabled,
dh_check_key, dsa_check_key, ec_check_key,
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)
Shane Lontis [Wed, 17 Feb 2021 09:56:35 +0000 (19:56 +1000)]
Fix external symbols in the provider digest implementations.
Partial fix for #12964
This adds ossl_ names for the following symbols:
blake2b512_init,blake2b_final,blake2b_init,blake2b_init_key,
blake2b_param_init,blake2b_param_set_digest_length,blake2b_param_set_key_length,
blake2b_param_set_personal,blake2b_param_set_salt,blake2b_update,
blake2s256_init,blake2s_final,blake2s_init,blake2s_init_key,
blake2s_param_init,blake2s_param_set_digest_length,blake2s_param_set_key_length,
blake2s_param_set_personal,blake2s_param_set_salt,blake2s_update,
digest_default_get_params,digest_default_gettable_params
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)
zekeevans-mf [Thu, 21 Jan 2021 19:24:51 +0000 (12:24 -0700)]
Add deep copy of propq field in mac_dupctx to avoid double free
mac_dupctx() should make a copy of the propq field. Currently it
does a shallow copy which can result in a double free and crash.
The double free occurs when using a provider property string.
For example, passing in "fips=no" to SSL_CTX_new_ex() causes the
propq field to get set to that value. When mac_dupctx() and
mac_freectx() is called (ie: in SSL_write()) it ends up freeing
the reference of the original object instead of a copy.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13926)
Sahana Prasad [Mon, 25 Jan 2021 13:44:29 +0000 (14:44 +0100)]
DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters
Fixes #13569
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13955)
Dr. David von Oheimb [Thu, 11 Feb 2021 20:07:14 +0000 (21:07 +0100)]
chain_build(): Call verify_cb_cert() if a preliminary error has become final
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14157)
Tomas Mraz [Wed, 10 Feb 2021 17:44:00 +0000 (18:44 +0100)]
dsa_check: Perform simple parameter check if seed is not available
Added primality check on p and q in the ossl_ffc_params_simple_validate().
Checking for p and q sizes in the default provider is made more
lenient.
Added two testcases for invalid parameters.
Fixes #13950
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14148)
Dmitry Belyavskiy [Fri, 22 Jan 2021 12:44:16 +0000 (13:44 +0100)]
DSA parameter check using pkeyparam
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14148)
Shane Lontis [Wed, 17 Feb 2021 07:54:29 +0000 (17:54 +1000)]
Fix external symbols in the provider cipher implementations.
Partial fix for #12964
This add ossl_ names for the following symbols.
chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
Dr. David von Oheimb [Mon, 15 Feb 2021 09:24:58 +0000 (10:24 +0100)]
x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID
1473068
Fixes: Variable "sk_untrusted" going out of scope leaks the storage it points to.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14187)
Dr. David von Oheimb [Sun, 14 Feb 2021 19:25:42 +0000 (20:25 +0100)]
apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR
Also improve doc how the -reqexts option affects the CSR given with the -csr option.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14181)
Dr. David von Oheimb [Sun, 14 Feb 2021 19:12:38 +0000 (20:12 +0100)]
apps/ca.c: Make sure ext_ctx structure gets initialized
Fixes #14175
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14181)
Tomas Mraz [Thu, 11 Feb 2021 15:57:37 +0000 (16:57 +0100)]
Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY
Additional renames done in encoder and decoder implementation
to follow the style.
Fixes #13622
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14155)
Richard Levitte [Tue, 16 Feb 2021 00:19:58 +0000 (01:19 +0100)]
Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i()
The OSSL_HTTP_REQ_CTX API has a few changes compared to the older
OCSP_REQ_CTX API which are not quite obvious at first sight.
The old OCSP_REQ_CTX_nbio_d2i() took three arguments, of which one is
an output argument, and return an int, while the newer
OSSL_HTTP_REQ_CTX_sendreq_d2i() returns the value directly and thereby
takes one less argument.
The mapping from the old to the new wasn't quite right, this corrects
it, along with a couple of X509 macros that needed the same kind of
fix.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14196)
Nicola Tuveri [Fri, 22 Jan 2021 16:50:12 +0000 (18:50 +0200)]
[doc/man3][OSSL_ENCODER] Move NOTES to the bottom
For consistency with `OSSL_DECODER.pod`, and `man-pages(7)`, the `NOTES`
section is moved at the end of the file.
According to `man-pages(7)` the recommended section order is:
> NAME
> SYNOPSIS
> CONFIGURATION [Normally only in Section 4]
> DESCRIPTION
> OPTIONS [Normally only in Sections 1, 8]
> EXIT STATUS [Normally only in Sections 1, 8]
> RETURN VALUE [Normally only in Sections 2, 3]
> ERRORS [Typically only in Sections 2, 3]
> ENVIRONMENT
> FILES
> VERSIONS [Normally only in Sections 2, 3]
> CONFORMING TO
> NOTES
> BUGS
> EXAMPLE
> SEE ALSO
This commit does not attempt to fix the order in all pages but focuses
only on `OSSL_ENCODER` which has a "twin" man page in `OSSL_DECODER`,
making the inconsistent section order quite jarring.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13932)
Nicola Tuveri [Fri, 22 Jan 2021 16:45:07 +0000 (18:45 +0200)]
[doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties
This commit fixes the DECSCRIPTION section of doc/man3/OSSL_ENCODER.pod,
where `OSSL_ENCODER_properties` was incorrectly referred to as
`OSSL_ENCODER_provider`.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13932)
Pauli [Fri, 12 Feb 2021 03:20:09 +0000 (13:20 +1000)]
doc: document the two new RAND functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
Pauli [Fri, 12 Feb 2021 02:54:59 +0000 (12:54 +1000)]
rand: update DRBGs to use the get_entropy call for seeding
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
Pauli [Fri, 12 Feb 2021 02:45:03 +0000 (12:45 +1000)]
core: add get_entropy and clear_entropy calls to RAND
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
Pauli [Fri, 12 Feb 2021 02:44:43 +0000 (12:44 +1000)]
RNG test: add get_entropy hook for testing.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
Pauli [Fri, 12 Feb 2021 02:44:21 +0000 (12:44 +1000)]
RNG seed: add get_entropy hook for seeding.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
Pauli [Fri, 12 Feb 2021 02:44:02 +0000 (12:44 +1000)]
err: generated error files
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
Pauli [Fri, 12 Feb 2021 02:26:54 +0000 (12:26 +1000)]
test: DRBG test with long seed.
Fixes: #14101
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
Petr Gotthard [Mon, 15 Feb 2021 19:07:27 +0000 (20:07 +0100)]
Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client
The `openssl s_server` and `openssl s_client` currently ignore
the `-propquery` parameter. Fix patch fixes this.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14195)
Petr Gotthard [Mon, 15 Feb 2021 10:53:45 +0000 (11:53 +0100)]
Fix propquery handling in EVP_DigestSignInit_ex
Fixes #14183. Fix the condition to detect legacy engines, so the
`props` are considered even when libctx == NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14188)
Richard Levitte [Tue, 16 Feb 2021 19:02:24 +0000 (20:02 +0100)]
TEST: Add missing initialization
Compiler complained.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14204)
Matt Caswell [Tue, 16 Feb 2021 12:04:52 +0000 (12:04 +0000)]
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 2 Feb 2021 17:17:23 +0000 (17:17 +0000)]
Don't overflow the output length in EVP_CipherUpdate calls
CVE-2021-23840
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Fri, 22 Jan 2021 16:50:11 +0000 (16:50 +0000)]
Fix rsa_test to properly test RSA_SSLV23_PADDING
We test all three cases:
- An SSLv2 only client talking to a TLS capable server
- A TLS capable client talking to an SSLv2 only server
- A TLS capable client talking to a TLS capable server (should fail due
to detecting a rollback attack)
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Fri, 22 Jan 2021 16:38:50 +0000 (16:38 +0000)]
Fix the RSA_SSLV23_PADDING padding type
This also fixes the public function RSA_padding_check_SSLv23.
Commit
6555a89 changed the padding check logic in RSA_padding_check_SSLv23
so that padding is rejected if the nul delimiter byte is not immediately
preceded by at least 8 bytes containing 0x03. Prior to that commit the
padding is rejected if it *is* preceded by at least 8 bytes containing 0x03.
Presumably this change was made to be consistent with what it says in
appendix E.3 of RFC 5246. Unfortunately that RFC is in error, and the
original behaviour was correct. This is fixed in later errata issued for
that RFC.
This has no impact on libssl for modern versions of OpenSSL because
there is no protocol support for SSLv2 in these versions. However
applications that call RSA_paddin_check_SSLv23 directly, or use the
RSA_SSLV23_PADDING mode may still be impacted. The effect of the original
error is that an RSA message encrypted by an SSLv2 only client will fail to
be decrypted properly by a TLS capable server, or a message encrypted by a
TLS capable client will fail to decrypt on an SSLv2 only server. Most
significantly an RSA message encrypted by a TLS capable client will be
successfully decrypted by a TLS capable server. This last case should fail
due to a rollback being detected.
Thanks to D. Katz and Joel Luellwitz (both from Trustwave) for reporting
this issue.
CVE-2021-23839
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Fri, 22 Jan 2021 15:49:31 +0000 (15:49 +0000)]
Refactor rsa_test
Reduce code copying by factoring out common code into a separate function.
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Wed, 10 Feb 2021 16:36:57 +0000 (16:36 +0000)]
Test that X509_issuer_and_serial_hash doesn't crash
Provide a certificate with a bad issuer and check that
X509_issuer_and_serial_hash doesn't crash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Wed, 10 Feb 2021 16:10:36 +0000 (16:10 +0000)]
Fix Null pointer deref in X509_issuer_and_serial_hash()
The OpenSSL public API function X509_issuer_and_serial_hash() attempts
to create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it fails to correctly
handle any errors that may occur while parsing the issuer field (which
might occur if the issuer field is maliciously constructed). This may
subsequently result in a NULL pointer deref and a crash leading to a
potential denial of service attack.
The function X509_issuer_and_serial_hash() is never directly called by
OpenSSL itself so applications are only vulnerable if they use this
function directly and they use it on certificates that may have been
obtained from untrusted sources.
CVE-2021-23841
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Tomas Mraz [Mon, 15 Feb 2021 14:26:14 +0000 (15:26 +0100)]
Do not match RFC 5114 groups without q as it is significant
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14189)
Beat Bolli [Sat, 13 Feb 2021 14:09:07 +0000 (15:09 +0100)]
README-ENGINES: fix the link to the provider API README
Signed-off-by: Beat Bolli <dev@drbeat.li>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14173)
Matt Caswell [Wed, 10 Feb 2021 14:18:47 +0000 (14:18 +0000)]
Document the newly added function EVP_PKEY_param_check_quick()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
Matt Caswell [Wed, 10 Feb 2021 12:29:36 +0000 (12:29 +0000)]
Fix the dhparam_check test
genpkey can sometimes create files that fail "openssl dhparam -check". See
issue #14145. We had some instances of such invalid files in the
dhparam_check test. Now that "openssl dhparam -check" has been fixed to
work the same way as it did in 1.1.1 these tests were failing. We move the
invalid files inot the "invalid" directory. A future PR will have to fix
genpkey to not generate invalid files.
We also remove a "SKIP" block that was skipping tests in a no deprecated
build unnecessarily. Nothing being tested is deprecated.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
Matt Caswell [Tue, 9 Feb 2021 15:50:05 +0000 (15:50 +0000)]
Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.
Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
Matt Caswell [Tue, 9 Feb 2021 15:12:09 +0000 (15:12 +0000)]
Run DH_check_ex() not DH_check_params_ex() when checking params
Both DH_check_ex() and DH_check_params_ex() check the parameters.
DH_check_ex() performs a more complete check, while DH_check_params_ex()
performs a lightweight check. In 1.1.1 EVP_PKEY_param_check() would call
DH_check_ex() for DH keys. For backwards compatibility we should continue
with that behaviour.
Fixes #13501
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
Benjamin Kaduk [Thu, 11 Feb 2021 23:52:54 +0000 (15:52 -0800)]
RSA: avoid dereferencing possibly-NULL parameter in initializers
Fix CID
1472835: the explicit NULL check for prsactx is useless when
we have already dereferenced it in the initializers.
Move the actual initialization to the function body to get the
logic sequenced properly.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14160)
Benjamin Kaduk [Fri, 12 Feb 2021 00:10:50 +0000 (16:10 -0800)]
x509_vfy: remove redundant stack allocation
Fix CID
1472833 by removing a codepath that attempts to allocate a
stack if not already allocated, when the stack was already allocated
unconditionally a few lines previously.
Interestingly enough, this additional allocation path (and the comment
describing the need for it) were added in commit
69664d6af0cdd7738f55d10fbbe46cdf15f72e0e, also prompted by Coverity(!).
It seems that the intervening (and much more recent) commit
d53b437f9992f974c1623e9b9b9bdf053aefbcc3 that allowed sk_X509_dup()
to accept a NULL argument allowed the earlier initialization path
to unconditionally allocate a stack, rendering this later allocation fully
redundant.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14161)
Shane Lontis [Wed, 11 Nov 2020 07:50:17 +0000 (17:50 +1000)]
Add docs for ASN1_item_sign and ASN1_item_verify functions
This is to address part of issue #13192.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13373)
Pauli [Fri, 12 Feb 2021 10:06:10 +0000 (20:06 +1000)]
Remove an unnecessary free call.
https://github.com/openssl/openssl/commit/
64954e2f34b8839ca7ad1e9576a6efaf3e49e17c#r47045920
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14165)
Shane Lontis [Fri, 12 Feb 2021 04:17:23 +0000 (14:17 +1000)]
Remove dead code in rsa_pkey_ctrl.
Fixes CID #
1472393
Previously this switch handled CMS & PCKS7 controls (e.g ANS1_PKEY_CTRL_PKCS7_SIGN)
which fell thru to the dead code to set the X509_ALG.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14163)
Disconnect3d [Thu, 11 Feb 2021 19:00:40 +0000 (20:00 +0100)]
passwd.c: use the actual ROUNDS_DEFAULT macro
Before this commit, the `ROUNDS_DEFAULT` macro was not used at all, while defined in the source code.
Instead, a `unsigned int rounds = 5000;` was set, which uses the same value.
This commit changes the `5000` to `ROUNDS_DEFAULT`.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14156)
Jay Satiro [Fri, 5 Feb 2021 08:42:06 +0000 (03:42 -0500)]
NOTES-WINDOWS: fix typo
CLA: trivial
(cherry picked from commit
fb97b8e8a52b853b2b2209d5aeee36eaa08bb9ad)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14042)
Dr. Matthias St. Pierre [Tue, 2 Feb 2021 17:49:15 +0000 (18:49 +0100)]
Add a skeleton README-PROVIDERS file
The current content of this README file are just meant to be a
starting point and an incentive to add more. Most of the text
was borrowed from the [OpenSSL 3.0 Wiki], which is the reason
why a added Matt as co-author. To be continued...
[OpenSSL 3.0 Wiki]: https://wiki.openssl.org/index.php/OpenSSL_3.0
Co-authored-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
Dr. Matthias St. Pierre [Tue, 2 Feb 2021 16:55:50 +0000 (17:55 +0100)]
Add deprecation note to the README-ENGINES file
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
Dr. Matthias St. Pierre [Mon, 1 Feb 2021 17:57:40 +0000 (18:57 +0100)]
Unify the markdown links to the NOTES and README files
In many locations, the files have been converted to markdown
syntactically, but don't utilize the power of markdown yet.
Here, instead of just repeating the file name, the markdown link
now shows the title of the document.
Additionally, the notes are now reference in the same order in both
the README and the INSTALL file.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
Dr. Matthias St. Pierre [Mon, 1 Feb 2021 17:53:29 +0000 (18:53 +0100)]
Reformat some NOTES and README files
Formatting is still very mixed in the NOTES and README files.
This commit tries to make formatting more consistent with the one
introduced in pull request #10545.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
Dr. Matthias St. Pierre [Tue, 2 Feb 2021 17:16:19 +0000 (18:16 +0100)]
Revise some renamings of NOTES and README files
Some of the notes and readme files have been converted to markdown
format recently and renamed during this process. While adding the
.md extension was a natural step, switching to mixed cases was not
a change to the better, it gives them a ragged appearance:
NOTES.ANDROID => NOTES-Android.md
NOTES.DJGPP => NOTES-DJGPP.md
NOTES.PERL => NOTES-Perl.md
NOTES.UNIX => NOTES-Unix.md
NOTES.VMS => NOTES-VMS.md
NOTES.VALGRIND => NOTES-Valgrind.md
NOTES.WIN => NOTES-Windows.txt
README.ENGINE => README-Engine.md
README.FIPS => README-FIPS.md
Moreover, the NOTES-Windows.txt file is the only file which has been
converted to markdown but has received a .txt file extension.
This doesn't make sense, because the OpenSSL users on Windows will
need to read the other markdown documents as well. Since they are
developers, we can trust them to be able to associate their favorite
editor with the .md extension.
In fact, having a comment at the beginning of the file saying that it
is in markdown format but we didn't dare to add the correct extension
in order not to overwhelm our Windows users can be interpreted either
as unintentionally funny or disrespectful ;-)
This commit suggests the following more consistent renaming:
NOTES.ANDROID => NOTES-ANDROID.md
NOTES.DJGPP => NOTES-DJGPP.md
NOTES.PERL => NOTES-PERL.md
NOTES.UNIX => NOTES-UNIX.md
NOTES.VMS => NOTES-VMS.md
NOTES.VALGRIND => NOTES-VALGRIND.md
NOTES.WIN => NOTES-WINDOWS.md
README.ENGINE => README-ENGINES.md
README.FIPS => README-FIPS.md
(note the plural in README-ENGINES, anticipating a README-PROVIDERS)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
Tomas Mraz [Thu, 11 Feb 2021 17:18:49 +0000 (18:18 +0100)]
ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Also correctly mark max protocol version for some curves.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
Tomas Mraz [Thu, 11 Feb 2021 14:25:35 +0000 (15:25 +0100)]
tls_valid_group: Add missing dereference of okfortls13
Fixes #14153
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
Richard Levitte [Mon, 11 Jan 2021 07:51:43 +0000 (08:51 +0100)]
VMS documentation fixes
This mostly clarifies details.
Fixes #13789
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13835)
Richard Levitte [Mon, 11 Jan 2021 07:31:21 +0000 (08:31 +0100)]
Configurations/descrip.mms.tmpl: avoid enormous PIPE commands
DCL has a total command line limitation that's too easily broken by
them.
We solve them by creating separate message scripts and using them.
Fixes #13789
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13835)
Richard Levitte [Wed, 3 Feb 2021 19:40:37 +0000 (20:40 +0100)]
DOCS: Update the internal documentation on EVP_PKEY.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14059)
Richard Levitte [Thu, 11 Feb 2021 11:55:19 +0000 (12:55 +0100)]
Use ERR_R_*_LIB instead of ERR_LIB_* as reason code for sub-libraries
Using ERR_LIB_* causes the error output to say 'reason(n)' instead of
the name of the sub-library in question.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14152)
Matt Caswell [Mon, 8 Feb 2021 15:52:07 +0000 (15:52 +0000)]
Update documentation following deprecation of SRP
Ensure all the man pages correctly reflect the deprecated status of SRP.
Fixes #13917
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
Matt Caswell [Mon, 8 Feb 2021 11:31:59 +0000 (11:31 +0000)]
Deprecate the libssl level SRP APIs
The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
Matt Caswell [Fri, 5 Feb 2021 11:28:15 +0000 (11:28 +0000)]
Deprecate the low level SRP APIs
The OTC decided that all low level APIs should be deprecated. This extends
to SRP, even though at the current time there is no "EVP" interface to it.
This could be added in a future release.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
Job Snijders [Tue, 2 Feb 2021 14:14:27 +0000 (14:14 +0000)]
Add OID for draft-ietf-opsawg-finding-geofeeds detached CMS signature
RFC 8805 Geofeed files can be authenticated with RPKI
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14050)
Pauli [Wed, 10 Feb 2021 11:53:57 +0000 (21:53 +1000)]
Add a configure time option to disable the fetch cache.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Pauli [Tue, 9 Feb 2021 06:58:38 +0000 (16:58 +1000)]
test: add import and export key management hooks for the TLS provider.
Without these hooks, if the TLS provider isn't matched in the fetch cache, a test
failure will occur in the TLS API tests. Without allowing import and export, an
existing key can not move to a new key manager even if it is really the same.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Pauli [Tue, 9 Feb 2021 01:55:59 +0000 (11:55 +1000)]
test: filter provider honours the no_cache setting.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Pauli [Mon, 8 Feb 2021 03:09:49 +0000 (13:09 +1000)]
changes: add a CHANGES.md entry for the OSSL_FORCE_NO_CACHE_FETCH option.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Pauli [Mon, 8 Feb 2021 02:01:20 +0000 (12:01 +1000)]
test: fix no-cache problem with the quality comparison for KDFs.
In a caching world, it's fine to compare the pointers directly. In a
non-caching world, the names and providers need to be compared.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Pauli [Mon, 8 Feb 2021 01:38:21 +0000 (11:38 +1000)]
EVP: fix reference counting for EVP_CIPHER.
Under some circumstances, the reference count for a cipher wasn't updated
properly. This shows up best when fetches are not being queried but would be
possible if the cache flushed at a bad time.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Pauli [Mon, 8 Feb 2021 01:03:01 +0000 (11:03 +1000)]
Prov: add an option to force provider fetches to not be cached.
If the macro OSSL_FORCE_NO_CACHE_FETCH is defined, no provider will have its
fetches cached.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Pauli [Mon, 8 Feb 2021 01:02:52 +0000 (11:02 +1000)]
CI: add a non-caching CI loop
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Pauli [Mon, 8 Feb 2021 00:54:52 +0000 (10:54 +1000)]
EVP: fix reference counting for digest operations.
The reference count wasn't being incremented but the EVP_MD pointer was being
held. In a no cache build, this resulted in a failure on update in some
circumstances.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
Rich Salz [Wed, 10 Feb 2021 18:33:41 +0000 (13:33 -0500)]
Allow -rand to be repeated
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
Rich Salz [Mon, 8 Feb 2021 19:20:01 +0000 (14:20 -0500)]
Fetch cipher after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
Rich Salz [Mon, 8 Feb 2021 19:03:35 +0000 (14:03 -0500)]
Process digest option after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
Rich Salz [Mon, 8 Feb 2021 18:45:23 +0000 (13:45 -0500)]
Load rand state after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
Rich Salz [Sun, 7 Feb 2021 15:42:23 +0000 (10:42 -0500)]
Fetch alg, etc., after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
Rich Salz [Fri, 5 Feb 2021 20:38:07 +0000 (15:38 -0500)]
Fetch algorithm after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
Pauli [Wed, 10 Feb 2021 22:28:41 +0000 (08:28 +1000)]
test: add an option to output timing information from tests.
Fixes #14141
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14149)
Dr. David von Oheimb [Fri, 5 Feb 2021 20:52:01 +0000 (21:52 +0100)]
X509_STORE_CTX_cleanup(): Use internally so no need to call explicitly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14088)
Dr. David von Oheimb [Mon, 8 Feb 2021 14:27:49 +0000 (15:27 +0100)]
X509_STORE_CTX_get1_issuer(): Make preference on expired certs consistent with find_issuer()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14130)
Dr. David von Oheimb [Sat, 6 Feb 2021 20:51:55 +0000 (21:51 +0100)]
x509_vfy.c: Make chain_build() error diagnostics to the point
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14094)
Tomas Mraz [Tue, 9 Feb 2021 12:25:16 +0000 (13:25 +0100)]
Rename internal providercommonerr.h to less mouthful proverr.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
Tomas Mraz [Fri, 5 Feb 2021 17:51:37 +0000 (18:51 +0100)]
Various cleanup of PROV_R_ reason codes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
Tomas Mraz [Fri, 5 Feb 2021 16:40:42 +0000 (17:40 +0100)]
Move the PROV_R reason codes to a public header
The PROV_R codes can be returned to applications so it is useful
to have some common set of provider reason codes for the applications
or third party providers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
KOBAYASHI Ittoku [Sat, 6 Feb 2021 02:59:12 +0000 (11:59 +0900)]
Match description with actual output of dgst
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14089)
FdaSilvaYY [Sat, 6 Feb 2021 21:14:03 +0000 (22:14 +0100)]
include/internal: add a few missing #pragma once directives
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14096)
FdaSilvaYY [Sat, 6 Feb 2021 21:13:21 +0000 (22:13 +0100)]
include/openssl: add a few missing #pragma once directives
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14096)
FdaSilvaYY [Sat, 6 Feb 2021 21:36:46 +0000 (22:36 +0100)]
include/crypto: add a few missing #pragma once directives
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14096)
Pauli [Tue, 9 Feb 2021 08:32:32 +0000 (18:32 +1000)]
test: turn off parallel tests in verbose mode.
The existing code prints a warning saying that verbose mode is ignored with
parallel jobs. This seems backward, more useful is disabling parallel jobs
when verbose is enabled.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14137)
Oleksandr Tymoshenko [Sun, 20 Dec 2020 19:01:53 +0000 (11:01 -0800)]
Handle partial data re-sending on ktls/sendfile on FreeBSD
Add a handler for EBUSY sendfile error in addition to
EAGAIN. With EBUSY returned the data still can be partially
sent and user code has to be notified about it, otherwise it
may try to send data multiple times.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13716)
Benjamin Kaduk [Wed, 27 Jan 2021 20:19:08 +0000 (12:19 -0800)]
Remove unused 'peer_type' from SSL_SESSION
This field has not been used since #3858 was merged in 2017 when we
moved to a table-based lookup for certificate type properties instead of
an index-based one.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/13991)
Shane Lontis [Thu, 17 Dec 2020 06:42:05 +0000 (16:42 +1000)]
Replace provider digest flags with separate param fields
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
Shane Lontis [Thu, 17 Dec 2020 06:39:57 +0000 (16:39 +1000)]
Replace provider cipher flags with separate param fields
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
Shane Lontis [Mon, 14 Dec 2020 04:36:48 +0000 (14:36 +1000)]
Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields.
Fixes #12992
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
Shane Lontis [Fri, 5 Feb 2021 07:45:39 +0000 (17:45 +1000)]
Change the ASN1 variant of x942kdf so that it can test acvp data.
This 'special' way of specifying the data should only be used for testing
purposes. It should not be used in production environments.
ACVP passes a blob of DER encoded data for some of the fields rather
than passing them as separate fields that need to be DER encoded.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14077)
Dr. David von Oheimb [Sat, 6 Feb 2021 21:41:40 +0000 (22:41 +0100)]
x509_vfy.c: Sort out return values 0 vs. -1 (failure/internal error)
Also simplify first part of verify_chain()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14095)
Dr. David von Oheimb [Mon, 8 Feb 2021 06:31:11 +0000 (07:31 +0100)]
X509_get_pubkey_parameters(): Correct failure behavior and its use
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14095)
Dr. David von Oheimb [Mon, 8 Feb 2021 07:17:23 +0000 (08:17 +0100)]
x509_vfy: Clarify relevance of ctx->error also on successful verification
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14127)
Dr. David von Oheimb [Mon, 8 Feb 2021 07:12:15 +0000 (08:12 +0100)]
x509_vfy.c: Fix various coding style and documentation style nits
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14127)
Tomas Mraz [Thu, 4 Feb 2021 17:40:33 +0000 (18:40 +0100)]
CHANGES.md: Mention RSA key generation slowdown related changes
Fixes #14068
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14073)
Tomas Mraz [Thu, 4 Feb 2021 18:25:44 +0000 (19:25 +0100)]
Deprecate BN_pseudo_rand() and BN_pseudo_rand_range()
The functions are obsolete aliases for BN_rand() and BN_rand_range()
since 1.1.0.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14080)