Dr. David von Oheimb [Thu, 3 Sep 2020 14:51:06 +0000 (16:51 +0200)]
apps/cmp.c: clear leftover errors on loading libengines.so etc.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824)
Dr. David von Oheimb [Fri, 28 Aug 2020 09:57:18 +0000 (11:57 +0200)]
apps.c: Fix diagnostics and return value of load_key_certs_crls() on error
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824)
Dr. David von Oheimb [Mon, 7 Sep 2020 12:12:49 +0000 (14:12 +0200)]
Replace all wrong usages of 'B<...>' (typically by 'I<...>') in OSSL_CMP_CTX_new.pod
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
Dr. David von Oheimb [Fri, 28 Aug 2020 10:11:31 +0000 (12:11 +0200)]
Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs
* Use strenghtened cert chain building, verifying chain using optional trust store
while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
Rich Salz [Mon, 7 Sep 2020 15:38:48 +0000 (11:38 -0400)]
Fix markdown nits in NOTES-Windows.txt
And add a comment that this file is in markdown, but has a .txt
extension on purpose.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12805)
Kurt Roeckx [Sat, 13 Apr 2019 13:52:47 +0000 (15:52 +0200)]
Support writing RSA keys using the traditional format again
Fixes: #6855
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8743
Richard Levitte [Mon, 7 Sep 2020 10:25:17 +0000 (12:25 +0200)]
ENCODER: Refactor provider implementations, and some cleanup
The encoder implementations were implemented by unnecessarily copying
code into numerous topical source files, making them hard to maintain.
This changes merges all those into two source files, one that encodes
into DER and PEM, the other to text.
Diverse small cleanups are included.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12803)
Jon Spillett [Tue, 8 Sep 2020 00:33:28 +0000 (10:33 +1000)]
Fix up issue on AIX caused by broken compiler handling of macro expansion
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12812)
Pauli [Mon, 7 Sep 2020 21:35:29 +0000 (07:35 +1000)]
s_time: check return values better
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12808)
Pauli [Sun, 6 Sep 2020 10:39:12 +0000 (20:39 +1000)]
In a non-shared build, don't include the md5 object files in legacy provider
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)
Pauli [Sun, 6 Sep 2020 07:14:38 +0000 (17:14 +1000)]
TLS fixes for CBC mode and no-deprecated
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)
Pauli [Sun, 6 Sep 2020 03:44:08 +0000 (13:44 +1000)]
TLS: remove legacy code path supporting special CBC mode
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)
Pauli [Tue, 26 May 2020 10:20:09 +0000 (20:20 +1000)]
legacy: include MD5 code in legacy provider
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)
Pauli [Tue, 26 May 2020 09:38:23 +0000 (19:38 +1000)]
Deprecate SHA and MD5 again.
This reverts commit
a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)
Dr. David von Oheimb [Fri, 28 Aug 2020 11:37:04 +0000 (13:37 +0200)]
Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806)
Dr. David von Oheimb [Mon, 7 Sep 2020 18:27:19 +0000 (20:27 +0200)]
Add 4 new OIDs for PKIX key purposes and 3 new CMP information types
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12807)
Richard Levitte [Mon, 7 Sep 2020 06:47:00 +0000 (08:47 +0200)]
TEST: modify test/endecode_test.c to not use legacy keys
Now that PEM_write_bio_PrivateKey_traditional() can handle
provider-native EVP_PKEYs, we don't need to use explicitly legacy
ones.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12738)
Richard Levitte [Thu, 27 Aug 2020 08:07:09 +0000 (10:07 +0200)]
PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys
PEM_write_bio_PrivateKey_traditional() didn't handle provider-native
keys very well. Originally, it would simply use the corresponding
encoder, which is likely to output modern PEM (not "traditional").
PEM_write_bio_PrivateKey_traditional() is now changed to try and get a
legacy copy of the input EVP_PKEY, and use that copy for traditional
output, if it has such support.
Internally, evp_pkey_copy_downgraded() is added, to be used when
evp_pkey_downgrade() is too intrusive for what it's needed for.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12738)
Jakub Zelenka [Sun, 6 Sep 2020 18:11:34 +0000 (19:11 +0100)]
Add CMS AuthEnvelopedData with AES-GCM support
Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM
parameter as defined in RFC 5084.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8024)
Dr. David von Oheimb [Fri, 4 Sep 2020 06:11:41 +0000 (08:11 +0200)]
apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
Dr. David von Oheimb [Fri, 4 Sep 2020 06:05:46 +0000 (08:05 +0200)]
apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
Dr. David von Oheimb [Thu, 3 Sep 2020 11:32:56 +0000 (13:32 +0200)]
OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
Richard Levitte [Fri, 4 Sep 2020 16:00:29 +0000 (18:00 +0200)]
EVP: Move the functions and controls for setting and getting distid
Those functions were located in the EC files, but is really broader
than that, even thought currently only used for SM2. They should
therefore be in a more central location, which was also indicated by
diverse TODOs.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12789)
Richard Levitte [Thu, 3 Sep 2020 05:22:00 +0000 (07:22 +0200)]
EVP: Expand the use of EVP_PKEY_CTX_md()
Setting a hash function was reserved for signature operations.
However, it turns out that SM2 uses a hash function for encryption and
decryption as well.
Therefore, EVP_PKEY_CTX_md() must be called with an expanded operation
type combination that includes EVP_PKEY_OP_TYPE_CRYPT when used in a
generic way.
For SM2, test/recipes/30-test_evp_data/evppkey_sm2.txt is expanded to
test decryption both with an implicit and an explicit digest.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12789)
Richard Levitte [Wed, 2 Sep 2020 13:54:13 +0000 (15:54 +0200)]
EVP: Add support for delayed EVP_PKEY operation parameters
They get called "delayed parameters" because they may make it to the
implementation at a later time than when they're given.
This currently only covers the distinguished ID, as that's the only
EVP_PKEY operation parameter so far that has been possible to give
before the operation has been initialized.
This includes a re-implementation of EVP_PKEY_CTX_set1_id(),
EVP_PKEY_CTX_get1_id(), and EVP_PKEY_CTX_get1_id_len().
Also, the more rigorous controls of keytype and optype are restored.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12789)
Dmitry Belyavskiy [Thu, 3 Sep 2020 13:47:19 +0000 (16:47 +0300)]
New GOST PKCS12 standard support
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12780)
Richard Levitte [Fri, 4 Sep 2020 08:52:20 +0000 (10:52 +0200)]
Fix test/evp_extra_test.c
Because EVP_PKEY_CTX_new_from_name() could return a non-NULL context
with no value in it, the lack of legacy implementation when OpenSSL
was configured with 'no-ec' went through undetected. This adds the
necessary guards to skip a test of SM2 in that case.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/12785)
Richard Levitte [Thu, 3 Sep 2020 10:42:43 +0000 (12:42 +0200)]
EVP: Don't shadow EVP_PKEY_CTX_new* error records
There are places that add an ERR_R_MALLOC_FAILURE record when any of
EVP_PKEY_CTX_new*() return NULL, which is 1) inaccurate, and 2)
shadows the more accurate error record generated when trying to create
the EVP_PKEY_CTX.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/12785)
Richard Levitte [Wed, 2 Sep 2020 07:30:42 +0000 (09:30 +0200)]
EVP: Preserve the EVP_PKEY id in a few more spots
As long as there are internal legacy keys for EVP_PKEY, we need to preserve
the EVP_PKEY numeric identity when generating a key, and when creating the
EVP_PKEY_CTX.
For added consistency, the EVP_PKEY_CTX contructor tries a little
harder to find a EVP_PKEY_METHOD. Otherwise, we may run into
situations where the EVP_PKEY_CTX ends up having no associated methods
at all.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/12785)
Jon Spillett [Thu, 3 Sep 2020 04:02:48 +0000 (14:02 +1000)]
Use return code for 'which command' checks
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12775)
luxinyou [Mon, 7 Sep 2020 08:06:45 +0000 (18:06 +1000)]
Fix memory leaks in conf_def.c
Fixes #12471
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12533)
Richard Levitte [Sun, 23 Aug 2020 16:33:57 +0000 (18:33 +0200)]
Building: Build Unix static libraries one object file at a time
We're hitting problems that the 'ar' command line becomes too long for
some 'make' versions, or the shell it uses.
We therefore change the way we create a static library by doing so one
object file at a time. This is slower, but has better guarantees to
work properly on limited systems.
Fixes #12116
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12706)
Richard Levitte [Thu, 9 Jul 2020 05:47:12 +0000 (07:47 +0200)]
DOC: Fix check of EVP_PKEY_fromdata{,_init} in examples
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12389)
Richard Levitte [Tue, 7 Jul 2020 21:36:22 +0000 (23:36 +0200)]
DOC: Modify one example in EVP_PKEY_fromdata(3)
The example to create an EC key from user data didn't show what one
could expect and application to do, especially with regard to how it's
done with raw EC functions. We therefore refactor it to make proper
use of a BIGNUM where expected, and also use OSSL_PARAM_BLD(3) for
easier handling of the OSSL_PARAM array.
Fixes #12388
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12389)
jwalch [Fri, 4 Sep 2020 19:48:20 +0000 (15:48 -0400)]
Cleanup deprecation of ENGINE_setup_bsd_cryptodev
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12793)
John Baldwin [Tue, 1 Sep 2020 00:13:17 +0000 (17:13 -0700)]
Slightly abstract ktls_start() to reduce OS-specific #ifdefs.
Instead of passing the length in from the caller, compute the length
to pass to setsockopt() inside of ktls_start(). This isolates the
OS-specific behavior to ktls.h and removes it from the socket BIO
implementations.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)
John Baldwin [Thu, 3 Sep 2020 17:56:10 +0000 (10:56 -0700)]
Remove unused dummy functions from ktls.h.
The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so
the dummy functions were never used.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)
John Baldwin [Tue, 1 Sep 2020 00:02:01 +0000 (17:02 -0700)]
Fix the socket BIO control methods to use ktls_crypto_info_t.
This is mostly a cosmetic cleanup I missed when adding the
ktls_crypto_info_t type. However, while fixing this I noticed that
the changes to extract the size from crypto_info from the wrapper
structure for Linux KTLS had not been propagated from bss_sock.c to
bss_conn.c, so I've fixed that to use the correct length.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)
Dr. David von Oheimb [Thu, 3 Sep 2020 21:04:48 +0000 (23:04 +0200)]
X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12787)
Dr. David von Oheimb [Fri, 28 Aug 2020 10:42:47 +0000 (12:42 +0200)]
OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)
Dr. David von Oheimb [Fri, 4 Sep 2020 13:24:14 +0000 (15:24 +0200)]
Strengthen chain building for CMP
* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Extend the tests in cmp_protect_test.c and the documentation accordingly
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12791)
Dr. David von Oheimb [Fri, 4 Sep 2020 07:29:01 +0000 (09:29 +0200)]
Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout
Also simplify certificate saving in apps/cmp.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790)
Dr. Matthias St. Pierre [Wed, 8 Jul 2020 07:23:29 +0000 (09:23 +0200)]
test/drbgtest: improve the reseed after fork test
Issue #12377 demonstrated that it is not sufficient to verify that
after a fork a reseeding is triggered in the child. This commit
enhances the test by collecting the output of the public and private
drbg for the parent and all children and checking for duplicates.
In case of duplicates, it prints an error message and displays a
sorted output.
The analysis of #12377 (see [1]) showed that due to an error in the
resetting of the AES-CTR (issue #12405, fixed by #12413), it could
happen that only the first n bytes (n=1,...15) of the children's
random output were identical.
This test is optimized to detect this issue by only comparing the first
byte of the sampled data (i.e., the first 'column' of the output).
The number of samples is chosen high enough to keep the chance of false
positives low. The test is executed sixteen times, each time advancing
the internal counter by requesting a single extra byte of random data.
Another, more general test splits the entire sampled random data into
two-byte chunks and counts their collisions. If a certain threshold
is exceeded, it reports an error.
[1] https://github.com/openssl/openssl/issues/12377#issuecomment-
656207334
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12407)
Shane Lontis [Mon, 24 Aug 2020 02:52:56 +0000 (12:52 +1000)]
Fix coverity CID #
1454815 - NULL ptr dereference in initthread.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
Shane Lontis [Mon, 24 Aug 2020 02:45:50 +0000 (12:45 +1000)]
Fix coverity CID #
1452769 & #
1452771 - Arg passed to function that cannot be negative in cms_ess.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
Shane Lontis [Mon, 24 Aug 2020 02:16:24 +0000 (12:16 +1000)]
Fix coverity CID #
1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
Shane Lontis [Mon, 24 Aug 2020 02:02:02 +0000 (12:02 +1000)]
Fix coverity CID #
1465967 & #
1465968 - fix NULL dereference in dh_ameth.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
Shane Lontis [Mon, 24 Aug 2020 01:57:12 +0000 (11:57 +1000)]
Fix coverity CID #
1466371 - fix dereference before NULL check.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
Shane Lontis [Mon, 24 Aug 2020 01:45:57 +0000 (11:45 +1000)]
Fix coverity CID #
1466375 - Remove dead code.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
Shane Lontis [Mon, 24 Aug 2020 01:32:48 +0000 (11:32 +1000)]
Fix coverity CID #
1466377 - resource leak due to early return in ec_get_params().
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
Shane Lontis [Mon, 24 Aug 2020 01:29:23 +0000 (11:29 +1000)]
Fix coverity CID #
1466378 - Incorrect expression in ec_backend.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
Richard Levitte [Tue, 1 Sep 2020 15:56:11 +0000 (17:56 +0200)]
ASN1: Make ASN1_item_verify_ctx() work with provider-native keys
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Sun, 30 Aug 2020 09:46:45 +0000 (11:46 +0200)]
EC: Remove one error record that shadows another
In EC_GROUP_new_from_params(), ERR_R_EC_LIB was reported if
group_new_from_name() returned NULL. However, this shadows a possible
EC_R_INVALID_CURVE, making that harder to detect, which happens to be
important to do in test/evp_test.c.
This also extends key_unsupported() in test/evp_test.c to check for
this error alongside the check for EC_R_UNKNOWN_GROUP.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Sun, 30 Aug 2020 07:53:22 +0000 (09:53 +0200)]
TEST: Ensure that the base provider i activated when needed
The fips providers can't be activated alone if encoding, decoding or
STORE are going to be used.
To enable this, we selectively use test/fips-and-base.cnf instead of
test/fips.cnf in our test recipes.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Sat, 29 Aug 2020 13:08:05 +0000 (15:08 +0200)]
Revert "TEST: separate out NIST ECC tests from non-NIST"
This file split turned out to be a mistake as soon as the fetching
error reporting got properly sorted.
This reverts commit
e6ed04a9dcc2ead94e35c4a7400b9c998b5ad9ac.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Sat, 29 Aug 2020 18:48:51 +0000 (20:48 +0200)]
EVP: Don't report malloc failure in new_raw_key_int()
On failure by EVP_PKEY_CTX_new_from_name(), this function reported
ERR_R_MALLOC_FAILURE. However, that's not necessarily true, as it can
fail because the algorithm isn't present.
Either way, EVP_PKEY_CTX_new_from_name() records more accurate errors
on its own, and one of them - EVP_R_FETCH_FAILED - is significant for
test/evp_test.c.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Sat, 29 Aug 2020 18:38:25 +0000 (20:38 +0200)]
TEST: have key_unsupported() in evp_test.c look at the last error
key_unsupported() looked at the first error in the queue to see if a
key algorithm is supported or not. However, there are situations
where the errors it looks for is preceded by others. It's much safer
to look at the last recorded error.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Sat, 29 Aug 2020 07:40:31 +0000 (09:40 +0200)]
STORE: Stop the flood of errors
The old 'file:' loader was recently changed to stop the flood of
repeated nested ASN.1 errors when trying to decode a DER blob in
diverse ways.
That is now reproduced in ossl_store_handle_load_result()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Fri, 28 Aug 2020 11:07:35 +0000 (13:07 +0200)]
CORE: Fix small bug in passphrase caching
Passphrase caching didn't allocate memory when it got to cache an
empty string, leading to a crash.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Wed, 26 Aug 2020 05:04:53 +0000 (07:04 +0200)]
STORE: Fix potential memory leak
When closing an OSSL_STORE_CTX, also clear the passphrase data.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Wed, 5 Aug 2020 08:28:51 +0000 (10:28 +0200)]
"Downgrade" provider-native keys to legacy where needed
Some sub-systems and openssl sub-commands do not yet deal cleanly with
purely provider-native EVP_PKEYs. We compensate that by "downgrading"
keys in select places, or ensure that the 'file:' scheme ENGINE loader
is activated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Sun, 2 Aug 2020 14:41:04 +0000 (16:41 +0200)]
EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8()
EVP_PKEY2PKCS8() relies on the presence of an EVP_PKEY_ASN1_METHOD,
which requires "downgrading" the EVP_PKEY to have a legacy internal
key.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Thu, 23 Jul 2020 15:34:26 +0000 (17:34 +0200)]
TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders
We want to perform the same tests with a provider implementation, and
also make sure that an ENGINE implementation works as advertised.
OSSL_STORE_open() / OSSL_STORE_open_wirh_libctx() work in such a way
that they look for internal / engine implementations first, and only
failing that, they will try to fetch a provider implementation. This
ensures that when we do specify an engine, it gets exceptional priority.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Thu, 23 Jul 2020 21:06:27 +0000 (23:06 +0200)]
STORE: Deprecate legacy / ENGINE functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Sun, 2 Aug 2020 10:46:00 +0000 (12:46 +0200)]
STORE: Add a built-in 'file:' storemgmt implementation (loader)
This replaces the older 'file:' loader that is now an engine.
It's still possible to use the older 'file:' loader by explicitly
using the engine, and tests will remain for it as long as ENGINEs are
still supported (even through deprecated).
To support this storemgmt implementation, a few internal OSSL_DECODER
modifications are needed:
- An internal function that implements most of
OSSL_DECODER_CTX_new_by_EVP_PKEY(), but operates on an already
existing OSSL_DECODER_CTX instead of allocating a new one.
- Allow direct creation of a OSSL_DECODER from an OSSL_ALGORITHM.
It isn't attached to any provider, and is only used internally, to
simply catch any DER encoded object to be passed back to the
object callback with no further checking. This implementation
becomes the last resort decoder, when all "normal"
decodation attempts (i.e. those that are supposed to result
in an OpenSSL object of some sort) have failed.
Because file_store_attach() uses BIO_tell(), we must also support
BIO_ctrl() as a libcrypto upcall.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Thu, 23 Jul 2020 14:56:59 +0000 (16:56 +0200)]
STORE: Move the built-in 'file:' loader to become an engine module
From this point on, this engine must be specifically specified.
To replace the internal EMBEDDED hack with something unique for the
new module, functions to create application specific OSSL_STORE_INFO
types were added.
Furthermore, the following function had to be exported:
ossl_do_blob_header()
ossl_do_PVK_header()
asn1_d2i_read_bio()
Finally, evp_pkcs82pkey_int() has become public under a new name,
EVP_PKCS82PKEY_with_libctx()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Fri, 21 Aug 2020 11:08:18 +0000 (13:08 +0200)]
OSSL_ENCODER / OSSL_DECODER post-rename cleanup
There are a few remaining spots where 'deser' wasn't changed to 'decoder'
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Richard Levitte [Thu, 23 Jul 2020 14:30:38 +0000 (16:30 +0200)]
ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Matt Caswell [Mon, 31 Aug 2020 13:44:17 +0000 (14:44 +0100)]
Ensure EVP_MAC_update() passes the length even if it is 0
We leave it up to the EVP_MAC implemenations what to do with an update
where the data length is 0. In the TLS HMAC implemenation this is still
signficant.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Mon, 31 Aug 2020 13:43:15 +0000 (14:43 +0100)]
Convert ssl3_cbc_digest_record() to use EVP_MD_is_a()
Previously it used EVP_MD_type(), which doesn't work when called inside
the FIPs module.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Thu, 27 Aug 2020 11:52:17 +0000 (12:52 +0100)]
Update the EVP_PKEY MAC documentation
Include more information about the new HMAC parameter. Also fill in some
missing documentation about the EVP_PKEY MAC bridge.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Thu, 20 Aug 2020 14:54:01 +0000 (15:54 +0100)]
Enable PKEY MAC bridge signature algs to take ctx params
The underlying MAC implementations may take ctx params. Therefore we allow
the bridge to pass these through.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Thu, 20 Aug 2020 14:48:05 +0000 (15:48 +0100)]
Make ssl3_cbc_digest_record() use the real data_size
Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Thu, 30 Jul 2020 12:16:39 +0000 (13:16 +0100)]
Start using the provider side TLS HMAC implementation
This commit just moves the TLS1 and above implementation to use the TLS
HMAC implementation in the providers.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Matt Caswell [Thu, 30 Jul 2020 11:02:06 +0000 (12:02 +0100)]
Add an HMAC implementation that is TLS aware
The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable
amount of padding.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
Jon Spillett [Wed, 2 Sep 2020 03:13:44 +0000 (13:13 +1000)]
Avoid AIX compiler issue by making the macro argument names not match any substring
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12767)
Daniel Bevenius [Mon, 31 Aug 2020 06:07:13 +0000 (08:07 +0200)]
Fix typo in FIPS_MODULE endif macro comment
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12755)
Todd Short [Tue, 1 Sep 2020 18:50:03 +0000 (14:50 -0400)]
Fix post-condition in algorithm_do_this
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12760)
Todd Short [Mon, 31 Aug 2020 23:59:43 +0000 (19:59 -0400)]
Fix use of OPENSSL_realloc in provider
Fix OPENSSL_realloc failure case; `provider->operation_bits` memory
is lost when `OPENSSL_realloc()` returns NULL.
`operation_bits_sz` is never set to the length of the allocated array.
This means that operation_bits is always reallocated in
`ossl_provider_set_operation_bit()`, possibly shrinking the array.
In addition, it means that the `memset()` always zeros out the
whole reallocated array, not just the new part. Also, because
`operation_bits_sz` is always zero, the value of `*result` in
`ossl_provider_test_operation_bit()` will always be zero.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12760)
Dr. David von Oheimb [Fri, 28 Aug 2020 13:30:23 +0000 (15:30 +0200)]
apps/cmp.c: Clean up loading of certificates and CRLs
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751)
Jon Spillett [Tue, 1 Sep 2020 03:13:09 +0000 (13:13 +1000)]
Avoid uninitialised variable warning for jobs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12762)
Dr. David von Oheimb [Wed, 26 Aug 2020 08:11:14 +0000 (10:11 +0200)]
Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)
Felix Monninger [Tue, 30 Jun 2020 20:57:36 +0000 (22:57 +0200)]
also zero pad DHE public key in ClientKeyExchange message for interop
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12331)
John Baldwin [Wed, 5 Aug 2020 23:24:24 +0000 (16:24 -0700)]
Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data.
While here, check for failure from RAND_bytes_ex as well.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
Vadim Fedorenko [Fri, 31 Jul 2020 18:21:36 +0000 (11:21 -0700)]
Fix two issues with AES-CCM KTLS tests.
- Apply the cipher list to the server context as well as the client
context. The tests still worked for AES-GCM cipher suites as those
are in the default list of ciphers. AES-CCM cipher suites are not
in the default list and require the cipher list to be set.
- Use the correct cipher name for AES-CCM.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Wed, 29 Jul 2020 22:08:54 +0000 (15:08 -0700)]
Skip tests using KTLS RX for TLS 1.3.
KTLS RX is not yet supported for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Wed, 29 Jul 2020 22:08:25 +0000 (15:08 -0700)]
Skip tests using KTLS RX if KTLS RX is not supported.
This skips tests using KTLS RX when run on systems that only support
KTLS TX.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Wed, 29 Jul 2020 21:56:58 +0000 (14:56 -0700)]
Refactor the KTLS tests to minimize code duplication.
Use the low 4 bits of the test number directly as flags for which of
the connection sides should use KTLS or not for each test instead of
having 16 nearly identical functions to do the same thing.
This makes it easier to skip tests that aren't supported (e.g. KTLS RX
on TLS 1.3).
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Mon, 27 Jul 2020 18:35:13 +0000 (11:35 -0700)]
Move KTLS inline functions only used by libssl into ssl/ktls.c.
These functions are a bit large to inline and are not usable outside
of libssl.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Thu, 5 Dec 2019 00:50:06 +0000 (16:50 -0800)]
Support for KTLS TX on FreeBSD for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Thu, 5 Mar 2020 19:26:06 +0000 (11:26 -0800)]
Don't check errno if ktls_read_record() returned 0.
errno is only valid if ktls_read_record() fails with a negative return
value.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Thu, 31 Oct 2019 23:49:40 +0000 (16:49 -0700)]
Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.
Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled
by passing a session key to the kernel via a new socket option. Once
KTLS receive is enabled on a socket, the socket returns records via
recvmsg(). A control message attached to each record supplies the
original TLS header, and the decrypted plaintext is returned in the
data buffer passed to recvmsg().
To support the case that the userland buffer may already contain
pending encrypted records (which is already handled by Linux's KTLS
receive), the socket option structure for FreeBSD has been extended to
include the initial sequence number.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Wed, 10 Jun 2020 20:36:38 +0000 (13:36 -0700)]
Add helper functions for FreeBSD KTLS.
These are similar to the helpers added in
95badfeb60. I've adjusted
the arguments passed to ktls_check_supported_cipher and
ktls_configure_crypto so that FreeBSD and Linux can both use the same
signature to avoid OS-specific #ifdef's in libssl. This also required
moving the check on valid TLS versions into
ktls_check_supported_cipher for Linux. This has largely removed
OS-specific code and OS-specific #ifdef's for KTLS outside of
<internal/ktls.h>.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
John Baldwin [Fri, 24 Jul 2020 20:47:35 +0000 (13:47 -0700)]
Add a ktls_crypto_info_t typedef.
This type is defined to hold the OS-specific structure passed to
BIO_set_ktls.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
Jon Spillett [Fri, 21 Aug 2020 04:18:59 +0000 (14:18 +1000)]
Update test data for DSA public key text
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12688)
Jon Spillett [Wed, 19 Aug 2020 23:13:28 +0000 (09:13 +1000)]
Add the correct enum value for DSA public key serialization
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12688)
Shane Lontis [Fri, 21 Aug 2020 01:15:59 +0000 (11:15 +1000)]
Fix ECX serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
Shane Lontis [Fri, 21 Aug 2020 01:15:10 +0000 (11:15 +1000)]
Fix RSA serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
Shane Lontis [Fri, 21 Aug 2020 01:14:34 +0000 (11:14 +1000)]
Fix DSA serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
Shane Lontis [Fri, 21 Aug 2020 01:13:09 +0000 (11:13 +1000)]
Fix DH serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)