Matt Caswell [Fri, 7 May 2021 10:18:57 +0000 (11:18 +0100)]
Update FIPS checksums
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Fri, 7 May 2021 10:03:59 +0000 (11:03 +0100)]
Exclude child provider code from the FIPS module
We don't need the child provider code in the FIPS module so we exclude
it.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Wed, 5 May 2021 13:43:19 +0000 (14:43 +0100)]
Update documentation following addition of OSSL_LIB_CTX_new_child()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Tue, 4 May 2021 16:38:10 +0000 (17:38 +0100)]
Add additional testing of child libctx/providers
Add a case where a provider explicitly loads a provider into a child
libctx where it does not already exist.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Tue, 4 May 2021 15:23:31 +0000 (16:23 +0100)]
Don't convert pre-existing providers into children
If a provider explicitly loads another provider into a child libctx where
it wasn't previously loaded then we don't start treating it like a child
if the parent libctx subsequently loads the same provider.
Fixes #14925
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Thu, 29 Apr 2021 15:37:42 +0000 (16:37 +0100)]
Add support for child provider to up_ref/free their parent
If the ref counts on a child provider change, then this needs to be
reflected in the parent so we add callbacks to do this.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Mon, 26 Apr 2021 15:00:04 +0000 (16:00 +0100)]
Add a test to check that child provider callbacks are working
Write a test to confirm that if a provider is unloaded/loaded into a
libctx then it is similarly unloaded/loaded from any child libctxs.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Fri, 23 Apr 2021 11:08:27 +0000 (12:08 +0100)]
Register callbacks with core for child provider creation/deletion
By adding callbacks to the core this will enable (in future commits) the
ability to add/remove child providers as the providers are added/removed
from the parent libctx.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Thu, 22 Apr 2021 14:58:50 +0000 (15:58 +0100)]
Add a test for OSSL_LIB_CTX_new_child()
Check that we can create such a libctx and usable providers are loaded
into it.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Thu, 22 Apr 2021 07:31:08 +0000 (08:31 +0100)]
Modify the legacy provider to use OSSL_LIB_CTX_new_child()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Wed, 21 Apr 2021 15:51:41 +0000 (16:51 +0100)]
Add the concept of a child OSSL_LIB_CTX
Add a child OSSL_LIB_CTX that will mirror the providers loaded into the
parent libctx. This is useful for providers that want to use algorithms
from other providers and just need to inherit the providers used by the
application.
Fixes #14925
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Mon, 26 Apr 2021 10:35:17 +0000 (11:35 +0100)]
Add the ability for ex_data to have a priority
Where an object has multiple ex_data associated with it, then we free that
ex_data in order of priority (high priority first).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Matt Caswell [Thu, 22 Apr 2021 08:43:22 +0000 (09:43 +0100)]
Only load the config file into the default libctx if necessary
There is no need to load providers from the config file into the default
libctx, if the current libctx that we are using isn't the default libctx.
This avoids some deadlock situations.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
Dr. David von Oheimb [Wed, 14 Apr 2021 16:29:22 +0000 (18:29 +0200)]
Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
Dr. David von Oheimb [Sat, 20 Mar 2021 12:49:08 +0000 (13:49 +0100)]
Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
Dmitry Belyavskiy [Tue, 4 May 2021 18:47:42 +0000 (20:47 +0200)]
Tests for creating req from PKCS8 keys with extra attrs
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15142)
Michael Richardson [Wed, 14 Apr 2021 15:44:41 +0000 (11:44 -0400)]
reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14877)
Pauli [Sat, 8 May 2021 12:05:45 +0000 (22:05 +1000)]
Reduce the runtime/output from the gmdiff test
Reduce from 1e6 iterations to 1e3. Add additional cases to cover the same
range although most intermediate values will be skipped.
Fixes #15185
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15202)
David CARLIER [Mon, 19 Apr 2021 20:26:50 +0000 (21:26 +0100)]
armcap: fix Mac M1 SHA512 support.
The SIGILL catch/trap works however disabled purposely for Darwin,
thus relying on native api instead.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14935)
Shane Lontis [Wed, 5 May 2021 06:58:37 +0000 (16:58 +1000)]
Fix i2d_PKCS8PrivateKey_nid_bio() regression.
This method ignores the nid and could end up saving out the private key unencrypted
In earlier alpha releases OSSL_num_encoders() returned 0 for this test
case, which then meant that the legacy path was run, and the key was
then correctly encrypted.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15152)
Pauli [Mon, 10 May 2021 00:47:37 +0000 (10:47 +1000)]
checksum fix
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15209)
Daniel Bevenius [Wed, 28 Apr 2021 08:30:13 +0000 (10:30 +0200)]
Mark pop/clear error stack in der2key_decode_p8
This commit sets the error mark before calling d2i_X509_SIG
and clear it if that function call is successful.
The motivation for this is that if d2i_X509_SIG returns NULL then the
else clause will be entered and d2i_PKCS8_PRIV_KEY_INFO will be
called. If d2i_X509_SIG raised any errors those error will be on the
error stack when d2i_PKCS8_PRIV_KEY_INFO gets called, and even if it
returns successfully those errors will still be on the error stack.
We ran into this issue when upgrading Node.js to 3.0.0-alpha15.
More details can be found in the ref links below.
Refs: https://github.com/nodejs/node/issues/38373
Refs: https://github.com/danbev/learning-libcrypto/blob/master/notes/wrong-tag-issue2.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15067)
David Carlier [Sat, 24 Apr 2021 15:13:26 +0000 (16:13 +0100)]
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15015)
fangming.fang [Fri, 19 Mar 2021 06:45:57 +0000 (06:45 +0000)]
Optimize RSA on armv8
Add Neon path for RSA on armv8, this optimisation targets to A72
and N1 that are ones of important cores of infrastructure. Other
platforms are not impacted.
A72
old new improved
rsa 512 sign 9828.6 9738.7 -1%
rsa 512 verify 121497.2 122367.7 1%
rsa 1024 sign 1818 1816.9 0%
rsa 1024 verify 37175.6 37161.3 0%
rsa 2048 sign 267.3 267.4 0%
rsa 2048 verify 10127.6 10119.6 0%
rsa 3072 sign 86.8 87 0%
rsa 3072 verify 4604.2 4956.2 8%
rsa 4096 sign 38.3 38.5 1%
rsa 4096 verify 2619.8 2972.1 13%
rsa 7680 sign 5 7 40%
rsa 7680 verify 756 929.4 23%
rsa 15360 sign 0.8 1 25%
rsa 15360 verify 190.4 246 29%
N1
old new improved
rsa 512 sign 12599.2 12596.7 0%
rsa 512 verify 148636.1 148656.2 0%
rsa 1024 sign 2150.6 2148.9 0%
rsa 1024 verify 42353.5 42265.2 0%
rsa 2048 sign 305.5 305.3 0%
rsa 2048 verify 11209.7 11205.2 0%
rsa 3072 sign 97.8 98.2 0%
rsa 3072 verify 5061.3 5990.7 18%
rsa 4096 sign 42.8 43 0%
rsa 4096 verify 2867.6 3509.8 22%
rsa 7680 sign 5.5 8.4 53%
rsa 7680 verify 823.5 1058.3 29%
rsa 15360 sign 0.9 1.1 22%
rsa 15360 verify 207 273.9 32%
CustomizedGitHooks: yes
Change-Id: I01c732cc429d793c4eb5ffd27ccd30ff9cebf8af
Jira: SECLIB-540
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14761)
Nicola Tuveri [Sun, 9 May 2021 11:57:14 +0000 (14:57 +0300)]
FIPS checksums update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15108)
Theo Buehler [Sat, 1 May 2021 11:09:10 +0000 (13:09 +0200)]
Test oct2point for hybrid point encoding of (0, y)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15108)
Theo Buehler [Sat, 1 May 2021 10:25:50 +0000 (12:25 +0200)]
Avoid division by zero in hybrid point encoding
In hybrid and compressed point encodings, the form octet contains a bit
of information allowing to calculate y from x. For a point on a binary
curve, this bit is zero if x is zero, otherwise it must match the
rightmost bit of of the field element y / x. The existing code only
considers the second possibility. It could thus incorrecly fail with a
division by zero error as found by Guido Vranken's cryptofuzz.
This commit adds a few explanatory comments to oct2point. The only
actual code change is in the last hunk which adds a BN_is_zero(x)
check to avoid the division by zero.
Fixes #15021
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15108)
Benjamin Kaduk [Tue, 4 May 2021 19:33:28 +0000 (12:33 -0700)]
tasn_dec: use do/while around statement macros
Use the do {} while (0) construct around macros whose bodies are complete
statements (including one that has internal control flow!). This is
safer and avoids any risk of misinterpretation if the macro is used in
an unexpected context.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15143)
Dr. David von Oheimb [Wed, 5 May 2021 10:32:18 +0000 (12:32 +0200)]
80-test_cmp_http.t: Improve fuzzing exclusion pattern
Fixes #14966
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15158)
Dr. David von Oheimb [Sat, 20 Mar 2021 12:57:08 +0000 (13:57 +0100)]
ssl.h.in: Fix deprecation exclusion for SRP-related declarations
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15176)
Dr. David von Oheimb [Mon, 29 Mar 2021 17:32:48 +0000 (19:32 +0200)]
Crypto: Add deprecation compatibility declarations for SHA* message digest functions
Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14741)
Dr. David von Oheimb [Mon, 29 Mar 2021 17:42:33 +0000 (19:42 +0200)]
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
This helps compensating for deprecated functions such as HMAC()
and reduces clutter in the crypto lib, apps, and tests.
Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c.
and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod
Partially fixes #14628.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14664)
Dr. David von Oheimb [Wed, 24 Mar 2021 08:11:13 +0000 (09:11 +0100)]
DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14664)
Pauli [Fri, 7 May 2021 05:48:27 +0000 (15:48 +1000)]
apps/mac: Add digest and cipher command line options
Add -cipher and -digest as short forms of -macopt cipher: and -macopt digest:
respectively.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15189)
Pauli [Fri, 7 May 2021 04:19:06 +0000 (14:19 +1000)]
apps/mac: avoid need for two ^D when using stdin from a terminal
Fixes #13246
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15189)
Pauli [Fri, 7 May 2021 04:12:38 +0000 (14:12 +1000)]
apps: remove initial newline from mac output
Fixes #13247
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15189)
Pauli [Fri, 7 May 2021 06:58:16 +0000 (16:58 +1000)]
apps: add mac, cipher and digest arguments to the kdf applet.
This adds -digest, -mac and -cipher which correspond to -kdfopt digest: and
-kdfopt mac: and -kdfopt cipher: respectively.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15190)
Shane Lontis [Thu, 6 May 2021 04:03:20 +0000 (14:03 +1000)]
Remove unused code from the fips module
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15167)
Martin Schwenke [Wed, 14 Apr 2021 04:31:58 +0000 (14:31 +1000)]
bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
Overall improvement for p384 of ~18% on Power 9, compared to existing
Power assembling code. See comment in code for more details.
Multiple unrolled versions could be generated for values other than
6. However, for TLS 1.3 the only other ECC algorithms that might use
Montgomery Multiplication are p256 and p521, but these have custom
algorithms that don't use Montgomery Multiplication. Non-ECC
algorithms are likely to use larger key lengths that won't fit into
the n <= 10 length limitation of this code.
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15175)
Scott McPeak [Fri, 23 Apr 2021 10:31:54 +0000 (03:31 -0700)]
BIO_printf.pod: Clarify that output is always null terminated.
The original text was ambiguous about termination for errors other
than insufficient space. See issue #14772.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15000)
Pauli [Fri, 7 May 2021 13:51:27 +0000 (23:51 +1000)]
FIPS checksum update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)
Pauli [Wed, 5 May 2021 10:47:02 +0000 (20:47 +1000)]
provider: use a read lock when looking for a provider
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)
Pauli [Wed, 5 May 2021 01:22:08 +0000 (11:22 +1000)]
doc: document the new ossl_provider_clear_all_operation_bits() function
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)
Pauli [Tue, 27 Apr 2021 05:29:16 +0000 (15:29 +1000)]
test: add a provider load/unload cache flush test.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)
Pauli [Tue, 27 Apr 2021 05:17:25 +0000 (15:17 +1000)]
provider: flush the store cache when providers are loaded/unloaded.
When the providers change, the method cache needs to be flushed. This also
impacts the cache is full partial flushes and the algorithm flushing by ID.
A new function is introduced to clear all of the operation bits in all
providers in a library context.
Fixes #15032
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)
Tomas Mraz [Thu, 6 May 2021 12:05:59 +0000 (14:05 +0200)]
Updated gost-engine to latest commit from master branch
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15180)
Tomas Mraz [Thu, 6 May 2021 11:28:13 +0000 (13:28 +0200)]
Unify parameter types in documentation
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15178)
Jon Spillett [Wed, 28 Apr 2021 03:01:48 +0000 (13:01 +1000)]
Fixes #14662. Return all EC parameters even for named curves
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15060)
Jon Spillett [Tue, 4 May 2021 05:19:42 +0000 (15:19 +1000)]
Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15130)
Richard Levitte [Thu, 6 May 2021 07:03:23 +0000 (09:03 +0200)]
make update
The impact on the FIPS checksum files is pretty significant
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)
Richard Levitte [Thu, 6 May 2021 06:48:15 +0000 (08:48 +0200)]
Drop libimplementations.a
libimplementations.a was a nice idea, but had a few flaws:
1. The idea to have common code in libimplementations.a and FIPS
sensitive helper functions in libfips.a / libnonfips.a didn't
catch on, and we saw full implementation ending up in them instead
and not appearing in libimplementations.a at all.
2. Because more or less ALL algorithm implementations were included
in libimplementations.a (the idea being that the appropriate
objects from it would be selected automatically by the linker when
building the shared libraries), it's very hard to find only the
implementation source that should go into the FIPS module, with
the result that the FIPS checksum mechanism include source files
that it shouldn't
To mitigate, we drop libimplementations.a, but retain the idea of
collecting implementations in static libraries. With that, we not
have:
libfips.a
Includes all implementations that should become part of the FIPS
provider.
liblegacy.a
Includes all implementations that should become part of the legacy
provider.
libdefault.a
Includes all implementations that should become part of the
default and base providers.
With this, libnonfips.a becomes irrelevant and is dropped.
libcommon.a is retained to include common provider code that can be
used uniformly by all providers.
Fixes #15157
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)
Richard Levitte [Thu, 6 May 2021 06:40:18 +0000 (08:40 +0200)]
Rename files in providers/implementations/signatures
It was discovered that eddsa.c exist in two places, here and in
crypto/ec/curve448/, which would result in a file name clash if they
ever end up in the same library.
To mitigate, we rename the copy in providers/implementations/signatures
to have '_sig' in the file name, and do the same with all other source
files in this directory, for consistency.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)
Pauli [Thu, 6 May 2021 05:22:38 +0000 (15:22 +1000)]
changes: add note about application output formatting differences.
Fixes #13220
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15168)
Dmitry Belyavskiy [Wed, 5 May 2021 12:29:28 +0000 (14:29 +0200)]
Avoid sending alerts after shutdown
Fixes #11388
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15159)
Petr Gotthard [Sun, 18 Apr 2021 16:28:25 +0000 (18:28 +0200)]
Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT,
so a check for NULL is needed.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14919)
Tomas Mraz [Tue, 4 May 2021 13:38:48 +0000 (15:38 +0200)]
evp_extra_test: Avoid potential double free of params
Fixes #14916
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15135)
Daniel Bevenius [Wed, 5 May 2021 06:56:36 +0000 (08:56 +0200)]
Clarify where dispatch functions/ids are defined
When reading the comment for ossl_dispatch_st it seems to indicate that
the function_id numbers are defined further down in the same file. But I
was not able to find them there, but instead in core_dispatch.h.
This commit suggests updating the comment to point to core_dispatch.h
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15156)
Daniel Bevenius [Wed, 5 May 2021 03:39:56 +0000 (05:39 +0200)]
Clarify two comments (typos) in fipsprov.c
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15150)
Matt Caswell [Thu, 6 May 2021 12:15:11 +0000 (13:15 +0100)]
Prepare for 3.0 alpha 17
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Matt Caswell [Thu, 6 May 2021 12:15:03 +0000 (13:15 +0100)]
Prepare for release of 3.0 alpha 16
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Matt Caswell [Thu, 6 May 2021 12:03:23 +0000 (13:03 +0100)]
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15181)
Matt Caswell [Thu, 6 May 2021 11:04:38 +0000 (12:04 +0100)]
Update the FIPS checksums
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15177)
Tomas Mraz [Mon, 3 May 2021 12:40:06 +0000 (14:40 +0200)]
Add some tests for -inform/keyform enforcement
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
Tomas Mraz [Mon, 3 May 2021 12:15:26 +0000 (14:15 +0200)]
Document the behavior of the -inform and related options
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
Tomas Mraz [Mon, 3 May 2021 12:14:54 +0000 (14:14 +0200)]
provider-storemgmt: Document the input-type and properties parameters.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
Tomas Mraz [Mon, 3 May 2021 06:45:52 +0000 (08:45 +0200)]
Update gost-engine to make it compatible with the added params
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
Tomas Mraz [Fri, 30 Apr 2021 14:57:53 +0000 (16:57 +0200)]
Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.
The input type format is enforced only in case the file
type file store is used.
By default we use FORMAT_UNDEF meaning the input type
is not enforced.
Fixes #14569
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
EasySec [Mon, 3 May 2021 22:24:24 +0000 (00:24 +0200)]
try to document changes in salt handling for the 'enc' command
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4486)
EasySec [Sat, 30 Dec 2017 15:19:47 +0000 (16:19 +0100)]
change salt handling, way 1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4486)
Pauli [Mon, 3 May 2021 22:23:10 +0000 (08:23 +1000)]
coverity: fix
1478169: dereference after NULL check
The code path shouldn't occur in our code but could in an application.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15128)
Rich Salz [Tue, 4 May 2021 16:05:54 +0000 (12:05 -0400)]
Remove all trace of FIPS_mode functions
Removed error codes, and the mention of the functions.
This removal is already documented in the CHANGES doc.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15140)
Dr. David von Oheimb [Tue, 4 May 2021 06:05:44 +0000 (08:05 +0200)]
Deprecate X509{,_CRL}_http_nbio() and simplify their definition
This is done by making use of OCSP_REQ_CTX_nbio_d2i().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15131)
Dr. David von Oheimb [Sat, 1 May 2021 13:29:00 +0000 (15:29 +0200)]
APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
Dr. David von Oheimb [Sat, 1 May 2021 12:35:21 +0000 (14:35 +0200)]
APPS: Slightly extend and improve documentation of the opt_ API
Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
Benjamin Kaduk [Mon, 3 May 2021 20:23:53 +0000 (13:23 -0700)]
adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
The "bad DTLS" tests run into trouble due to the special behavior
for that "bad" version, and the SSL record tests need to set the
-legacy_server_connect flag to allow an SSLv2 ClientHello to work
against any TLS server (since SSLv2 ClientHello messages cannot
carry extensions as would be needed in order to negotiate the use
of the renegitiation_info extension).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)
Benjamin Kaduk [Mon, 3 May 2021 20:43:55 +0000 (13:43 -0700)]
Correct ssl_conf logic for "legacy_server_connect"
This option is only useful for the client, but it was previously
marked as only being applicable for servers.
Correct the entry to properly mark it as client-only, and update the
s_server/s_client manuals accordingly.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)
Benjamin Kaduk [Mon, 3 May 2021 19:16:19 +0000 (12:16 -0700)]
Enforce secure renegotiation support by default
Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in
SSL_CTX_new(), to allow connections to legacy servers that did not
implement RFC 5746.
It has been more than a decade since RFC 5746 was published, so
there has been plenty of time for implmentation support to roll out.
Change the default behavior to be to require peers to support
secure renegotiation. Existing applications that already cleared
SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as
re-clearing the flag is just a little bit of redundant work.
The old behavior is still available by explicitly setting the flag
in the application.
Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for
similar reasons.
Document the behavior change in CHANGES.md, and update the
SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change
in default behavior.
Fixes: 14848
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)
Tomas Mraz [Tue, 4 May 2021 14:53:42 +0000 (16:53 +0200)]
Fix missing symbols in no-cms and no-ts build
Fixes #15137
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15138)
Pauli [Wed, 28 Apr 2021 02:58:35 +0000 (12:58 +1000)]
mac: add EVP_MAC_finalXOF() function
Fixes #14140
Fixes #13232
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
Pauli [Wed, 28 Apr 2021 02:58:08 +0000 (12:58 +1000)]
mac: allow XOF MACs to be specified either via control or via the dedicated function
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
Pauli [Thu, 29 Apr 2021 01:08:42 +0000 (11:08 +1000)]
mac: update life-cycle description and diagrams to include finalXOF
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
Pauli [Wed, 28 Apr 2021 03:01:22 +0000 (13:01 +1000)]
doc: document EVP_MAC_finalXOF()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
Rich Salz [Fri, 30 Apr 2021 16:18:00 +0000 (12:18 -0400)]
Add .includedir pragma
Also add a negative test, and fix typo's.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
Rich Salz [Thu, 29 Apr 2021 20:22:30 +0000 (16:22 -0400)]
Allow absolute paths to be set
It was a mistake to allow relative paths for include files (just
like root shouldn't have "." in its PATH), but we probably can't
change it now. Add a new pragma "abspath" that someone can put
in the system-wide config file to require absolute paths.
Also update the config documentation to better explain how file
inclusion works.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
Rich Salz [Mon, 26 Apr 2021 21:27:32 +0000 (17:27 -0400)]
Note that dhparam does support X9.42
Fix other wording, too.
Fixes: #13151
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15038)
Dr. David von Oheimb [Tue, 2 Mar 2021 12:20:38 +0000 (13:20 +0100)]
cleanup where purpose is not needed in 25-test_verify.t
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14413)
Dr. David von Oheimb [Tue, 2 Mar 2021 14:14:24 +0000 (15:14 +0100)]
test/certs/setup.sh: Fix two glitches
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14413)
Dr. David von Oheimb [Tue, 2 Mar 2021 12:17:28 +0000 (13:17 +0100)]
update test/certs/ee-pathlen.pem to contain SKID and AKID
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14413)
Dr. David von Oheimb [Tue, 2 Mar 2021 12:16:30 +0000 (13:16 +0100)]
test/certs/setup.sh: structural cleanup
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14413)
Rich Salz [Sun, 14 Feb 2021 19:34:22 +0000 (14:34 -0500)]
Fetch cipher-wrap after loading providers.
Use official (first) names for wrapping algorithms.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14182)
Shane Lontis [Sat, 1 May 2021 04:49:25 +0000 (14:49 +1000)]
Fix KMAC bounds checks.
Setting an output length higher than 8191 was causing a buffer overflow.
This was reported by Acumen (FIPS lab).
The max output size has increased to ~2M and it now checks this during set_parameters.
The encoder related functions now pass in the maximum size of the output buffer so they
can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in
order to calculate and check the length before encoding.
Note that right_encode() is currently only used in one place but this
may change if other algorithms are supported (such as TupleHash).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15106)
Tomas Mraz [Mon, 3 May 2021 13:45:31 +0000 (15:45 +0200)]
Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
The maximum (theoretical) block size of SHA3 is 200 bytes.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15125)
Richard Levitte [Wed, 28 Apr 2021 16:08:00 +0000 (18:08 +0200)]
DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
Fixes #11165
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15073)
Dr. David von Oheimb [Fri, 30 Apr 2021 16:36:00 +0000 (18:36 +0200)]
HTTP client: Correct the use of optional proxy URL and its documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15104)
Dr. David von Oheimb [Sat, 1 May 2021 20:19:54 +0000 (22:19 +0200)]
testutil/load.c: Add checks for file(name) == NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15120)
Dr. David von Oheimb [Mon, 26 Apr 2021 12:55:18 +0000 (14:55 +0200)]
BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)
Dr. David von Oheimb [Mon, 26 Apr 2021 12:51:34 +0000 (14:51 +0200)]
OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)
Dr. David von Oheimb [Mon, 26 Apr 2021 12:58:19 +0000 (14:58 +0200)]
APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)
Dr. David von Oheimb [Mon, 26 Apr 2021 12:57:05 +0000 (14:57 +0200)]
OSSL_STORE_expect(): Improve error handling and documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)
Dr. David von Oheimb [Fri, 30 Apr 2021 16:29:12 +0000 (18:29 +0200)]
OCSP: Minor improvements of documentation and header file
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15103)
projects / openssl.git / log