Pauli [Sun, 14 Jun 2020 22:13:43 +0000 (08:13 +1000)]
coverity
1464213: API usage errors (PRINTF_ARGS)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12149)
Pauli [Sun, 14 Jun 2020 22:11:13 +0000 (08:11 +1000)]
coverity
1464212,
1464214 &
1464215: Resource leaks
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12149)
Shane Lontis [Wed, 17 Jun 2020 01:33:16 +0000 (11:33 +1000)]
Add ACVP fips module tests
For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.
This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).
The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.
The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.
The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)
Dmitry Belyavskiy [Fri, 12 Jun 2020 07:59:46 +0000 (10:59 +0300)]
Update gost-engine submodule to match EVP_MAC renaming
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12124)
Nicola Tuveri [Sat, 13 Jun 2020 14:29:09 +0000 (17:29 +0300)]
Refactor BN_R_NO_INVERSE logic in internal functions
Closes #12129
As described in https://github.com/openssl/openssl/issues/12129 the
readability of the internal functions providing the two alternative
implementations for `BN_mod_inverse()` is a bit lacking.
Both these functions are now completely internal, so we have the
flexibility needed to slightly improve readability and remove
unnecessary NULL checks.
The main changes here are:
- rename `BN_mod_inverse_no_branch()` as `bn_mod_inverse_no_branch()`:
this function is `static` so it is not even visible within the rest of
libcrypto. By convention upcase prefixes are reserved for public
functions.
- remove `if (pnoinv == NULL)` checks in `int_bn_mod_inverse()`: this
function is internal to the BN module and we can guarantee that all
callers pass non-NULL arguments.
- `bn_mod_inverse_no_branch()` takes an extra `int *pnoinv` argument, so
that it can signal if no inverse exists for the given inputs: in this
way the caller is in charge of raising `BN_R_NO_INVERSE` as it is the
case for the non-consttime implementation of `int_bn_mod_inverse()`.
- `BN_mod_inverse()` is a public function and must guarantee that the
internal functions providing the actual implementation receive valid
arguments. If the caller passes a NULL `BN_CTX` we create a temporary
one for internal use.
- reorder function definitions in `crypto/bn/bn_gcd.c` to avoid forward
declaration of `static` functions (in preparation for inlining).
- inline `bn_mod_inverse_no_branch()`.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12142)
Dr. David von Oheimb [Thu, 28 May 2020 13:16:45 +0000 (15:16 +0200)]
Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs
Add/extend range check for 'fd' argument of BIO_socket_wait() and bio_wait()
Correct nap time calculations in bio_wait(), thus correcting also BIO_wait()
Update a type cast from 'unsigned long' to 'unsigned int'
Extend the comments and documentation of BIO_wait()
Rename BIO_connect_retry() to BIO_do_connect_retry()
Make its 'timeout' argument < 0 lead to BIO_do_connect() tried only once
Add optional 'nap_milliseconds' parameter determining the polling granularity
Correct and generalize the retry case checking
Extend the comments and documentation of BIO_do_connect_retry()
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11986)
Dr. David von Oheimb [Thu, 4 Jun 2020 08:33:28 +0000 (10:33 +0200)]
Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11986)
Dr. David von Oheimb [Wed, 3 Jun 2020 05:49:27 +0000 (07:49 +0200)]
Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11986)
olszomal [Fri, 12 Jun 2020 10:09:02 +0000 (12:09 +0200)]
CMS_get0_signers() description
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12055)
Richard Levitte [Sat, 13 Jun 2020 20:16:14 +0000 (22:16 +0200)]
EVP: allow empty strings to EVP_Decode* functions
This is a simple check order correction.
Fixes #12143
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12144)
Benjamin Kaduk [Sat, 13 Jun 2020 02:56:11 +0000 (19:56 -0700)]
Fix logic error for building x86 CAST assembly
The assembly code is not PIC, so we should only try to build it
when the configuration has disabled PIC, not the other way around.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12128)
Nicola Tuveri [Fri, 12 Jun 2020 15:11:09 +0000 (18:11 +0300)]
Fix nits detected by make cmd-nits
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12127)
Dr. David von Oheimb [Tue, 9 Jun 2020 12:04:49 +0000 (14:04 +0200)]
Update and extend NOTES.WIN, adding 'Quick start' subsection
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12098)
Dr. David von Oheimb [Sat, 30 May 2020 16:27:03 +0000 (18:27 +0200)]
Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Fri, 29 May 2020 19:52:27 +0000 (21:52 +0200)]
Remove extra newline from CMP mock server error and add TODO on using request template
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Fri, 29 May 2020 15:14:14 +0000 (17:14 +0200)]
Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update()
as checking expected_sender and adding caPubs is not part of msg validation.
Also constify a couple of internal and public functions related to cmp_vfy.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Fri, 29 May 2020 15:11:48 +0000 (17:11 +0200)]
Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Fri, 29 May 2020 15:10:48 +0000 (17:10 +0200)]
Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Fri, 29 May 2020 11:30:03 +0000 (13:30 +0200)]
Improve description of CMP untrusted certs and msg 'sender' field
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Fri, 29 May 2020 08:16:06 +0000 (10:16 +0200)]
Make CMP server use same protection for response as for request
Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Thu, 28 May 2020 19:42:26 +0000 (21:42 +0200)]
Fill in transactionID on any error in OSSL_CMP_SRV_process_request()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Thu, 28 May 2020 15:19:36 +0000 (17:19 +0200)]
Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update()
Bugfix: allow using extraCerts contained in msg already while checking signature
Improve function name, simplify its return value, and update its documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Thu, 28 May 2020 15:09:21 +0000 (17:09 +0200)]
Improve cert checking diagnostics of OSSL_CMP_validate_msg()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Wed, 27 May 2020 15:52:53 +0000 (17:52 +0200)]
Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Wed, 27 May 2020 15:28:35 +0000 (17:28 +0200)]
Correct error reason of verify_signature() in cmp_vfy.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Tue, 26 May 2020 09:09:03 +0000 (11:09 +0200)]
Extend error output of apps/opt_format() to all error cases
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Tue, 26 May 2020 08:44:10 +0000 (10:44 +0200)]
Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Tue, 26 May 2020 06:35:33 +0000 (08:35 +0200)]
Fix use of -no-proxy option of CMP app
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Mon, 25 May 2020 15:32:26 +0000 (17:32 +0200)]
Add request URL path checking and status responses to HTTP server
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Wed, 20 May 2020 13:10:05 +0000 (15:10 +0200)]
Allow subject of CMP -oldcert as sender unless protection cert is given
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Wed, 20 May 2020 07:14:30 +0000 (09:14 +0200)]
Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Wed, 20 May 2020 06:11:47 +0000 (08:11 +0200)]
Check expected sender not only for signature-protected CMP messages
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Tue, 19 May 2020 07:47:46 +0000 (09:47 +0200)]
Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Tue, 19 May 2020 10:30:11 +0000 (12:30 +0200)]
Streamline the approach to set CMP message recipient and expected sender
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Dr. David von Oheimb [Mon, 18 May 2020 08:50:30 +0000 (10:50 +0200)]
Fix too strict checks of ossl_cmp_calc_protection()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Pauli [Thu, 11 Jun 2020 22:48:06 +0000 (08:48 +1000)]
Guard new header mac.h against C++isms.
[extended tests]
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12121)
Pauli [Thu, 11 Jun 2020 21:49:18 +0000 (07:49 +1000)]
Fix two additional instances of the old EVP_MAC_CTX_ functions being used.
[extended tests]
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12121)
John Baldwin [Wed, 10 Jun 2020 22:19:00 +0000 (15:19 -0700)]
Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs.
BSD-generic32 already uses this for building shared libraries on other
32-bit BSD platforms. Commit
b7efa56 collapsed various *BSD targets
down to the BSD-generic ones and BSD-x86. At the time only
OpenBSD/i386 used `bsd-shared` while both FreeBSD and NetBSD used
`bsd-gcc-shared`. In practice, all of the BSDs are using either a
GCC/ld.bfd toolchain or a clang/lld toolchain both of which are
compatible with 'bsd-gcc-shared'.
Retire 'bsd-shared' since this removes the last user.
Fixes #12050.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12110)
Sebastian Andrzej Siewior [Sat, 6 Jun 2020 16:22:04 +0000 (18:22 +0200)]
doc: Add a hint to man3/EVP_$hash that it is legacy
Some hash algorithms are only provided by the legacy provider. This
information is not mentioned in EVP_md4(3) for md4 and one might wonder
why it is no longer working.
Add a note to the EVP_ man page for md2, md4, mdc2, ripemd160 and
whirlpool that it is only available with the legacy provider.
Fixes #11650
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)
Sebastian Andrzej Siewior [Sat, 6 Jun 2020 15:21:15 +0000 (17:21 +0200)]
APPS: Use a second EVP_MD_CTX for EdDSA verify
Verify for the two EdDSA algorithms fails in "speed eddsa".
It appears that the same ctx can not be used for the sign and verify
process.
Create a second EVP_MD_CTX for the verify purpose.
Fixes #11650
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)
Sebastian Andrzej Siewior [Sat, 6 Jun 2020 12:35:57 +0000 (14:35 +0200)]
APPS: Exclude legacy algorighms from speed
Legacy crypto algorithms are not provided by the default "provider"
leading to a warning.
Remove legacy algorithms from the set that is tested by default. The
algorihms can be tested manually if selected manually and using the
legacy provider.
Fixes #11650
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12074)
Pauli [Mon, 8 Jun 2020 22:53:05 +0000 (08:53 +1000)]
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.
Before 3.0 is released, the names are mutable and this prevents more
inconsistencies being introduced.
There are no functional or code changes.
Just the renaming and a little reformatting.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11997)
Pauli [Mon, 8 Jun 2020 23:10:41 +0000 (09:10 +1000)]
kdf: make function naming consistent.
The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11996)
Matt Caswell [Wed, 27 May 2020 10:50:05 +0000 (11:50 +0100)]
Make it clear that you can't use all ciphers for CMAC
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)
Matt Caswell [Wed, 27 May 2020 10:40:24 +0000 (11:40 +0100)]
Add a CMAC test
We did not have a test of the low level CMAC APIs so we add one. This is
heavily based on the HMAC test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)
Matt Caswell [Wed, 27 May 2020 10:38:39 +0000 (11:38 +0100)]
Correctly handle the return value from EVP_Cipher() in the CMAC code
EVP_Cipher() is a very low level routine that directly calls the
underlying cipher function. It's return value semantics are very odd.
Depending on the type of cipher 0 or -1 is returned on error. We should
just check for <=0 for a failure.
Fixes #11957
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)
Matt Caswell [Wed, 27 May 2020 10:37:39 +0000 (11:37 +0100)]
Ensure we never use a partially initialised CMAC_CTX
If the CMAC_CTX is partially initialised then we make a note of this so
that future operations will fail if the initialisation has not been
completed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11972)
Dr. David von Oheimb [Mon, 8 Jun 2020 11:40:34 +0000 (13:40 +0200)]
run_tests.pl: Add options for focussing output on failed (sub-)tests
VERBOSE_FAILURES_ONLY (VFO): verbose output only of failed (sub-)tests
VERBOSE_FAILURES_PROGRESS (VFP): in addition summary for passed tests
This adds a workaroud for TAP::Parser not coping well with indentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12088)
Dr. David von Oheimb [Fri, 5 Jun 2020 19:40:28 +0000 (21:40 +0200)]
Make error output of dhparams and dsaparams app more consistent
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12062)
Dr. David von Oheimb [Fri, 5 Jun 2020 19:27:34 +0000 (21:27 +0200)]
Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12062)
Dr. David von Oheimb [Fri, 5 Jun 2020 14:42:39 +0000 (16:42 +0200)]
Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12042)
Dr. David von Oheimb [Thu, 4 Jun 2020 10:37:50 +0000 (12:37 +0200)]
Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12042)
Shane Lontis [Tue, 9 Jun 2020 22:59:56 +0000 (08:59 +1000)]
Update RSA keygen to use sp800-56b by default
Fixes #11742
Fixes #11764
The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048.
Insecure key lengths and mutltiprime RSA will use the old method.
Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11765)
Tomas Mraz [Fri, 5 Jun 2020 08:50:25 +0000 (10:50 +0200)]
Add a test for renegotiation with EXTMS dropped
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12045)
Tomas Mraz [Thu, 4 Jun 2020 09:40:29 +0000 (11:40 +0200)]
Do not allow dropping Extended Master Secret extension on renegotiaton
Abort renegotiation if server receives client hello with Extended Master
Secret extension dropped in comparison to the initial session.
Fixes #9754
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12045)
Hubert Kario [Fri, 5 Jun 2020 18:21:55 +0000 (20:21 +0200)]
use safe primes in ssl_get_auto_dh()
DH_get_1024_160() and DH_get_2048_224() return parameters from
RFC5114. Those parameters include primes with known small subgroups,
making them unsafe. Change the code to use parameters from
RFC 2409 and RFC 3526 instead (group 2 and 14 respectively).
This patch also adds automatic selection of 4096 bit params for 4096 bit
RSA keys
Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12061)
Richard Levitte [Fri, 5 Jun 2020 21:40:49 +0000 (23:40 +0200)]
APPS: Fix 'openssl dhparam'
'dhparam' can't be completely rewritten in terms of EVP_PKEY functions
yet, because we lack X9.42 support. However, we do when generating,
but forgot to extract a DH pointer with EVP_PKEY_get0_DH().
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)
Richard Levitte [Thu, 4 Jun 2020 20:34:09 +0000 (22:34 +0200)]
APPS: Fix 'openssl dsaparam -genkey'
Using a parameter EVP_PKEY for key generation with EVP_PKEY routines
works a little differently than the raw DSA routines that were used
before.
While fixing that, clean away all remaining use of the DSA type, which
simplifies the code a bit more.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)
Richard Levitte [Thu, 4 Jun 2020 18:05:26 +0000 (20:05 +0200)]
EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info
In EVP_PKEY_METHOD code, the backend initializes ctx->keygen_info.
With provider side code, it's not possible to reach back into the
EVP_PKEY_CTX in the same manner, so we need to make that
initialization in the central generation function, EVP_PKEY_gen().
This isn't quite compatible with the idea that keygen_info could have
an arbitrary amount of elements, but since all our legacy backends use
exactly two elements, that's what we go for.
Fixes #12047
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)
Vadim Fedorenko [Mon, 4 May 2020 10:46:04 +0000 (13:46 +0300)]
TLSv1.3: additional checks in SSL_set_record_padding_callback
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
Vadim Fedorenko [Sat, 25 Jan 2020 18:49:41 +0000 (21:49 +0300)]
test: TLS1.3 and new ciphers for kTLS
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
Vadim Fedorenko [Sat, 25 Jan 2020 18:49:08 +0000 (21:49 +0300)]
TLSv13: add kTLS support
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
Vadim Fedorenko [Fri, 24 Jan 2020 13:57:56 +0000 (16:57 +0300)]
kTLS: add support for AES_CCM128 and AES_GCM256
The support of new algos is added by converting code to use
helper functions found in ktls.h.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
Vadim Fedorenko [Fri, 1 May 2020 20:56:48 +0000 (23:56 +0300)]
kTLS: add Linux-specific kTLS helpers
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
Vadim Fedorenko [Fri, 24 Jan 2020 13:08:02 +0000 (16:08 +0300)]
kTLS: add new algo definitions
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
Vadim Fedorenko [Fri, 24 Jan 2020 13:11:02 +0000 (16:11 +0300)]
kTLS: make ktls_start type independed
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
Hubert Kario [Sat, 6 Jun 2020 20:23:17 +0000 (22:23 +0200)]
fix doc typo in bn_dh.c
while RFC 2312 refers to S/MIME it doesn't actually declare any groups,
RFC 2412 actually talks about DH extensively and the group
defined in the code below is defined on page 47 of it
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12076)
Dr. David von Oheimb [Tue, 5 May 2020 12:04:30 +0000 (14:04 +0200)]
Fix 90-test_store.t for latest config, limits, providers, and disabled algos
Also make sure that the test do not 'pass' if their initialization fails.
Leave out the expensive parts of DSA key gen and RSA keygen for efficiency.
Fix use of the new CA configuration file test/ca-and-certs.cnf.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)
Dr. David von Oheimb [Wed, 6 May 2020 11:08:45 +0000 (13:08 +0200)]
Fix documentation of OSSL_STORE
Among others, make clear that OSSL_STORE_close() meanwhile does nothing on NULL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)
Dr. David von Oheimb [Tue, 5 May 2020 09:31:05 +0000 (11:31 +0200)]
Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)
Dr. David von Oheimb [Tue, 5 May 2020 12:18:46 +0000 (14:18 +0200)]
Add chain to PKCS#12 test file generation in 90-test_store.t
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)
Dr. David von Oheimb [Tue, 5 May 2020 09:24:49 +0000 (11:24 +0200)]
Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11733)
Richard Levitte [Fri, 5 Jun 2020 15:05:07 +0000 (17:05 +0200)]
TEST: Adjust test/bioprinttest.c to behave like the testutil routines
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12057)
Richard Levitte [Fri, 5 Jun 2020 15:04:33 +0000 (17:04 +0200)]
TESTUTIL: Adjust the rest of testutil
Fixes #12054
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12057)
Richard Levitte [Fri, 5 Jun 2020 14:55:42 +0000 (16:55 +0200)]
TESTUTIL: Separate TAP output and other output by BIO filter
Output that's supposed to be understood by a TAP parser gets its own
BIOs (|tap_out| and |tap_err|), and is only used internally within
testutils. |bio_out| and |bio_err| is now only used for output that
shouldn't be parsed by the TAP parser, and all output written to those
BIOs are therefore always made to look like comments (it gets prefixed
with "# ").
Indentation and prefixing with "# " is reworked to use BIO_f_prefix(),
which allows us to throw away the internal BIO_f_tap().
The indentation level is now adjusted via a special function.
Fixes #12054
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12057)
Dr. David von Oheimb [Tue, 2 Jun 2020 11:02:42 +0000 (13:02 +0200)]
Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake()
Also documents that they meanwhile try all IP addresses resolved for a given domain name
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12017)
Richard Levitte [Fri, 22 May 2020 17:09:45 +0000 (19:09 +0200)]
APPS: Remove unnecessary NULL check of uri in load_cert_pass()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11873)
Richard Levitte [Tue, 19 May 2020 13:56:18 +0000 (15:56 +0200)]
APPS: Make it possible to load_cert() from stdin again
Fixes #11871
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11873)
Benjamin Kaduk [Thu, 28 May 2020 21:34:10 +0000 (14:34 -0700)]
Fix a typo in SSL_CTX_set_session_ticket_cb.pod
"SSL" takes two esses, not three.
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12038)
Matt Caswell [Tue, 2 Jun 2020 07:57:26 +0000 (08:57 +0100)]
Don't downgrade keys in libssl
We were downgrading to legacy keys at various points in libssl in
order to get or set an encoded point. Now that the encoded point
functions work with provided keys this is no longer necessary.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)
Matt Caswell [Thu, 21 May 2020 10:36:21 +0000 (11:36 +0100)]
When asked if an ECX key has parameters we should answer "true"
An ECX key doesn't have any parameters associated with it. Therefore it
always has all the parameters it needs, and the "has" function should
return 1 if asked about parameters. Without this
EVP_PKEY_missing_parameters() fails for ECX keys.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)
Matt Caswell [Thu, 21 May 2020 10:33:53 +0000 (11:33 +0100)]
Always create a key when importing
Even if there is no data to import we should still create an empty key.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)
Matt Caswell [Wed, 20 May 2020 15:20:27 +0000 (16:20 +0100)]
Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys
EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present
which isn't the case for provided keys. Support has been added to dh,
ec and ecx keys.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)
Matt Caswell [Wed, 13 May 2020 13:45:36 +0000 (14:45 +0100)]
Fix error path in int create_ssl_ctx_pair()
If we hit the error path and create_ssl_ctx_pair has been passed a
pre-created SSL_CTX then we could end up with a double free.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)
Matt Caswell [Fri, 8 May 2020 15:43:14 +0000 (16:43 +0100)]
Implement a test for sigalgs not being present
If sigalgs are not present we should not offer or accept them. We should
test that we handle this correctly.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)
Matt Caswell [Mon, 4 May 2020 15:26:07 +0000 (16:26 +0100)]
Implement a Filtering Provider
The filtering provider can be used to place a filter in front of the
default provider. Initially to filter out certain algorithms from being
available for test purposes.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)
Matt Caswell [Fri, 8 May 2020 15:44:02 +0000 (16:44 +0100)]
Implement OSSL_PROVIDER_get0_provider_ctx()
Implement a function which enables us to get hold of the provider ctx
for a loaded provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)
Matt Caswell [Mon, 4 May 2020 14:28:15 +0000 (15:28 +0100)]
Enable applications to directly call a provider's query operation
This is useful to get hold of the low-level dispatch tables. This could
be used to create a new provider based on an existing one.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)
Matt Caswell [Fri, 1 May 2020 16:41:25 +0000 (17:41 +0100)]
Check that Signature Algorithms are available before using them
We should confirm that Signature Algorithms are actually available
through the loaded providers before we offer or select them.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)
Richard Levitte [Wed, 3 Jun 2020 08:49:50 +0000 (10:49 +0200)]
APPS: Drop interactive mode in the 'openssl' program
This mode is severely untested and unmaintained, is seems not to be
used very much.
Closes #4679
Closes #6292
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12023)
Dr. David von Oheimb [Wed, 3 Jun 2020 12:13:01 +0000 (14:13 +0200)]
Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md
This is a follow-up of PR #12013.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12026)
Pauli [Wed, 3 Jun 2020 00:55:49 +0000 (10:55 +1000)]
fips: add additional algorithms to the FIPS provider.
Discussions are ongoing but the OMC has approved the in-principle addition
of these algorithms to the upcoming FIPS validation.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12020)
Jaimee Brown [Wed, 3 Jun 2020 04:28:06 +0000 (14:28 +1000)]
Minor doc fix for EVP_PKEY_CTX_new_from_pkey
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12021)
Kurt Roeckx [Wed, 3 Jun 2020 20:01:31 +0000 (22:01 +0200)]
Add github sponsor button
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #12035
Nicola Tuveri [Tue, 2 Jun 2020 18:06:48 +0000 (21:06 +0300)]
[crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation
`crypto/ec/ecp_nistz256.c` contained code sections guarded by a
`ECP_NISTZ256_AVX2` define.
The relevant comment read:
> /*
> * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great
> * code processing 4 points in parallel, corresponding serial operation
> * is several times slower, because it uses 29x29=58-bit multiplication
> * as opposite to 64x64=128-bit in integer-only scalar case. As result
> * it doesn't provide *significant* performance improvement. Note that
> * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work,
> * you'd need to compile even asm/ecp_nistz256-avx.pl module.
> */
Without diminishing the quality of the original submission, it's evident
that this code has been basically unreachable without modifications to
the library source code and is under-tested.
This commit removes these sections from the codebase.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12019)
Otto Hollmann [Thu, 28 May 2020 11:39:33 +0000 (13:39 +0200)]
Add cipher list ciphersuites which using encryption algorithm in mode CBC.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11984)
Richard Levitte [Sat, 23 May 2020 14:39:18 +0000 (16:39 +0200)]
CORE: make sure activated fallback providers stay activated
Calling 'OSSL_PROVIDER_available(NULL, "default")' would search for
the "default" provider, and in doing so, activate it if necessary,
thereby detecting that it's available... and then immediately free
it, which could deactivate that provider, even though it should stay
available.
We solve this by incrementing the refcount for activated fallbacks one
extra time, thereby simulating an explicit OSSL_PROVIDER_load(), and
compensate for it with an extra ossl_provider_free() when emptying the
provider store.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11926)
Richard Levitte [Sat, 23 May 2020 14:34:07 +0000 (16:34 +0200)]
TEST: Add provider_fallback_test, to test aspects of fallback providers
There are cases where the fallback providers aren't treated right.
For example, the following calls, in that order, will end up with
a failed EVP_KEYMGMT_fetch(), even thought the default provider
does supply an implementation of the "RSA" keytype.
EVP_KEYMGMT *rsameth = NULL;
OSSL_PROVIDER_available(NULL, "default");
rsameth = EVP_KEYMGMT_fetch(NULL, "RSA", NULL);
For good measure, this also tests that explicit loading of the default
provider won't fail.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11926)
Aaron Thompson [Sat, 11 Apr 2020 00:56:15 +0000 (00:56 +0000)]
Fix missed fields in EVP_PKEY_meth_copy.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11514)
Matt Caswell [Thu, 4 Jun 2020 13:58:20 +0000 (14:58 +0100)]
Prepare for 3.0 alpha 4
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>