Rich Salz [Tue, 25 Feb 2020 18:25:13 +0000 (13:25 -0500)]
Use .cnf for config files, not .conf
The default is openssl.cnf The project seems to prefer xxx.conf these
days, but we should use the default convention.
Rename all foo.conf (except for Configurations) to foo.cnf
Fixes #11174
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)
Rich Salz [Tue, 25 Feb 2020 17:03:44 +0000 (12:03 -0500)]
Remove unused files
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)
Roger Ning [Mon, 2 Mar 2020 05:35:02 +0000 (13:35 +0800)]
fix a minor bug of s_client
CLA: trivial
-CAstore's option should be OPT_CASTORE, instead of OPT_CAFILE
correct also -no-CAstore option from OPT_NOCAPATH to OPT_NOCASTORE
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11215)
Leo Neat [Fri, 21 Feb 2020 00:42:32 +0000 (16:42 -0800)]
Add CIFuzz action
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11140)
Patrick Steuer [Tue, 3 Mar 2020 12:29:03 +0000 (13:29 +0100)]
crypto/ec/curve448/eddsa.c: fix EBCDIC platforms
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11229)
Patrick Steuer [Tue, 3 Mar 2020 16:40:07 +0000 (17:40 +0100)]
aes-s390x.pl: fix stg offset caused by typo in perlasm
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11234)
Vladimir Panteleev [Mon, 2 Mar 2020 20:36:07 +0000 (20:36 +0000)]
.github/PULL_REQUEST_TEMPLATE.md: Fix link to contributors guide
The file was converted to Markdown and renamed appropriately in
2e07506a12e126894cd820304465162bc0e732b4.
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11223)
Shane Lontis [Tue, 21 Jan 2020 05:57:25 +0000 (15:57 +1000)]
Add DSA Key validation to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10912)
Shane Lontis [Tue, 21 Jan 2020 05:45:40 +0000 (15:45 +1000)]
Add DH key validation to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10911)
Richard Levitte [Mon, 2 Mar 2020 09:50:24 +0000 (10:50 +0100)]
config, Configure: move the check of removed crypto/ sub-systems
The 'config' script checked for a bunch of crypto/ sub-system
directories, and added 'no-' options if they weren't there.
We move it to 'Configure' in an effort to simplify 'config' for
further work.
Note: this is pretty much a historical thing. In modern OpenSSL, it's
much simpler to edit the SUBDIRS statement in crypto/build.info.
However, it's been claimed the there are those who still remove some
of these sub-system sources.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11217)
Richard Levitte [Wed, 26 Feb 2020 13:57:39 +0000 (14:57 +0100)]
.travis.yml: where it matters, have build and source nesting levels differ
Where we build out of source, the source directory was _srcdist and
the build directory was _build. That gives the same nesting level for
both, which doesn't quite exercise all aspects of relative back
references from build to source tree.
Changing the build tree to be in _build/tree will challenge back
references a bit more, and ensure a bit more that we got it right.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11186)
Rich Salz [Wed, 26 Feb 2020 20:25:43 +0000 (15:25 -0500)]
Add some missing env var documentation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11189)
Vladimir Panteleev [Mon, 2 Mar 2020 18:05:03 +0000 (18:05 +0000)]
.gitignore: Add /apps/progs.{c,h}
These files were removed from the source tree in
fe909ee4aeb6eb64f6f31a1544c5d3c81c5fe1f1.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11222)
Shane Lontis [Sun, 16 Feb 2020 09:54:08 +0000 (19:54 +1000)]
Add Serializers for EC
Provide EC serializers for text, pem and der.
EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by
other KEY types (which normally have a SEQUENCE at the top level).
For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the
code can still be shared with EC.
The EC serializer only supports named curves currently.
NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be
added in another PR. (Probably when deserialization is considered).
EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was
that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non
optional. As this is not the case for any other key the code has been modified.
Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11107)
Tomas Mraz [Tue, 3 Mar 2020 14:34:53 +0000 (15:34 +0100)]
Correct two small documentation issues
The find-doc-nits complains about non-zero word and about missing
line before =head1 which causes build failure.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11231)
Dmitry Belyavskiy [Tue, 21 Jan 2020 12:04:42 +0000 (15:04 +0300)]
Documenting newly added CMS modification
Documented CMS-related API functions.
Documented flags added to openssl-cms command
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10904)
Dmitry Belyavskiy [Mon, 20 Jan 2020 15:17:44 +0000 (18:17 +0300)]
Implementation of Russian GOST CMS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10904)
Dr. Matthias St. Pierre [Sun, 1 Mar 2020 23:25:29 +0000 (00:25 +0100)]
doc: document that 'openssl rand' is cryptographically secure
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11213)
Philippe Antoine [Mon, 2 Mar 2020 12:46:37 +0000 (13:46 +0100)]
Fix build with clang assembler
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11219)
Shane Lontis [Tue, 3 Mar 2020 04:02:36 +0000 (14:02 +1000)]
Add pairwise consistency self tests to asym keygenerators
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10952)
Richard Levitte [Thu, 27 Feb 2020 01:07:50 +0000 (02:07 +0100)]
.travis.yml: Remove NOUPDATE support
It was a temporary measure to deal with the fact that util/progs.pl
didn't work right at all times, but that has now been fixed.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:52:04 +0000 (14:52 +0100)]
Remove apps/progs.c and apps/progs.h
Since they are generated in build time, there's not need to keep them
in the source tree.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:42:10 +0000 (14:42 +0100)]
Configure: Diverse cleanups
There were some remaining old code and comments that don't serve a
purpose any longer.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:39:16 +0000 (14:39 +0100)]
Build: Generate apps/progs.c and apps/progs.h in build time
util/progs.pl depends on the build tree (on configdata.pm,
specifically), so it needs to be run from the build tree. But why
stop there? We might as well generate apps/progs.c and apps/progs.h
when building.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:35:17 +0000 (14:35 +0100)]
build.info: Implement simply substitutions in variable values
Use case: having a variable with multiple source files in its value,
and wanting to refer to the corresponding object file.
$SRCS=foo.c bar.c
SOURCE[program]=$SRCS
DEPEND[${SRCS/.c/.o}]=prog.h
GENERATE[prog.h]=...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:30:38 +0000 (14:30 +0100)]
build.info: Make it possible to have more than one item in KEYWORD[]
So far, the "index" part of KEYWORD[whatever] could only handle one
item. There are cases, however, where we want to add the exact same
value to multiple items. This is especially helpful if a variable
that may have multi-item values are used in the "index" part.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Thu, 6 Feb 2020 08:53:15 +0000 (09:53 +0100)]
PROV: Add a OP_keymgmt_match() function to our DH, DSA, RSA and EC_KEY impl
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 15:30:21 +0000 (16:30 +0100)]
EVP: Add support for copying provided EVP_PKEYs
This adds evp_keymgmt_util_copy() and affects EVP_PKEY_copy_parameters()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 14:41:58 +0000 (15:41 +0100)]
KEYMGMT: Add a keydata copy function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 11:55:43 +0000 (12:55 +0100)]
EVP: Add support for comparing provided EVP_PKEYs
This adds evp_keymgmt_util_match() and affects EVP_PKEY_cmp() and
EVP_PKEY_cmp_parameters().
The word 'match' was used for the new routines because many associate
'cmp' with comparison functions that allows sorting, i.e. return -1, 0
or 1 depending on the order in which the two compared elements should
be sorted. EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() don't quite
do that.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 11:53:14 +0000 (12:53 +0100)]
KEYMGMT: Add a keydata matching function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 09:18:51 +0000 (10:18 +0100)]
EVP: Adapt EVP_PKEY_missing_parameters() for provider keys
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Thu, 27 Feb 2020 05:03:52 +0000 (06:03 +0100)]
crypto/perlasm/x86_64-xlate.pl: detect GNU as to deal with quirks
It turns out that GNU as and Solaris as don't have compatible ideas on
the .section syntax, so we need to check if we're using GNU as or
another assembler and adapt this .section syntax accordingly.
Fixes #11132
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11191)
André Klitzing [Sat, 29 Feb 2020 22:40:29 +0000 (23:40 +0100)]
Fix drop of const qualifier
The parameter got "const" in
9fdcc21fdc9 but that was not added
to cast. So this throws a -Wcast-qual in user code.
error: cast from 'const DUMMY *' to 'ASN1_VALUE_st *' drops const qualifier [-Werror,-Wcast-qual]
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11210)
Richard Levitte [Mon, 24 Feb 2020 18:15:47 +0000 (19:15 +0100)]
DOCS: Add and modify docs for internal EVP_KEYMGMT utility functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Richard Levitte [Mon, 24 Feb 2020 13:36:09 +0000 (14:36 +0100)]
DOCS: Add internal docs for EVP_PKEY and the export functions
Functions covered:
- evp_pkey_export_to_provider()
- evp_pkey_upgrade_to_provider()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Richard Levitte [Thu, 20 Feb 2020 21:55:41 +0000 (22:55 +0100)]
EVP: Add evp_pkey_upgrade_to_provider(), for EVP_PKEY upgrades
This function "upgrades" a key from a legacy key container to a
provider side key container.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Richard Levitte [Thu, 20 Feb 2020 19:26:16 +0000 (20:26 +0100)]
Rethink the EVP_PKEY cache of provider side keys
The role of this cache was two-fold:
1. It was a cache of key copies exported to providers with which an
operation was initiated.
2. If the EVP_PKEY didn't have a legacy key, item 0 of the cache was
the corresponding provider side origin, while the rest was the
actual cache.
This dual role for item 0 made the code a bit confusing, so we now
make a separate keymgmt / keydata pair outside of that cache, which is
the provider side "origin" key.
A hard rule is that an EVP_PKEY cannot hold a legacy "origin" and a
provider side "origin" at the same time.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Dr. Matthias St. Pierre [Thu, 6 Feb 2020 14:24:07 +0000 (15:24 +0100)]
man: openssl-ocsp: separate client and server options
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11033)
Nikolay Morozov [Fri, 14 Feb 2020 10:14:30 +0000 (13:14 +0300)]
x509v3 subjectSignTool extention support
Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String)
This extention is required to obtain the status of a qualified certificate at Russian Federation.
RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11093)
Richard Levitte [Thu, 27 Feb 2020 00:09:23 +0000 (01:09 +0100)]
Fix util/mktar.sh to use the new VERSION information
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11190)
Scott Arciszewski [Mon, 24 Feb 2020 20:29:12 +0000 (12:29 -0800)]
Fix comment placement in ecp_nistp256.ci
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11175)
Richard Levitte [Mon, 24 Feb 2020 21:33:52 +0000 (22:33 +0100)]
Deprecate ASN1_sign(), ASN1_verify() and ASN1_digest()
These are old functions that fell out of use with OpenSL 0.9.7.
It's more than time to deprecate them.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11161)
Matt Caswell [Thu, 27 Feb 2020 22:08:59 +0000 (08:08 +1000)]
Implement the ECX Serializers
Provide serializers for X25519 and X448 for text, pem and der. There are
no parameter serializers because there are no parameters for these
algorithms.
Add some documentation about the various import/export types available
Add additional testing for the serializers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11095)
Richard Levitte [Tue, 18 Feb 2020 07:25:06 +0000 (08:25 +0100)]
Replace util/shlib_wrap.sh with util/wrap.pl in diverse docs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
Richard Levitte [Mon, 17 Feb 2020 14:20:57 +0000 (15:20 +0100)]
Build file templates: don't set OPENSSL_{ENGINES,MODULES}
Since we've now switched to use util/wrap.pl to wrap uninstalled
programs everywhere, there's no need to set the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES globally for the tests.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
Richard Levitte [Mon, 17 Feb 2020 14:05:04 +0000 (15:05 +0100)]
TEST: add util/wrap.pl and use it
util/wrap.pl is a script that defines the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES, then calls the command line
that's given as its arguments.
On a POSIX platform, the command line call is done via
util/shlib_wrap.sh to ensure that the shared library paths are
correct. For other platforms, util/wrap.pl currently assumes that
similar things are already in place through other means.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
Richard Levitte [Mon, 24 Feb 2020 13:56:26 +0000 (14:56 +0100)]
VMS: mitigate for the C++ compiler that doesn't understand certain pragmas
This only affects __DECC_INCLUDE_EPILOGUE.H and __DECC_INCLUDE_PROLOGUE.H,
which are used automatically by HP and VSI C/C++ compilers.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11159)
(cherry picked from commit
605a0c709f4d50497a1c49ee117a0ec4bb956d58)
Dr. Matthias St. Pierre [Tue, 25 Feb 2020 16:04:47 +0000 (17:04 +0100)]
doc: add a fancy CHANGES entry to celebrate the new Markdown format
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Fri, 29 Nov 2019 18:45:56 +0000 (19:45 +0100)]
doc: revamp the SUPPORT file
Too be continued...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Tue, 31 Dec 2019 00:09:40 +0000 (01:09 +0100)]
doc: revamp the INSTALL file
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Tue, 3 Dec 2019 17:32:21 +0000 (18:32 +0100)]
doc: add missing CHANGES entries for all versions >= 1.0.0
Up to now, CHANGES entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Sat, 30 Nov 2019 16:07:31 +0000 (17:07 +0100)]
doc: add missing NEWS entries for all versions >= 1.0.0
Up to now, NEWS entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Fri, 29 Nov 2019 19:45:28 +0000 (20:45 +0100)]
doc: revamp the README file
* Add an OpenSSL logo and CI badges
* Add a table of contents
* Add a lot of links
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Sat, 30 Nov 2019 22:45:03 +0000 (23:45 +0100)]
doc: add OpenSSL logo
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Thu, 28 Nov 2019 22:10:51 +0000 (23:10 +0100)]
doc: introduce some minimalistic markdown without essential changes
The goal is to transform the standard documents
README, INSTALL, SUPPORT, CONTRIBUTING, ...
from a pure text format into markdown format, but in such a way
that the documentation remains nicely formatted an easy readable
when viewed with an normal text editor.
To achieve this goal, we use a special form of 'minimalistic' markdown
which interferes as little as possible with the reading flow.
* avoid [ATX headings][] and use [setext headings][] instead
(works for `<h1>` and `<h2>` headings only).
* avoid [inline links][] and use [reference links][] instead.
* avoid [fenced code blocks][], use [indented-code-blocks][] instead.
The transformation will take place in several steps. This commit
introduces mostly changes the formatting and does not chang the
content significantly.
[ATX headings]: https://github.github.com/gfm/#atx-headings
[setext headings]: https://github.github.com/gfm/#setext-headings
[inline links]: https://github.github.com/gfm/#inline-link
[reference links]: https://github.github.com/gfm/#reference-link
[fenced code blocks]: https://github.github.com/gfm/#fenced-code-blocks
[indented code blocks]: https://github.github.com/gfm/#indented-code-blocks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Thu, 28 Nov 2019 22:56:36 +0000 (23:56 +0100)]
doc: convert standard project docs to markdown
In the first step, we just add the .md extension and move some
files around, without changing any content. These changes will
occur in the following commits.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Rich Salz [Wed, 15 Jan 2020 19:53:29 +0000 (14:53 -0500)]
Use a wrapper for pod2html
Remove unused util/process_docs.pl
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10856)
Bastian Germann [Thu, 13 Feb 2020 10:45:50 +0000 (11:45 +0100)]
apps x509: restrict CAkeyform option to OPT_FMT_PDE
CAkeyform may be set to PEM, DER or ENGINE, but the current options
are not using the proper optionformat 'E' (OPT_FMT_PDE) for this.
Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting
the option value.
This amends
0ab6fc79a9a ("Fix regression on x509 keyform argument") which
did the same thing for keyform and changed the manpage synopsis entries
for both keyform and CAkeyform but did not change the option section.
Hence, change the option section for both of them.
CLA: trivial
Co-developed-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11085)
Asfak Rahman [Fri, 21 Feb 2020 07:41:29 +0000 (09:41 +0200)]
bugfix in cmac calculation example
The example never executes code inside of the while loop, as read()
returns bigger number than 0. Thus the end result is wrong.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11143)
Tomas Mraz [Wed, 26 Feb 2020 07:41:36 +0000 (08:41 +0100)]
Avoid arm64 builds timeout due to silent make taking too long time
Also reuse one of the arm64 builds as a no-deprecated build
Also include a single ppc64le-build
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11181)
Pauli [Sat, 22 Feb 2020 08:39:28 +0000 (18:39 +1000)]
secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init().
If the user specifies a minimum allocation size that is smaller than
the free list structure (or zero), calculate the minimum possible size rather
than failing.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
Pauli [Sat, 22 Feb 2020 00:35:26 +0000 (10:35 +1000)]
sec_mem: add note about the minimum size parameter.
Add a note indicating that the minimum size parameter to
CRYPTO_secure_malloc_init() should be small.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
Davide Galassi [Wed, 26 Feb 2020 05:31:17 +0000 (15:31 +1000)]
Mem-sec small code adjustment
Conditional code readability improvement.
Remove unused macro
Commit #11042 has introduced a new, unused, CRYPTO_EX_INDEX macro.
Remove before version release.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11103)
H.J. Lu [Wed, 26 Feb 2020 03:04:41 +0000 (13:04 +1000)]
x86_64: Replace .asciz "GNU" with .byte
Replace .asciz "GNU" with .byte since .asciz isn't supported on Solaris.
Fixes https://github.com/openssl/openssl/issues/11132
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11137)
Dr. Matthias St. Pierre [Mon, 17 Feb 2020 18:39:05 +0000 (19:39 +0100)]
Check that the DRBG's internal state has been zeroized after uninstantiation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)
Dr. Matthias St. Pierre [Mon, 17 Feb 2020 18:25:55 +0000 (19:25 +0100)]
DRBG: delay initialization of DRBG method until instantiation
Previously, the initialization was done immediately in RAND_DRBG_set(),
which is also called in RAND_DRBG_uninstantiate().
This made it difficult for the FIPS DRBG self test to verify that the
internal state had been zeroized, because it had the side effect that
the drbg->data structure was reinitialized immediately.
To solve the problem, RAND_DRBG_set() has been split in two parts
static int rand_drbg_set(RAND_DRBG *drbg, int type, unsigned int flags);
static int rand_drbg_init_method(RAND_DRBG *drbg);
and only the first part is called from RAND_DRBG_uninstantiate().
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)
Matt Turner [Tue, 18 Feb 2020 18:08:27 +0000 (10:08 -0800)]
config: Drop linux-alpha-gcc+bwx
Its entry in Configuration/10-main.conf was dropped in commit
7ead0c89185c ("Configure: fold related configurations more aggressively
and clean-up.") probably because all but one of its bn_ops were removed
(RC4_CHAR remained). Benchmarks on an Alpha EV7 indicate that RC4_INT is
better than RC4_CHAR so rather than restoring the configuation, remove
it from config.
CLA: trivial
Bug: https://bugs.gentoo.org/697840
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11130)
Richard Levitte [Sat, 22 Feb 2020 02:27:14 +0000 (03:27 +0100)]
Fix default provider merge glitch
Property "default" no longer exists, replace "default=yes" with
"provider=default"
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11150)
Richard Levitte [Wed, 12 Feb 2020 13:28:50 +0000 (14:28 +0100)]
Refactor evp_pkey_make_provided() to do legacy to provider export
Previously, evp-keymgmt_util_export_to_provider() took care of all
kinds of exports of EVP_PKEYs to provider side keys, be it from its
legacy key or from another provider side key. This works most of the
times, but there may be cases where the caller wants to be a bit more
in control of what sort of export happens when.
Also, when it's time to remove all legacy stuff, that job will be much
easier if we have a better separation between legacy support and
support of provided stuff, as far as we can take it.
This changes moves the support of legacy key to provider side key
export from evp-keymgmt_util_export_to_provider() to
evp_pkey_make_provided(), and makes sure the latter is called from all
EVP_PKEY functions that handle legacy stuff.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11074)
Richard Levitte [Thu, 30 Jan 2020 14:14:37 +0000 (15:14 +0100)]
DSA: More conforming names in crypto/dsa/dsa_aid.c
Made macro names that refer to a known base OID, an commented accordingly.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Thu, 12 Dec 2019 08:21:59 +0000 (09:21 +0100)]
doc/man3/EVP_PKEY_CTX_ctrl.pod: cleanup
Clean up a manual we've touched, according to conventions found in
Linux' man-pages(7); function arguments in descriptions should be in
italics, and types, macros and similar should be in bold, with the
exception for NULL.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Wed, 4 Dec 2019 08:54:35 +0000 (09:54 +0100)]
PROV: Avoid MDC2 in the RSA signature implementation in the FIPS module
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Tue, 3 Dec 2019 10:02:58 +0000 (11:02 +0100)]
test/recipes/30-test_evp_data/evppkey.txt
Tests that go through provider cannot recognise PKEY_CTRL_INVALID from
PKEY_CTRL_ERROR any more, because provided implementations' param
setting functions return 0 or 1.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Mon, 2 Dec 2019 10:26:15 +0000 (11:26 +0100)]
test/evp_extra_test.c: adapt for RSA signature tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Mon, 2 Dec 2019 10:25:47 +0000 (11:25 +0100)]
rsa_get0_all_params(): Allow zero CRT params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Sun, 1 Dec 2019 14:01:50 +0000 (15:01 +0100)]
PROV: add RSA signature implementation
This includes legacy PSS controls to params conversion, and an attempt
to generalise the parameter names when they are suitable for more than
one operation.
Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers
for known RSA+hash function combinations.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Dr. David von Oheimb [Fri, 21 Feb 2020 20:41:56 +0000 (21:41 +0100)]
Don't exclude quite so much in a no-sock build
We were excluding more code than we needed to in the OCSP/HTTP code in
the event of no-sock. We should also not assume that a BIO passed to our
API is socket based.
This fixes the no-sock build
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11134)
Matt Caswell [Fri, 14 Feb 2020 22:49:26 +0000 (22:49 +0000)]
Introduce the provider property
Replace the properties default, fips and legacy with a single property
called "provider". So, for example, instead of writing "default=yes" to
get algorithms from the default provider you would instead write
"provider=default". We also have a new "fips" property to indicate that
an algorithm is compatible with FIPS mode. This applies to all the
algorithms in the FIPS provider, as well as any non-cryptographic
algorithms (currently only serializers).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11097)
Shane Lontis [Thu, 30 Jan 2020 21:53:04 +0000 (07:53 +1000)]
Add DRBG self tests
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11010)
Pauli [Tue, 18 Feb 2020 01:36:08 +0000 (11:36 +1000)]
pkey: additional EC related options
Add options to change the parameter encoding and point conversions for EC
public and private keys. These options are present in the deprecated 'ec'
utility.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11113)
Pauli [Mon, 17 Feb 2020 23:46:52 +0000 (09:46 +1000)]
pkey: update command line tool examples in light of deprecations.
Specifically, refer from the deprecated tools to the pkey equivalents.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11113)
Pauli [Mon, 10 Feb 2020 03:37:53 +0000 (13:37 +1000)]
apps: distinguish between a parameter error and an unknown parameter.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11049)
Pauli [Mon, 10 Feb 2020 03:32:36 +0000 (13:32 +1000)]
pmeth_lib: detect unsupported OSSL_PARAM.
When converting legacy controls to OSSL_PARAMs, return the unsupported -2
value correctly.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11049)
Pauli [Mon, 10 Feb 2020 03:29:49 +0000 (13:29 +1000)]
Params: add argument to the _from_text calls to indicate if the param exists.
The extra argument is a integer pointer and is optional.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11049)
Matt Caswell [Tue, 18 Feb 2020 16:08:30 +0000 (16:08 +0000)]
Add *.d.tmp files to .gitignore
These are temporary files generated by the build process that should not
be checked in.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11122)
Pauli [Mon, 3 Feb 2020 09:05:31 +0000 (19:05 +1000)]
Deprecate the low level Diffie-Hellman functions.
Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
Pauli [Sun, 16 Feb 2020 07:31:04 +0000 (17:31 +1000)]
DH: add CHANGES entry listing the deprecated DH functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
Pauli [Mon, 3 Feb 2020 06:03:12 +0000 (16:03 +1000)]
DH: fix header file indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
Pauli [Wed, 12 Feb 2020 05:03:51 +0000 (15:03 +1000)]
Deprecate the low level RSA functions.
Use of the low level RSA functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Pauli [Wed, 12 Feb 2020 05:49:16 +0000 (15:49 +1000)]
rsa: document deprecated RSA command line apps
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Pauli [Wed, 12 Feb 2020 05:23:01 +0000 (15:23 +1000)]
rsa: document deprecated low level functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Pauli [Wed, 12 Feb 2020 05:05:39 +0000 (15:05 +1000)]
NEWS: DH, DSA, ECDH, ECDSA and RSA public key function deprecation note
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Pauli [Wed, 12 Feb 2020 03:26:15 +0000 (13:26 +1000)]
rsa.h: fix preprocessor indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Dane (4cad@silvertoque) [Wed, 19 Feb 2020 02:38:12 +0000 (21:38 -0500)]
Remove unneeded switch statement to fix warning
https://github.com/openssl/openssl/issues/10958
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11125)
Simon Cornish [Fri, 14 Feb 2020 22:16:09 +0000 (14:16 -0800)]
Handle max_fragment_length overflow for DTLS
Allow for encryption overhead in early DTLS size check
and send overflow if validated record is too long
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11096)
Nicola Tuveri [Sun, 9 Feb 2020 11:56:27 +0000 (13:56 +0200)]
[PROV][EC] Update documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Tue, 21 Jan 2020 15:08:16 +0000 (17:08 +0200)]
[BN] harden `BN_copy()` against leaks from memory accesses
`BN_copy()` (and indirectly `BN_dup()`) do not propagate the
`BN_FLG_CONSTTIME` flag: the propagation has been turned on and off a
few times in the past years, because in some conditions it has shown
unintended consequences in some code paths.
Without turning the propagation on once more, we can still improve
`BN_copy()` by avoiding to leak `src->top` in case `src` is flagged with
`BN_FLG_CONSTTIME`.
In this case we can instead use `src->dmax` as the number of words
allocated for `dst` and for the `memcpy` operation.
Barring compiler or runtime optimizations, if the caller provides `src`
flagged as const time and preallocated to a public size, no leak should
happen due to the copy operation.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Tue, 21 Jan 2020 15:00:41 +0000 (17:00 +0200)]
[EC] harden EC_KEY against leaks from memory accesses
We should never leak the bit length of the secret scalar in the key,
so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM`
holding the secret scalar.
This is important also because `BN_dup()` (and `BN_copy()`) do not
propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and
this brings an extra risk of inadvertently losing the flag, even when
the called specifically set it.
The propagation has been turned on and off a few times in the past
years because in some conditions has shown unintended consequences in
some code paths, so at the moment we can't fix this in the BN layer.
In `EC_KEY_set_private_key()` we can work around the propagation by
manually setting the flag after `BN_dup()` as we know for sure that
inside the EC module the `BN_FLG_CONSTTIME` is always treated
correctly and should not generate unintended consequences.
Setting the `BN_FLG_CONSTTIME` flag alone is never enough, we also have
to preallocate the `BIGNUM` internal buffer to a fixed public size big
enough that operations performed during the processing never trigger
a realloc which would leak the size of the scalar through memory
accesses.
Fixed Length
------------
The order of the large prime subgroup of the curve is our choice for
a fixed public size, as that is generally the upper bound for
generating a private key in EC cryptosystems and should fit all valid
secret scalars.
For preallocating the `BIGNUM` storage we look at the number of "words"
required for the internal representation of the order, and we
preallocate 2 extra "words" in case any of the subsequent processing
might temporarily overflow the order length.
Future work
-----------
A separate commit addresses further hardening of `BN_copy()` (and
indirectly `BN_dup()`).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Tue, 21 Jan 2020 14:48:49 +0000 (16:48 +0200)]
[PROV][KEYMGMT][EC] Import/export of priv_key as padded const time BN
For EC keys it is particularly important to avoid leaking the bit length
of the secret scalar.
Key import/export should never leak the bit length of the secret
scalar in the key.
For this reason, on export we use padded BIGNUMs with fixed length,
using the new `ossl_param_bld_push_BN_pad()`.
When importing we also should make sure that, even if short lived,
the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as
soon as possible, so that any processing of this BIGNUM might opt for
constant time implementations in the backend.
Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
to preallocate the BIGNUM internal buffer to a fixed size big enough
that operations performed during the processing never trigger a
realloc which would leak the size of the scalar through memory
accesses.
Fixed length
------------
The order of the large prime subgroup of the curve is our choice for
a fixed public size, as that is generally the upper bound for
generating a private key in EC cryptosystems and should fit all valid
secret scalars.
For padding on export we just use the bit length of the order
converted to bytes (rounding up).
For preallocating the BIGNUM storage we look at the number of "words"
required for the internal representation of the order, and we
preallocate 2 extra "words" in case any of the subsequent processing
might temporarily overflow the order length.
Future work
-----------
To ensure the flag and fixed size preallocation persists upon
`EC_KEY_set_private_key()`, we need to further harden
`EC_KEY_set_private_key()` and `BN_copy()`.
This is done in separate commits.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)