Richard Levitte [Tue, 10 Mar 2020 21:50:22 +0000 (22:50 +0100)]
X509: Rename X509_set0_sm2_id() and friends
- X509_set0_sm2_id() -> X509_set0_distinguishing_id()
- X509_get0_sm2_id() -> X509_get0_distinguishing_id()
- X509_REQ_set0_sm2_id -> X509_REQ_set0_distinguishing_id()
- X509_REQ_get0_sm2_id -> X509_REQ_get0_distinguishing_id()
The reason for this rename is that the SM2 ID isn't really a unique
SM2 data item, but rather a re-use of the Distinguished that is
defined in ISO/IEC 15946-3 as well as in FIPS 196, with no special
attribution toward any algorithm in particular.
Fixes #11293
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/11302)
Richard Levitte [Tue, 10 Mar 2020 21:07:10 +0000 (22:07 +0100)]
EVP: Don't call digest_custom() quite so early
A huge problem with calling digest_custom() already in the
initialization of DigestSign, DigestVerify etc, is that it force all
callers to know that certain controls must be performed before Init
and the rest after. This has lead to quite interesting hacks in our
own openssl app, where the SM2 ID had to get special treatment instead
of just being another sign option or verification option among others.
This change moves the call of digest_custom() to the Update and Final
functions, to be done exactly once, subject to a flag that's set in
the Init function. Seeing to the process of data, through these
operations, this makes no difference at all. Seeing to making it
possible to perform all controls after the Init call, this makes a
huge difference.
Fixes #11293
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/11302)
Shane Lontis [Sun, 15 Mar 2020 11:34:29 +0000 (21:34 +1000)]
Add ECDSA to providers
Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10968)
Richard Levitte [Sat, 14 Mar 2020 04:16:16 +0000 (05:16 +0100)]
Fix legacy_ctrl_to_param() to pay better attention to keytype
The keytype number will only be -1 when control commands are used for
more than one key type. Sometimes, they share the same underlying
structure, and sometimes not.
Some of the RSA control commands that are using only with the keytype
EVP_PKEY_RSA we misplaced to be handled with the keytype -1.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11329)
Shane Lontis [Sun, 15 Mar 2020 07:38:00 +0000 (17:38 +1000)]
Add RSA sign to the fips provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11199)
Richard Levitte [Sun, 8 Mar 2020 15:37:37 +0000 (16:37 +0100)]
DOCS: Fix the description of OSSL_PARAM_allocate_from_text()
Fixes #11276
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11279)
Pauli [Thu, 12 Mar 2020 22:55:04 +0000 (08:55 +1000)]
DH: remove DH parameter files that aren't used or installed.
Old files from the SSLeay 0.8.1b import that aren't used and don't seem to be
installed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11314)
Pauli [Thu, 12 Mar 2020 22:23:27 +0000 (08:23 +1000)]
Remove reference to old DH files.
The files are incorrect for TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11314)
Pauli [Thu, 12 Mar 2020 21:46:36 +0000 (07:46 +1000)]
Remove old incorrect DH parameter files
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11314)
Pauli [Thu, 12 Mar 2020 03:51:57 +0000 (13:51 +1000)]
dh: document what the PEM files in apps actually contain.
They were claimed to be the SKIP primes but they are really two of the
MODP Diffie-Hellman groups for IKE.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11314)
Richard Levitte [Thu, 12 Mar 2020 05:26:34 +0000 (06:26 +0100)]
Fix RSA structure
The first field was called 'pad', but not for the reason one might
think. It was really a padding int that was always zero, and was
placed first on purpose. This is to pick up programming errors where
an RSA pointer was passed when an EVP_PKEY pointer should have been,
an makes it look like an EVP_PKEY structure with type EVP_PKEY_NONE,
which effectively avoids any further processing (and unintended
corruption of the RSA structure).
This is only relevant for legacy structure and EVP_PKEY_METHODs. With
providers, EVP_PKEYs aren't passed to the backend anyway.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11315)
Richard Levitte [Tue, 3 Mar 2020 21:55:09 +0000 (22:55 +0100)]
Configurations: Fix "android" configuration target
This target gave '-pie' as a C flag when it should be a linker flag.
Additionally, we add '-fPIE' as C flag for binaries.
Fixes #11237
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11238)
Richard Levitte [Sat, 29 Feb 2020 05:43:26 +0000 (06:43 +0100)]
Andoid cross compile: change ANDROID_NDK_HOME to ANDROID_NDK_ROOT
According to forum discussions with NDK developers, ANDROID_NDK_HOME
is used for something else.
Fixes #11205
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11206)
Benjamin Kaduk [Fri, 6 Mar 2020 21:19:45 +0000 (13:19 -0800)]
Add test that changes ciphers on CCS
The TLS (pre-1.3) ChangeCipherState message is usually used to indicate
the switch from the unencrypted to encrypted part of the handshake.
However, it can also be used in cases where there is an existing
session (such as during resumption handshakes) or when changing from
one cipher to a different one (such as during renegotiation when the
cipher list offered by the client has changed). This test serves
to exercise such situations, allowing us to detect whether session
objects are being modified in cases when they must remain immutable
for thread-safety purposes.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)
Benjamin Kaduk [Fri, 24 Jan 2020 21:44:27 +0000 (13:44 -0800)]
Code to thread-safety in ChangeCipherState
The server-side ChangeCipherState processing stores the new cipher
in the SSL_SESSION object, so that the new state can be used if
this session gets resumed. However, writing to the session is only
thread-safe for initial handshakes, as at other times the session
object may be in a shared cache and in use by another thread at the
same time. Reflect this invariant in the code by only writing to
s->session->cipher when it is currently NULL (we do not cache sessions
with no cipher). The code prior to this change would never actually
change the (non-NULL) cipher value in a session object, since our
server enforces that (pre-TLS-1.3) resumptions use the exact same
cipher as the initial connection, and non-abbreviated renegotiations
have produced a new session object before we get to this point.
Regardless, include logic to detect such a condition and abort the
handshake if it occurs, to avoid any risk of inadvertently using
the wrong cipher on a connection.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)
Benjamin Kaduk [Fri, 24 Jan 2020 21:25:53 +0000 (13:25 -0800)]
Don't write to the session when computing TLS 1.3 keys
TLS 1.3 maintains a separate keys chedule in the SSL object, but
was writing to the 'master_key_length' field in the SSL_SESSION
when generating the per-SSL master_secret. (The generate_master_secret
SSL3_ENC_METHOD function needs an output variable for the master secret
length, but the TLS 1.3 implementation just uses the output size of
the handshake hash function to get the lengths, so the only natural-looking
thing to use as the output length was the field in the session.
This would potentially involve writing to a SSL_SESSION object that was
in the cache (i.e., resumed) and shared with other threads, though.
The thread-safety impact should be minimal, since TLS 1.3 requires the
hash from the original handshake to be associated with the resumption
PSK and used for the subsequent connection. This means that (in the
resumption case) the value being written would be the same value that was
previously there, so the only risk would be on architectures that can
produce torn writes/reads for aligned size_t values.
Since the value is essentially ignored anyway, just provide the
address of a local dummy variable to generate_master_secret() instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)
Benjamin Kaduk [Fri, 24 Jan 2020 21:25:02 +0000 (13:25 -0800)]
Fix whitespace nit in ssl_generate_master_secret()
Use a space after a comma.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)
Benjamin Kaduk [Fri, 17 Jan 2020 19:15:59 +0000 (11:15 -0800)]
doc: fix spelling of TYPE_get_ex_new_index
The generated macros are TYPE_get_ex_new_index() (to match
CRYPTO_get_ex_new_index()), not TYPE_get_new_ex_index(), even though
the latter spelling seems more natural.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)
Benjamin Kaduk [Thu, 16 Jan 2020 22:37:44 +0000 (14:37 -0800)]
Additional updates to SSL_CTX_sess_set_get_cb.pod
Generally modernize the language.
Refer to TLS instead of SSL/TLS, and try to have more consistent
usage of commas and that/which.
Reword some descriptions to avoid implying that a list of potential
reasons for behavior is an exhaustive list.
Clarify how get_session_cb() is only called on servers (i.e., in general,
and that it's given the session ID proposed by the client).
Clarify the semantics of the get_cb()'s "copy" argument.
The behavior seems to have changed in commit
8876bc054802b043a3ec95554b6c5873291770be, though the behavior prior
to that commit was not to leave the reference-count unchanged if
*copy was not written to -- instead, libssl seemed to assume that the
callback already had incremented the reference count.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)
Jakub Jelen [Tue, 10 Mar 2020 14:15:28 +0000 (15:15 +0100)]
doc: Update the reference from draft to RFC
CLA: trivial
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11299)
ning [Wed, 11 Mar 2020 07:28:05 +0000 (15:28 +0800)]
pkcs12 demo: output correct file names on error.
CLA: Trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11304)
Richard Levitte [Tue, 18 Feb 2020 14:37:08 +0000 (15:37 +0100)]
test/recipes/30-test_evp_data/evppkey.txt: Change an expected KeyGen result
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)
Richard Levitte [Tue, 18 Feb 2020 14:35:24 +0000 (15:35 +0100)]
test/evp_test.c: fix keygen_test_run()
There was a misunderstanding what it should return. It should return
0 on internal error, but 1 even if the thing it tests fails (the error
is determined by |t->err|).
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)
Richard Levitte [Sun, 27 Oct 2019 14:28:29 +0000 (15:28 +0100)]
PROV: Add RSA functionality for key generation
This includes added support in legacy controls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)
Richard Levitte [Sun, 27 Oct 2019 14:09:26 +0000 (15:09 +0100)]
EVP: Add new domparams and key generation functionality
The following functions are added:
EVP_PKEY_gen_set_params(), replacing the older EVP_PKEY_CTX_ctrl()
EVP_PKEY_gen(), replacing both EVP_PKEY_keygen() and EVP_PKEY_paramgen()
These functions are made to work together with already existing domparams
and key generation functionality: EVP_PKEY_CTX_new_provided(),
EVP_PKEY_paramgen_init(), EVP_PKEY_keygen_init(), etc.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)
Richard Levitte [Sat, 26 Oct 2019 11:00:56 +0000 (13:00 +0200)]
CORE: Add the key object generator libcrypto<->provider interface
We introduce these dispatched functions:
- OP_keymgmt_gen_init() to initialize the key object generation.
- OP_keymgmt_gen_set_template() to set a template for key object
generation. The template is another key object, for example one
with domain parameters.
- OP_keymgmt_gen_set_params() to set other key object generation
parameters.
- OP_keymgmt_gen_settable_params() to find out what settable
parameters there are.
- OP_keymgmt_gen() to perform the key object generation.
- OP_keymgmt_gen_cleanup() to clean up the key object generation.
Internal function for easy and consistent use of these ddispatched
functions are added.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)
Shane Lontis [Thu, 20 Feb 2020 06:16:21 +0000 (16:16 +1000)]
Add ECDH to fips provider
Note: This PR has not attempted to move the curves into the provider dispatch table.
Mappings between the curve name / nid have been added to the inbuilt curve table.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11133)
Shane Lontis [Thu, 16 Jan 2020 07:18:26 +0000 (17:18 +1000)]
Add EC key validation to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10861)
Matt Caswell [Fri, 6 Mar 2020 18:05:37 +0000 (18:05 +0000)]
If the first serializer we find is the desired one that's ok
Stop looking for a desired serializer if the first one is desired.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11271)
Matt Caswell [Fri, 6 Mar 2020 18:02:46 +0000 (18:02 +0000)]
Don't crash if we fail to find a serializer for the current provider
The code was assuming that a serializer would always be found - but this
may not be the case.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11271)
Patrick Steuer [Sat, 22 Feb 2020 00:34:20 +0000 (01:34 +0100)]
AES CTR-DRGB: add test for 32-bit counter overflow
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10457)
Patrick Steuer [Fri, 15 Nov 2019 22:27:09 +0000 (23:27 +0100)]
AES CTR-DRGB: performance improvement
Optimize the the AES-based implementation of the CTR_DRBG
construction, see 10.2.1 in [1].
Due to the optimizations, the code may deviate (more) from the
pseudocode in [1], but it is functional equivalence being decisive
for compliance:
"All DRBG mechanisms and algorithms are described in this document
in pseudocode, which is intended to explain functionality.
The pseudocode is not intended to constrain real-world
implementations." [9 in [1]].
The following optimizations are done:
- Replace multiple plain AES encryptions by a single AES-ECB
encryption of a corresponding pre-initialized buffer, where
possible.
This allows platform-specific AES-ECB support to
be used and reduces the overhead of multiple EVP calls.
- Replace the generate operation loop (which is a counter
increment followed by a plain AES encryption) by a
loop which does a plain AES encryption followed by
a counter increment. The latter loop is just a description
of AES-CTR, so we replace it by a single AES-CTR
encryption.
This allows for platform-specific AES-CTR support to be used
and reduces the overhead of multiple EVP calls.
This change, that is, going from a pre- to a post- counter
increment, requires the counter in the internal state
to be kept at "+1" (compared to the pseudocode in [1])
such that it is in the correct state, when a generate
operation is called.
That in turn also requires all other operations to be
changed from pre- to post-increment to keep functional
equivalence.
[1] NIST SP 800-90A Revision 1
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10457)
Rich Salz [Tue, 18 Feb 2020 16:52:12 +0000 (11:52 -0500)]
DOCS: Use "command" not "tool" or "utility"
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11123)
Dr. David von Oheimb [Thu, 5 Mar 2020 08:16:29 +0000 (09:16 +0100)]
Move OSSL_CMP_X509_digest() to x_all.c, renaming it to X509_digest_sig()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Dr. David von Oheimb [Wed, 26 Feb 2020 20:41:47 +0000 (21:41 +0100)]
Fix handling of CMP msg senderKID and improve doc of related CTX functions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Dr. David von Oheimb [Tue, 25 Feb 2020 07:58:39 +0000 (08:58 +0100)]
Fix error in case CMP msg POPO is not provided in OSSL_CRMF_MSGS_verify_popo()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Dr. David von Oheimb [Tue, 10 Mar 2020 09:29:46 +0000 (10:29 +0100)]
Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c for testing
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Dr. David von Oheimb [Thu, 5 Mar 2020 07:43:06 +0000 (08:43 +0100)]
Extract sk_ASN1_UTF8STRING2text() from ts_get_status_text() in ts_rsp_verify.c to asn1_lib.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Dr. David von Oheimb [Tue, 10 Mar 2020 09:40:43 +0000 (10:40 +0100)]
fix coding style nits w.r.t. 'defined' in http_local.h, http.h, and ocsp.h
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Dr. David von Oheimb [Tue, 10 Mar 2020 09:39:22 +0000 (10:39 +0100)]
fix two mistakes w.r.t. ERR_LIB_* parameters in ERR_add_error_txt()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Richard Levitte [Sat, 7 Mar 2020 07:00:51 +0000 (08:00 +0100)]
DOCS: Clean up doc/man3/EVP_DigestInit.pod
We touch it, we clean it up!
Accordding to common man-pages(7) guidelines.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11270)
Richard Levitte [Sat, 7 Mar 2020 06:51:27 +0000 (07:51 +0100)]
DOCS: Add translation information for EVP_MD_CTX_ctrl()
EVP_MD_CTX_ctrl() translates some known control commands when faced
with a fetched EVP_MD, so we need to document it.
This also ensures that we don't drop the information on the "micalg"
parameter entirely.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11270)
Richard Levitte [Fri, 6 Mar 2020 13:33:17 +0000 (14:33 +0100)]
DOCS: Add missing documentation in util/missingcrypto.txt
These lines will be taken away as documentation moves from diverse
provider operation interface manuals to implementation specific docs.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11270)
Richard Levitte [Fri, 6 Mar 2020 13:29:00 +0000 (14:29 +0100)]
DOCS: Move implementation specific docs away from provider-digest(7)
The provider- manuals are meant to describe the general interface for
their respective operation. This is not the place to describe
implementation specific details.
This change creates a number of doc/man7/EVP_MD manuals, one for each
algorithm or set of algorithms, as well as doc/man7/EVP_MD-common.pod
to describe what's common to them all.
While we're at it, correct the SHA3 settable context params array to
match what's actually settable.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11270)
Richard Levitte [Fri, 6 Mar 2020 13:25:42 +0000 (14:25 +0100)]
DOCS: Start restructuring our provider and implementation documentation
This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod,
and fills in currently implemented operations and algorithms in them, as
well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to
come.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11270)
Dr. David von Oheimb [Mon, 9 Mar 2020 10:03:21 +0000 (11:03 +0100)]
Renew and extend the tool for checking adherence to C coding style rules
aims at checking most of https://www.openssl.org/policies/codingstyle.html
and various requirements not yet explicitly stated there - see also #10725
add util/check-format.pl and its self-tests in
util/check-format-test-{positives,negatives}.c
remove util/openssl-format-source
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10363)
Richard Levitte [Sat, 29 Feb 2020 07:57:34 +0000 (08:57 +0100)]
DH: add internal dh_get_method()
This should have been publically present a long time ago, to be
consistent with the RSA, DSA and EC_KEY APIs. However, since we've
now deprecated that kind of function for the other key types, there's
no point in adding a public function, but we still need it internally.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11193)
Richard Levitte [Thu, 27 Feb 2020 09:51:45 +0000 (10:51 +0100)]
EVP: Check that key methods aren't foreign when exporting
The EVP_PKEY_ASN1_METHOD function export_to() must check that the key
we're trying to export has a known libcrypto method, i.e. is a built
in RSA_METHOD, DSA_METHOD, etc. Otherwise, the method may be defined
by the calling application, by an engine, by another library, and we
simply cannot know all the quirks hidden behind that method, if we
have access to the key data, or much anything.
Such keys are simply deemed impossible to export to provider keys,
i.e. have export_to() return 0. This cascades back to functions like
evp_pkey_export_to_provider() and evp_pkey_upgrade_to_provider() and
their callers. In most cases, this is fine, but if these get mixed in
with provider side keys in any function, that function will fail.
Fixes #11179
Fixes #9915
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11193)
Richard Levitte [Sat, 7 Mar 2020 07:23:16 +0000 (08:23 +0100)]
DOCS: Fix documentation on asymmetric keydata types
Some type specs didn't correspond to actual use.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11275)
James Peach [Thu, 5 Mar 2020 07:43:54 +0000 (07:43 +0000)]
docs: fix typo in SSL functions
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11253)
Richard Levitte [Thu, 5 Mar 2020 13:14:09 +0000 (14:14 +0100)]
util/wrap.pl: do not look at EXE_SHELL
Acting on EXE_SHELL was a bit over the top, especially in light of
instructions like this (from NOTES.VALGRIND):
EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q"
Fixes #11255
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11258)
Davide Galassi [Sun, 23 Feb 2020 09:01:45 +0000 (10:01 +0100)]
Remove double fetch of "OSSL_EX_DATA_GLOBAL" for global lock
Fetch once and just pass the global ex_data to the "get_and_lock" static
function.
Removed a redundant null pointer check within the "get_and_lock" static
function (control already performed by the caller).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11152)
Vladimir Panteleev [Tue, 3 Mar 2020 18:04:00 +0000 (18:04 +0000)]
spkac: Check return values of NETSCAPE_SPKI functions
Fixes silently producing an invalid SPKAC with non-RSA keys.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11224)
Matt Caswell [Thu, 5 Mar 2020 17:16:04 +0000 (17:16 +0000)]
Document the new DigestSign provider functions
As well as the newly added "one shot" functions, we also document a number
of the other other digestsign functions which were missing documentation in
provider-signature.pod.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
Matt Caswell [Thu, 5 Mar 2020 15:42:13 +0000 (15:42 +0000)]
Implement provider support for
Ed25519 annd Ed448
At the moment we only provider support for these algorithms in the default
provider. These algorithms only support "one shot" EVP_DigestSign() and
EVP_DigestVerify() as per the existing libcrypto versions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
Matt Caswell [Thu, 5 Mar 2020 15:40:48 +0000 (15:40 +0000)]
Add provider awareness of EVP_DigestSign() and EVP_DigestVerify()
These "one-shot" functions are the only ones supported by
Ed25519 and
Ed448, so we need to ensure that libcrypto can handle provider
based implementations of these functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
Matt Caswell [Mon, 17 Feb 2020 16:37:24 +0000 (16:37 +0000)]
Add Key Management support for EdDSA keys
Support added for
Ed25519 and Ed448
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
Richard Levitte [Wed, 19 Feb 2020 06:05:52 +0000 (07:05 +0100)]
Refactor CRMF_poposigningkey_init() to work with provider keys
The code in this function was almost entirely a copy of the
functionality in ASN1_item_sign(), so it gets refactored to actually
call ASN1_item_sign(), and thereby automatically gets support for
EVP_PKEYs with only provider side keys.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11126)
Dr. Matthias St. Pierre [Wed, 4 Mar 2020 22:13:24 +0000 (23:13 +0100)]
doc: slightly reformulate 'openssl(1)/Random State Options' section
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11252)
Kurt Roeckx [Sun, 16 Feb 2020 13:44:06 +0000 (14:44 +0100)]
Improve small block cipher performance
Avoid function calls we don't need to do.
In 1.1.1 we have:
aes-128-cbc 572267.80k 681197.08k 715430.74k 720508.59k 722359.64k 723004.07k
Current master:
aes-128-cbc 460663.70k 631125.66k 701283.58k 719794.52k 724732.59k 726668.63k
new:
aes-128-cbc 582057.64k 684288.62k 715721.90k 724856.15k 717578.24k 727176.53k
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11102)
Rich Salz [Wed, 4 Mar 2020 19:41:53 +0000 (14:41 -0500)]
Add -section option to 'req' command
This removes "req" as the hardwired section for the req command.
Doing this will let us merge some test configs.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11249)
Pauli [Tue, 25 Feb 2020 04:29:30 +0000 (14:29 +1000)]
cmdline app: add provider commandline options.
Add a -provider option to allow providers to be loaded. This option can be
specified multiple times.
Add a -provider_path option to allow the path to providers to be specified.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11167)
Pauli [Wed, 26 Feb 2020 21:45:31 +0000 (07:45 +1000)]
man1: make all openssl command line tool documentation generated.
With the introduction of provider command line options which are applicable to
almost all of the command line tools, it seemed reasonable to make them all
generated. This simplifes the .gitignore and avoids having to keep two lists
in sync.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11167)
Shane Lontis [Fri, 6 Mar 2020 21:47:58 +0000 (07:47 +1000)]
Change DH_get_nid() to set the value of q if it is not already set
Fixes #11108.
It only sets q if a valid named group is found.
The function signature was recently changed to pass a non const DH pointer
in order to allow the nid to be cached internally. As an extension of this
the value of q can now also be set as q is always known for named groups.
The length field is also set if q is set.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11114)
Matt Caswell [Thu, 5 Mar 2020 09:21:56 +0000 (09:21 +0000)]
Clarify the usage of EVP_PKEY_get_raw_[private|public]_key()
EVP_PKEY_get_raw_private_key() and EVP_PKEY_get_raw_public_key() expect
the size of the key buffer to be populated in the |*len| parameter on
entry - but the docs made no mention of this.
Fixes #11245
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11254)
Rich Salz [Tue, 25 Feb 2020 18:25:13 +0000 (13:25 -0500)]
Use .cnf for config files, not .conf
The default is openssl.cnf The project seems to prefer xxx.conf these
days, but we should use the default convention.
Rename all foo.conf (except for Configurations) to foo.cnf
Fixes #11174
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)
Rich Salz [Tue, 25 Feb 2020 17:03:44 +0000 (12:03 -0500)]
Remove unused files
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)
Roger Ning [Mon, 2 Mar 2020 05:35:02 +0000 (13:35 +0800)]
fix a minor bug of s_client
CLA: trivial
-CAstore's option should be OPT_CASTORE, instead of OPT_CAFILE
correct also -no-CAstore option from OPT_NOCAPATH to OPT_NOCASTORE
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11215)
Leo Neat [Fri, 21 Feb 2020 00:42:32 +0000 (16:42 -0800)]
Add CIFuzz action
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11140)
Patrick Steuer [Tue, 3 Mar 2020 12:29:03 +0000 (13:29 +0100)]
crypto/ec/curve448/eddsa.c: fix EBCDIC platforms
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11229)
Patrick Steuer [Tue, 3 Mar 2020 16:40:07 +0000 (17:40 +0100)]
aes-s390x.pl: fix stg offset caused by typo in perlasm
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11234)
Vladimir Panteleev [Mon, 2 Mar 2020 20:36:07 +0000 (20:36 +0000)]
.github/PULL_REQUEST_TEMPLATE.md: Fix link to contributors guide
The file was converted to Markdown and renamed appropriately in
2e07506a12e126894cd820304465162bc0e732b4.
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11223)
Shane Lontis [Tue, 21 Jan 2020 05:57:25 +0000 (15:57 +1000)]
Add DSA Key validation to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10912)
Shane Lontis [Tue, 21 Jan 2020 05:45:40 +0000 (15:45 +1000)]
Add DH key validation to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10911)
Richard Levitte [Mon, 2 Mar 2020 09:50:24 +0000 (10:50 +0100)]
config, Configure: move the check of removed crypto/ sub-systems
The 'config' script checked for a bunch of crypto/ sub-system
directories, and added 'no-' options if they weren't there.
We move it to 'Configure' in an effort to simplify 'config' for
further work.
Note: this is pretty much a historical thing. In modern OpenSSL, it's
much simpler to edit the SUBDIRS statement in crypto/build.info.
However, it's been claimed the there are those who still remove some
of these sub-system sources.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11217)
Richard Levitte [Wed, 26 Feb 2020 13:57:39 +0000 (14:57 +0100)]
.travis.yml: where it matters, have build and source nesting levels differ
Where we build out of source, the source directory was _srcdist and
the build directory was _build. That gives the same nesting level for
both, which doesn't quite exercise all aspects of relative back
references from build to source tree.
Changing the build tree to be in _build/tree will challenge back
references a bit more, and ensure a bit more that we got it right.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11186)
Rich Salz [Wed, 26 Feb 2020 20:25:43 +0000 (15:25 -0500)]
Add some missing env var documentation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11189)
Vladimir Panteleev [Mon, 2 Mar 2020 18:05:03 +0000 (18:05 +0000)]
.gitignore: Add /apps/progs.{c,h}
These files were removed from the source tree in
fe909ee4aeb6eb64f6f31a1544c5d3c81c5fe1f1.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11222)
Shane Lontis [Sun, 16 Feb 2020 09:54:08 +0000 (19:54 +1000)]
Add Serializers for EC
Provide EC serializers for text, pem and der.
EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by
other KEY types (which normally have a SEQUENCE at the top level).
For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the
code can still be shared with EC.
The EC serializer only supports named curves currently.
NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be
added in another PR. (Probably when deserialization is considered).
EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was
that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non
optional. As this is not the case for any other key the code has been modified.
Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11107)
Tomas Mraz [Tue, 3 Mar 2020 14:34:53 +0000 (15:34 +0100)]
Correct two small documentation issues
The find-doc-nits complains about non-zero word and about missing
line before =head1 which causes build failure.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11231)
Dmitry Belyavskiy [Tue, 21 Jan 2020 12:04:42 +0000 (15:04 +0300)]
Documenting newly added CMS modification
Documented CMS-related API functions.
Documented flags added to openssl-cms command
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10904)
Dmitry Belyavskiy [Mon, 20 Jan 2020 15:17:44 +0000 (18:17 +0300)]
Implementation of Russian GOST CMS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10904)
Dr. Matthias St. Pierre [Sun, 1 Mar 2020 23:25:29 +0000 (00:25 +0100)]
doc: document that 'openssl rand' is cryptographically secure
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11213)
Philippe Antoine [Mon, 2 Mar 2020 12:46:37 +0000 (13:46 +0100)]
Fix build with clang assembler
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11219)
Shane Lontis [Tue, 3 Mar 2020 04:02:36 +0000 (14:02 +1000)]
Add pairwise consistency self tests to asym keygenerators
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10952)
Richard Levitte [Thu, 27 Feb 2020 01:07:50 +0000 (02:07 +0100)]
.travis.yml: Remove NOUPDATE support
It was a temporary measure to deal with the fact that util/progs.pl
didn't work right at all times, but that has now been fixed.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:52:04 +0000 (14:52 +0100)]
Remove apps/progs.c and apps/progs.h
Since they are generated in build time, there's not need to keep them
in the source tree.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:42:10 +0000 (14:42 +0100)]
Configure: Diverse cleanups
There were some remaining old code and comments that don't serve a
purpose any longer.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:39:16 +0000 (14:39 +0100)]
Build: Generate apps/progs.c and apps/progs.h in build time
util/progs.pl depends on the build tree (on configdata.pm,
specifically), so it needs to be run from the build tree. But why
stop there? We might as well generate apps/progs.c and apps/progs.h
when building.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:35:17 +0000 (14:35 +0100)]
build.info: Implement simply substitutions in variable values
Use case: having a variable with multiple source files in its value,
and wanting to refer to the corresponding object file.
$SRCS=foo.c bar.c
SOURCE[program]=$SRCS
DEPEND[${SRCS/.c/.o}]=prog.h
GENERATE[prog.h]=...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Wed, 26 Feb 2020 13:30:38 +0000 (14:30 +0100)]
build.info: Make it possible to have more than one item in KEYWORD[]
So far, the "index" part of KEYWORD[whatever] could only handle one
item. There are cases, however, where we want to add the exact same
value to multiple items. This is especially helpful if a variable
that may have multi-item values are used in the "index" part.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Richard Levitte [Thu, 6 Feb 2020 08:53:15 +0000 (09:53 +0100)]
PROV: Add a OP_keymgmt_match() function to our DH, DSA, RSA and EC_KEY impl
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 15:30:21 +0000 (16:30 +0100)]
EVP: Add support for copying provided EVP_PKEYs
This adds evp_keymgmt_util_copy() and affects EVP_PKEY_copy_parameters()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 14:41:58 +0000 (15:41 +0100)]
KEYMGMT: Add a keydata copy function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 11:55:43 +0000 (12:55 +0100)]
EVP: Add support for comparing provided EVP_PKEYs
This adds evp_keymgmt_util_match() and affects EVP_PKEY_cmp() and
EVP_PKEY_cmp_parameters().
The word 'match' was used for the new routines because many associate
'cmp' with comparison functions that allows sorting, i.e. return -1, 0
or 1 depending on the order in which the two compared elements should
be sorted. EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() don't quite
do that.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 11:53:14 +0000 (12:53 +0100)]
KEYMGMT: Add a keydata matching function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 09:18:51 +0000 (10:18 +0100)]
EVP: Adapt EVP_PKEY_missing_parameters() for provider keys
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Thu, 27 Feb 2020 05:03:52 +0000 (06:03 +0100)]
crypto/perlasm/x86_64-xlate.pl: detect GNU as to deal with quirks
It turns out that GNU as and Solaris as don't have compatible ideas on
the .section syntax, so we need to check if we're using GNU as or
another assembler and adapt this .section syntax accordingly.
Fixes #11132
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11191)
André Klitzing [Sat, 29 Feb 2020 22:40:29 +0000 (23:40 +0100)]
Fix drop of const qualifier
The parameter got "const" in
9fdcc21fdc9 but that was not added
to cast. So this throws a -Wcast-qual in user code.
error: cast from 'const DUMMY *' to 'ASN1_VALUE_st *' drops const qualifier [-Werror,-Wcast-qual]
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11210)
Richard Levitte [Mon, 24 Feb 2020 18:15:47 +0000 (19:15 +0100)]
DOCS: Add and modify docs for internal EVP_KEYMGMT utility functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)