oweals/openssl.git
4 years agodoc: fix trace category names
Dr. Matthias St. Pierre [Sun, 10 May 2020 00:42:58 +0000 (02:42 +0200)]
doc: fix trace category names

The `ENGINE_CONF` and `PROVIDER_CONF` trace categories were merged
into a single `CONF` category (see bc362b9b7202 and 71849dff56d6).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11806)

4 years agoClean up some doc nits
Rich Salz [Thu, 21 May 2020 21:21:27 +0000 (17:21 -0400)]
Clean up some doc nits

Mostly "No items in =over/=back list"

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11902)

4 years agoFix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it
Dr. David von Oheimb [Thu, 21 May 2020 08:37:22 +0000 (10:37 +0200)]
Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it

Fixes #11870

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11894)

4 years agoConstify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()
Dr. David von Oheimb [Sun, 24 May 2020 16:28:06 +0000 (18:28 +0200)]
Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11894)

4 years agoPROV: Fix RSA-OAEP memory leak
Richard Levitte [Sat, 23 May 2020 15:34:07 +0000 (17:34 +0200)]
PROV: Fix RSA-OAEP memory leak

The OAEP label wasn't freed when the operation context was freed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11927)

4 years agoUpdate core_names.h fields and document most fields.
Shane Lontis [Tue, 26 May 2020 03:53:07 +0000 (13:53 +1000)]
Update core_names.h fields and document most fields.

Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related to RSA keys.
Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file.
Updated Keyexchange and signature code and docs.
Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod.
Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it.

Added some usage examples. As a result of the usage examples the following change was also made:
ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11610)

4 years agoFix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_s...
Shane Lontis [Tue, 26 May 2020 02:44:36 +0000 (12:44 +1000)]
Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod

Fixes #11743

The ouput format had 2 issues that caused it not to match the expected documented format:
(1) At some point the thread id printing was changed to use the OPENSSL_hex2str method which puts ':' between hex bytes.
    An internal function that skips the seperator has been added.
(2) The error code no longer exists. So this was completely removed from the string. It is now replaced by ::

As an example:
  00:77:6E:52:14:7F:00:00:error:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135:
Is now:
  00776E52147F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135:

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11789)

4 years agoossl_shim: add deprecation guards around the -use-ticket-callback option.
Pauli [Sun, 24 May 2020 22:40:20 +0000 (08:40 +1000)]
ossl_shim: add deprecation guards around the -use-ticket-callback option.

The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated
build.

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11944)

4 years agoCoverity 1463830: Resource leaks (RESOURCE_LEAK)
Pauli [Sun, 24 May 2020 21:43:45 +0000 (07:43 +1000)]
Coverity 1463830: Resource leaks (RESOURCE_LEAK)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11941)

4 years agoUpdate the gost-engine submodule
Dmitry Belyavskiy [Mon, 25 May 2020 09:45:37 +0000 (12:45 +0300)]
Update the gost-engine submodule

Fixes #11949
[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11951)

4 years agoFix omissions in providers/common/der/build.info
Richard Levitte [Fri, 22 May 2020 08:17:55 +0000 (10:17 +0200)]
Fix omissions in providers/common/der/build.info

Dependencies on generated files must be declared explicitly.  When
refactoring the DER code in providers/common/der, a few of those
dependency declaration were omitted, which may lead to build errors in
a parallel build.

Some cleanup and extensive used of build.info variables is done while
at it, to avoid unnecessary repetition.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11906)

4 years agoDrop special case of time interval calculation for VMS
Tomas Mraz [Fri, 22 May 2020 08:14:04 +0000 (10:14 +0200)]
Drop special case of time interval calculation for VMS

The existing special case code is broken and it is not needed
anymore as times() and _SC_CLK_TCK should be supported
on the supported VMS versions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11905)

4 years agoRevert "Guard use of struct tms with #ifdef __TMS"
Tomas Mraz [Fri, 22 May 2020 08:07:43 +0000 (10:07 +0200)]
Revert "Guard use of struct tms with #ifdef __TMS"

The __TMS might be necessary on VMS however there is no such
define on glibc even though the times() function is fully
supported.

Fixes #11903

This reverts commit db71d315479762eefbf2bcda8be3b44b1867133f.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11905)

4 years agoFix auto-gen names in .gitignore
Rich Salz [Fri, 22 May 2020 15:21:11 +0000 (11:21 -0400)]
Fix auto-gen names in .gitignore

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11916)

4 years agos_client: Fix -proxy flag regression
Marc [Wed, 20 May 2020 00:25:10 +0000 (01:25 +0100)]
s_client: Fix -proxy flag regression

s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2.

openssl s_client -connect <target> -proxy <proxy_host:proxy_port>
Results in s_client making a TCP connection to proxy_host:proxy_port and then issuing an HTTP CONNECT to the proxy, instead of the target.

Fixes https://github.com/openssl/openssl/issues/11879

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11880)

4 years agoFix coverity issues in EC after #11807
Nicola Tuveri [Fri, 22 May 2020 16:50:17 +0000 (19:50 +0300)]
Fix coverity issues in EC after #11807

This should fix 2 issues detected by Coverity and introduced with
https://github.com/openssl/openssl/pull/11807

- CID 1463577:  Memory - corruptions  (ARRAY_VS_SINGLETON)
- CID 1463573:  Memory - corruptions  (ARRAY_VS_SINGLETON)

In practice the tests seem to show that they both aren't real issues,
yet I believe this small change should appease the scanner and at the
same time improve clarity for the reader.

Here is the original report:

```
** CID 1463577:  Memory - corruptions  (ARRAY_VS_SINGLETON)

________________________________________________________________________________________________________
*** CID 1463577:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/crypto/ec/ec_lib.c: 1123 in EC_POINT_mul()
1117
1118         if (group->meth->mul != NULL)
1119             ret = group->meth->mul(group, r, g_scalar, point != NULL
1120                                    && p_scalar != NULL, &point, &p_scalar, ctx);
1121         else
1122             /* use default */
   CID 1463577:  Memory - corruptions  (ARRAY_VS_SINGLETON)
   Passing "&point" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
1123             ret = ec_wNAF_mul(group, r, g_scalar, point != NULL
1124                               && p_scalar != NULL, &point, &p_scalar, ctx);
1125
1126     #ifndef FIPS_MODULE
1127         BN_CTX_free(new_ctx);
1128     #endif

** CID 1463573:  Memory - corruptions  (ARRAY_VS_SINGLETON)

________________________________________________________________________________________________________
*** CID 1463573:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/crypto/ec/ec_lib.c: 1123 in EC_POINT_mul()
1117
1118         if (group->meth->mul != NULL)
1119             ret = group->meth->mul(group, r, g_scalar, point != NULL
1120                                    && p_scalar != NULL, &point, &p_scalar, ctx);
1121         else
1122             /* use default */
   CID 1463573:  Memory - corruptions  (ARRAY_VS_SINGLETON)
   Passing "&p_scalar" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
1123             ret = ec_wNAF_mul(group, r, g_scalar, point != NULL
1124                               && p_scalar != NULL, &point, &p_scalar, ctx);
1125
1126     #ifndef FIPS_MODULE
1127         BN_CTX_free(new_ctx);
1128     #endif
```

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11919)

4 years agoMove decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h
Dr. David von Oheimb [Fri, 22 May 2020 12:42:21 +0000 (14:42 +0200)]
Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h

fixes #11818

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11911)

4 years agoRe-introduce legacy EVP_PKEY types for provided keys
Richard Levitte [Fri, 22 May 2020 13:41:28 +0000 (15:41 +0200)]
Re-introduce legacy EVP_PKEY types for provided keys

EVP_PKEYs with provider side internal keys got the key type
EVP_PKEY_NONE.  This turned out to be too disruptive, so we try
instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever
EVP_PKEY type it uses.

To make internal coding easier, we introduce a few internal macros to
distinguish what can be expected from a EVP_PKEY:

- evp_pkey_is_blank(), to detect an unassigned EVP_PKEY.
- evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a
  type, which may be an old style type number or a EVP_KEYMGMT method.
- evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned
  an key value.
- evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a
  legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an
  EVP_PKEY_METHOD.
- evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is
  a provider side one, i.e. will be handdled via an EVP_KEYMGMT and
  other provider methods.

This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY
contains a provider side key for which there are no known
EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be
handled via EVP_KEYMGMT and other provider methods.

Fixes #11823

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11913)

4 years agoGOST external tests
Dmitry Belyavskiy [Mon, 11 May 2020 14:08:48 +0000 (17:08 +0300)]
GOST external tests

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11792)

4 years agoFix the parameter types of the CRYPTO_EX_dup function type.
Bernd Edlinger [Mon, 20 Mar 2017 16:29:28 +0000 (17:29 +0100)]
Fix the parameter types of the CRYPTO_EX_dup function type.

This fixes a strict aliasing issue in ui_dup_method_data.

The parameter type of CRYPTO_EX_dup's from_d parameter
is in fact void **, since it points to a pointer.

This function is rarely used, therefore fix the param type
although that may be considered an API breaking change.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2986)

4 years agoAdjust length of some strncpy() calls
Nicola Tuveri [Tue, 19 May 2020 17:36:44 +0000 (19:36 +0200)]
Adjust length of some strncpy() calls

This fixes warnings detected by -Wstringop-truncation.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11878)

4 years agoPrevent use after free of global_engine_lock
Tomas Mraz [Thu, 21 May 2020 11:16:57 +0000 (13:16 +0200)]
Prevent use after free of global_engine_lock

If buggy application calls engine functions after cleanup of engines
already happened the global_engine_lock will be used although
already freed.

See for example:
https://bugzilla.redhat.com/show_bug.cgi?id=1831086

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11896)

4 years agoCoverity 1463571: Null pointer dereferences (FORWARD_NULL)
Pauli [Thu, 21 May 2020 03:44:01 +0000 (13:44 +1000)]
Coverity 1463571: Null pointer dereferences (FORWARD_NULL)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892)

4 years agoCoverity 1463574: Null pointer dereferences (REVERSE_INULL)
Pauli [Thu, 21 May 2020 03:40:01 +0000 (13:40 +1000)]
Coverity 1463574: Null pointer dereferences (REVERSE_INULL)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892)

4 years agoCoverity 1463576: Error handling issues (CHECKED_RETURN)
Pauli [Thu, 21 May 2020 03:38:35 +0000 (13:38 +1000)]
Coverity 1463576: Error handling issues (CHECKED_RETURN)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892)

4 years agoCoverity 1463258: Incorrect expression (EVALUATION_ORDER)
Pauli [Thu, 21 May 2020 03:18:42 +0000 (13:18 +1000)]
Coverity 1463258: Incorrect expression (EVALUATION_ORDER)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892)

4 years agoThere is no -signreq option in CA.pl
mettacrawler [Tue, 19 May 2020 15:53:24 +0000 (11:53 -0400)]
There is no -signreq option in CA.pl

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11876)

4 years agoSTORE: Make try_decode_PrivateKey() ENGINE aware
Richard Levitte [Tue, 19 May 2020 13:42:07 +0000 (15:42 +0200)]
STORE: Make try_decode_PrivateKey() ENGINE aware

This function only considered the built-in and application
EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes
through all loaded engines, using whatever table of methods they each
have.

Fixes #11861

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11872)

4 years agorsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|
Richard Levitte [Tue, 19 May 2020 10:52:07 +0000 (12:52 +0200)]
rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|

In the FIPS module, the code as written generate an unconditional
error.

Fixes #11865

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11869)

4 years agoRefactor the provider side DER constants and writers
Richard Levitte [Tue, 19 May 2020 08:43:49 +0000 (10:43 +0200)]
Refactor the provider side DER constants and writers

This splits up all the providers/common/der/*.c.in so the generated
portion is on its own and all related DER writing routines are in
their own files.  This also ensures that the DIGEST consstants aren't
reproduced in several files (resulting in symbol clashes).

Finally, the production of OID macros is moved to the generated header
files, allowing other similar macros, or DER constant arrays, to be
built on top of them.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11868)

4 years agodeprecate EC_POINT_make_affine and EC_POINTs_make_affine
Billy Brumley [Tue, 19 May 2020 14:48:36 +0000 (17:48 +0300)]
deprecate EC_POINT_make_affine and EC_POINTs_make_affine

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11874)

4 years agot1_trce: Fix remaining places where the 24 bit shift overflow happens
Tomas Mraz [Tue, 19 May 2020 08:52:53 +0000 (10:52 +0200)]
t1_trce: Fix remaining places where the 24 bit shift overflow happens

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)

4 years agoAvoid potential overflow to the sign bit when shifting left 24 places
Tomas Mraz [Tue, 19 May 2020 08:51:53 +0000 (10:51 +0200)]
Avoid potential overflow to the sign bit when shifting left 24 places

Although there are platforms where int is 64 bit, 2GiB large BIGNUMs
instead of 4GiB should be "big enough for everybody".

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)

4 years agoCast the unsigned char to unsigned int before shifting left
Tomas Mraz [Tue, 19 May 2020 08:51:19 +0000 (10:51 +0200)]
Cast the unsigned char to unsigned int before shifting left

This is needed to avoid automatic promotion to signed int.

Fixes #11853

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)

4 years agoFix egd and devrandom source configs
Bernd Edlinger [Sun, 17 May 2020 00:08:56 +0000 (02:08 +0200)]
Fix egd and devrandom source configs

./config --with-rand-seed=egd

need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD
so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD)

./config --with-rand-seed=devrandom

does not work since wait_random_seeded works under the assumption
that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well,
that is usually the case, but not when only devrandom is enabled.
Skip the wait code in this special case.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11848)

4 years agoAdd OSSL_PROVIDER_do_all()
Richard Levitte [Mon, 18 May 2020 10:43:12 +0000 (12:43 +0200)]
Add OSSL_PROVIDER_do_all()

This allows applications to iterate over all loaded providers.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11858)

4 years agoUpdate early data exchange scenarios in doc
raja-ashok [Wed, 13 May 2020 18:07:14 +0000 (23:37 +0530)]
Update early data exchange scenarios in doc

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11816)

4 years agoUpdate limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3
raja-ashok [Wed, 13 May 2020 18:02:44 +0000 (23:32 +0530)]
Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11816)

4 years agoTest for the SSL_OP_IGNORE_UNEXPECTED_EOF option
Dmitry Belyavskiy [Fri, 15 May 2020 20:03:41 +0000 (23:03 +0300)]
Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11735)

4 years agoIntroducing option SSL_OP_IGNORE_UNEXPECTED_EOF
Dmitry Belyavskiy [Tue, 5 May 2020 13:20:42 +0000 (16:20 +0300)]
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF

Partially fixes #11209.

Before OpenSSL 3.0 in case when peer does not send close_notify,
the behaviour was to set SSL_ERROR_SYSCALL error with errno 0.
This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores
the old behaviour for compatibility's sake.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11735)

4 years agoUse {module,install}-mac, not -checksum
Rich Salz [Fri, 24 Apr 2020 14:48:51 +0000 (10:48 -0400)]
Use {module,install}-mac, not -checksum

As the documentation points out, these fipsmodule.cnf fields are a MAC,
not a digest or checksum.  Rename them to be correct.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

4 years agoRevise fips_install.pod
Rich Salz [Fri, 20 Mar 2020 15:10:15 +0000 (11:10 -0400)]
Revise fips_install.pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

4 years agoRevise x509v3_config.pod
Rich Salz [Fri, 20 Mar 2020 01:53:11 +0000 (21:53 -0400)]
Revise x509v3_config.pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

4 years agoRevise fips_config.pod
Rich Salz [Thu, 19 Mar 2020 14:19:41 +0000 (10:19 -0400)]
Revise fips_config.pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

4 years agoAdd missing pragma weak declaration to lhash.h
Norm Green [Tue, 12 May 2020 00:22:47 +0000 (17:22 -0700)]
Add missing pragma weak declaration to lhash.h

The missing symbol caused a linker failure on solaris x86_64.

Fixes #11796

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11798)

4 years agodeprecate EC precomputation functionality
Billy Brumley [Sun, 17 May 2020 13:09:00 +0000 (16:09 +0300)]
deprecate EC precomputation functionality

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11851)

4 years agoNew Russian TLS 1.2 implementation
Dmitry Belyavskiy [Mon, 30 Mar 2020 15:09:24 +0000 (18:09 +0300)]
New Russian TLS 1.2 implementation

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11442)

4 years agoGOST-related objects changes
Dmitry Belyavskiy [Fri, 8 May 2020 11:17:11 +0000 (14:17 +0300)]
GOST-related objects changes

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11442)

4 years agoConstants for new GOST TLS 1.2 ciphersuites
Dmitry Belyavskiy [Mon, 30 Mar 2020 15:04:07 +0000 (18:04 +0300)]
Constants for new GOST TLS 1.2 ciphersuites

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11442)

4 years agoCORE: query for operations only once per provider (unless no_store is true)
Richard Levitte [Fri, 15 May 2020 13:56:05 +0000 (15:56 +0200)]
CORE: query for operations only once per provider (unless no_store is true)

When a desired algorithm wasn't available, we didn't register anywhere
that an attempt had been made, with the result that next time the same
attempt was made, the whole process would be done again.

To avoid this churn, we register a bit for each operation that has
been queried in the libcrypto provider object, and test it before
trying the same query and method construction loop again.

If course, if the provider has told us not to cache, we don't register
this bit.

Fixes #11814

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11842)

4 years agoUse _get0_ functions instead of _get_.
Marc [Sat, 16 May 2020 18:31:03 +0000 (19:31 +0100)]
Use _get0_ functions instead of _get_.

Fix build error on some platforms

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10757)

4 years agos_client: Show cert algorithms & validity period
Marc [Sat, 4 Jan 2020 15:27:17 +0000 (15:27 +0000)]
s_client: Show cert algorithms & validity period

Add certificate validity period (v) and public key & signature algorithms (a) to the "Certificate Chain" output.

Eg:
Certificate chain
 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
   i:C = US, O = Google Trust Services, CN = GTS CA 1O1
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec  3 14:49:26 2019 GMT; NotAfter: Feb 25 14:49:26 2020 GMT
 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
   i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 15 00:00:42 2017 GMT; NotAfter: Dec 15 00:00:42 2021 GMT

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10757)

4 years agoFix some places where X509_up_ref is used
Bernd Edlinger [Sun, 17 May 2020 12:45:28 +0000 (14:45 +0200)]
Fix some places where X509_up_ref is used
without error handling.

This takes up the ball from #11278
without trying to solve everything at once.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11850)

4 years agoTTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM...
Maxim Zakharov [Fri, 8 May 2020 04:58:10 +0000 (14:58 +1000)]
TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux)

Signed-off-by: Maxim Zakharov <5158255+Maxime2@users.noreply.github.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11767)

4 years agoDelete the sslprovider test
Matt Caswell [Thu, 14 May 2020 14:45:38 +0000 (15:45 +0100)]
Delete the sslprovider test

This was added before the changes to the sslap/ssl_new/ssl_old tests which
run those tests with a non-default library context. It no longer adds
anything that those tests don't already do, so it can be deleted.

This also fixes a number of run-checker build failures which were failing
in this test if TLSv1.2 was disabled.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11832)

4 years agoFix small documentation issues
Nikolay Morozov [Thu, 14 May 2020 19:32:59 +0000 (22:32 +0300)]
Fix small documentation issues

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11835)

4 years agodeprecate EC_POINTs_mul function
Billy Brumley [Wed, 13 May 2020 04:33:59 +0000 (07:33 +0300)]
deprecate EC_POINTs_mul function

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11807)

4 years agoUpdate documentation following changes of various types
Matt Caswell [Thu, 7 May 2020 11:11:44 +0000 (12:11 +0100)]
Update documentation following changes of various types

The previous commit changed the types of various objects passed between
the core and providers. Therefore the documentation needs to be updated
to reflect that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11758)

4 years agoMaintain strict type discipline between the core and providers
Matt Caswell [Wed, 6 May 2020 11:29:57 +0000 (12:29 +0100)]
Maintain strict type discipline between the core and providers

A provider could be linked against a different version of libcrypto than
the version of libcrypto that loaded the provider. Different versions of
libcrypto could define opaque types differently. It must never occur that
a type created in one libcrypto is used directly by the other libcrypto.
This will cause crashes.

We can "cheat" for "built-in" providers that are part of libcrypto itself,
because we know that the two libcrypto versions are the same - but not for
other providers.

To ensure this does not occur we use different types names for the handful
of opaque types that are passed between the core and providers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11758)

4 years agoCORE: Fix a couple of bugs in algorithm_do_this()
Richard Levitte [Fri, 15 May 2020 05:50:43 +0000 (07:50 +0200)]
CORE: Fix a couple of bugs in algorithm_do_this()

The call of ossl_provider_query_operation() used |data->operation_id|,
when |cur_operation| should be used.

If any ossl_provider_query_operation() call returned NULL, the loop
was stopped, when it should just continue on to the next operation.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11837)

4 years agoTest TLSv1.3 out-of-band PSK with all 5 ciphersuites
raja-ashok [Sun, 10 May 2020 17:17:00 +0000 (22:47 +0530)]
Test TLSv1.3 out-of-band PSK with all 5 ciphersuites

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11785)

4 years agoFix crash in early data send with out-of-band PSK using AES CCM
raja-ashok [Fri, 8 May 2020 13:47:21 +0000 (19:17 +0530)]
Fix crash in early data send with out-of-band PSK using AES CCM

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11785)

4 years agoFix all MD036 (emphasis used instead of heading)
Rich Salz [Wed, 13 May 2020 15:16:50 +0000 (11:16 -0400)]
Fix all MD036 (emphasis used instead of heading)

The main fixes were errors in itemized lists "*)" instead of "*"

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11770)

4 years agoAdd "md-nits" make target
Rich Salz [Fri, 8 May 2020 14:34:22 +0000 (10:34 -0400)]
Add "md-nits" make target

Also fix a nit in recent CHANGES.md update.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11770)

4 years agoAdd 'methods' parameter to setup_engine() in apps.c for individual method defaults
David von Oheimb [Mon, 28 Aug 2017 17:14:47 +0000 (19:14 +0200)]
Add 'methods' parameter to setup_engine() in apps.c for individual method defaults

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/4277)

4 years agoClean up macro definitions of openssl_fdset() in apps.h and sockets.h
Dr. David von Oheimb [Tue, 21 Apr 2020 12:08:49 +0000 (14:08 +0200)]
Clean up macro definitions of openssl_fdset() in apps.h and sockets.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/4277)

4 years agoUse OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c
Dr. David von Oheimb [Wed, 6 May 2020 11:51:50 +0000 (13:51 +0200)]
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c

This also adds the more flexible and general load_key_cert_crl()
as well as helper functions get_passwd(), cleanse(), and clear_free()
to be used also in apps/cmp.c etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11755)

4 years agoNit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning
Dr. David von Oheimb [Fri, 8 May 2020 08:56:14 +0000 (10:56 +0200)]
Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11755)

4 years agoGuard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c
Dr. David von Oheimb [Thu, 7 May 2020 19:37:28 +0000 (21:37 +0200)]
Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11755)

4 years agoBuild: make apps/progs.c depend on configdata.pm
Richard Levitte [Thu, 14 May 2020 10:33:09 +0000 (12:33 +0200)]
Build: make apps/progs.c depend on configdata.pm

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11824)

4 years agoSSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys
Richard Levitte [Thu, 14 May 2020 12:04:41 +0000 (14:04 +0200)]
SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys

Fixes #11720

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11828)

4 years agoIgnore some auto-generated DER files
Matt Caswell [Thu, 14 May 2020 13:21:40 +0000 (14:21 +0100)]
Ignore some auto-generated DER files

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11830)

4 years agoPrepare for 3.0 alpha 3
Matt Caswell [Fri, 15 May 2020 13:35:04 +0000 (14:35 +0100)]
Prepare for 3.0 alpha 3

Reviewed-by: Richard Levitte <levitte@openssl.org>
4 years agoPrepare for release of 3.0 alpha 2 openssl-3.0.0-alpha2
Matt Caswell [Fri, 15 May 2020 13:33:29 +0000 (14:33 +0100)]
Prepare for release of 3.0 alpha 2

Reviewed-by: Richard Levitte <levitte@openssl.org>
4 years agoUpdate copyright year
Matt Caswell [Fri, 15 May 2020 13:09:49 +0000 (14:09 +0100)]
Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)

4 years agoIf SOURCE_DATE_EPOCH is defined, use it for copyright year
Nicolas Vigier [Thu, 5 Mar 2020 19:39:05 +0000 (20:39 +0100)]
If SOURCE_DATE_EPOCH is defined, use it for copyright year

Using the date from SOURCE_DATE_EPOCH instead of the current date makes
it possible to reproduce a build that was built on a different year:
https://reproducible-builds.org/specs/source-date-epoch/

This is fixing an issue we had while building Tor Browser:
https://trac.torproject.org/projects/tor/ticket/33535

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11296)

4 years agoCorrect alignment calculation in ssl3_setup_write
Matt Caswell [Fri, 8 May 2020 10:12:10 +0000 (11:12 +0100)]
Correct alignment calculation in ssl3_setup_write

The alignment calculation in ssl3_setup_write incorrectly results in an
alignment allowance of
(-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1) bytes. This equals 3
in almost all cases. The maximum alignment actually used in do_ssl3_write
is (SSL3_ALIGN_PAYLOAD - 1). This equals 7 bytes in almost all cases. So
there is a potential to overrun the buffer by up to 4 bytes.

Fortunately, the encryption overhead allowed for is 80 bytes which
consists of 16 bytes for the cipher block size and 64 bytes for the MAC
output. However the biggest MAC that we ever produce is HMAC-384 which is
48 bytes - so we have a headroom of 16 bytes (i.e. more than the 4 bytes
of potential overrun).

Thanks to Nagesh Hegde for reporting this.

Fixes #11766

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11768)

4 years agoConfigure: Avoid SIXTY_FOUR_BIT for linux-mips64
Orgad Shaneh [Mon, 24 Feb 2020 07:02:31 +0000 (09:02 +0200)]
Configure: Avoid SIXTY_FOUR_BIT for linux-mips64

This is a 32-bit ABI build (as opposed to linux64-mips64).
Setting SIXTY_FOUR_BIT breaks hardware optimizations, at least on
octeon processors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11725)

4 years agodev/release.sh: Add --reviewer to set reviewers
Richard Levitte [Fri, 24 Apr 2020 09:03:28 +0000 (11:03 +0200)]
dev/release.sh: Add --reviewer to set reviewers

Doing this is kind of contrary to how we normally do things, as this
constitutes a kind of pre-approval.  However, without this, the normal
review process will modify the reviewed commits, and render the
annotated release tag invalid, which forces the person doing the
release to re-tag manually.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11630)

4 years agoPass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z
Thomas Dwyer III [Wed, 13 May 2020 17:32:47 +0000 (10:32 -0700)]
Pass "-z defs" to the linker via "-Wl,-z,defs" rather than with gcc's -z
flag (which is not supported by older compilers).

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11815)

4 years agotest/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test
Richard Levitte [Thu, 14 May 2020 15:15:05 +0000 (17:15 +0200)]
test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11833)

4 years agoPROV: make some DER AID arrays non-static, to avoid clang complaints
Richard Levitte [Tue, 12 May 2020 08:27:46 +0000 (10:27 +0200)]
PROV: make some DER AID arrays non-static, to avoid clang complaints

The problem encountered is that some arrays were deemed unnecessary by
clang, for example:

    providers/common/der/der_rsa.c:424:28: error: variable 'der_aid_sha224Identifier' is not needed and will not be emitted [-Werror,-Wunneeded-internal-declaration]
    static const unsigned char der_aid_sha224Identifier[] = {
                               ^

However, these arrays are used in sizeof() expressions in other parts
of the code that's actually used, making that warning-turned-error a
practical problem.  We solve this by making the array non-static,
which guarantees that the arrays will be emitted, even though
unnecessarily.  Fortunately, they are very small.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years ago.travis.yml: never use -Werror, use --strict-warnings instead
Richard Levitte [Tue, 12 May 2020 07:54:04 +0000 (09:54 +0200)]
.travis.yml: never use -Werror, use --strict-warnings instead

There are a few things in the OpenSSL code that are known to give
warnings that we know are harmless.  We test our builds accordingly.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agotest/recipes/15-test_rsapss.t: Add test with unrestricted signature
Richard Levitte [Mon, 11 May 2020 16:27:04 +0000 (18:27 +0200)]
test/recipes/15-test_rsapss.t: Add test with unrestricted signature

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agotest/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests
Richard Levitte [Fri, 8 May 2020 17:39:44 +0000 (19:39 +0200)]
test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests

There were a few RSA-PSS related tests that were disabled for non-default
library contexts.  We now re-enable them.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agotest/evp_pkey_provided_test.c: Display first, compare after
Richard Levitte [Thu, 7 May 2020 07:56:52 +0000 (09:56 +0200)]
test/evp_pkey_provided_test.c: Display first, compare after

To make it easier to check the generated key manually, display it
before comparing diverse other serializations.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoPROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters
Richard Levitte [Wed, 6 May 2020 19:52:12 +0000 (21:52 +0200)]
PROV & ASYM_CIPHER: Adapt the RSA asymmetric cipher code for PSS-parameters

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoEVP: Refactor the RSA-PSS key generation controls for providers
Richard Levitte [Tue, 5 May 2020 08:29:34 +0000 (10:29 +0200)]
EVP: Refactor the RSA-PSS key generation controls for providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoPROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters
Richard Levitte [Sun, 3 May 2020 04:02:52 +0000 (06:02 +0200)]
PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoEVP: For SIGNATURE operations, pass the propquery early
Richard Levitte [Wed, 6 May 2020 19:44:58 +0000 (21:44 +0200)]
EVP: For SIGNATURE operations, pass the propquery early

Instead of passing it with signature->digest_verify_init() and
signature->digest_sign_init(), we pass it with signature->newctx().
This allows the digests that are indicated by RSA PSS parameters
to have a useful propquery.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoPROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters
Richard Levitte [Sat, 2 May 2020 11:39:40 +0000 (13:39 +0200)]
PROV & SERIALIZER: Adapt the RSA serializers for PSS-parameters

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoPROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation
Richard Levitte [Sat, 2 May 2020 11:31:47 +0000 (13:31 +0200)]
PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoPROV: Refactor the RSA SIGNATURE implementation for better param control
Richard Levitte [Thu, 7 May 2020 06:51:09 +0000 (08:51 +0200)]
PROV: Refactor the RSA SIGNATURE implementation for better param control

We want to catch errors in passed parameters early, which requires
kowledge of the ongoing operation.  Fortunately, that's possible by
re-using the EVP_PKEY_OP macros in specific init functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoPROV: Refactor the RSA DER support
Richard Levitte [Sat, 2 May 2020 11:25:52 +0000 (13:25 +0200)]
PROV: Refactor the RSA DER support

We separate out the NIST arc OIDs to a separate file, so it can be
re-used, and also the DIGEST OIDs.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoDER writer: Add the possibility to abandon empty SEQUENCEs
Richard Levitte [Sat, 2 May 2020 11:33:24 +0000 (13:33 +0200)]
DER writer: Add the possibility to abandon empty SEQUENCEs

In some cases, a SEQUENCE that contains only optional fields may end
up empty.  In some cases, this may be represented by dropping the
SEQUENCE entirely from the encoded DER.

To do this, we detect the case where WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH
is used, and adapt accordingly.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoRSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions
Richard Levitte [Sat, 2 May 2020 11:14:04 +0000 (13:14 +0200)]
RSA: Add PSS-parameter processing in EVP_PKEY_ASN1_METHOD functions

The import and export functions are affected.  We also refactor them
to assign the RSA key type more carefully.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoRSA: Add a less loaded PSS-parameter structure
Richard Levitte [Sat, 2 May 2020 10:46:55 +0000 (12:46 +0200)]
RSA: Add a less loaded PSS-parameter structure

RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**).  This makes it simpler to handle.

Note that neither this structure nor its contents are passed between
libcrypto and the providers.  Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.

For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely.  For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.

(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions.  We could use any number series we want, as long as we
know for sure what they represent.

(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoRSA: Add rsa_schemes.c, to store scheme data and translator functions
Richard Levitte [Sat, 2 May 2020 10:41:39 +0000 (12:41 +0200)]
RSA: Add rsa_schemes.c, to store scheme data and translator functions

The scheme currently added is OAEP-PSSDigestAlgorithms codified.
The translator functions translate an EVP_MD into a NID, and a NID
into a name, to support the creation and parsing of OSSL_PARAM items.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoRSA: Extract much of the rsa_pkey_export_to() code to a separate function
Richard Levitte [Sat, 2 May 2020 11:02:29 +0000 (13:02 +0200)]
RSA: Extract much of the rsa_pkey_export_to() code to a separate function

The resulting function, rsa_todata(), is designed to be usable by
providers as well.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)

4 years agoRSA: Add RSA key types
Richard Levitte [Sat, 2 May 2020 09:22:23 +0000 (11:22 +0200)]
RSA: Add RSA key types

The support of restricted RSA key types (OAEP and PSS) was lacking, or
dependent on the presence of restriction parameters.  For example,
this means that even though an RSA-PSS key may have been generated, it
may appear as a plain unrestricted RSA key if parameters weren't
present (which is the case when default restriction parameters are
used)

To make it clearer what an RSA key is intended for, and avoid
depending in an EVP_PKEY, we introduce RSA key types.  This is done by
reserving a section of the RSA flags (4 bits, which allows a total of
16 different types).

This isn't terribly important for EVP_PKEY_ASN1_METHOD code, as that
has access to the wrapping EVP_PKEY.  This is very important for
provider code, which has no access to the wrapping EVP_PKEY.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)