Richard Levitte [Wed, 5 Feb 2020 15:30:21 +0000 (16:30 +0100)]
EVP: Add support for copying provided EVP_PKEYs
This adds evp_keymgmt_util_copy() and affects EVP_PKEY_copy_parameters()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 14:41:58 +0000 (15:41 +0100)]
KEYMGMT: Add a keydata copy function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 11:55:43 +0000 (12:55 +0100)]
EVP: Add support for comparing provided EVP_PKEYs
This adds evp_keymgmt_util_match() and affects EVP_PKEY_cmp() and
EVP_PKEY_cmp_parameters().
The word 'match' was used for the new routines because many associate
'cmp' with comparison functions that allows sorting, i.e. return -1, 0
or 1 depending on the order in which the two compared elements should
be sorted. EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() don't quite
do that.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 11:53:14 +0000 (12:53 +0100)]
KEYMGMT: Add a keydata matching function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Wed, 5 Feb 2020 09:18:51 +0000 (10:18 +0100)]
EVP: Adapt EVP_PKEY_missing_parameters() for provider keys
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
Richard Levitte [Thu, 27 Feb 2020 05:03:52 +0000 (06:03 +0100)]
crypto/perlasm/x86_64-xlate.pl: detect GNU as to deal with quirks
It turns out that GNU as and Solaris as don't have compatible ideas on
the .section syntax, so we need to check if we're using GNU as or
another assembler and adapt this .section syntax accordingly.
Fixes #11132
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11191)
André Klitzing [Sat, 29 Feb 2020 22:40:29 +0000 (23:40 +0100)]
Fix drop of const qualifier
The parameter got "const" in
9fdcc21fdc9 but that was not added
to cast. So this throws a -Wcast-qual in user code.
error: cast from 'const DUMMY *' to 'ASN1_VALUE_st *' drops const qualifier [-Werror,-Wcast-qual]
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11210)
Richard Levitte [Mon, 24 Feb 2020 18:15:47 +0000 (19:15 +0100)]
DOCS: Add and modify docs for internal EVP_KEYMGMT utility functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Richard Levitte [Mon, 24 Feb 2020 13:36:09 +0000 (14:36 +0100)]
DOCS: Add internal docs for EVP_PKEY and the export functions
Functions covered:
- evp_pkey_export_to_provider()
- evp_pkey_upgrade_to_provider()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Richard Levitte [Thu, 20 Feb 2020 21:55:41 +0000 (22:55 +0100)]
EVP: Add evp_pkey_upgrade_to_provider(), for EVP_PKEY upgrades
This function "upgrades" a key from a legacy key container to a
provider side key container.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Richard Levitte [Thu, 20 Feb 2020 19:26:16 +0000 (20:26 +0100)]
Rethink the EVP_PKEY cache of provider side keys
The role of this cache was two-fold:
1. It was a cache of key copies exported to providers with which an
operation was initiated.
2. If the EVP_PKEY didn't have a legacy key, item 0 of the cache was
the corresponding provider side origin, while the rest was the
actual cache.
This dual role for item 0 made the code a bit confusing, so we now
make a separate keymgmt / keydata pair outside of that cache, which is
the provider side "origin" key.
A hard rule is that an EVP_PKEY cannot hold a legacy "origin" and a
provider side "origin" at the same time.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Dr. Matthias St. Pierre [Thu, 6 Feb 2020 14:24:07 +0000 (15:24 +0100)]
man: openssl-ocsp: separate client and server options
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11033)
Nikolay Morozov [Fri, 14 Feb 2020 10:14:30 +0000 (13:14 +0300)]
x509v3 subjectSignTool extention support
Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String)
This extention is required to obtain the status of a qualified certificate at Russian Federation.
RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11093)
Richard Levitte [Thu, 27 Feb 2020 00:09:23 +0000 (01:09 +0100)]
Fix util/mktar.sh to use the new VERSION information
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11190)
Scott Arciszewski [Mon, 24 Feb 2020 20:29:12 +0000 (12:29 -0800)]
Fix comment placement in ecp_nistp256.ci
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11175)
Richard Levitte [Mon, 24 Feb 2020 21:33:52 +0000 (22:33 +0100)]
Deprecate ASN1_sign(), ASN1_verify() and ASN1_digest()
These are old functions that fell out of use with OpenSL 0.9.7.
It's more than time to deprecate them.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11161)
Matt Caswell [Thu, 27 Feb 2020 22:08:59 +0000 (08:08 +1000)]
Implement the ECX Serializers
Provide serializers for X25519 and X448 for text, pem and der. There are
no parameter serializers because there are no parameters for these
algorithms.
Add some documentation about the various import/export types available
Add additional testing for the serializers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11095)
Richard Levitte [Tue, 18 Feb 2020 07:25:06 +0000 (08:25 +0100)]
Replace util/shlib_wrap.sh with util/wrap.pl in diverse docs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
Richard Levitte [Mon, 17 Feb 2020 14:20:57 +0000 (15:20 +0100)]
Build file templates: don't set OPENSSL_{ENGINES,MODULES}
Since we've now switched to use util/wrap.pl to wrap uninstalled
programs everywhere, there's no need to set the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES globally for the tests.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
Richard Levitte [Mon, 17 Feb 2020 14:05:04 +0000 (15:05 +0100)]
TEST: add util/wrap.pl and use it
util/wrap.pl is a script that defines the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES, then calls the command line
that's given as its arguments.
On a POSIX platform, the command line call is done via
util/shlib_wrap.sh to ensure that the shared library paths are
correct. For other platforms, util/wrap.pl currently assumes that
similar things are already in place through other means.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
Richard Levitte [Mon, 24 Feb 2020 13:56:26 +0000 (14:56 +0100)]
VMS: mitigate for the C++ compiler that doesn't understand certain pragmas
This only affects __DECC_INCLUDE_EPILOGUE.H and __DECC_INCLUDE_PROLOGUE.H,
which are used automatically by HP and VSI C/C++ compilers.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11159)
(cherry picked from commit
605a0c709f4d50497a1c49ee117a0ec4bb956d58)
Dr. Matthias St. Pierre [Tue, 25 Feb 2020 16:04:47 +0000 (17:04 +0100)]
doc: add a fancy CHANGES entry to celebrate the new Markdown format
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Fri, 29 Nov 2019 18:45:56 +0000 (19:45 +0100)]
doc: revamp the SUPPORT file
Too be continued...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Tue, 31 Dec 2019 00:09:40 +0000 (01:09 +0100)]
doc: revamp the INSTALL file
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Tue, 3 Dec 2019 17:32:21 +0000 (18:32 +0100)]
doc: add missing CHANGES entries for all versions >= 1.0.0
Up to now, CHANGES entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Sat, 30 Nov 2019 16:07:31 +0000 (17:07 +0100)]
doc: add missing NEWS entries for all versions >= 1.0.0
Up to now, NEWS entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Fri, 29 Nov 2019 19:45:28 +0000 (20:45 +0100)]
doc: revamp the README file
* Add an OpenSSL logo and CI badges
* Add a table of contents
* Add a lot of links
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Sat, 30 Nov 2019 22:45:03 +0000 (23:45 +0100)]
doc: add OpenSSL logo
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Thu, 28 Nov 2019 22:10:51 +0000 (23:10 +0100)]
doc: introduce some minimalistic markdown without essential changes
The goal is to transform the standard documents
README, INSTALL, SUPPORT, CONTRIBUTING, ...
from a pure text format into markdown format, but in such a way
that the documentation remains nicely formatted an easy readable
when viewed with an normal text editor.
To achieve this goal, we use a special form of 'minimalistic' markdown
which interferes as little as possible with the reading flow.
* avoid [ATX headings][] and use [setext headings][] instead
(works for `<h1>` and `<h2>` headings only).
* avoid [inline links][] and use [reference links][] instead.
* avoid [fenced code blocks][], use [indented-code-blocks][] instead.
The transformation will take place in several steps. This commit
introduces mostly changes the formatting and does not chang the
content significantly.
[ATX headings]: https://github.github.com/gfm/#atx-headings
[setext headings]: https://github.github.com/gfm/#setext-headings
[inline links]: https://github.github.com/gfm/#inline-link
[reference links]: https://github.github.com/gfm/#reference-link
[fenced code blocks]: https://github.github.com/gfm/#fenced-code-blocks
[indented code blocks]: https://github.github.com/gfm/#indented-code-blocks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Dr. Matthias St. Pierre [Thu, 28 Nov 2019 22:56:36 +0000 (23:56 +0100)]
doc: convert standard project docs to markdown
In the first step, we just add the .md extension and move some
files around, without changing any content. These changes will
occur in the following commits.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Rich Salz [Wed, 15 Jan 2020 19:53:29 +0000 (14:53 -0500)]
Use a wrapper for pod2html
Remove unused util/process_docs.pl
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10856)
Bastian Germann [Thu, 13 Feb 2020 10:45:50 +0000 (11:45 +0100)]
apps x509: restrict CAkeyform option to OPT_FMT_PDE
CAkeyform may be set to PEM, DER or ENGINE, but the current options
are not using the proper optionformat 'E' (OPT_FMT_PDE) for this.
Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting
the option value.
This amends
0ab6fc79a9a ("Fix regression on x509 keyform argument") which
did the same thing for keyform and changed the manpage synopsis entries
for both keyform and CAkeyform but did not change the option section.
Hence, change the option section for both of them.
CLA: trivial
Co-developed-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11085)
Asfak Rahman [Fri, 21 Feb 2020 07:41:29 +0000 (09:41 +0200)]
bugfix in cmac calculation example
The example never executes code inside of the while loop, as read()
returns bigger number than 0. Thus the end result is wrong.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11143)
Tomas Mraz [Wed, 26 Feb 2020 07:41:36 +0000 (08:41 +0100)]
Avoid arm64 builds timeout due to silent make taking too long time
Also reuse one of the arm64 builds as a no-deprecated build
Also include a single ppc64le-build
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11181)
Pauli [Sat, 22 Feb 2020 08:39:28 +0000 (18:39 +1000)]
secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init().
If the user specifies a minimum allocation size that is smaller than
the free list structure (or zero), calculate the minimum possible size rather
than failing.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
Pauli [Sat, 22 Feb 2020 00:35:26 +0000 (10:35 +1000)]
sec_mem: add note about the minimum size parameter.
Add a note indicating that the minimum size parameter to
CRYPTO_secure_malloc_init() should be small.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
Davide Galassi [Wed, 26 Feb 2020 05:31:17 +0000 (15:31 +1000)]
Mem-sec small code adjustment
Conditional code readability improvement.
Remove unused macro
Commit #11042 has introduced a new, unused, CRYPTO_EX_INDEX macro.
Remove before version release.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11103)
H.J. Lu [Wed, 26 Feb 2020 03:04:41 +0000 (13:04 +1000)]
x86_64: Replace .asciz "GNU" with .byte
Replace .asciz "GNU" with .byte since .asciz isn't supported on Solaris.
Fixes https://github.com/openssl/openssl/issues/11132
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11137)
Dr. Matthias St. Pierre [Mon, 17 Feb 2020 18:39:05 +0000 (19:39 +0100)]
Check that the DRBG's internal state has been zeroized after uninstantiation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)
Dr. Matthias St. Pierre [Mon, 17 Feb 2020 18:25:55 +0000 (19:25 +0100)]
DRBG: delay initialization of DRBG method until instantiation
Previously, the initialization was done immediately in RAND_DRBG_set(),
which is also called in RAND_DRBG_uninstantiate().
This made it difficult for the FIPS DRBG self test to verify that the
internal state had been zeroized, because it had the side effect that
the drbg->data structure was reinitialized immediately.
To solve the problem, RAND_DRBG_set() has been split in two parts
static int rand_drbg_set(RAND_DRBG *drbg, int type, unsigned int flags);
static int rand_drbg_init_method(RAND_DRBG *drbg);
and only the first part is called from RAND_DRBG_uninstantiate().
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)
Matt Turner [Tue, 18 Feb 2020 18:08:27 +0000 (10:08 -0800)]
config: Drop linux-alpha-gcc+bwx
Its entry in Configuration/10-main.conf was dropped in commit
7ead0c89185c ("Configure: fold related configurations more aggressively
and clean-up.") probably because all but one of its bn_ops were removed
(RC4_CHAR remained). Benchmarks on an Alpha EV7 indicate that RC4_INT is
better than RC4_CHAR so rather than restoring the configuation, remove
it from config.
CLA: trivial
Bug: https://bugs.gentoo.org/697840
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11130)
Richard Levitte [Sat, 22 Feb 2020 02:27:14 +0000 (03:27 +0100)]
Fix default provider merge glitch
Property "default" no longer exists, replace "default=yes" with
"provider=default"
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11150)
Richard Levitte [Wed, 12 Feb 2020 13:28:50 +0000 (14:28 +0100)]
Refactor evp_pkey_make_provided() to do legacy to provider export
Previously, evp-keymgmt_util_export_to_provider() took care of all
kinds of exports of EVP_PKEYs to provider side keys, be it from its
legacy key or from another provider side key. This works most of the
times, but there may be cases where the caller wants to be a bit more
in control of what sort of export happens when.
Also, when it's time to remove all legacy stuff, that job will be much
easier if we have a better separation between legacy support and
support of provided stuff, as far as we can take it.
This changes moves the support of legacy key to provider side key
export from evp-keymgmt_util_export_to_provider() to
evp_pkey_make_provided(), and makes sure the latter is called from all
EVP_PKEY functions that handle legacy stuff.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11074)
Richard Levitte [Thu, 30 Jan 2020 14:14:37 +0000 (15:14 +0100)]
DSA: More conforming names in crypto/dsa/dsa_aid.c
Made macro names that refer to a known base OID, an commented accordingly.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Thu, 12 Dec 2019 08:21:59 +0000 (09:21 +0100)]
doc/man3/EVP_PKEY_CTX_ctrl.pod: cleanup
Clean up a manual we've touched, according to conventions found in
Linux' man-pages(7); function arguments in descriptions should be in
italics, and types, macros and similar should be in bold, with the
exception for NULL.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Wed, 4 Dec 2019 08:54:35 +0000 (09:54 +0100)]
PROV: Avoid MDC2 in the RSA signature implementation in the FIPS module
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Tue, 3 Dec 2019 10:02:58 +0000 (11:02 +0100)]
test/recipes/30-test_evp_data/evppkey.txt
Tests that go through provider cannot recognise PKEY_CTRL_INVALID from
PKEY_CTRL_ERROR any more, because provided implementations' param
setting functions return 0 or 1.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Mon, 2 Dec 2019 10:26:15 +0000 (11:26 +0100)]
test/evp_extra_test.c: adapt for RSA signature tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Mon, 2 Dec 2019 10:25:47 +0000 (11:25 +0100)]
rsa_get0_all_params(): Allow zero CRT params
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Richard Levitte [Sun, 1 Dec 2019 14:01:50 +0000 (15:01 +0100)]
PROV: add RSA signature implementation
This includes legacy PSS controls to params conversion, and an attempt
to generalise the parameter names when they are suitable for more than
one operation.
Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers
for known RSA+hash function combinations.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Dr. David von Oheimb [Fri, 21 Feb 2020 20:41:56 +0000 (21:41 +0100)]
Don't exclude quite so much in a no-sock build
We were excluding more code than we needed to in the OCSP/HTTP code in
the event of no-sock. We should also not assume that a BIO passed to our
API is socket based.
This fixes the no-sock build
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11134)
Matt Caswell [Fri, 14 Feb 2020 22:49:26 +0000 (22:49 +0000)]
Introduce the provider property
Replace the properties default, fips and legacy with a single property
called "provider". So, for example, instead of writing "default=yes" to
get algorithms from the default provider you would instead write
"provider=default". We also have a new "fips" property to indicate that
an algorithm is compatible with FIPS mode. This applies to all the
algorithms in the FIPS provider, as well as any non-cryptographic
algorithms (currently only serializers).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11097)
Shane Lontis [Thu, 30 Jan 2020 21:53:04 +0000 (07:53 +1000)]
Add DRBG self tests
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11010)
Pauli [Tue, 18 Feb 2020 01:36:08 +0000 (11:36 +1000)]
pkey: additional EC related options
Add options to change the parameter encoding and point conversions for EC
public and private keys. These options are present in the deprecated 'ec'
utility.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11113)
Pauli [Mon, 17 Feb 2020 23:46:52 +0000 (09:46 +1000)]
pkey: update command line tool examples in light of deprecations.
Specifically, refer from the deprecated tools to the pkey equivalents.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11113)
Pauli [Mon, 10 Feb 2020 03:37:53 +0000 (13:37 +1000)]
apps: distinguish between a parameter error and an unknown parameter.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11049)
Pauli [Mon, 10 Feb 2020 03:32:36 +0000 (13:32 +1000)]
pmeth_lib: detect unsupported OSSL_PARAM.
When converting legacy controls to OSSL_PARAMs, return the unsupported -2
value correctly.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11049)
Pauli [Mon, 10 Feb 2020 03:29:49 +0000 (13:29 +1000)]
Params: add argument to the _from_text calls to indicate if the param exists.
The extra argument is a integer pointer and is optional.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11049)
Matt Caswell [Tue, 18 Feb 2020 16:08:30 +0000 (16:08 +0000)]
Add *.d.tmp files to .gitignore
These are temporary files generated by the build process that should not
be checked in.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11122)
Pauli [Mon, 3 Feb 2020 09:05:31 +0000 (19:05 +1000)]
Deprecate the low level Diffie-Hellman functions.
Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
Pauli [Sun, 16 Feb 2020 07:31:04 +0000 (17:31 +1000)]
DH: add CHANGES entry listing the deprecated DH functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
Pauli [Mon, 3 Feb 2020 06:03:12 +0000 (16:03 +1000)]
DH: fix header file indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
Pauli [Wed, 12 Feb 2020 05:03:51 +0000 (15:03 +1000)]
Deprecate the low level RSA functions.
Use of the low level RSA functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Pauli [Wed, 12 Feb 2020 05:49:16 +0000 (15:49 +1000)]
rsa: document deprecated RSA command line apps
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Pauli [Wed, 12 Feb 2020 05:23:01 +0000 (15:23 +1000)]
rsa: document deprecated low level functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Pauli [Wed, 12 Feb 2020 05:05:39 +0000 (15:05 +1000)]
NEWS: DH, DSA, ECDH, ECDSA and RSA public key function deprecation note
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Pauli [Wed, 12 Feb 2020 03:26:15 +0000 (13:26 +1000)]
rsa.h: fix preprocessor indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Dane (4cad@silvertoque) [Wed, 19 Feb 2020 02:38:12 +0000 (21:38 -0500)]
Remove unneeded switch statement to fix warning
https://github.com/openssl/openssl/issues/10958
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11125)
Simon Cornish [Fri, 14 Feb 2020 22:16:09 +0000 (14:16 -0800)]
Handle max_fragment_length overflow for DTLS
Allow for encryption overhead in early DTLS size check
and send overflow if validated record is too long
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11096)
Nicola Tuveri [Sun, 9 Feb 2020 11:56:27 +0000 (13:56 +0200)]
[PROV][EC] Update documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Tue, 21 Jan 2020 15:08:16 +0000 (17:08 +0200)]
[BN] harden `BN_copy()` against leaks from memory accesses
`BN_copy()` (and indirectly `BN_dup()`) do not propagate the
`BN_FLG_CONSTTIME` flag: the propagation has been turned on and off a
few times in the past years, because in some conditions it has shown
unintended consequences in some code paths.
Without turning the propagation on once more, we can still improve
`BN_copy()` by avoiding to leak `src->top` in case `src` is flagged with
`BN_FLG_CONSTTIME`.
In this case we can instead use `src->dmax` as the number of words
allocated for `dst` and for the `memcpy` operation.
Barring compiler or runtime optimizations, if the caller provides `src`
flagged as const time and preallocated to a public size, no leak should
happen due to the copy operation.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Tue, 21 Jan 2020 15:00:41 +0000 (17:00 +0200)]
[EC] harden EC_KEY against leaks from memory accesses
We should never leak the bit length of the secret scalar in the key,
so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM`
holding the secret scalar.
This is important also because `BN_dup()` (and `BN_copy()`) do not
propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and
this brings an extra risk of inadvertently losing the flag, even when
the called specifically set it.
The propagation has been turned on and off a few times in the past
years because in some conditions has shown unintended consequences in
some code paths, so at the moment we can't fix this in the BN layer.
In `EC_KEY_set_private_key()` we can work around the propagation by
manually setting the flag after `BN_dup()` as we know for sure that
inside the EC module the `BN_FLG_CONSTTIME` is always treated
correctly and should not generate unintended consequences.
Setting the `BN_FLG_CONSTTIME` flag alone is never enough, we also have
to preallocate the `BIGNUM` internal buffer to a fixed public size big
enough that operations performed during the processing never trigger
a realloc which would leak the size of the scalar through memory
accesses.
Fixed Length
------------
The order of the large prime subgroup of the curve is our choice for
a fixed public size, as that is generally the upper bound for
generating a private key in EC cryptosystems and should fit all valid
secret scalars.
For preallocating the `BIGNUM` storage we look at the number of "words"
required for the internal representation of the order, and we
preallocate 2 extra "words" in case any of the subsequent processing
might temporarily overflow the order length.
Future work
-----------
A separate commit addresses further hardening of `BN_copy()` (and
indirectly `BN_dup()`).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Tue, 21 Jan 2020 14:48:49 +0000 (16:48 +0200)]
[PROV][KEYMGMT][EC] Import/export of priv_key as padded const time BN
For EC keys it is particularly important to avoid leaking the bit length
of the secret scalar.
Key import/export should never leak the bit length of the secret
scalar in the key.
For this reason, on export we use padded BIGNUMs with fixed length,
using the new `ossl_param_bld_push_BN_pad()`.
When importing we also should make sure that, even if short lived,
the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as
soon as possible, so that any processing of this BIGNUM might opt for
constant time implementations in the backend.
Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
to preallocate the BIGNUM internal buffer to a fixed size big enough
that operations performed during the processing never trigger a
realloc which would leak the size of the scalar through memory
accesses.
Fixed length
------------
The order of the large prime subgroup of the curve is our choice for
a fixed public size, as that is generally the upper bound for
generating a private key in EC cryptosystems and should fit all valid
secret scalars.
For padding on export we just use the bit length of the order
converted to bytes (rounding up).
For preallocating the BIGNUM storage we look at the number of "words"
required for the internal representation of the order, and we
preallocate 2 extra "words" in case any of the subsequent processing
might temporarily overflow the order length.
Future work
-----------
To ensure the flag and fixed size preallocation persists upon
`EC_KEY_set_private_key()`, we need to further harden
`EC_KEY_set_private_key()` and `BN_copy()`.
This is done in separate commits.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Sat, 14 Dec 2019 22:20:53 +0000 (00:20 +0200)]
[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Sat, 25 Jan 2020 16:19:56 +0000 (18:19 +0200)]
[CMS] Test decryption of a ciphertext encrypted from 1.1.1
Current CMS en/decryption tests only validate that our current decyption
and encryption algorithms are compatible, but they say nothing about
correctness of the output for the given set of parameters.
As a partial fix in absence of proper KAT tests, we decrypt ciphertexts
generated with OpenSSL 1.1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Mon, 6 Jan 2020 23:19:13 +0000 (01:19 +0200)]
[EC] Constify internal EC_KEY pointer usage
A pair of internal functions related to EC_KEY handling could benefit
from declaring `EC_KEY *` variables as `const`, providing clarity for
callers and readers of the code, in addition to enlisting the compiler
in preventing some mistakes.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
Nicola Tuveri [Sat, 14 Dec 2019 22:29:34 +0000 (00:29 +0200)]
[PROV][KEYMGMT][DH][DSA] use BN_clear_free for secrets
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
H.J. Lu [Thu, 9 Jan 2020 14:20:09 +0000 (06:20 -0800)]
x86_64: Don't assume 8-byte pointer size
Since pointer in x32 is 4 bytes, add x86_64-support.pl to define
pointer_size and pointer_register based on flavour to support
stuctures like:
struct { void *ptr; int blocks; }
This fixes 90-test_sslapi.t on x32. Verified with
$ ./Configure shared linux-x86_64
$ make
$ make test
and
$ ./Configure shared linux-x32
$ make
$ make test
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10988)
Alex Boboc [Sun, 16 Feb 2020 20:07:41 +0000 (12:07 -0800)]
DOC:Fix typos in x509v3_config.pod
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11104)
Alex Boboc [Sun, 16 Feb 2020 20:04:12 +0000 (12:04 -0800)]
DOC:Fix typos in man5/config.pod
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11104)
Alex Boboc [Sun, 16 Feb 2020 19:56:11 +0000 (11:56 -0800)]
DOC:Fix typos in openssl-enc.pod.in + openssl.pod
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11104)
Alex Boboc [Sun, 16 Feb 2020 19:25:51 +0000 (11:25 -0800)]
DOC:Fix typos in ossl_cmp_print_log.pod
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11104)
Alex Boboc [Sun, 16 Feb 2020 00:55:30 +0000 (16:55 -0800)]
DOC:Fix typos in ossl_param_bld_init
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11104)
Pauli [Wed, 12 Feb 2020 00:10:44 +0000 (10:10 +1000)]
Deprecate EC command line apps.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11106)
Richard Levitte [Sat, 15 Feb 2020 06:18:57 +0000 (07:18 +0100)]
TEST: Optionally silence OpenSSL::Test::setup()
test/generate_ssl_tests.pl uses OpenSSL::Test to get to some of its
practical location functions. A recent note in the setup() code made
its result not quite match the original (we do check that), so there's
a need to silence setup(), which we do with a simple optional argument.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Fri, 14 Feb 2020 07:46:54 +0000 (08:46 +0100)]
TEST: Modify test/recipes/tconversion.pl to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Fri, 14 Feb 2020 07:43:28 +0000 (08:43 +0100)]
TEST: Modify test/recipes/80-test_ssl_old.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Fri, 14 Feb 2020 07:42:05 +0000 (08:42 +0100)]
TEST: Modify test/recipes/80-test_ssl_new.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Fri, 14 Feb 2020 07:37:32 +0000 (08:37 +0100)]
TEST: Modify test/recipes/80-test_ocsp.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Fri, 14 Feb 2020 07:34:40 +0000 (08:34 +0100)]
TEST: Modify test/recipes/80-test_cms.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Fri, 14 Feb 2020 06:16:25 +0000 (07:16 +0100)]
TEST: Modify test/recipes/80-test_ca.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Fri, 14 Feb 2020 06:01:15 +0000 (07:01 +0100)]
TEST: Modify test/recipes/20-test_pkeyutl.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Fri, 14 Feb 2020 05:56:04 +0000 (06:56 +0100)]
TEST: Modify test/recipes/20-test_enc_more.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Wed, 12 Feb 2020 23:28:47 +0000 (00:28 +0100)]
TEST: Modify test/recipes/25-test_x509.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Wed, 12 Feb 2020 23:28:31 +0000 (00:28 +0100)]
TEST: Modify test/recipes/25-test_req.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Wed, 12 Feb 2020 23:28:16 +0000 (00:28 +0100)]
TEST: Modify test/recipes/25-test_crl.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Wed, 12 Feb 2020 23:28:02 +0000 (00:28 +0100)]
TEST: Modify test/recipes/20-test_enc.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Wed, 12 Feb 2020 19:29:33 +0000 (20:29 +0100)]
TEST: Modify test/recipes/20-test_dgst.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Wed, 12 Feb 2020 19:29:20 +0000 (20:29 +0100)]
TEST: Modify test/recipes/15-test_rsapss.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Richard Levitte [Wed, 12 Feb 2020 19:29:04 +0000 (20:29 +0100)]
TEST: Modify test/recipes/15-test_mp_rsa.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)