Commit Graph

27130 Commits

Author SHA1 Message Date
Matt Caswell
28833f1465 Update the EdDSA docs with information about Algorithm Identifiers
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)
2020-09-18 15:26:28 +01:00
Matt Caswell
4c6348c23a Make sure we properly test for EdDSA with alg ids
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)
2020-09-18 15:26:28 +01:00
Matt Caswell
d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers
The other signature algorithms know how to create their own
AlgorithmIdentifiers, but the EdDSA algorithms missed this.

Fixes #11875

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)
2020-09-18 15:26:28 +01:00
Shane Lontis
991a6bb581 Add option to fipsinstall to disable fips security checks at run time.
Changes merged from a patch by @richsalz.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:50 +01:00
Shane Lontis
7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:39 +01:00
Shane Lontis
850a485f25 fix provider exchange operations
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:39 +01:00
Shane Lontis
49ed5ba8f6 fix provider signatures
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:39 +01:00
Shane Lontis
16fbda848d Separate fips and non fips code for key operations
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Shane Lontis
a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Shane Lontis
f85a9d26be Add error message to genpkey app for the '-genparam' option
The ordering of this option is important so inform the user if they do it incorrectly.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Shane Lontis
341c3e7f28 Add fips checks for ecdh key agreement
For key agreement only NIST curves that have a security strength of 112 bits or more are allowed.
Fixed tests so they obey these restrictions when testing in fips mode.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Shane Lontis
8d17cca5b8 Add fips checks for rsa encryption
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Shane Lontis
b8237707d4 Add fips checks for dh key agreement
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Shane Lontis
0645110ebd Add fips checks for ecdsa signatures
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Shane Lontis
e43b448241 Add fips checks for dsa signatures
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Shane Lontis
3f699197ac Add fips checks for rsa signatures.
In fips mode SHA1 should not be allowed for signing, but may be present for verifying.
Add keysize check.
Add missing 'ossl_unused' to gettable and settable methods.
Update fips related tests that have these restrictions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:37 +01:00
Matt Caswell
282de1cc2d Fix some doc-nits and make update errors
The new lhash changes have confused some of the perl scripts so we add
some fixes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)
2020-09-18 13:30:44 +01:00
Matt Caswell
028b31b32d Remove some unneeded code from lhash.h
lhash.h had some workaround code for the issue where static inline
functions contained references to libcrypto symbols in public header
files. Since this issue no longer exists this workaround code can be
removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)
2020-09-18 13:30:44 +01:00
Matt Caswell
efffd8a6e4 Update err.h to use the new lhash generation code
Generate the lhash macros for the ERR_STRING_DATA type

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)
2020-09-18 13:30:44 +01:00
Matt Caswell
2ca697ce00 Update conf.h.in to use the new lhash generation code
Generate the lhash macros for the CONF_VALUE type

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)
2020-09-18 13:30:44 +01:00
Matt Caswell
726b329339 Provide basis for fixing lhash code
Following on from the earlier safestack work we provide the basis for
fixing the lhash code such that unused static inline functions do not
cause linker errors for applications including those headers.

This brings the lhash code into line with the safestack code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12860)
2020-09-18 13:30:44 +01:00
Alexander Borkowski
ecf15b16ee s_client.pod: Fix grammar in NOTES section.
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9421)
2020-09-18 10:31:48 +10:00
Shane Lontis
7f9e744036 Add selftest callback to CRNG output test
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12795)
2020-09-18 06:20:33 +10:00
Shane Lontis
4b51903d86 Fix AES_XTS on x86-64 platforms with BSAES and VPAES support.
Fixes #11622
Fixes #12378

Due to a missing else it was setting up the stream for BSAES and then using this incorrect stream with VPAES.
The correct behaviour is not to use VPAES at all in this case.
Also note that the original code in e_aes could set up VPAES and then would overwrite it with the generic implementation.
On a machine that supported both BSAES and VPAES the code was changed locally to force it to run both cases to verify
both paths produce the correct known answers.

Debugged using mageia 7.1, but is also highly likely to fix FreeBSD also.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12887)
2020-09-18 06:15:50 +10:00
Dmitry Belyavskiy
f80d0d2fd6 HMAC should work with non-provided digests
Fixes #12839

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12874)
2020-09-17 20:16:31 +03:00
Tomas Mraz
67ecd65cc4 Rename check_chain_extensions to check_chain
The function does much more than just checking extensions.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)
2020-09-17 17:15:15 +02:00
Tomas Mraz
cccf532fef Disallow certs with explicit curve in verification chain
The check is applied only with X509_V_FLAG_X509_STRICT.

Fixes #12139

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)
2020-09-17 17:15:15 +02:00
Tomas Mraz
fe2f8aecfe EC_KEY: add EC_KEY_decoded_from_explicit_params()
The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)
2020-09-17 17:15:15 +02:00
Dr. David von Oheimb
bde4aa8dc1 Fix Coverity CID 1466708 - correct pointer calculation in one case
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12894)
2020-09-17 15:29:46 +02:00
Xiaofei Bai
ebcae87f6b FIX strncpy warning in apps/cmp.c.
bugfix: #12872

strncpy here has compiling warning of -Wstringop-truncation, change
into BIO_snprintf as before.

Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12889)
2020-09-17 14:19:09 +02:00
Jon Spillett
1cae59d14b Make KDFs fail if requesting a zero-length key.
Also add more test cases

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12826)
2020-09-17 18:30:40 +10:00
Jon Spillett
0010870536 Allow zero-length secret for EVP_KDF API
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12826)
2020-09-17 18:27:28 +10:00
Daniel Bevenius
ec4c86d9ec Fix typo in bind_loader_attic comment
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12890)
2020-09-17 11:22:33 +03:00
Matt Caswell
3f96b687f7 Document 2 newly added functions
Adds documentation for EVP_PKEY_get0_first_alg_name() and
EVP_KEYMGMT_get0_first_name().

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
2020-09-17 11:13:05 +03:00
Matt Caswell
7fc6168b6f Test HMAC output from the dgst CLI
We run two HMAC operations on the same file and confirm that both provide
us with the expected values.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
2020-09-17 11:12:08 +03:00
Matt Caswell
d8025f4ac0 Correctly display the signing/hmac algorithm in the dgst app
In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:

HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1

Prior to this change master would instead display this like so:

SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1

The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get
the algorithm name from the EVP_PKEY. This doesn't work with provider
based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name()
function, and an equivalent EVP_KEYMGMT_get0_first_name() function.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
2020-09-17 11:12:08 +03:00
Matt Caswell
b0002eb09a Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate
Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx previously
initialised with EVP_DigestSignInit() would retain information about the
key, and re-initialise for another sign operation. To emulate that we
redirect calls to EVP_DigestInit() to EVP_DigestSignInit_ex() if
appropriate.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
2020-09-17 11:12:08 +03:00
Matt Caswell
b8e5622809 Don't send -1 as the length of the hmac key
The dgst app was using an undocumented behaviour in the
EVP_PKEY_new_raw_private_key() function when setting a key length for
a MAC. The old EVP_PKEY to MAC bridge, probably by accident, converts a
-1 length to a strlen() call, by virtue of the fact that it eventually
calls ASN1_STRING_set() which has this feature.

As noted above this is undocumented, and unexpected since the len
parameter to EVP_PKEY_new_raw_private_key() is an unsigned value (size_t).
In the old bridge it was later (silently) cast to an int, and therefore
the original -1 value was restored. This only works because sizeof(int) <=
sizeof(size_t). If we ever run on a platform where sizeof(int) >
sizeof(size_t) then it would have failed. The behaviour also doesn't hold
for EVP_PKEY_new_raw_private_key() in general - only when the old MAC
bridge was in use.

Rather than restore the original behaviour I think it is best to simply
fix the dgst app to not assume it exists. We should not bake in this
backwards and inconsistent behaviour.

Fixes #12837

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
2020-09-17 11:12:08 +03:00
jwalch
067a3057c3 Annotate potential -Wunused-function violations in err.h
Fixes #12792

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12851)
2020-09-17 18:05:41 +10:00
jwalch
4bb73d5409 Add a NULL check to EVP_PKEY_assign
Fixes  #12619

Update p_lib.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12863)
2020-09-17 09:36:52 +02:00
Shane Lontis
8230710f04 Update AES GCM IV max length to be 1024 bits (was 512)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12875)
2020-09-17 12:55:39 +10:00
Tim Hudson
eb750219f2 undeprecate EVP_PKEY_cmp and EVP_PKEY_cmp_parameters
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12013)
2020-09-16 21:38:45 +02:00
Richard Levitte
5d94202884 Configurations/unix-Makefile.tmpl: Don't specify headers twice
When building in the source tree, a rebuilt Makefile detected both
include/openssl/foo.h.in and include/openssl/foo.h, so promptly added
include/openssl/foo.h twice to the list of headers to parse in 'make
update'

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12882)
2020-09-16 18:07:24 +02:00
Richard Levitte
fc661b50df OpenSSL::ParseC: recognise inline function bodies
Function bodies in headers weren't a thing when OpenSSL::ParseC was
created, at least not as clearly as they are nowadays.  This module
must evolve to recognise them (and promptly ignore them).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12882)
2020-09-16 18:07:24 +02:00
Shane Lontis
4343a4187d Add self tests for rsa encryption
SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption
using the RSA primitive (i.e. no padding). This is specified in FIPS140-2 IG D.9

A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt()
are now in the fips module.

Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops().

Added corruption test

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12835)
2020-09-16 14:10:23 +10:00
Pauli
a268ed3acf free memory use on error in cert verify
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
2020-09-16 07:22:43 +10:00
Pauli
871881856f generate_cookie_callback: free temporary memory on an error path
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
2020-09-16 07:22:43 +10:00
Pauli
30f3b4e1c1 PKCS5 PBE: free allocations on unlikely / impossible failure path
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
2020-09-16 07:22:43 +10:00
Pauli
e2d66c0d00 PKCS#8: free data on error path in newpass_bag
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
2020-09-16 07:22:43 +10:00
Pauli
48ff651ecc DTLS: free allocated memory on error paths
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
2020-09-16 07:22:43 +10:00