Commit Graph

2895 Commits

Author SHA1 Message Date
Daniel Bevenius
6ef2f71ac7 Clarify where dispatch functions/ids are defined
When reading the comment for ossl_dispatch_st it seems to indicate that
the function_id numbers are defined further down in the same file. But I
was not able to find them there, but instead in core_dispatch.h.

This commit suggests updating the comment to point to core_dispatch.h

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15156)
2021-05-06 23:00:23 +10:00
Matt Caswell
aff636a489 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15181)
2021-05-06 13:03:23 +01:00
Tomas Mraz
d382e79632 Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.

The input type format is enforced only in case the file
type file store is used.

By default we use FORMAT_UNDEF meaning the input type
is not enforced.

Fixes #14569

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
2021-05-06 11:43:32 +01:00
Rich Salz
08a337fac6 Remove all trace of FIPS_mode functions
Removed error codes, and the mention of the functions.
This removal is already documented in the CHANGES doc.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15140)
2021-05-06 09:54:37 +10:00
Dr. David von Oheimb
a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
This is done by making use of OCSP_REQ_CTX_nbio_d2i().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15131)
2021-05-05 20:50:15 +02:00
Benjamin Kaduk
72d2670bd2 Enforce secure renegotiation support by default
Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in
SSL_CTX_new(), to allow connections to legacy servers that did not
implement RFC 5746.

It has been more than a decade since RFC 5746 was published, so
there has been plenty of time for implmentation support to roll out.

Change the default behavior to be to require peers to support
secure renegotiation.  Existing applications that already cleared
SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as
re-clearing the flag is just a little bit of redundant work.
The old behavior is still available by explicitly setting the flag
in the application.

Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for
similar reasons.

Document the behavior change in CHANGES.md, and update the
SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change
in default behavior.

Fixes: 14848

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)
2021-05-05 08:13:51 -07:00
Pauli
b039c87a4c mac: add EVP_MAC_finalXOF() function
Fixes #14140
Fixes #13232

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
2021-05-05 22:12:20 +10:00
Rich Salz
f7050588bc Add .includedir pragma
Also add a negative test, and fix typo's.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
2021-05-05 13:11:35 +02:00
Rich Salz
3fb985fd04 Allow absolute paths to be set
It was a mistake to allow relative paths for include files (just
like root shouldn't have "." in its PATH), but we probably can't
change it now. Add a new pragma "abspath" that someone can put
in the system-wide config file to require absolute paths.

Also update the config documentation to better explain how file
inclusion works.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
2021-05-05 13:11:17 +02:00
Shane Lontis
2b05439f84 Fix KMAC bounds checks.
Setting an output length higher than 8191 was causing a buffer overflow.
This was reported by Acumen (FIPS lab).

The max output size has increased to ~2M and it now checks this during set_parameters.

The encoder related functions now pass in the maximum size of the output buffer so they
can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in
order to calculate and check the length before encoding.

Note that right_encode() is currently only used in one place but this
may change if other algorithms are supported (such as TupleHash).

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15106)
2021-05-05 17:39:27 +10:00
Tomas Mraz
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
The maximum (theoretical) block size of SHA3 is 200 bytes.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15125)
2021-05-05 09:30:29 +10:00
Dr. David von Oheimb
7031f5821c OCSP: Minor improvements of documentation and header file
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15103)
2021-05-04 18:14:24 +02:00
Matt Caswell
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an
internal only concept for our own providers. Since this is likely to be
generally useful, we make it a part of the public API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15072)
2021-05-04 12:00:21 +01:00
Dmitry Belyavskiy
c0f4400c40 Use OCSP-specific error code for clarity
Fixes #12735

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/xxxxx)
2021-05-01 13:09:15 +02:00
Jon Spillett
b536880c45 Add library context and property query support into the PKCS12 API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14434)
2021-04-30 09:15:50 +10:00
Matt Caswell
460d2fbcd7 Store the list of activated providers in the libctx
The provider config module was storing the list of activated providers
in a global variable. However, because different libctxs can each load
providers via config files we need to keep the list of activated providers
separate and in the libctx.

Partially fixes #15030

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15033)
2021-04-28 16:04:25 +01:00
Dr. David von Oheimb
4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms
Also constify and slightly refactor them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
2021-04-28 14:10:47 +02:00
Dr. David von Oheimb
176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts
Also constify and slightly refactor them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
2021-04-28 14:10:47 +02:00
Dr. David von Oheimb
1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
2021-04-28 14:10:45 +02:00
David Benjamin
cdf63a3736 Add X509 version constants.
The X509 version APIs return the numerical values of the version
numbers, which are one off from the names. This is a bit confusing.
Where they don't get it wrong (accidentally making an "X509v4"
certificate), callers tend to try commenting every call site to explain
the mismatch, including in OpenSSL itself.

Define constants for these values, so code can be self-documenting and
callers are nudged towards the right values.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14549)
2021-04-28 11:40:06 +02:00
Tomas Mraz
5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer()
It is possible for the stack of X509_OBJECTs held in an X509_STORE_CTX to
have a custom compare function associated with it. Normally (by default)
this uses X509_NAME_cmp(). The X509_STORE_CTX_get1_issuer() function
assumed that it would always be X509_NAME_cmp().

By implementing OPENSSL_sk_find_all() function we can avoid explicitly
using X509_NAME_cmp() in X509_STORE_CTX_get1_issuer().

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14728)
2021-04-28 11:19:34 +02:00
Shane Lontis
c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq()
already exist.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14997)
2021-04-27 09:45:53 +10:00
Shane Lontis
f1ffaaeece Fixes related to separation of DH and DHX types
Fix dh_rfc5114 option in genpkey.

Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444

Updated documentation for app to indicate what options are available for
DH and DHX keys.

DH and DHX now have different keymanager gen_set_params() methods.

Added CHANGES entry to indicate the breaking change.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14883)
2021-04-26 19:52:11 +02:00
Tomas Mraz
6c9bc258d2 Add type_name member to provided methods and use it
Fixes #14701

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14898)
2021-04-26 12:05:05 +02:00
Rich Salz
078fa35c7b Remove an unused parameter
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14943)
2021-04-22 18:11:18 +02:00
Niclas Rosenvik
1f3b58d841 Some compilers define __STDC_VERSION__ in c++
Some compilers(g++ on Solaris/Illumos) define __STDC__VERSION__ in c++ .
This causes c++ code that uses openssl to break on these compilers since
_Noreturn is not a keyword in c++ .

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14944)
2021-04-22 17:52:06 +02:00
Todd Short
309c6fbace Add RUN_ONCE support to zlib init
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14940)
2021-04-22 17:41:55 +02:00
MichaM
af9fb19a47 Fix typos
CLA: trivial

Signed-off-by: MichaM <contact-micha+github@posteo.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14879)
2021-04-22 11:16:35 +10:00
Nicola Tuveri
16df436df2 Add missing argname for keymgmt_gettable_params and keymgmt_settable_params prototypes
For some reason `keymgmt_gettable_params` and `keymgmt_settable_params`
seem to be the only prototypes in `core_dispatch.h` without named
arguments.

This is annoying if `core_dispatch.h` is being parsed to extract
information and also for developers who would like the header to be
self-contained, without having to refer to the documentation every time
to check what is supposed to be passed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14950)
2021-04-22 11:08:36 +10:00
Richard Levitte
f99659535d ENCODER & DECODER: Allow decoder implementations to specify "carry on"
So far, decoder implementations would return true (1) for a successful
decode all the way, including what the callback it called returned,
and false (0) in all other cases.

This construction didn't allow to stop to decoding process on fatal
errors, nor to choose what to report in the provider code.

This is now changed so that decoders implementations are made to
return false only on errors that should stop the decoding process from
carrying on with other implementations, and return true for all other
cases, even if that didn't result in a constructed object (EVP_PKEY
for example), essentially making it OK to return "empty handed".

The success of the decoding process is now all about successfully
constructing the final object, rather than about the return value of
the decoding chain.  If no construction is attempted, the central
decoding processing code concludes that whatever the input consisted
of, it's not supported by the available decoder implementations.

Fixes #14423

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)
2021-04-21 10:53:03 +02:00
Dr. David von Oheimb
1c0eede982 Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14128)
2021-04-20 10:47:24 +02:00
Matt Caswell
978e323a4d Add the function OSSL_LIB_CTX_get0_global_default()
An API function for obtaining the global default lib ctx.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14890)
2021-04-19 10:52:18 +01:00
Tomas Mraz
b247113c05 Detect low-level engine and app method based keys
The low-level engine and app method based keys have to be treated
as foreign and must be used with old legacy pmeths.

Fixes #14632

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14859)
2021-04-19 11:36:16 +02:00
Rich Salz
f6c95e46c0 Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new.  Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field.  The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects

Deprecate EVP_MD_CTX_md().  Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md().  Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().

Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.

Also change some flags tests to explicit test == or != zero. E.g.,
        if (flags & x) --> if ((flags & x) != 0)
        if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-04-18 10:03:07 +02:00
Pauli
e494fac705 Fix naming for EVP_RAND_CTX_gettable functions.
Change:

    EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params
    EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settable_params

Which brings them in line with the other similar functions for other algorithm
types.

Fixes #14880

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14893)
2021-04-17 18:22:13 +10:00
Shane Lontis
a732a4c329 Add EVP_PKEY_todata() and EVP_PKEY_export() functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14800)
2021-04-15 18:42:04 +02:00
Tomas Mraz
ddf0d149e2 Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name
We use type elsewhere and documenting the 'first' in the
name of the call is a little bit superfluous making the
name too mouthful.

Also rename EVP_PKEY_typenames_do_all to
EVP_PKEY_type_names_do_all to keep the words separated by
underscore.

Fixes #14701

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14868)
2021-04-15 17:38:19 +02:00
Tomas Mraz
85fcc3fb77 Remove keymgmt_copy function from the provider API
It is superceded by the keymgmt_dup.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
2021-04-15 09:19:39 +02:00
Tomas Mraz
b4f447c038 Add selection support to the provider keymgmt_dup function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
2021-04-15 09:19:39 +02:00
Tomas Mraz
4a9fe33c8e Implement provider-side keymgmt_dup function
To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.

Use it when copying everything to an empty EVP_PKEY
which is the case with EVP_PKEY_dup().

Fixes #14658

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
2021-04-15 09:19:39 +02:00
Shane Lontis
46eee7104d Add domain parameter match check for DH and ECDH key exchange.
Fixes #14808

Validation checks were moved into EVP_PKEY_derive_set_peer() which broke
an external negative test. Originally the old code was semi working by checking the peers public key was in the range of other parties p. It was not actually ever
checking that the domain parameters were consistent between the 2
parties. It now checks the parameters match as well as validating the
peers public key.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14823)
2021-04-14 16:01:13 +10:00
Shane Lontis
3fed27181a Add FIPS Self test for AES_ECB decrypt
Fixes #14807

Compliance with IG 9.4 requires that an inverse cipher function be
tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this
requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse
function during decryption mode).

Added a mode to the cipher test so that the AES_GCM only does an encrypt
and AES_ECB only does a decrypt. TDES still does both.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14825)
2021-04-13 13:06:37 +10:00
Matt Caswell
28fd895305 Remove the function EVP_PKEY_set_alias_type
OTC recently voted that EVP_PKEY types will be immutable in 3.0. This
means that EVP_PKEY_set_alias_type can no longer work and should be
removed entirely (applications will need to be rewritten not to use it).

It was primarily used for SM2 which no longer needs this call.
Applications should generate SM2 keys directly (without going via an EC
key first), or otherwise when loading keys they should automatically be
detected as SM2 keys.

Fixes #14379

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14803)
2021-04-12 11:47:24 +01:00
Matt Caswell
a3a54179b6 Only enable KTLS if it is explicitly configured
It has always been the case that KTLS is not compiled by default. However
if it is compiled then it was automatically used unless specifically
configured not to. This is problematic because it avoids any crypto
implementations from providers. A user who configures all crypto to use
the FIPS provider may unexpectedly find that TLS related crypto is actually
being performed outside of the FIPS boundary.

Instead we change KTLS so that it is disabled by default.

We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather
than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and
SSL_MODE_NO_KTLS_TX).

Fixes #13794

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14799)
2021-04-12 11:32:05 +01:00
Shane Lontis
3f883c7c83 Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14785)
2021-04-12 16:55:30 +10:00
Shane Lontis
884314cab7 Add OSSL_PARAM_dup() and OSSL_PARAM_merge().
These functions are prerequisites for implementing EVP_PKEY_todata().

OSSL_PARAM_dup() is required to make a deep copy of the exported
params (since the provider export() uses a OSSL_PARAM_BLD which throws away the
data after the call), and then use OSSL_PARAM_merge() to add some additional params
that can be passed to the EVP_PKEY_todata().

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14785)
2021-04-12 16:55:29 +10:00
Pauli
e3c2a55d47 Add additional KMAC error
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14810)
2021-04-12 14:59:09 +10:00
Tomas Mraz
bd6e7fb7a7 Small fixes and cleanups of provider API documentation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14756)
2021-04-09 10:32:00 +02:00
Matt Caswell
3c2bdd7df9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)
2021-04-08 13:04:41 +01:00
Amitay Isaacs
ceaa6b319e Add a constant time zero check function for 64-bit integers
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
2021-04-08 12:18:10 +01:00