Commit Graph

26926 Commits

Author SHA1 Message Date
Richard Levitte
96b924105f Revert "TEST: separate out NIST ECC tests from non-NIST"
This file split turned out to be a mistake as soon as the fetching
error reporting got properly sorted.

This reverts commit e6ed04a9dc.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
4feda976de EVP: Don't report malloc failure in new_raw_key_int()
On failure by EVP_PKEY_CTX_new_from_name(), this function reported
ERR_R_MALLOC_FAILURE.  However, that's not necessarily true, as it can
fail because the algorithm isn't present.

Either way, EVP_PKEY_CTX_new_from_name() records more accurate errors
on its own, and one of them - EVP_R_FETCH_FAILED - is significant for
test/evp_test.c.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error
key_unsupported() looked at the first error in the queue to see if a
key algorithm is supported or not.  However, there are situations
where the errors it looks for is preceded by others.  It's much safer
to look at the last recorded error.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
c2150f7357 STORE: Stop the flood of errors
The old 'file:' loader was recently changed to stop the flood of
repeated nested ASN.1 errors when trying to decode a DER blob in
diverse ways.

That is now reproduced in ossl_store_handle_load_result()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
67b6401356 CORE: Fix small bug in passphrase caching
Passphrase caching didn't allocate memory when it got to cache an
empty string, leading to a crash.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
7a30681095 STORE: Fix potential memory leak
When closing an OSSL_STORE_CTX, also clear the passphrase data.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
a10847c427 "Downgrade" provider-native keys to legacy where needed
Some sub-systems and openssl sub-commands do not yet deal cleanly with
purely provider-native EVP_PKEYs.  We compensate that by "downgrading"
keys in select places, or ensure that the 'file:' scheme ENGINE loader
is activated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
b527564884 EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8()
EVP_PKEY2PKCS8() relies on the presence of an EVP_PKEY_ASN1_METHOD,
which requires "downgrading" the EVP_PKEY to have a legacy internal
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
7620d89c3f TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders
We want to perform the same tests with a provider implementation, and
also make sure that an ENGINE implementation works as advertised.

OSSL_STORE_open() / OSSL_STORE_open_wirh_libctx() work in such a way
that they look for internal / engine implementations first, and only
failing that, they will try to fetch a provider implementation.  This
ensures that when we do specify an engine, it gets exceptional priority.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
a1447076be STORE: Deprecate legacy / ENGINE functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
63f187cfed STORE: Add a built-in 'file:' storemgmt implementation (loader)
This replaces the older 'file:' loader that is now an engine.

It's still possible to use the older 'file:' loader by explicitly
using the engine, and tests will remain for it as long as ENGINEs are
still supported (even through deprecated).

To support this storemgmt implementation, a few internal OSSL_DECODER
modifications are needed:

-   An internal function that implements most of
    OSSL_DECODER_CTX_new_by_EVP_PKEY(), but operates on an already
    existing OSSL_DECODER_CTX instead of allocating a new one.
-   Allow direct creation of a OSSL_DECODER from an OSSL_ALGORITHM.
    It isn't attached to any provider, and is only used internally, to
    simply catch any DER encoded object to be passed back to the
    object callback with no further checking.  This implementation
    becomes the last resort decoder, when all "normal"
    decodation attempts (i.e. those that are supposed to result
    in an OpenSSL object of some sort) have failed.

Because file_store_attach() uses BIO_tell(), we must also support
BIO_ctrl() as a libcrypto upcall.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
16feca7154 STORE: Move the built-in 'file:' loader to become an engine module
From this point on, this engine must be specifically specified.

To replace the internal EMBEDDED hack with something unique for the
new module, functions to create application specific OSSL_STORE_INFO
types were added.

Furthermore, the following function had to be exported:

ossl_do_blob_header()
ossl_do_PVK_header()
asn1_d2i_read_bio()

Finally, evp_pkcs82pkey_int() has become public under a new name,
EVP_PKCS82PKEY_with_libctx()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Richard Levitte
bd7a6f16eb OSSL_ENCODER / OSSL_DECODER post-rename cleanup
There are a few remaining spots where 'deser' wasn't changed to 'decoder'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:31 +02:00
Richard Levitte
a955676141 ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:31 +02:00
Matt Caswell
0bc193dd05 Ensure EVP_MAC_update() passes the length even if it is 0
We leave it up to the EVP_MAC implemenations what to do with an update
where the data length is 0. In the TLS HMAC implemenation this is still
signficant.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
Matt Caswell
13c9843cff Convert ssl3_cbc_digest_record() to use EVP_MD_is_a()
Previously it used EVP_MD_type(), which doesn't work when called inside
the FIPs module.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
Matt Caswell
820d87bc98 Update the EVP_PKEY MAC documentation
Include more information about the new HMAC parameter. Also fill in some
missing documentation about the EVP_PKEY MAC bridge.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
Matt Caswell
f271389305 Enable PKEY MAC bridge signature algs to take ctx params
The underlying MAC implementations may take ctx params. Therefore we allow
the bridge to pass these through.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
Matt Caswell
e08f86ddb1 Make ssl3_cbc_digest_record() use the real data_size
Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
Matt Caswell
2e2084dac3 Start using the provider side TLS HMAC implementation
This commit just moves the TLS1 and above implementation to use the TLS
HMAC implementation in the providers.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
Matt Caswell
3fddbb264e Add an HMAC implementation that is TLS aware
The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable
amount of padding.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
Jon Spillett
b48ca22a56 Avoid AIX compiler issue by making the macro argument names not match any substring
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12767)
2020-09-03 16:40:39 +10:00
Daniel Bevenius
6f04bcc7e3 Fix typo in FIPS_MODULE endif macro comment
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12755)
2020-09-03 10:54:00 +10:00
Todd Short
1010e4ac97 Fix post-condition in algorithm_do_this
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12760)
2020-09-02 15:21:11 -07:00
Todd Short
2b748d722b Fix use of OPENSSL_realloc in provider
Fix OPENSSL_realloc failure case; `provider->operation_bits` memory
is lost when `OPENSSL_realloc()` returns NULL.

`operation_bits_sz` is never set to the length of the allocated array.
This means that operation_bits is always reallocated in
`ossl_provider_set_operation_bit()`, possibly shrinking the array.
In addition, it means that the `memset()` always zeros out the
whole reallocated array, not just the new part. Also, because
`operation_bits_sz` is always zero, the value of `*result` in
`ossl_provider_test_operation_bit()` will always be zero.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12760)
2020-09-02 15:21:11 -07:00
Dr. David von Oheimb
2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751)
2020-09-02 14:00:10 +02:00
Jon Spillett
ef0f01c0af Avoid uninitialised variable warning for jobs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12762)
2020-09-02 09:05:31 +03:00
Dr. David von Oheimb
1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
  in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
  OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)
2020-09-01 18:53:41 +02:00
Felix Monninger
807b0a1dbb also zero pad DHE public key in ClientKeyExchange message for interop
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12331)
2020-09-01 14:27:05 +02:00
John Baldwin
72c1e37421 Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data.
While here, check for failure from RAND_bytes_ex as well.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
Vadim Fedorenko
ab114c6dde Fix two issues with AES-CCM KTLS tests.
- Apply the cipher list to the server context as well as the client
  context.  The tests still worked for AES-GCM cipher suites as those
  are in the default list of ciphers.  AES-CCM cipher suites are not
  in the default list and require the cipher list to be set.

- Use the correct cipher name for AES-CCM.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
18efb63016 Skip tests using KTLS RX for TLS 1.3.
KTLS RX is not yet supported for TLS 1.3.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
cd03b5dc42 Skip tests using KTLS RX if KTLS RX is not supported.
This skips tests using KTLS RX when run on systems that only support
KTLS TX.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
eb818d23c2 Refactor the KTLS tests to minimize code duplication.
Use the low 4 bits of the test number directly as flags for which of
the connection sides should use KTLS or not for each test instead of
having 16 nearly identical functions to do the same thing.

This makes it easier to skip tests that aren't supported (e.g. KTLS RX
on TLS 1.3).

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c.
These functions are a bit large to inline and are not usable outside
of libssl.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
b22a3ccc07 Support for KTLS TX on FreeBSD for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
3c1641e8e8 Don't check errno if ktls_read_record() returned 0.
errno is only valid if ktls_read_record() fails with a negative return
value.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
0a90a90c46 Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.
Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled
by passing a session key to the kernel via a new socket option.  Once
KTLS receive is enabled on a socket, the socket returns records via
recvmsg().  A control message attached to each record supplies the
original TLS header, and the decrypted plaintext is returned in the
data buffer passed to recvmsg().

To support the case that the userland buffer may already contain
pending encrypted records (which is already handled by Linux's KTLS
receive), the socket option structure for FreeBSD has been extended to
include the initial sequence number.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
3e5826061b Add helper functions for FreeBSD KTLS.
These are similar to the helpers added in 95badfeb60.  I've adjusted
the arguments passed to ktls_check_supported_cipher and
ktls_configure_crypto so that FreeBSD and Linux can both use the same
signature to avoid OS-specific #ifdef's in libssl.  This also required
moving the check on valid TLS versions into
ktls_check_supported_cipher for Linux.  This has largely removed
OS-specific code and OS-specific #ifdef's for KTLS outside of
<internal/ktls.h>.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
John Baldwin
c34ca13a60 Add a ktls_crypto_info_t typedef.
This type is defined to hold the OS-specific structure passed to
BIO_set_ktls.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
Jon Spillett
23e77b0ba3 Update test data for DSA public key text
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12688)
2020-08-31 14:49:16 +10:00
Jon Spillett
e2e46dfa8c Add the correct enum value for DSA public key serialization
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12688)
2020-08-31 14:49:16 +10:00
Shane Lontis
458cb85d19 Fix ECX serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
2020-08-30 16:17:17 +10:00
Shane Lontis
d9cdfda24f Fix RSA serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
2020-08-30 16:17:17 +10:00
Shane Lontis
81fca0e7c1 Fix DSA serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
2020-08-30 16:17:17 +10:00
Shane Lontis
3fab56631f Fix DH serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698)
2020-08-30 16:17:17 +10:00
Dmitry Belyavskiy
835b290016 Fix PKCS#7 so that it still works with non fetchable cipher algorithms.
Fixes #12697

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12740)
2020-08-29 19:36:36 +03:00
Dmitry Belyavskiy
bd1bbbfe51 Fix PKCS#7 so that it still works with non fetchable digest algorithms.
Fixes #12684
Partially fixes #12697

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12740)
2020-08-29 19:36:27 +03:00
Matt Caswell
8e32ea633f Check whether we have MD5-SHA1 and whether we need it
If we don't have MD5-SHA1 then we must be use (D)TLSv1.2 or above. We
check that this is consistent with the way we've been configured. We also
ensure that we never attempt to negotiate <(D)TLSv1.2 if MD5-SHA1 is not
available.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12733)
2020-08-29 17:56:37 +10:00
Matt Caswell
7cd1420b3e Improve some error messages if a digest is not available
If a digest is not available we just get an "internal error" error
message - which isn't very helpful for diagnosing problems. Instead we
explicitly state that we couldn't find a suitable digest.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12733)
2020-08-29 17:56:20 +10:00