Commit Graph

27999 Commits

Author SHA1 Message Date
Tomas Mraz
a2a5506b93 rsa_kmgmt: Return OSSL_PKEY_PARAM_DEFAULT_DIGEST for unrestricted PSS keys
Add a testcase to the test_req covering the issue.

Fixes #13957

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13967)
2021-01-29 10:47:02 +01:00
Daniel Bevenius
e947a0642d EVP: fix keygen for EVP_PKEY_RSA_PSS
This commit attempts to fix the an issue when generating a key of type
EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will
return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds
EVP_PKEY_RSA_PSS to also be accepted.

The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a
function and it is now called in legacy_ctrl_to_param.

Fixes #12384

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13099)
2021-01-28 16:25:16 +01:00
Juergen Christ
d744934b75 Remove superfluous EVP_KDF_CTRL_ defines.
These defines were never used and not needed.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
2021-01-28 16:05:50 +01:00
Juergen Christ
270a5ce1d9 Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters.  This caused endianness problems on big-endian machines.  As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer.  While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86).  Change the
parameter to char array and fix the usages.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
2021-01-28 16:05:50 +01:00
Juergen Christ
732a4d15b0 Fix cipher reinit on s390x if no key is specified
If key==null on EVP_CipherInit_ex, the init functions for the hardware
implementation is not called.  The s390x implementation of OFB and CFB mode
used the init function to copy the IV into the hardware causing test failures
on cipher reinit.  Fix this by moving the copy operation into the cipher
operation.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13984)
2021-01-28 15:23:25 +01:00
Dr. David von Oheimb
199df4a93f check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS
This is an upstream fix for #13931

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)
2021-01-28 15:05:04 +01:00
Dr. David von Oheimb
03f5c8930c Fix rsa_pss_asn1_meth to refert to rsa_sig_info_set
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)
2021-01-28 15:05:04 +01:00
Dr. David von Oheimb
26a44ad04b obj_xref: rsassaPss must map to 'undef rsassaPss' (not 'undef rsaEncryption')
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)
2021-01-28 15:05:04 +01:00
Richard Levitte
302e63cbe5 Prepare for 3.0 alpha 12
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-01-28 14:08:31 +01:00
Richard Levitte
31a89254d8 Prepare for release of 3.0 alpha 11
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-01-28 14:07:51 +01:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Richard Levitte
92bc61e467 Update NEWS.md before alpha11 release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13996)
2021-01-28 11:03:12 +01:00
Richard Levitte
5ac632eed7 APPS: Restore inclusions
An '#include <string.h>' was mistakenly removed from apps/ec.c and
apps/ecparam.c

Fixes #13986

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13989)
2021-01-28 10:24:30 +01:00
Matt Caswell
b1eae34bbe Fix running mingw dhparam test under wine
The dhparam test was failing to properly handle line endings when
running a mingw configured build under wine.

Fixes #13557

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13923)
2021-01-27 15:00:35 +00:00
Daniel Bevenius
fa2a7490c0 Fix typo in thread_once comments
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13964)
2021-01-27 13:40:25 +01:00
Richard Levitte
eeb09f1bd7 Fix OSSL_PARAM_allocate_from_text() for EBCDIC
OSSL_PARAM_allocate_from_text() converted text values to UTF-8
OSSL_PARAMs with a simple strncpy().  However, if the text is EBCDIC,
that won't become UTF-8.  Therefore, it's made to convert from EBCDIC
to ASCII on platforms where the native character encoding is the
former.

One might argue that the conversion should be the responsibility of
the application.  However, this is a helper function, and the calling
application can't easily know what sort of OSSL_PARAM the input values
are going to be used for.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13961)
2021-01-27 12:06:29 +01:00
Dr. David von Oheimb
0c3eb2793b TLS client: allow cert verify callback return -1 for SSL_ERROR_WANT_RETRY_VERIFY
The client-side cert verification callback function may not only return
as usual for success or 0 for failure, but also -1,
typically on failure verifying the server certificate.
This makes the handshake suspend and return control to the calling application
with SSL_ERROR_WANT_RETRY_VERIFY.
The app can for instance fetch further certificates or cert status information
needed for the verification.
Calling SSL_connect() again resumes the connection attempt
by retrying the server certificate verification step.
This process may even be repeated if need be.

The core implementation of the feature is in ssl/statem/statem_clnt.c,
splitting tls_process_server_certificate() into a preparation step
that just copies the certificates received from the server to s->session->peer_chain
(rather than having them in a local variable at first) and returns to the state machine,
and a post-processing step in tls_post_process_server_certificate() that can be repeated:
Try verifying the current contents of s->session->peer_chain basically as before,
but give the verification callback function the chance to pause connecting and
make the TLS state machine later call tls_post_process_server_certificate() again.
Otherwise processing continues as usual.

The documentation of the new feature is added to SSL_CTX_set_cert_verify_callback.pod
and SSL_want.pod.

This adds two tests:
* A generic test in test/helpers/handshake.c
  on the usability of the new server cert verification retry feature.
  It is triggered via test/ssl-tests/03-custom_verify.cnf.in (while the bulky auto-
  generated changes to test/ssl-tests/03-custom_verify.cnf can be basically ignored).
* A test in test/sslapitest.c that demonstrates the effectiveness of the approach
  for augmenting the cert chain provided by the server in between SSL_connect() calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13906)
2021-01-26 17:09:13 +01:00
Daiki Ueno
1395a84e48 params: OSSL_PARAM_utf8_ptr: don't automatically reference address
Since the pointer can be later be modified, the caller should have the
responsibility to supply the address of that.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13951)
2021-01-26 15:57:24 +01:00
Richard Levitte
df78589893 DOC: Fix a few minor issues in OSSL_ENCODER / OSSL_DECODER docs
Partially fixes #13949

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13954)
2021-01-26 15:54:07 +01:00
Richard Levitte
ba0a6d1deb Clean away unnecessary length related OSSL_PARAM key names
This cleans away old misunderstandings of what can be done with OSSL_PARAM.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13946)
2021-01-26 15:51:50 +01:00
Tomas Mraz
7b0f64b121 Check that the ecparam and pkeyparam do not mangle the parameters
Just comparison of the original parameter file with the -out output.

Some test files have non-canonical encoding, so they are moved
to a different directory.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Tomas Mraz
82a4620091 Add checks for NULL return from EC_KEY_get0_group()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Tomas Mraz
f468e2f951 ec: Document that -conv_form and -no_public are not supported with engine
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Tomas Mraz
59b64259b8 ssl_old_test.c: Replace use of deprecated EC functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Tomas Mraz
adffee9753 EVP_PKEY_get_group_name works with public keys as well
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Tomas Mraz
36fafb2e80 Add manpage for EVP_PKEY_get_field_type and EVP_PKEY_get_point_conv_form
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Tomas Mraz
0c8e98e615 Avoid using OSSL_PKEY_PARAM_GROUP_NAME when the key might be legacy
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Tomas Mraz
f377e58fde Disable the test-ec completely when building with no-ec
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Matt Caswell
3d34bedfd7 Add EVP_PKEY functions to get EC conv form and field type
libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order
to get the conv form and field type. Instead we provide EVP_PKEY level
functions to do this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:17 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Shane Lontis
98dbf2c1c8 Add functions to set values into an EVP_PKEY
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:13 +01:00
Tomas Mraz
5764c3522c krb5kdf: Do not dereference NULL ctx when allocation fails
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13953)
2021-01-26 15:11:11 +01:00
Richard Levitte
b897b353df Drop Travis
At this point, we have transitioned completely from Travis to GitHub Actions

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13940)
2021-01-25 13:41:23 +01:00
Richard Levitte
4605b34d56 Github CI: Add a job for out-of-source build + install
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13935)
2021-01-25 13:38:38 +01:00
Richard Levitte
d9c22dde29 Unix Makefile generator: Fix empty basename calls
Fixes #13933

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13935)
2021-01-25 13:38:37 +01:00
Tomas Mraz
c27e792221 bn: Deprecate the X9.31 RSA key generation related functions
This key generation method is obsolete.

Fixes #10111

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13921)
2021-01-25 10:20:48 +01:00
Dr. David von Oheimb
c9603dfa42 OCSP HTTP: Restore API of undocumented and recently deprecated functions
Restore parameters of OCSP_REQ_CTX_new(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_i2d().
Fix a bug (wrong HTTP method selected on req == NULL in OCSP_sendreq_new().
Minor further fixes in OSSL_HTTP_REQ_CTX.pod

Fixes #13873

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
2021-01-23 15:25:05 +01:00
Dr. David von Oheimb
806990e7db OSSL_HTTP_REQ_CTX.pod: minor addition and remove redundant paragraph
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
2021-01-23 15:25:04 +01:00
Dr. David von Oheimb
046fba4493 OSSL_HTTP_REQ_CTX_new(): replace method_GET parameter by method_POST
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
2021-01-23 15:25:04 +01:00
Dr. David von Oheimb
cddbcf02f5 rename OSSL_HTTP_REQ_CTX_header to OSSL_HTTP_REQ_CTX_set_request_line
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
2021-01-23 15:25:04 +01:00
Dr. David von Oheimb
0a20cc4bc3 Add check of HTTP method to OSSL_HTTP_REQ_CTX_content()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
2021-01-23 15:25:04 +01:00
Dr. David von Oheimb
85c8b87b82 Util/Pod.pm: Fix uninitialized $podinfo{lastsecttext} on empty input
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
2021-01-23 15:25:04 +01:00
Matt Caswell
8a9394c1ed Fix no-dh and no-dsa
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13915)
2021-01-22 09:47:59 +00:00
Matt Caswell
fc52ae8c4b Don't copy parameters on setting a key in libssl
Whenever we set a private key in libssl, we first found the certificate
that matched the key algorithm. Then we copied the key parameters from the
private key into the public key for the certficate before finally checking
that the private key matched the public key in the certificate. This makes
no sense! Part of checking the private key is to make sure that the
parameters match. It seems that this code has been present since SSLeay.
Perhaps at some point it made sense to do this - but it doesn't any more.

We remove that piece of code altogether. The previous code also had the
undocumented side effect of removing the certificate if the key didn't
match. This makes sense if you've just overwritten the parameters in the
certificate with bad values - but doesn't seem to otherwise. I've also
removed that error logic.

Due to issue #13893, the public key associated with the certificate is
always a legacy key. EVP_PKEY_copy_parameters will downgrade the "from"
key to legacy if the target is legacy, so this means that in libssl all
private keys were always downgraded to legacy when they are first set
in the SSL/SSL_CTX. Removing the EVP_PKEY_copy_parameters code has the
added benefit of removing that downgrade.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13899)
2021-01-22 09:30:53 +00:00
Matt Caswell
5060cd5f3e Ensure legacy_asn1_ctrl_to_param can handle MDs not in the OBJ database
The legacy_asn1_ctrl_to_param implementation of
ASN1_PKEY_CTRL_DEFAULT_MD_NID calls EVP_PKEY_get_default_digest_name()
which returns an mdname. Previously we were using OBJ_sn2nid/OBJ_ln2nid
to lookup that name in the OBJ database. However we might get an md name
back that only exists in the namemap, not in the OBJ database. In that
case we need to check the various aliases for the name, to see if one of
those matches the name we are looking for.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13899)
2021-01-22 09:30:45 +00:00
Richard Levitte
ef161e7b8f Unix Makefile generator: separate "simple" shared libraries from import libraries
For Unix like environments, we may have so called "simple" shared
library names (libfoo.so as opposed to libfoo.so.1.2), or we may have
"import" library names associated with a DLL (libfoo.dll.a for
libfoo.dll on Mingw and derivatives).

So far, "import" library names were treated the same as "simple"
shared library names, as some kind of normalization for the Unix way
of doing things.

We now shift to treat them separately, to make it clearer what is
what.

Fixes #13414, incidently

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13875)
2021-01-21 19:48:33 +01:00
zsugabubus
daa86f9e6b Check input size before NULL pointer test inside mem_write()
Checking is performed after the read-only test so it catches such errors
earlier.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13786)
2021-01-21 18:35:43 +01:00
Tomas Mraz
616581aaac dh_cms_set_shared_info: Use explicit fetch to be able to provide libctx
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
2021-01-21 18:08:02 +01:00
Tomas Mraz
6c4ecc655a dh_cms_set_peerkey: The peer key is encoded as an ASN.1 integer
It must be decoded from the ASN.1 integer before setting
to the EVP_PKEY.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
2021-01-21 18:08:02 +01:00
Tomas Mraz
24d5be7a2a Make the smdh.pem test certificate usable with fips provider
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
2021-01-21 18:08:02 +01:00