Commit Graph

26196 Commits

Author SHA1 Message Date
Otto Hollmann
c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11984)
2020-06-04 17:45:00 +03:00
Richard Levitte
c8567c392c CORE: make sure activated fallback providers stay activated
Calling 'OSSL_PROVIDER_available(NULL, "default")' would search for
the "default" provider, and in doing so, activate it if necessary,
thereby detecting that it's available...  and then immediately free
it, which could deactivate that provider, even though it should stay
available.

We solve this by incrementing the refcount for activated fallbacks one
extra time, thereby simulating an explicit OSSL_PROVIDER_load(), and
compensate for it with an extra ossl_provider_free() when emptying the
provider store.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11926)
2020-06-04 16:42:45 +02:00
Richard Levitte
f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers
There are cases where the fallback providers aren't treated right.
For example, the following calls, in that order, will end up with
a failed EVP_KEYMGMT_fetch(), even thought the default provider
does supply an implementation of the "RSA" keytype.

    EVP_KEYMGMT *rsameth = NULL;

    OSSL_PROVIDER_available(NULL, "default");
    rsameth = EVP_KEYMGMT_fetch(NULL, "RSA", NULL);

For good measure, this also tests that explicit loading of the default
provider won't fail.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11926)
2020-06-04 16:42:45 +02:00
Aaron Thompson
4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11514)
2020-06-04 17:39:51 +03:00
Matt Caswell
c2db6839e4 Prepare for 3.0 alpha 4
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-06-04 14:58:20 +01:00
Matt Caswell
3952c5a312 Prepare for release of 3.0 alpha 3
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-06-04 14:56:40 +01:00
Matt Caswell
00c405b365 Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)
2020-06-04 14:33:57 +01:00
Pauli
19d15f97b3 ossl_shim: const cast the param arguments to avoid errors
[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12022)
2020-06-03 21:17:18 +10:00
Bernd Edlinger
42fa3e6669 Fix a buffer overflow in drbg_ctr_generate
This can happen if the 32-bit counter overflows
and the last block is not a multiple of 16 bytes.

Fixes #12012

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12016)
2020-06-03 13:15:36 +02:00
Rich Salz
2b584ff372 Update manpage to fix examples, other minor tweaks
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)
2020-06-03 09:57:02 +02:00
Rich Salz
4e6e57cfcd Cleanup cert config files for tests
Merge test/P[12]ss.cnf into one config file
Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf
Remove Netscape cert extensions, add keyUsage comment from some cnf files

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)
2020-06-03 09:56:56 +02:00
Pauli
5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12018)
2020-06-03 10:41:02 +10:00
Richard Levitte
29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11855)
2020-06-02 20:00:25 +02:00
Richard Levitte
eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs
PEM_write_bio_PKCS8PrivateKey(), i2d_PKCS8PrivateKey_bio(),
PEM_write_PKCS8PrivateKey(), and i2d_PKCS8PrivateKey_fp() are affected
by this.

Fixes #11845

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11855)
2020-06-02 20:00:25 +02:00
Jack O'Connor
a5a87011ba fix a docs typo
Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist.

CLA: trivial

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11988)
2020-06-02 13:01:56 +02:00
Bernd Edlinger
d805b83166 Prevent extended tests run unexpectedly in appveyor
Reason turns out that "git log -2" is picking up a merge
commit and a random commit message from the master branch.

Restore the expected behavior by using
git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11981)
2020-06-02 11:34:32 +02:00
Billy Brumley
23ccae80bd Move EC_METHOD to internal-only
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11928)
2020-06-02 11:17:24 +03:00
Richard Levitte
e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11983)
2020-06-02 09:42:34 +02:00
Bernd Edlinger
32df13497a Remove getenv(OPENSSL_FIPS) in openssl command
This is left over from the past.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11995)
2020-06-01 22:52:06 +02:00
Bernd Edlinger
41dccd68b9 Revert the check for NaN in %f format
Unfortunately -Ofast seems to break that check.

Fixes #11994

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12003)
2020-06-01 18:20:28 +02:00
Tim Hudson
c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations
The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12001)
2020-06-01 19:52:23 +10:00
Dr. David von Oheimb
dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11971)
2020-06-01 09:23:54 +02:00
Hubert Kario
60d3b5b9ff add FFDH to speed command
the openssl speed command could not benchmark FFDH speed, but it could
benchmark ECDH, making comparisons between the two hard

this commit adds this feature

fixes #9475

Signed-off-by: Hubert Kario <hubert@kario.pl>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10887)
2020-06-01 09:01:23 +02:00
Bernd Edlinger
082c041b42 bio printf: Avoid using rounding errors in range check
There is a problem casting ULONG_MAX to double which clang-10 is warning about.
ULONG_MAX typically cannot be exactly represented as a double.  ULONG_MAX + 1
can be and this fix uses the latter, however since ULONG_MAX cannot be
represented exactly as a double number we subtract 65535 from this number,
and the result has at most 48 leading one bits, and can therefore be
represented as a double integer without rounding error.  By adding
65536.0 to this number we achive the correct result, which should avoid the
warning.

The addresses a symptom of the underlying problem: we print doubles via an
unsigned long integer.  Doubles have a far greater range and should be printed
better.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11955)
2020-05-29 15:23:33 +02:00
Richard Levitte
f438f53a4e DOCS: add openssl-core_names.h(7)
A CAVEATS section is present in this manual.  That section name is
borrowed from OpenBSD, where mdoc(7) explains it like this:

    CAVEATS
    Common misuses and misunderstandings should be explained in this
    section.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11963)
2020-05-29 08:26:10 +02:00
Richard Levitte
329b2a2cde DOCS: add openssl-core_numbers.h(7)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11963)
2020-05-29 08:26:10 +02:00
Patrick Steuer
d561b84143 EVP_EncryptInit.pod: fix example
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11976)
2020-05-28 20:46:29 +02:00
Benjamin Kaduk
9c44916ce5 RSA: Do not set NULL OAEP labels
As of the previous commit, when a zero-length (string) parameter
is present in the parameters passed to a provider for a given operation,
we will produce an object corresponding to that zero-length parameter,
indicating to the underlying cryptographic operation that the parameter
was passed.  However, rsa_cms_decrypt() was relying on the previous
behavior, and unconditionally tried to call
EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label
was used (and thus the relevant local variable was still NULL).
In the new setup that distinguishes present-but-empty and absent
more clearly, it is an error to attempt to set a NULL parameter,
even if it is zero-length.

Exercise more caution when setting parameters, and do not call
EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a
label provided.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)
2020-05-28 10:01:47 -07:00
Benjamin Kaduk
7c302f8afc params: do not ignore zero-length strings
Prior to this commit, if a string (or octet string) parameter
was present but indicated it was zero-length, we would return success
but with a NULL output value.  This can be problematic in cases where
there is a protocol-level distinction between parameter-absent and
parameter-present-but-zero-length, which is uncommon but can happen.

Since OPENSSL_malloc() returns NULL for zero-length allocation requests,
make a dummy allocation for this case, to give a signal that the string
parameter does exist but has zero length.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)
2020-05-28 10:01:47 -07:00
Benjamin Kaduk
2cd3ebc76c test HKDF with empty IKM
Add an extra EVP test that provides empty input key material.  It
currently fails, since we lose the information about "key present but
zero length" as we deserialize parameters in the provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)
2020-05-28 10:01:47 -07:00
Matt Caswell
5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider
Following on from the previous commit, add a test to check that we fail
to create an EVP_PKEY_CTX if an algorithm is not available in any provider,
*unless* it is an algorithm that has no provider support.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)
2020-05-28 17:01:47 +01:00
Matt Caswell
b533510f3b Fail if we fail to fetch the EVP_KEYMGMT
If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy.
This is because some algorithms (such as MACs and KDFs used via an old
style EVP_PKEY) have not been transferred to providers.

Unfortunately this means that you cannot stop some algorithms from being
used by not loading the provider.

For example if you wanted to prevent RSA from being used, you might expect
to just not load any providers that make it available. Unfortunately that
doesn't work because we simply fall back to legacy if we fail to fetch
the EVP_KEYMGMT.

Instead we should fail *unless* the key type is one of those legacy key
types that we have not transferred.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)
2020-05-28 17:01:47 +01:00
Dmitry Belyavskiy
9e6cb43442 Update gost-engine commit to match the API changes
[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11970)
2020-05-28 17:30:35 +03:00
Richard Levitte
bb90f9fee1 util/mkpod2html.pl: Fix unbalanced quotes
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11969)
2020-05-28 14:00:49 +02:00
Shane Lontis
3d518d3d81 Fix errtest for older compilers
Some older compilers use "unknown function" if they dont support __func, so the
test using ERR_PUT_error needed to compensate for this when comparing against the
expected value.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11967)
2020-05-28 14:18:13 +10:00
Pauli
bac8d066a5 ossl_shim: use the correct ticket key call back.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11966)
2020-05-28 13:54:33 +10:00
Pauli
4f65bc6f8f fips: add AES OFB mode ciphers to FIPS provider.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11908)
2020-05-28 07:59:13 +10:00
Pauli
0839afa747 fips: add AES CFB mode ciphers to FIPS provider.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11908)
2020-05-28 07:59:13 +10:00
Bernd Edlinger
77286fe3ec Avoid undefined behavior with unaligned accesses
Fixes: #4983

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/6074)
2020-05-27 20:11:20 +02:00
Dr. David von Oheimb
c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11953)
2020-05-27 14:36:13 +02:00
FdaSilvaYY
9e3c510bde crypto/cms: add CAdES-BES signed attributes validation
for signing certificate V2 and signing certificate extensions.

CAdES: lowercase name for now internal methods.

crypto/cms: generated file changes.

Add some CHANGES entries.

[extended tests]

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8098)
2020-05-27 13:16:30 +02:00
Richard Levitte
f7f53d7d61 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP
Fixes #11904

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11959)
2020-05-27 12:42:20 +02:00
Dr. Matthias St. Pierre
e978ab7894 doc: fix trace category names
The `ENGINE_CONF` and `PROVIDER_CONF` trace categories were merged
into a single `CONF` category (see bc362b9b72 and 71849dff56).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11806)
2020-05-27 01:32:53 +02:00
Rich Salz
e847085914 Clean up some doc nits
Mostly "No items in =over/=back list"

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11902)
2020-05-27 00:35:00 +02:00
Dr. David von Oheimb
93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it
Fixes #11870

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11894)
2020-05-26 09:35:32 +02:00
Dr. David von Oheimb
7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11894)
2020-05-26 09:35:05 +02:00
Richard Levitte
5606922c3d PROV: Fix RSA-OAEP memory leak
The OAEP label wasn't freed when the operation context was freed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11927)
2020-05-26 07:56:30 +02:00
Shane Lontis
b808665265 Update core_names.h fields and document most fields.
Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related to RSA keys.
Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file.
Updated Keyexchange and signature code and docs.
Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod.
Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it.

Added some usage examples. As a result of the usage examples the following change was also made:
ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 13:53:07 +10:00
Shane Lontis
f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod
Fixes #11743

The ouput format had 2 issues that caused it not to match the expected documented format:
(1) At some point the thread id printing was changed to use the OPENSSL_hex2str method which puts ':' between hex bytes.
    An internal function that skips the seperator has been added.
(2) The error code no longer exists. So this was completely removed from the string. It is now replaced by ::

As an example:
  00:77:6E:52:14:7F:00:00:error:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135:
Is now:
  00776E52147F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135:

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11789)
2020-05-26 12:44:36 +10:00
Pauli
1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option.
The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated
build.

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11944)
2020-05-26 09:01:44 +10:00