Commit Graph

142 Commits

Author SHA1 Message Date
Matt Caswell
468d9d5564 Update CHANGES.md and NEWS.md for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-03-25 13:12:42 +00:00
Andrey Matyukov
c781eb1c63 Dual 1024-bit exponentiation optimization for Intel IceLake CPU
with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key
operations. It uses 256-bit registers to avoid CPU frequency scaling issues.
The performance speedup for RSA2k signature on ICL is ~2x.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13750)
2021-03-22 09:48:00 +00:00
Dr. David von Oheimb
63b64f19c1 TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func
Also constify related CMS/PKCS7 functions and improve error codes thrown.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14503)
2021-03-18 07:03:53 +01:00
Dr. David von Oheimb
bef876f97e ts_check_signing_certs(): Make sure both ESSCertID and ESSCertIDv2 are checked
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14503)
2021-03-18 07:03:53 +01:00
Dr. David von Oheimb
6b937ae3a7 TS ESS: Invert the search logic of ts_check_signing_certs() to correctly cover cert ID list
Fixes #14190

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14503)
2021-03-18 07:03:52 +01:00
Matt Caswell
2db5834c43 Add a CHANGES entry for the cosmetic differences in textual output
Numerous functions have had their textual output amended. We add
a CHANGES entry for this.

Fixes #14476

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14485)
2021-03-15 15:51:24 +00:00
Jakub Zelenka
343475126e Update CHANGES with info about AuthEnvelopedData addition
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14456)
2021-03-12 14:14:23 +01:00
Matt Caswell
e66682a838 Prepare for 3.0 alpha 14
Reviewed-by: Richard Levitte <levitte@openssl.org>
2021-03-11 13:47:21 +00:00
Matt Caswell
88df2c0b3d Prepare for release of 3.0 alpha 13
Reviewed-by: Richard Levitte <levitte@openssl.org>
2021-03-11 13:47:12 +00:00
Vincent Drake
f70863d9dd Use read/write locking on Windows
Fixes #13914

The "SRWLock" synchronization primitive is available in Windows Vista
and later.  CRYPTO_THREAD functions now use SRWLock functions when the
target operating system supports them.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14381)
2021-03-11 10:33:06 +00:00
Shane Lontis
a30823c80f Add new filter BIO BIO_f_readbuffer()
This allows BIO_tell() and BIO_seek() to work for BIO's that do
not support these methods. The main use case for this is file/fd BIO's
that use stdin.

This works for stdin taken from input redirection (command < file),
and stdin via pipe (cat file | command).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
2021-03-11 07:57:31 +10:00
Tomas Mraz
762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac()
Use the modern defaults as now set in the pkcs12 app. This also
allows modifying the application to not override the default values
when calling the API.

Fixes #14034

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14450)
2021-03-10 17:12:48 +01:00
Matt Caswell
18fdebf174 Mention the change of licence in NEWS.md
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
2021-03-10 16:02:35 +00:00
Matt Caswell
0966aee5ed Expand the CHANGES entry for SHA1 and libssl
As well as SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 not working at
security level 1 we also document that TLS 1.2 connection will fail
if the ClientHello does not have a signature algorithms extension.

Fixes #14447

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
2021-03-10 16:02:35 +00:00
Matt Caswell
f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type()
The function OSSL_STORE_INFO_get_type() may now return a new object
type. Applications may have to be amended accordingly.

Fixes #14446

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
2021-03-10 16:02:35 +00:00
Matt Caswell
c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider
Numerous ciphers and digests have been moved to the legacy provider.
There should be a CHANGES.md entry pointing this out.

Fixes #14441

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
2021-03-10 16:02:35 +00:00
Dmitry Belyavskiy
896dcda18b Non-const accessor to legacy keys
Fixes #14466.

Reverting the changes of the EVP_PKEY_get0 function.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14468)
2021-03-09 16:25:46 +01:00
Matt Caswell
7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type
OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
2021-03-08 15:13:09 +00:00
Matt Caswell
cc57dc9625 Document the change in behaviour of the the low level key getters/setters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
2021-03-08 15:11:31 +00:00
Matt Caswell
8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated
Most of these were already deprecated but a few have been missed. This
commit corrects that.

Fixes #14303
Fixes #14317

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
2021-03-08 15:11:31 +00:00
Rich Salz
b0aae91324 Remove RSA SSLv23 padding mode
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14248)
2021-03-01 10:56:12 +01:00
Dr. David von Oheimb
7932982b88 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components
Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag]
by optionally providing any userinfo, query, and frag components.

All usages of this function, which are client-only,
silently ignore userinfo and frag components,
while the query component is taken as part of the path.
Update and extend the unit tests and all affected documentation.
Document and deprecat OCSP_parse_url().

Fixes an issue that came up when discussing FR #14001.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14009)
2021-03-01 10:30:43 +01:00
Tomas Mraz
f3ccfc76fe speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsa
Fixes #13909

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14228)
2021-02-24 16:53:18 +01:00
Tomas Mraz
76e48c9d66 Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
The functions are not needed and require returning octet ptr parameters
from providers that would like to support them which complicates provider
implementations.

Fixes #12985

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14279)
2021-02-24 10:44:15 +01:00
Pauli
1263154064 changes: note the deprecation of RAND_METHOD APIs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)
2021-02-23 23:24:41 +10:00
Matt Caswell
937984efc6 Prepare for 3.0 alpha 13
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-02-18 15:09:04 +00:00
Matt Caswell
b467d394eb Prepare for release of 3.0 alpha 12
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-02-18 15:08:53 +00:00
Matt Caswell
c913dbd716 Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2021-02-16 12:33:13 +00:00
Matt Caswell
13888e797c Update documentation following deprecation of SRP
Ensure all the man pages correctly reflect the deprecated status of SRP.

Fixes #13917

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
2021-02-12 08:47:32 +00:00
Pauli
7dd5a00f41 changes: add a CHANGES.md entry for the OSSL_FORCE_NO_CACHE_FETCH option.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
2021-02-12 12:28:55 +10:00
Tomas Mraz
93b39c85c9 CHANGES.md: Mention RSA key generation slowdown related changes
Fixes #14068

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14073)
2021-02-09 13:45:04 +01:00
Tomas Mraz
4d2a6159db Deprecate BN_pseudo_rand() and BN_pseudo_rand_range()
The functions are obsolete aliases for BN_rand() and BN_rand_range()
since 1.1.0.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14080)
2021-02-09 13:41:11 +01:00
Matt Caswell
a763ca1177 Stop disabling TLSv1.3 if ec and dh are disabled
Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provider.

Fixes #13767

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:22:40 +00:00
Rich Salz
1409b5f664 Deprecate EVP_MD_CTX_{set_}update_fn()
They are still used internally in legacy code.

Also fixed up some minor things in EVP_DigestInit.pod

Fixes: #14003

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14008)
2021-02-03 11:12:16 +01:00
Tomas Mraz
66194839fe Add diacritics to my name in CHANGES.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14044)
2021-02-03 10:20:44 +01:00
Rich Salz
7ff9fdd4b3 Deprecate X509_certificate_type
Fixes: #13997

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14002)
2021-02-02 11:47:49 +01:00
Richard Levitte
302e63cbe5 Prepare for 3.0 alpha 12
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-01-28 14:08:31 +01:00
Richard Levitte
31a89254d8 Prepare for release of 3.0 alpha 11
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-01-28 14:07:51 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Tomas Mraz
c27e792221 bn: Deprecate the X9.31 RSA key generation related functions
This key generation method is obsolete.

Fixes #10111

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13921)
2021-01-25 10:20:48 +01:00
Dr. David von Oheimb
cddbcf02f5 rename OSSL_HTTP_REQ_CTX_header to OSSL_HTTP_REQ_CTX_set_request_line
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
2021-01-23 15:25:04 +01:00
Matt Caswell
5b57aa24c3 Ensure SRP BN_mod_exp follows the constant time path
SRP_Calc_client_key calls BN_mod_exp with private data. However it was
not setting BN_FLG_CONSTTIME and therefore not using the constant time
implementation. This could be exploited in a side channel attack to
recover the password.

Since the attack is local host only this is outside of the current OpenSSL
threat model and therefore no CVE is assigned.

Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
issue.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13888)
2021-01-20 16:26:22 +00:00
Dr. David von Oheimb
b9fbacaa7b apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> req
Fixes #3638
Fixes #6481
Fixes #10458
Partly fixes #13708
Supersedes #9449

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
2021-01-20 15:59:22 +01:00
Rich Salz
83b6dc8dc7 Deprecate OCSP_xxx API for OSSL_HTTP_xxx
Deprecations made:
    OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX
    OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new
    OCSP_REQ_CTX_free->OSSL_HTTP_REQ_CTX_free
    OCSP_REQ_CTX_http-> OSSL_HTTP_REQ_CTX_header
    OCSP_REQ_CTX_add1_header->OSSL_HTTP_REQ_CTX_add1_header
    OCSP_REQ_CTX_i2d->OSSL_HTTP_REQ_CTX_i2d
    OCSP_REQ_CTX_get0_mem_bio->OSSL_HTTP_REQ_CTX_get0_mem_bio
    OCSP_set_max_response_length->OSSL_HTTP_REQ_CTX_set_max_response_length
    OCSP_REQ_CTX_nbio_d2i->OSSL_HTTP_REQ_CTX_sendreq_d2i
    OCSP_REQ_CTX_nbio->OSSL_HTTP_REQ_CTX_nbio

Made some editorial changes to man3/OCSP_sendreq.pod; move the NOTES
text inline.  Some of the original functions had no documentation:
OCSP_REQ_CTX_new, OCSP_REQ_CTX_http, OCSP_REQ_CTX_get0_mem_bio,
OCSP_REQ_CTX_nbio_d2i, and OCSP_REQ_CTX_nbio.  Their new counterparts
are now documented in doc/man3/OSSL_HTTP_REQ_CTX.pod

Fixes #12234

Co-authored-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13742)
2021-01-19 11:13:15 +01:00
Dr. David von Oheimb
b65c5ec8f5 apps/req.c: Add -copy_extensions option for use with -x509; default: none
Fixes #13708

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
2021-01-13 11:53:15 +01:00
Dr. David von Oheimb
ec2bfb7d23 apps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions by default
Fixes #13603

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
2021-01-13 11:53:15 +01:00
Nicola Tuveri
9e49aff2aa Add SM2 private key range validation
According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.

For this reason we cannot reuse the EC validation function as it is, and
we introduce a new internal function `sm2_key_private_check()`.

Partially fixes https://github.com/openssl/openssl/issues/8435

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
2021-01-08 23:59:02 +02:00
Nicola Tuveri
ed37336b63 [apps/pkey] Return error on failed -[pub]check
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
2021-01-08 23:59:02 +02:00
Otto Hollmann
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12100)
2021-01-07 17:38:56 +01:00
Matt Caswell
a86add03ab Prepare for 3.0 alpha 11
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2021-01-07 13:48:32 +00:00