Fixes#14559
The intitial implementation of the gets() function tried using the next bio's gets() function.
For a file BIO this returned incorrect data for binary data containing 0x00.
Just buffering all data during gets() did not work however since some
applications open and close the bio multiple times when dealing with pem
files containing multiple entries.. This does not work
when reading from stdin unless the data if buffered one byte at a time.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14599)
There are a few test cases at the end of test/recipes/30-test_evp.t,
which are designed to check that loading DSA keys when DSA is disabled,
or SM2 keys when SM2 is disables fail in an understandable way. These
needed a small adjustment.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)
Let the files remain to make test forensics easy
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14484)
Fixes#13185Fixes#13352
Removed the existing code in file_store that was trying to figure out the
input type.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
Allow absolute paths for $SRCTOP and $BLDTOP.
Do not build the gost_engine in tree.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
The regression from commit 05458fd was fixed, but there is
no test for that regression. This adds it simply by having
a certificate that we compare for -text output having
a different subject and issuer.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14353)
The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's safe.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
The EVP_DigestSignInit and EVP_DigestVerifyInit actually have to
be initialized before EVP_PKEY_CTX_ctrl_str is invoked.
Otherwise, when the ctx not initialized, the ctrl command fails.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13828)
The dh->nid was not being set if the loaded p,g matched an inbuilt named
group for "DH".
NOTE: The "DHX" related path already worked since it calls DH_set0_pqg()
(which does the name group check).
This bug was detected when new tests were added for dh5114 groups, combined
with the no-cache tests i.e. loading+import+export set the nid,
but just loading did not.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14207)
The apps helper function load_key_certs_crls() is a general purpose
function for loading different types of objects from a given URI. It
sets up an OSSL_STORE and calls OSSL_STORE_expect() so that the store
knows what type of thing to expect to load. Unfortunately this wasn't
working and was always setting "expect" to 0 - which means "anything".
Fixes#13709
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14191)
Added primality check on p and q in the ossl_ffc_params_simple_validate().
Checking for p and q sizes in the default provider is made more
lenient.
Added two testcases for invalid parameters.
Fixes#13950
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14148)
genpkey can sometimes create files that fail "openssl dhparam -check". See
issue #14145. We had some instances of such invalid files in the
dhparam_check test. Now that "openssl dhparam -check" has been fixed to
work the same way as it did in 1.1.1 these tests were failing. We move the
invalid files inot the "invalid" directory. A future PR will have to fix
genpkey to not generate invalid files.
We also remove a "SKIP" block that was skipping tests in a no deprecated
build unnecessarily. Nothing being tested is deprecated.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
This 'special' way of specifying the data should only be used for testing
purposes. It should not be used in production environments.
ACVP passes a blob of DER encoded data for some of the fields rather
than passing them as separate fields that need to be DER encoded.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14077)
Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provider.
Fixes#13767
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Providers produce algorithm IDs of their own, and we need to compare
them against the same thing produced by libcrypto's ASN.1 code and
with legacy keys.
This tester can compare algorithm IDs for signatures and for keys,
given certificates that hold such data.
To verify key algorithm IDs, only one certificate is necessary, and
its public key is used.
To verify certificate algorithm IDs, we need to launch the signature
operation that would verify a certificate against the public key of
its signing CA, so that test needs two files.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14049)
Fixes#13969
- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
reflects the actual parameters set
- when generating keys do not override previously set parameters
with defaults
- tests added to the test_req recipe that should cover the PSS signature
handling
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
Fixes#13656. Right now all openssl commands use a NULL propq. This
patch adds a possibility to specify a custom propq.
The implementation follows the example of set_nameopt/get_nameopt.
Various tools had to be modified to call app_get0_propq after it has
been populated. Otherwise the -propquery has no effect.
The tests then verify the -propquery affects the tool behaviour by
requesting a non-existing property.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13707)
The HTTP-based tests are now in 80_test_cmp_http.t, to start a little earlier.
This should decrease total test run time due to better parallelization.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
EVP_PKEYs may be shared across mutliple threads. For example this is
common for users of libssl who provide a single EVP_PKEY private key for
an SSL_CTX, which is then shared between multiple threads for each SSL
object.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
The dhparam test was failing to properly handle line endings when
running a mingw configured build under wine.
Fixes#13557
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13923)
The client-side cert verification callback function may not only return
as usual for success or 0 for failure, but also -1,
typically on failure verifying the server certificate.
This makes the handshake suspend and return control to the calling application
with SSL_ERROR_WANT_RETRY_VERIFY.
The app can for instance fetch further certificates or cert status information
needed for the verification.
Calling SSL_connect() again resumes the connection attempt
by retrying the server certificate verification step.
This process may even be repeated if need be.
The core implementation of the feature is in ssl/statem/statem_clnt.c,
splitting tls_process_server_certificate() into a preparation step
that just copies the certificates received from the server to s->session->peer_chain
(rather than having them in a local variable at first) and returns to the state machine,
and a post-processing step in tls_post_process_server_certificate() that can be repeated:
Try verifying the current contents of s->session->peer_chain basically as before,
but give the verification callback function the chance to pause connecting and
make the TLS state machine later call tls_post_process_server_certificate() again.
Otherwise processing continues as usual.
The documentation of the new feature is added to SSL_CTX_set_cert_verify_callback.pod
and SSL_want.pod.
This adds two tests:
* A generic test in test/helpers/handshake.c
on the usability of the new server cert verification retry feature.
It is triggered via test/ssl-tests/03-custom_verify.cnf.in (while the bulky auto-
generated changes to test/ssl-tests/03-custom_verify.cnf can be basically ignored).
* A test in test/sslapitest.c that demonstrates the effectiveness of the approach
for augmenting the cert chain provided by the server in between SSL_connect() calls.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13906)
Just comparison of the original parameter file with the -out output.
Some test files have non-canonical encoding, so they are moved
to a different directory.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
- DH support should work with both DH and DHX keys
- UKM parameter is optional so it can have length 0
Fixes#13810
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
Also update documentation regarding sources of certs and keys,
improve type of OSSL_CMP_exec_RR_ses(),
add tests for CSR-based cert revocation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13841)
Also prevent copying SKID and AKID extension, which make no sense in CSRs
and extend the use -ext to select with extensions are copied.
Further simplifiy the overall structure of the code.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
