Commit Graph

25724 Commits

Author SHA1 Message Date
Richard Levitte
b16654a281 config, Configure: move the check of removed crypto/ sub-systems
The 'config' script checked for a bunch of crypto/ sub-system
directories, and added 'no-' options if they weren't there.

We move it to 'Configure' in an effort to simplify 'config' for
further work.

Note: this is pretty much a historical thing.  In modern OpenSSL, it's
much simpler to edit the SUBDIRS statement in crypto/build.info.
However, it's been claimed the there are those who still remove some
of these sub-system sources.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11217)
2020-03-04 17:12:52 +01:00
Richard Levitte
6caf63ec48 .travis.yml: where it matters, have build and source nesting levels differ
Where we build out of source, the source directory was _srcdist and
the build directory was _build.  That gives the same nesting level for
both, which doesn't quite exercise all aspects of relative back
references from build to source tree.

Changing the build tree to be in _build/tree will challenge back
references a bit more, and ensure a bit more that we got it right.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11186)
2020-03-04 12:55:57 +01:00
Rich Salz
a8055c70fa Add some missing env var documentation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11189)
2020-03-04 11:41:50 +01:00
Vladimir Panteleev
888e2a9bf5 .gitignore: Add /apps/progs.{c,h}
These files were removed from the source tree in
fe909ee4ae.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11222)
2020-03-04 10:18:56 +10:00
Shane Lontis
f552d90045 Add Serializers for EC
Provide EC serializers for text, pem and der.

EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by
other KEY types (which normally have a SEQUENCE at the top level).
For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the
code can still be shared with EC.

The EC serializer only supports named curves currently.

NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be
added in another PR. (Probably when deserialization is considered).

EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was
that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non
optional. As this is not the case for any other key the code has been modified.

Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11107)
2020-03-04 07:48:45 +10:00
Tomas Mraz
4a98ad086a Correct two small documentation issues
The find-doc-nits complains about non-zero word and about missing
line before =head1 which causes build failure.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11231)
2020-03-03 15:34:53 +01:00
Dmitry Belyavskiy
348900774c Documenting newly added CMS modification
Documented CMS-related API functions.
Documented flags added to openssl-cms command

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10904)
2020-03-03 16:34:40 +03:00
Dmitry Belyavskiy
71434aed0d Implementation of Russian GOST CMS
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10904)
2020-03-03 16:34:40 +03:00
Dr. Matthias St. Pierre
88398d2a35 doc: document that 'openssl rand' is cryptographically secure
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11213)
2020-03-03 10:55:03 +01:00
Philippe Antoine
a24e62f54b Fix build with clang assembler
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11219)
2020-03-03 10:51:58 +01:00
Shane Lontis
47c239c6b8 Add pairwise consistency self tests to asym keygenerators
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10952)
2020-03-03 14:02:36 +10:00
Richard Levitte
97ace6c2da .travis.yml: Remove NOUPDATE support
It was a temporary measure to deal with the fact that util/progs.pl
didn't work right at all times, but that has now been fixed.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
2020-03-02 03:34:30 +01:00
Richard Levitte
fe909ee4ae Remove apps/progs.c and apps/progs.h
Since they are generated in build time, there's not need to keep them
in the source tree.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
2020-03-02 03:34:30 +01:00
Richard Levitte
19cf4404d5 Configure: Diverse cleanups
There were some remaining old code and comments that don't serve a
purpose any longer.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
2020-03-02 03:34:30 +01:00
Richard Levitte
a3f1fc2501 Build: Generate apps/progs.c and apps/progs.h in build time
util/progs.pl depends on the build tree (on configdata.pm,
specifically), so it needs to be run from the build tree.  But why
stop there?  We might as well generate apps/progs.c and apps/progs.h
when building.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
2020-03-02 03:34:30 +01:00
Richard Levitte
e429217902 build.info: Implement simply substitutions in variable values
Use case: having a variable with multiple source files in its value,
and wanting to refer to the corresponding object file.

    $SRCS=foo.c bar.c
    SOURCE[program]=$SRCS
    DEPEND[${SRCS/.c/.o}]=prog.h

    GENERATE[prog.h]=...

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
2020-03-02 03:34:30 +01:00
Richard Levitte
ad5be194c6 build.info: Make it possible to have more than one item in KEYWORD[]
So far, the "index" part of KEYWORD[whatever] could only handle one
item.  There are cases, however, where we want to add the exact same
value to multiple items.  This is especially helpful if a variable
that may have multi-item values are used in the "index" part.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
2020-03-02 03:34:29 +01:00
Richard Levitte
2888fc1590 PROV: Add a OP_keymgmt_match() function to our DH, DSA, RSA and EC_KEY impl
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
2020-03-02 03:27:03 +01:00
Richard Levitte
ff3b59e170 EVP: Add support for copying provided EVP_PKEYs
This adds evp_keymgmt_util_copy() and affects EVP_PKEY_copy_parameters()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
2020-03-02 03:27:03 +01:00
Richard Levitte
13697f1c62 KEYMGMT: Add a keydata copy function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
2020-03-02 03:27:03 +01:00
Richard Levitte
1e9101c404 EVP: Add support for comparing provided EVP_PKEYs
This adds evp_keymgmt_util_match() and affects EVP_PKEY_cmp() and
EVP_PKEY_cmp_parameters().

The word 'match' was used for the new routines because many associate
'cmp' with comparison functions that allows sorting, i.e. return -1, 0
or 1 depending on the order in which the two compared elements should
be sorted.  EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() don't quite
do that.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
2020-03-02 03:27:03 +01:00
Richard Levitte
bee5d6cd3f KEYMGMT: Add a keydata matching function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
2020-03-02 03:27:03 +01:00
Richard Levitte
157ded39ee EVP: Adapt EVP_PKEY_missing_parameters() for provider keys
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
2020-03-02 03:27:03 +01:00
Richard Levitte
ccceeb4800 crypto/perlasm/x86_64-xlate.pl: detect GNU as to deal with quirks
It turns out that GNU as and Solaris as don't have compatible ideas on
the .section syntax, so we need to check if we're using GNU as or
another assembler and adapt this .section syntax accordingly.

Fixes #11132

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11191)
2020-03-02 03:16:08 +01:00
André Klitzing
15e5b96933 Fix drop of const qualifier
The parameter got "const" in 9fdcc21fdc but that was not added
to cast. So this throws a -Wcast-qual in user code.

error: cast from 'const DUMMY *' to 'ASN1_VALUE_st *' drops const qualifier [-Werror,-Wcast-qual]

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11210)
2020-02-29 23:44:39 +01:00
Richard Levitte
e32c608e07 DOCS: Add and modify docs for internal EVP_KEYMGMT utility functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
2020-02-29 05:39:43 +01:00
Richard Levitte
e33b132a1a DOCS: Add internal docs for EVP_PKEY and the export functions
Functions covered:

- evp_pkey_export_to_provider()
- evp_pkey_upgrade_to_provider()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
2020-02-29 05:39:43 +01:00
Richard Levitte
badf51c869 EVP: Add evp_pkey_upgrade_to_provider(), for EVP_PKEY upgrades
This function "upgrades" a key from a legacy key container to a
provider side key container.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
2020-02-29 05:39:43 +01:00
Richard Levitte
3c6ed9555c Rethink the EVP_PKEY cache of provider side keys
The role of this cache was two-fold:

1.  It was a cache of key copies exported to providers with which an
    operation was initiated.
2.  If the EVP_PKEY didn't have a legacy key, item 0 of the cache was
    the corresponding provider side origin, while the rest was the
    actual cache.

This dual role for item 0 made the code a bit confusing, so we now
make a separate keymgmt / keydata pair outside of that cache, which is
the provider side "origin" key.

A hard rule is that an EVP_PKEY cannot hold a legacy "origin" and a
provider side "origin" at the same time.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
2020-02-29 05:39:43 +01:00
Dr. Matthias St. Pierre
4911964763 man: openssl-ocsp: separate client and server options
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11033)
2020-02-29 01:33:09 +01:00
Nikolay Morozov
6103f39c0d x509v3 subjectSignTool extention support
Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String)
This extention is required to obtain the status of a qualified certificate at Russian Federation.
RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11093)
2020-02-28 18:01:16 +03:00
Richard Levitte
1dfdbd5bf6 Fix util/mktar.sh to use the new VERSION information
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11190)
2020-02-28 12:19:16 +01:00
Scott Arciszewski
c590be6f12 Fix comment placement in ecp_nistp256.ci
CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11175)
2020-02-28 00:39:18 +01:00
Richard Levitte
12d99aac97 Deprecate ASN1_sign(), ASN1_verify() and ASN1_digest()
These are old functions that fell out of use with OpenSL 0.9.7.
It's more than time to deprecate them.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11161)
2020-02-27 23:21:14 +01:00
Matt Caswell
8efc4a9c65 Implement the ECX Serializers
Provide serializers for X25519 and X448 for text, pem and der. There are
no parameter serializers because there are no parameters for these
algorithms.

Add some documentation about the various import/export types available
Add additional testing for the serializers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11095)
2020-02-28 08:08:59 +10:00
Richard Levitte
30a4cda5e0 Replace util/shlib_wrap.sh with util/wrap.pl in diverse docs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
2020-02-27 08:49:14 +01:00
Richard Levitte
c3845ceba8 Build file templates: don't set OPENSSL_{ENGINES,MODULES}
Since we've now switched to use util/wrap.pl to wrap uninstalled
programs everywhere, there's no need to set the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES globally for the tests.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
2020-02-27 08:49:14 +01:00
Richard Levitte
285e2991af TEST: add util/wrap.pl and use it
util/wrap.pl is a script that defines the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES, then calls the command line
that's given as its arguments.

On a POSIX platform, the command line call is done via
util/shlib_wrap.sh to ensure that the shared library paths are
correct.  For other platforms, util/wrap.pl currently assumes that
similar things are already in place through other means.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
2020-02-27 08:49:14 +01:00
Richard Levitte
f33ca114c1 VMS: mitigate for the C++ compiler that doesn't understand certain pragmas
This only affects __DECC_INCLUDE_EPILOGUE.H and __DECC_INCLUDE_PROLOGUE.H,
which are used automatically by HP and VSI C/C++ compilers.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11159)

(cherry picked from commit 605a0c709f)
2020-02-27 01:29:15 +01:00
Dr. Matthias St. Pierre
c50604eb4a doc: add a fancy CHANGES entry to celebrate the new Markdown format
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:06:18 +01:00
Dr. Matthias St. Pierre
be0c6a3692 doc: revamp the SUPPORT file
Too be continued...

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:06:17 +01:00
Dr. Matthias St. Pierre
6ede7d73fa doc: revamp the INSTALL file
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:06:17 +01:00
Dr. Matthias St. Pierre
44652c1637 doc: add missing CHANGES entries for all versions >= 1.0.0
Up to now, CHANGES entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:06:17 +01:00
Dr. Matthias St. Pierre
4477beacc4 doc: add missing NEWS entries for all versions >= 1.0.0
Up to now, NEWS entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:06:17 +01:00
Dr. Matthias St. Pierre
dac5138e13 doc: revamp the README file
* Add an OpenSSL logo and CI badges
 * Add a table of contents
 * Add a lot of links

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:04:38 +01:00
Dr. Matthias St. Pierre
569b74a36b doc: add OpenSSL logo
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:04:38 +01:00
Dr. Matthias St. Pierre
5f8e6c50bd doc: introduce some minimalistic markdown without essential changes
The goal is to transform the standard documents

    README, INSTALL, SUPPORT, CONTRIBUTING, ...

from a pure text format into markdown format, but in such a way
that the documentation remains nicely formatted an easy readable
when viewed with an normal text editor.

To achieve this goal, we use a special form of 'minimalistic' markdown
which interferes as little as possible with the reading flow.

 * avoid [ATX headings][] and use [setext headings][] instead
   (works for `<h1>` and `<h2>` headings only).
 * avoid [inline links][] and use [reference links][] instead.
 * avoid [fenced code blocks][], use [indented-code-blocks][] instead.

The transformation will take place in several steps. This commit
introduces mostly changes the formatting and does not chang the
content significantly.

[ATX headings]:         https://github.github.com/gfm/#atx-headings
[setext headings]:      https://github.github.com/gfm/#setext-headings
[inline links]:         https://github.github.com/gfm/#inline-link
[reference links]:      https://github.github.com/gfm/#reference-link
[fenced code blocks]:   https://github.github.com/gfm/#fenced-code-blocks
[indented code blocks]: https://github.github.com/gfm/#indented-code-blocks

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:04:38 +01:00
Dr. Matthias St. Pierre
2e07506a12 doc: convert standard project docs to markdown
In the first step, we just add the .md extension and move some
files around, without changing any content. These changes will
occur in the following commits.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:04:38 +01:00
Rich Salz
1ec45faba5 Use a wrapper for pod2html
Remove unused util/process_docs.pl

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10856)
2020-02-26 17:26:39 +01:00
Bastian Germann
d4c3bdb0f1 apps x509: restrict CAkeyform option to OPT_FMT_PDE
CAkeyform may be set to PEM, DER or ENGINE, but the current options
are not using the proper optionformat 'E' (OPT_FMT_PDE) for this.

Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting
the option value.

This amends 0ab6fc79a9 ("Fix regression on x509 keyform argument") which
did the same thing for keyform and changed the manpage synopsis entries
for both keyform and CAkeyform but did not change the option section.
Hence, change the option section for both of them.

CLA: trivial

Co-developed-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Bastian Germann <bage@linutronix.de>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11085)
2020-02-26 17:23:53 +01:00