Commit Graph

28161 Commits

Author SHA1 Message Date
Matt Caswell
3de751e7f0 Remove compile time guard checking from ssl3_get_req_cert_type
With 3.0 we need to know whether algs are available at run time not
at compile time. Actually the code as written is sufficient to do this,
so we can simply remove the guards.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:22:42 +00:00
Matt Caswell
05b4b85d4b Check for availability of ciphersuites at run time
In 1.1.1 and below we would check for the availability of certain
algorithms based on compile time guards. However with 3.0 this is no
longer sufficient. Some algorithms that are unavailable at compile time
may become available later if 3rd party providers are loaded. Similarly,
algorithms that exist in our built-in providers at compile time may not
be available at run time if those providers are not loaded.

Fixes #13184

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:22:42 +00:00
Matt Caswell
a763ca1177 Stop disabling TLSv1.3 if ec and dh are disabled
Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provider.

Fixes #13767

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:22:40 +00:00
Matt Caswell
8b1db5d329 Make supported_groups code independent of EC and DH
The supported groups code was checking the OPENSSL_NO_EC and
OPENSSL_NO_DH guards in order to work, and the list of default groups was
based on those guards. However we now need it to work even in a no-ec
and no-dh build, because new groups might be added from providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:20:37 +00:00
Matt Caswell
ddf8f1ce63 Ensure default supported groups works even with no-ec and no-dh
The default supported groups code was disabled in the event of a build
with no-ec and no-dh. However now that providers can add there own
groups (which might not fit into either of these categories), this is
no longer appropriate.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:20:36 +00:00
Matt Caswell
5b64ce89b0 Remove OPENSSL_NO_DH guards from libssl
This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged
in via providers it is no longer needed to disable DH at compile time in
libssl. Instead it should detect at runtime whether DH is available from
the loaded providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:20:36 +00:00
Richard Levitte
9ca08f91e9 Makefile template: Allow separate generation of .pod.in -> .pod
We do this by adding the attribute 'pod' to all .pod.in -> .pod
generations, like this:

    DEPEND[NAME.pod]{pod}=NAME.pod.in,

...  and selecting out the target files for those dependencies into a
dedicated target 'build_generated_pods', which the 'doc-nits' and
'cmd-nits' make targets are made to depend on.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14067)
2021-02-05 15:51:31 +01:00
Richard Levitte
b8393eae22 DOCS: Remove the "global" dependency on writing .pod files from .pod.in
The dependency was made in such a way that .pod.in -> .pod generation
would always be done, no matter what.  This changes the procedure so
that the generation is made "on demand", i.e. when the resulting .pod
files are needed.

This turned out to be duplicated dependencies, as the .pod -> .pod.in
dependencies were already in place.  Just removing the duplicate fixes
the situation.

'make build_all_generated' still works, for those who do want to have
all file generations performed.  (as a reminder, this is suitable to
generate the files a fast system and then copy the result to a slower
system, or system where there's no perl)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14067)
2021-02-05 15:51:31 +01:00
Richard Levitte
388eb0d970 TEST: Add an algorithm ID tester for libcrypto vs provider
Providers produce algorithm IDs of their own, and we need to compare
them against the same thing produced by libcrypto's ASN.1 code and
with legacy keys.

This tester can compare algorithm IDs for signatures and for keys,
given certificates that hold such data.

To verify key algorithm IDs, only one certificate is necessary, and
its public key is used.

To verify certificate algorithm IDs, we need to launch the signature
operation that would verify a certificate against the public key of
its signing CA, so that test needs two files.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14049)
2021-02-05 15:44:39 +01:00
Richard Levitte
93d6132a79 EVP: use evp_pkey_copy_downgraded() in EVP_PKEY_copy_parameters()
We used evp_pkey_downgrade() on 'from', which permanently converts 'from'
to have a legacy internal key.  Now that we have evp_pkey_copy_downgraded(),
it's better to use that (and thereby restore the constness contract).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13341)
2021-02-05 14:16:17 +01:00
Richard Levitte
93bae03abf dev/release.sh: Fix typo
tagley -> tagkey

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14061)
2021-02-05 14:13:52 +01:00
Richard Levitte
1e3affbbcd Remove the old DEPRECATEDIN macros
They serve no purpose any more

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13461)
2021-02-05 14:10:53 +01:00
Richard Levitte
e337b82410 ERR: Rebuild all generated error headers and source files
This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)
2021-02-05 14:09:16 +01:00
Richard Levitte
b14c8465c0 ERR: clean away everything related to _F_ macros from util/mkerr.pl
Instead, we preserve all the pre-3.0 _F_ macros in the backward
compatibility headers include/openssl/cryptoerr_legacy.h and
include/openssl/sslerr_legacy.h

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)
2021-02-05 14:09:16 +01:00
Tomas Mraz
bbde856619 RSA: properly generate algorithm identifier for RSA-PSS signatures
Fixes #13969

- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
  reflects the actual parameters set
- when generating keys do not override previously set parameters
  with defaults
- tests added to the test_req recipe that should cover the PSS signature
  handling

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
2021-02-05 14:04:59 +01:00
Tomas Mraz
26372a4d44 provider-signature.pod: Fix formatting.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
2021-02-05 14:04:59 +01:00
Rich Salz
e60147fe74 Don't make pthreads mutexes recursive.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13924)
2021-02-05 10:29:44 +00:00
Jon Spillett
05f41859dd Switch to BIO_snprintf to avoid missing symbol problems on Windows
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14063)
2021-02-05 18:03:40 +10:00
Richard Levitte
76624df15f EVP: Adapt EVP_PKEY_{set1,get1}_encoded_public_key()
These functions are modified to use EVP_PKEY_set_octet_string_param()
and EVP_PKEY_get_octet_string_param() instead of evp_keymgmt_set_params()
and evp_keymgmt_get_params().
To accomplish this fully, EVP_PKEY_get_octet_string_param() is changed
slightly to populate |*out_sz| with the return size, even if getting
the params resulted in an error.

We also modify EVP_PKEY_get_utf8_string_param() to match
EVP_PKEY_get_octet_string_param()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
2021-02-05 15:53:49 +10:00
Richard Levitte
d82c7f3dba EVP: Modify the checks in EVP_PKEY_{set,get}_xxx_param() functions
The checks of the type of EVP_PKEY were from before we had the macro
evp_pkey_is_provided().

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
2021-02-05 15:53:49 +10:00
Richard Levitte
13e85fb321 EVP: Adapt the other EVP_PKEY_set_xxx_param() functions
They were calling evp_keymgmt_set_params() directly.  Those calls are
changed to go through EVP_PKEY_set_params().

We take the opportunity to constify these functions.  They have to
unconstify internally for the compiler to stop complaining when
placing those pointers in an OSSL_PARAM element, but that's still
better than forcing the callers to do that cast.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
2021-02-05 15:53:42 +10:00
Richard Levitte
f4a3799cc4 EVP: Make EVP_PKEY_set_params() increment the dirty count
When the internal key is changed, we must count it as muted, so that
next time the affected key is considered for an operation, it gets
re-exported to the signing provider.  In other words, this will clear
the EVP_PKEY export cache when the next export attempt occurs.

This also updates evp_keymgmt_util_export_to_provider() to actually
look at the dirty count for provider native origin keys, and act
appropriately.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)
2021-02-05 15:53:29 +10:00
Petr Gotthard
7dc67708c8 apps/openssl: add -propquery command line option
Fixes #13656. Right now all openssl commands use a NULL propq. This
patch adds a possibility to specify a custom propq.

The implementation follows the example of set_nameopt/get_nameopt.

Various tools had to be modified to call app_get0_propq after it has
been populated. Otherwise the -propquery has no effect.

The tests then verify the -propquery affects the tool behaviour by
requesting a non-existing property.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13707)
2021-02-05 10:24:04 +10:00
Dr. David von Oheimb
88444854af x509_vfy.c: Improve coding style and comments all over the file
No changes in semantics.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13070)
2021-02-04 16:26:58 +01:00
Matt Caswell
af4d6c26af Remove a DSA related TODO
There are no instances of the macros that this comment is referring to
being used anywhere within current master. All of the macros were
deprecated by commit f41ac0e. Therefore this TODO should just be removed.

Fixes #13020

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14038)
2021-02-04 12:27:25 +00:00
Matt Caswell
08cea586c9 Remove some TODO(OpenSSL1.2) references
We had a couple of stray references to OpenSSL1.2 in libssl. We just
reword the comments to remove those references without changing any
behaviour.

The first one in t1_lib.c is a technical non-compliance in the TLSv1.3
spec where, under some circumstances, we offer DSA sigalgs even in a
ClientHello that eventually negotiates TLSv1.3. We explicitly chose to
accept this behaviour in 1.1.1 and we're not planning to change it for
3.0.

The second one in s3_lib.c is regarnding the behaviour of
SSL_set_tlsext_host_name(). Technically you shouldn't be able to call
this from a server - but we allow it and just ignore it rather than
raising an error. The TODO suggest we consider raising an error instead.
However, with 3.0 we are trying to minimise breaking changes so I suggest
not making this change now.

Fixes #13161

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14037)
2021-02-04 12:26:36 +00:00
Dmitry Belyavskiy
a7246ea645 DH/DHX parameter check using pkeyparam
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13930)
2021-02-04 09:33:16 +01:00
Dr. David von Oheimb
d53b437f99 Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack
This simplifies many usages

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14040)
2021-02-04 07:28:11 +01:00
Dr. David von Oheimb
b91a13f429 run_tests.pl: Improve diagnostics on the use of HARNESS_JOBS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
2021-02-04 07:25:14 +01:00
Dr. David von Oheimb
c87bcdbde4 test/recipes: split 81_test_cmp_cli.t, add test using -engine loader_attic
The HTTP-based tests are now in 80_test_cmp_http.t, to start a little earlier.
This should decrease total test run time due to better parallelization.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
2021-02-04 07:25:14 +01:00
Dr. David von Oheimb
03da39a768 apps/cmp.c: check and exit on engine load error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
2021-02-04 07:25:14 +01:00
Dr. David von Oheimb
acfccbd5ee openssl.pod: Add documentation for using the loader_attic engine
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)
2021-02-04 07:25:14 +01:00
Pauli
8549b97214 Fix a use after free issue when a provider context is being used and isn't cached
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14053)
2021-02-04 14:35:25 +10:00
Richard Levitte
9db6af922c EC: Reverse the default asn1_flag in a new EC_GROUP
The default was OPENSSL_EC_NAMED_CURVE, but that's not true until a
curve name has been set, so we change the initial value to
OPENSSL_EC_EXPLICIT_CURVE and let EC_GROUP_set_curve_name() change it
to OPENSSL_EC_NAMED_CURVE.

Submitted by Matt Caswell

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13973)
2021-02-03 17:20:56 +01:00
Richard Levitte
977e95b912 EVP: Fix evp_pkey_ctx_store_cached_data() to handle provider backed EVP_PKEY_CTX
It assumed there would always be a non-NULL ctx->pmeth, leading to a
crash when that isn't the case.  Since it needs to check 'keytype'
when that one isn't -1, we also add a corresponding check for the
provider backed EVP_PKEY_CTX case.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13973)
2021-02-03 17:20:56 +01:00
Richard Levitte
60488d2434 EVP: Don't find standard EVP_PKEY_METHODs automatically
EVP_PKEY_meth_find() got called automatically any time a new
EVP_PKEY_CTX allocator was called with some sort of key type data.
Since we have now moved all our standard algorithms to our providers,
this is no longer necessary.

We do retain looking up EVP_PKEY_METHODs that are added by the calling
application.

Fixes #11424

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13973)
2021-02-03 17:20:56 +01:00
Richard Levitte
8ce04db808 CORE & PROV: clean away OSSL_FUNC_mac_size()
There was a remaining function signature declaration, but no
OSSL_DISPATCH number for it nor any way it's ever used.  It did exist
once, but was replaced with an OSSL_PARAM item to retrieve.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14048)
2021-02-03 17:17:53 +01:00
Tomas Mraz
28e1904250 apps/ecparam: Avoid crash when parameters fail to load
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14043)
2021-02-03 12:09:44 +01:00
Armin Fuerst
963a65bfb4 apps/ca: Properly handle certificate expiration times in do_updatedb
Fixes #13944

   + changed ASN1_UTCTIME to ASN1_TIME
   + removed all Y2K code from do_updatedb
   + changed compare to ASN1_TIME_compare

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14026)

(cherry picked from commit dabea5447d)
2021-02-03 11:29:07 +01:00
Rich Salz
1409b5f664 Deprecate EVP_MD_CTX_{set_}update_fn()
They are still used internally in legacy code.

Also fixed up some minor things in EVP_DigestInit.pod

Fixes: #14003

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14008)
2021-02-03 11:12:16 +01:00
Tomas Mraz
66194839fe Add diacritics to my name in CHANGES.md
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14044)
2021-02-03 10:20:44 +01:00
Tomas Mraz
6a1a6498ac dh_cms_set_peerkey: Pad the public key to p size
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13958)
2021-02-02 16:50:32 +01:00
Dr. Matthias St. Pierre
af403db090 Add some missing committers to the AUTHORS list
Fixes #13815

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14029)
2021-02-02 16:45:44 +01:00
Matt Caswell
f94a91698b Add a CI job to run the threads test with threads sanitizer on
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:33 +00:00
Matt Caswell
0b07db6f56 Ensure the EVP_PKEY operation_cache is appropriately locked
The EVP_PKEY operation_cache caches references to provider side key
objects that have previously been exported for this EVP_PKEY, and their
associated key managers. The cache may be updated from time to time as the
EVP_PKEY is exported to more providers. Since an EVP_PKEY may be shared by
multiple threads simultaneously we must be careful to ensure the cache
updates are locked.

Fixes #13818

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:33 +00:00
Matt Caswell
4099460514 Ensure access to FIPS_state and rate_limit is appropriately locked
These variables can be accessed concurrently from multiple threads so
we ensure that we properly lock them before read or write.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:22 +00:00
Matt Caswell
04b9435a99 Always ensure we hold ctx->lock when calling CRYPTO_get_ex_data()
Otherwise we can get data races.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:21 +00:00
Matt Caswell
b233ea8276 Avoid races by caching exported ciphers in the init function
TSAN was reporting a race of the exported ciphers cache that we create in
the default and fips providers. This was because we cached it in the query
function rather than the init function, so this would cause a race if multiple
threads queried at the same time. In practice it probably wouldn't make much
difference since different threads should come up with the same answer.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:21 +00:00
Matt Caswell
cd4e6a3512 Refactor RAND_get0_primary() locking
Make sure we never read or write to dgbl->primary outside of a lock.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:21 +00:00
Matt Caswell
a0134d293e Add a multi-thread test for shared EVP_PKEYs
EVP_PKEYs may be shared across mutliple threads. For example this is
common for users of libssl who provide a single EVP_PKEY private key for
an SSL_CTX, which is then shared between multiple threads for each SSL
object.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:21 +00:00