Commit Graph

27338 Commits

Author SHA1 Message Date
XiaokangQian
ec5059c3ef Fix Aes-xts potential failure on aarch64
Add return value for aarch64 in the init key function.
This will avoid overwriting the stream pointers of aarch64.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13133)
2020-10-20 13:45:01 +02:00
Jacob Hoffman-Andrews
6be235a092 Prefix crlNumber output with 0x.
When the crlNumber field contains only 0-9 digits, the output is
ambiguous as to what base it's in, which can be confusing. Adding this
prefix makes it explicit that it's in hex.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12434)
2020-10-20 17:27:42 +10:00
Matt Caswell
1dc5128577 Fix no-dh
One of the x509 tests checks to make sure spurious errors don't appear on
the stack. The x509 app uses the OSSL_STORE code to load things. The
OSSL_STORE code will try various different formats - which results in
lots of failures. However those failures are typically suppressed by
OSSL_STORE unless they are interesting. OSSL_STORE thinks it knows what
kind of errors are uninteresting (ASN.1 errors) but gets confused if
upper levels of code add additional errors to the stack. This was
happening in the DSA code which confused OSSL_STORE and meant the errors
were not being suppressed properly - and hence the x509 test failed.

Interestingly this only impacts a no-dh build, because in a no-dh build
the DSA param decoder suddenly becomes the last to be tried. If it
happens earlier in the list the errors end up getting suppressed anyway.

The simplest solution is to just to remove the error from the DSA param
decoder code. It's not adding any useful information anyway.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13162)
2020-10-19 16:11:40 +01:00
Richard Levitte
ea7277fd2e TEST: fix the DH tests to reproduce the priv_len settings
Some DH tests are done against files generated with '-pkeyopt priv_len:224'
This parameter must of course be reproduced when creating the key with
EVP_PKEY_fromdata(), or there will be a default that's guaranteed to
differ from the key parameters on file.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13166)
2020-10-19 12:14:11 +02:00
Richard Levitte
ee55a20727 DH: have DH_set_length() increment the dirty count.
The recommended private key length is a key parameter among other key
parameters, and is included in the key data transferred in an import
or export between legacy implementations and provider implementations.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13166)
2020-10-19 12:14:11 +02:00
Richard Levitte
0ba71d6a63 DH: make the private key length importable / exportable
The DH private key length, which is an optional parameter, wasn't
properly imported / exported between legacy and provider side
implementations.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13166)
2020-10-19 12:14:11 +02:00
Dr. Matthias St. Pierre
6c8149df1f Change markdown link style in README, INSTALL, SUPPORT and CONTRIBUTING
Replace [collapsed reference links][] by [shortcut reference links],
in order to to improve the readability of the raw markdown text,
see also commit d8dc853825 (Change CVE link style in CHANGES and NEWS).

[collapsed reference links]:
  https://github.github.com/gfm/#collapsed-reference-link

[shortcut reference links]:
  https://github.github.com/gfm/#shortcut-reference-link

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13165)
2020-10-18 13:28:08 +02:00
Dr. Matthias St. Pierre
84dd002f41 README: make the link to the OpenSSL 3.0 Wiki page more prominent
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13164)
2020-10-18 13:24:26 +02:00
Richard Levitte
9096809b20 ENCODER & DECODER: set params on all encoder/decoder instances, unconditionally
OSSL_DECODER_CTX_set_params() and OSSL_ENCODER_CTX_set_params() would
stop as soon as a decoder / encoder instance failed, which leaves the
rest of them with a possibly previous and different value.

Instead, these functions will now call them all, but will return 0 if
any of the instance calls failed.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13156)
2020-10-17 11:56:37 +02:00
Richard Levitte
a1fc4642e1 dev/release.sh: improve instruction for pushing the tag
'git push --follow-tags' does a little too much, any spurious tag
object that the releaser have in their local repository will come
along, even though they have nothing to do with the commits being
pushed.

Therefore, we modify the instructions to show a separate and explicit
push of the release tag.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13159)
2020-10-17 11:54:34 +02:00
Richard Levitte
b40498c6e7 TEST: modify tconversion.pl for forensics
In the interest of finding out what went wrong with a test by looking
at its output, tconversion.pl is modified to take arguments in option
form, and gets an additional -prefix option that callers can use to
ensure output files are uniquely named.

Test recipes are modified to use these new options.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13147)
2020-10-16 19:07:20 +02:00
Matt Caswell
372e72b19e Add a CHANGES entry for the SSL_SECOP_TMP_DH change
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)
2020-10-16 14:58:44 +01:00
Matt Caswell
47e81a1bfa Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
The security operation SSL_SECOP_TMP_DH is defined to take an EVP_PKEY
in the "other" parameter:

 /* Temporary DH key */
 # define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)

In most places this is what is passed. All these places occur server side.
However there is one client side call of this security operation and it
passes a DH object instead. This is incorrect according to the
definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other
locations.

Our own default security callback, and the debug callback in the apps,
never look at this value and therefore this issue was never noticed
previously. In theory a client side application could be relying on this
behaviour and could be broken by this change. This is probably fairly
unlikely but can't be ruled out.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)
2020-10-16 14:58:44 +01:00
Matt Caswell
301fcb2843 Concentrate deprecated libssl API usage in one file
We create a new file ssl/tls_depr.c to contain functions that need to call
deprecated APIs in libssl. This enables us to remove
OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files.

The deprecated API usage is either related to ENGINEs and is needed to
continue to support applications that use such ENGINEs. Or they are needed
to support some deprecated public libssl APIs.

One other file remains in libssl that still uses deprecated APIs: s3_cbc.c
This is needed to support the deprecated SSLv3.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13135)
2020-10-16 14:47:21 +01:00
Randall S. Becker
192d4b9ca6 Fix missing include of string.h in apps/lib/engine.c for strcmp.
This include is required for c99 on the NonStop TNS/X platform.

CLA: trivial

Fixes #13102

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13103)
2020-10-16 08:23:35 +01:00
Pauli
f4bd510503 list: add a -provider-info option.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13084)
2020-10-16 10:33:38 +10:00
Pauli
994a924b3c null prov: fix gettable param array type.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13084)
2020-10-16 10:33:38 +10:00
Matt Caswell
e8dca211b4 Prepare for 3.0 alpha 8
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2020-10-15 14:16:19 +01:00
Matt Caswell
f9a5682e5c Prepare for release of 3.0 alpha 7
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2020-10-15 14:15:55 +01:00
Matt Caswell
eec0ad10b9 Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13144)
2020-10-15 14:10:06 +01:00
Akshit Akhoury
796948cd73 Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE
CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13062)
2020-10-15 13:54:21 +01:00
Dr. Matthias St. Pierre
a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term libctx was used by far most often.)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 12:00:21 +01:00
Dr. Matthias St. Pierre
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 11:59:53 +01:00
Matt Caswell
29000e43ea Make evp_pkey_ctx_get0_libctx/propq public API
These were previously added as an internal API. But since the CMS code
needs them, other code might do too.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13088)
2020-10-15 10:00:28 +01:00
Matt Caswell
0d30e15a57 Remove some more CMS key downgrades
Fixes #12983

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13088)
2020-10-15 10:00:28 +01:00
Matt Caswell
7022d9b903 Remove CMS recipient info information out of the algorithm implementations
Low level algorithm implementations have no business knowing about details
of the higher level CMS concept. This knowledge is therefore moved into the
CMS layer.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13088)
2020-10-15 10:00:28 +01:00
Matt Caswell
9ab7fe4836 Move CMS signing code out of the algorithms and into CMS
There is a large amount of CMS sepcific code in the algorithms. This is in
the wrong place and breaks layering. This code should be in the CMS layer.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13088)
2020-10-15 10:00:28 +01:00
Matt Caswell
0b3a4ef27a Move CMS enveloping code out of the algorithms and into CMS
There is quite a large amount of algorithm specific CMS code sitting in
the algorithm directories. However, this seems to break layering.
Algorithms really have no business knowing anything about CMS. Really it
should be the other way around. Where there is algorithm specific CMS code
it is the CMS layer that should know how to handle different algorithms.

Therefore we move this code into the CMS layer.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13088)
2020-10-15 10:00:19 +01:00
Matt Caswell
99b3b762c3 Remove a CMS key downgrade
We were downgrading a key in the CMS code. This is no longer necessary.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13088)
2020-10-15 10:00:19 +01:00
Nicola Tuveri
5b70206cb3 [test][tls-provider] Implement KEM algorithm
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
2020-10-14 18:42:59 +03:00
Nicola Tuveri
8b17fbaf46 [ssl] Support ssl_encapsulate on server side
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
2020-10-14 18:42:59 +03:00
Nicola Tuveri
a011b5861b [ssl] Support ssl_decapsulate on client side
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
2020-10-14 18:42:59 +03:00
Nicola Tuveri
c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
Note that with this commit the optional parameter is introduced, but
libssl still ignores it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
2020-10-14 18:42:59 +03:00
Nicola Tuveri
ecff43e0ca [test][tls-provider] Add 2nd pluggable tls group for KEM
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
2020-10-14 18:42:58 +03:00
Nicola Tuveri
c8e3a4c613 [test][sslapitest] Add test for pluggable KEM group
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
2020-10-14 18:42:58 +03:00
Nicola Tuveri
32fea070dc [test][tls-provider] Group xor_group properties in a struct
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
2020-10-14 18:42:58 +03:00
Kurt Roeckx
47690cd4ce Use __BYTE_ORDER__ to test the endianness when available
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #13085
2020-10-14 09:51:56 +02:00
Yury Is
8e596a93bc syscall_random(): don't fail if the getentropy() function is a dummy
Several embedded toolchains may provide dummy implemented getentropy()
function which always returns -1 and sets errno to the ENOSYS.

As a result the function SSL_CTX_new() fails to create a new context.

Fixes #13002

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13114)
2020-10-14 07:52:39 +02:00
Randall S. Becker
58608c7c7a Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X.
The default settings are now IEEE float.

CLA: Permission is granted by the author to the ITUGLIB team to use these modifications.

Fixes #12919

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13108)
2020-10-14 04:16:59 +02:00
Richard Levitte
a8154452e5 EVP: Take care of locks when downgrading an EVP_PKEY
The temporary copy that's made didn't have a lock, which could end up
with a crash.  We now handle locks a bit better, and take extra care to
lock it and keep track of which lock is used where and which lock is
thrown away.

Fixes #12876

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12978)
2020-10-13 06:45:58 +02:00
Ikko Ashimine
9f7505ab6a Fixed typo in ssl_lib.c
orignal -> original

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13111)
2020-10-12 17:06:22 -07:00
Rainer Jung
c804f2965e Make TAP::Harness and TAP::Parser optional.
In OpenSSL 1.1.1 the script run_tests.pl has an effectiver
workaround to fall back to Test::Harness, if TAP::Harness
is not available. That code has substantially changed,
but it seems it should still fall back but doesn't.

Observed on SuSE Linux Enterprise Server 11 (SLES11).

Error messages:

Can't locate TAP/Parser.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20.
BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 131.

and

Can't locate TAP/Harness.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20.
BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 215.

Concerning the fix: the docs for parent.pm show, that without
the "-norequire" it puts the require statement in a BEGIN block
which probably runs before the eval, to the loading is no
longer encapsulated by the eval. Without the additional require
line, the loading doesn't happen at all, so the availability
testing fails. Combining the "-norequire" and an explicit
"require" worked for me.

Tested on the original problem platform SLES 11, but also on
SLES 12 and 15, RHEL 6, 7 and 8 plus Solaris 10 Sparc.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12500)
2020-10-12 11:39:06 +02:00
Richard Levitte
8ebd88950d Document how deprecation should be done
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:31 +02:00
Richard Levitte
d406f0fe67 OpenSSL::ParseC: handle OSSL_CORE_MAKE_FUNC
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:31 +02:00
Richard Levitte
3ad9c47864 Add PEM declaration macros that take attributes
This makes it possible to easily deprecated selections of PEM
functions.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:31 +02:00
Richard Levitte
895419b7d1 Add ASN1 declaration macros that take attributes
This makes it possible to easily deprecated selections of ASN1
functions.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:30 +02:00
Richard Levitte
053730c5b7 Make OpenSSL::ParseC and OpenSSL::Ordinals treat deprecation consistently
The triggering macro that decides if a symbol is to be considered
deprecated is OPENSSL_NO_DEPRECATEDIN_x_y[_z].  OpenSSL::ParseC
renames any OPENSSL_NO_DEPRECATED_x_y[_z] by inserting "IN".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:30 +02:00
Richard Levitte
77c30753cd Add convenience macros OSSL_DEPRECATEDIN_{major}_{minor}
As opposed to DEPRECATEDIN_{major}_{minor}(), any use of these macros must
be guarded with a corresponding OPENSSL_NO_DEPRECATED_{major}_{minor}:

    #ifndef OPENSSL_NO_DEPRECATED_3_0
    OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa);
    #endif

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:30 +02:00
Richard Levitte
f044964e7a Add definitions of OSSL_DEPRECATED[_FOR] for Microsoft VC
It turns out that they have __declspec(deprecated) that correspond
pretty much to GCC's __attribute__((deprecated)), including for
messages.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:30 +02:00
Richard Levitte
6fbb89fb12 Change OSSL_DEPRECATED to take a version argument
The macro value is changed to use deprecation messages where whose are
supported.

We also add the macro OSSL_DEPRECATED_FOR(), to be used whenever an
additional message text is desirable, for example to tell the user
what the deprecated is replaced with.  Example:

    OSSL_DEPRECATED_FOR(3.0,"use EVP_PKEY and EVP_PKEY_size() instead")
    int RSA_size(const RSA *rsa);

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:30 +02:00