Commit Graph

25022 Commits

Author SHA1 Message Date
Richard Levitte
f864a9396a SERIALIZER: add hooks in PEM_write_bio_ and PEM_write_fp_ routines
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte
866234ac35 SERIALIZER: add support for serializing EVP_PKEYs
The following public functions is added:

- OSSL_SERIALIZER_CTX_new_by_EVP_PKEY()
- OSSL_SERIALIZER_CTX_set_cipher()
- OSSL_SERIALIZER_CTX_set_passphrase()
- OSSL_SERIALIZER_CTX_set_passphrase_cb()
- OSSL_SERIALIZER_CTX_set_passphrase_ui()

OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() selects a suitable serializer
for the given EVP_PKEY, and sets up the OSSL_SERIALIZER_CTX to
function together with OSSL_SERIALIZER_to_bio() and
OSSL_SERIALIZER_to_fp().

OSSL_SERIALIZER_CTX_set_cipher() indicates what cipher should be used
to produce an encrypted serialization of the EVP_PKEY.  This is passed
directly to the provider using OSSL_SERIALIZER_CTX_set_params().

OSSL_SERIALIZER_CTX_set_passphrase() can be used to set a pass phrase
to be used for the encryption.  This is passed directly to the
provider using OSSL_SERIALIZER_CTX_set_params().

OSSL_SERIALIZER_CTX_set_passphrase_cb() and
OSSL_SERIALIZER_CTX_set_passphrase_ui() sets up a callback to be used
to prompt for a passphrase.  This is stored in the context, and is
called via an internal intermediary at the time of serialization.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte
1793d270f3 CORE: expose the property parsers and checker to the rest of the libraries
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte
742496f130 SERIALIZER: add functions for serialization to file
These functions are added:

- OSSL_SERIALIZER_to_bio()
- OSSL_SERIALIZER_to_fp() (unless 'no-stdio')

OSSL_SERIALIZER_to_bio() and OSSL_SERIALIZER_to_fp() work as wrapper
functions, and call an internal "do_output" function with the given
serializer context and a BIO to output the serialized result to.

The internal "do_output" function must have intimate knowledge of the
object being output.  This will defined independently with context
creators for specific OpenSSL types.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte
0d003c52d3 SERIALIZER: New API for serialization of objects through providers
Serialization is needed to be able to take a provider object (such as
the provider side key data) and output it in PEM form, DER form, text
form (for display), and possibly other future forms (XML? JSON? JWK?)

The idea is that a serializer should be able to handle objects it has
intimate knowledge of, as well as object data in OSSL_PARAM form.  The
latter will allow libcrypto to serialize some object with a different
provider than the one holding the data, if exporting of that data is
allowed and there is a serializer that can handle it.

We will provide serializers for the types of objects we know about,
which should be useful together with any other provider that provides
implementations of the same type of object.

Serializers are selected by method name and a couple of additional
properties:

- format        used to tell what format the output should be in.
                Possibilities could include "format=text",
                "format=pem", "format=der", "format=pem-pkcs1"
                (traditional), "format=der-pkcs1" (traditional)
- type          used to tell exactly what type of data should be
                output, for example "type=public" (the public part of
                a key), "type=private" (the private part of a key),
                "type=domainparams" (domain parameters).

This also adds a passphrase callback function type,
OSSL_PASSPHRASE_CALLBACK, which is a bit like OSSL_CALLBACK, but it
takes a few extra arguments to place the result in.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:54:48 +01:00
Richard Levitte
36fa4d8a0d CORE: pass the full algorithm definition to the method constructor
So far, the API level method constructors that are called by
ossl_method_construct_this() were passed the algorithm name string and
the dispatch table and had no access to anything else.

This change gives them access to the full OSSL_ALGORITHM item, thereby
giving them access to the property definition.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:42:12 +01:00
Richard Levitte
3d83c73536 CORE: ossl_namemap_add_names(): new function to add multiple names
This was originally the private add_names_to_namemap() in
crypto/evp/evp_fetch.c, but made more generally useful.

To make for more consistent function naming, ossl_namemap_add() and
ossl_namemap_add_n() are renamed to ossl_namemap_add_name() and
ossl_namemap_add_name_n().

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:42:12 +01:00
Matt Caswell
cc38e643cb Disable mem leak checking for the self test lock
The fips self test lock is deallocated in platform specific ways that may
occur after we do mem leak checking. If we don't know how to free it for
a particular platform then we just leak it deliberately. So we
temporarily disable the mem leak checking while we allocate the lock.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9939)
2019-11-29 16:14:44 +00:00
Matt Caswell
14a684bfb0 Make sure we only run the self tests once
Fixes #9909

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9939)
2019-11-29 16:14:44 +00:00
Matt Caswell
17197a2f61 Check the return from OPENSSL_buf2hexstr()
The function OPENSSL_buf2hexstr() can return NULL if it fails to allocate
memory so the callers should check its return value.

Fixes #10525

Reported-by: Ziyang Li (@Liby99)

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10526)
2019-11-29 14:21:55 +00:00
Matt Caswell
c1ff599440 Check that OPENSSL_zalloc was successful when creating EVP types
We were missing a NULL check in a few very similar places following an
OPENSSL_zalloc() call.

Reported-by: Ziyang Li (@Liby99)

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10526)
2019-11-29 14:21:46 +00:00
Matt Caswell
b4be6937f2 Add a test for NULL chunks in encrypt/decrypt
Issue #8675 describes a problem where calling EVP_DecryptUpdate() with an
empty chunk causes the result to be different compared to if you do not
use an empty chunk. This adds a test for that case.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10530)
2019-11-29 10:41:06 +00:00
Matt Caswell
4b9c750be8 Make sure we handle input NULL with length 0
If we call EVP_EncryptUpdate/EVP_DecryptUpdate with length 0 we should
be able to handle it. Most importantly we shouldn't get different
results if we do this compared to if we don't!

An exception is made for CCM mode which has special handling for this in
the low level cipher function.

Fixes #8675

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10530)
2019-11-29 10:41:06 +00:00
Richard Levitte
cff64af553 Configure: make it possible to have generated generators
This makes it possible to chain GENERATOR statements, which allows
constructs like this:

    GENERATE[something.html]=something.pod
    GENERATE[something.pod]=something.pod.in

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6236)
2019-11-29 09:51:17 +01:00
Richard Levitte
b0940b33a6 Adapt *.tmpl to generate docs at build time
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6236)
2019-11-29 09:51:17 +01:00
Richard Levitte
df8f116ecd Add doc/build.info to build the documentation
This build.info is entirely generated when configuring

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6236)
2019-11-29 09:51:17 +01:00
Richard Levitte
829f86bb7b Add the possibility to generate documentation at build time
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6236)
2019-11-29 09:51:16 +01:00
Richard Levitte
fbd03b1c59 configdata.pm.in, util/dofile.pl: load 'platform' unconditionally
The 'platform' module handles defaults fine, there's no need to add
extra conditions on it being loaded.

Fixes #10513

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10514)
2019-11-29 09:47:57 +01:00
Richard Levitte
e9b95e42fb apps/ocsp.c: sock_timeout -> socket_timeout
It appears that 'sock_timeout' is defined at least with DJGPP, so we
rename our symbol and hope the new name isn't taken.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10515)
2019-11-29 09:45:48 +01:00
moehuster
3c86a2b5c8 Fix L<EVP_MD_CTX_set_pkey_ctx> links
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10420)

(cherry picked from commit ca7c982821)
2019-11-28 16:53:54 +01:00
Ard Biesheuvel
07a470729c chacha/asm/chacha-armv8.pl: preserve FP registers d8 and d9 correctly
Depending on the size of the input, we may take different paths through
the accelerated arm64 ChaCha20 routines, each of which use a different
subset of the FP registers, some of which need to be preserved and
restored, as required by the AArch64 calling convention (AAPCS64)

In some cases, (e.g., when the input size is 640 bytes), we call the 512
byte NEON path followed directly by the scalar path, and in this case,
we preserve and restore d8 and d9, only to clobber them again
immediately before handing over to the scalar path which does not touch
the FP registers at all, and hence does not restore them either.

Fix this by moving the restoration of d8 and d9 to a later stage in the
512 byte routine, either before calling the scalar path, or when exiting
the function.

Fixes #10470
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10497)
2019-11-28 16:40:43 +01:00
Rich Salz
d86925e6bd Use option/parameter consistently.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10135)
2019-11-28 13:58:51 +01:00
Rich Salz
22bb8c2545 Document more env var stuff, fix some typo's
Add openssl-env.pod
Also fix up many other environment page formatting nits.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10135)
2019-11-28 13:58:51 +01:00
Richard Levitte
b7f491cbd6 test/cipher_overhead_test.c: build unconditionally
Build it against static libraries always, since that's the only way it
can work as intended.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10516)
2019-11-27 20:37:16 +01:00
Richard Levitte
76fde1db3c util/find-doc-nits: Better parsing of links
When checking links, we need to peal away stuff that aren't part of
the link proper first.  That makes it easier to check the link
itself.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10507)
2019-11-27 16:18:28 +01:00
Richard Levitte
2a03823606 doc/man7/proxy-certificates.pod: New guide for proxy certificates
This replaces doc/HOWTO/proxy_certificates.txt

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10507)
2019-11-27 16:18:28 +01:00
Pauli
defd3ed820 Property: fix memory leak.
Coverity 1456008.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10509)
2019-11-26 08:05:51 +10:00
Shane Lontis
3c957bcd54 Cache constants for fetched EVP_cipher
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10461)
2019-11-25 13:35:43 +01:00
John Baldwin
a7bdd0433c Support ciphersuites using a SHA2 384 digest in FreeBSD KTLS.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #10372
2019-11-24 23:12:38 +01:00
Pauli
e5ecfcc788 Property: fix intermittent test failure.
The reduction in the cache flush threshold in #10408 caused the stochastic test
to fail with noticeable probability.  Revert that part of the change.

Also add a comment to help avoid this in future.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10505)
2019-11-24 21:54:34 +10:00
Dr. Matthias St. Pierre
23f3993127 Remove RANDFILE settings from configuration files
OpenSSL 1.1.1 introduced a new CSPRNG with an improved seeding
mechanism, which makes it dispensable to define a RANDFILE for
saving and restoring randomness. This commit removes the RANDFILE
declarations from our own configuration files and adds documentation
that this option is not needed anymore and retained mainly for
compatibility reasons.

Fixes #10433

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10436)
2019-11-24 08:35:14 +01:00
Matus Kysel
0c080f73e8 Remove deadlock that was caused by calling pthread_rwlock_wrlock() on same thread twice. This can be reproduce only with musl.
CLA: trivial

Signed-off-by: Matus Kysel <mkysel@tachyum.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10501)
2019-11-24 07:32:22 +10:00
Daniil Zotkin
6834df12d1 Process GOST ClientKeyExchange message in SSL_trace
Use ssl_print_hex to print message in case of GOST key exchange algorithm.

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9995)
2019-11-23 16:27:30 +03:00
Richard Levitte
72a5412b48 UI_UTIL_wrap_read_pem_callback(): when |cb| is NULL, use PEM_def_callback
Fixes #10444

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10447)
2019-11-22 15:19:19 +01:00
Pauli
3478a2102e Thread: Avoid a NULL dereference after failed initialisation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10493)
2019-11-22 15:26:33 +10:00
Pauli
acc7b9fb5c main: avoid a NULL dereference on initialisation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10495)
2019-11-22 15:22:57 +10:00
Pauli
a89befba60 PROV: Avoid NULL dereference in SHA3 dup call.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10487)
2019-11-22 15:20:54 +10:00
Pauli
c676ff42b0 PROV: check for memory allocation failure in digest _dupctx.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10487)
2019-11-22 15:20:54 +10:00
Pauli
3c65941546 kdfs: make free calls check for NULL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10496)
2019-11-22 15:19:28 +10:00
Benjamin Kaduk
2a53855110 Fix a race condition in SNI handling
As was done for ciphers, supported groups, and EC point formats in
https://github.com/openssl/openssl/pull/9162, only write the negotiated
SNI hostname value to the session object when not resuming, even for
TLS 1.3 resumptions.  Otherwise, when using a stateful session cache
(as is done by default when 0-RTT data is enabled), we can have multiple
SSLs active using the same in-memory session object, which leads to
double-frees and similar race conditions in the SNI handler prior
to this commit.

Fortunately, since draft-ietf-tls-tls13-22, there is no requirement
that the SNI hostname be preserved across TLS 1.3 resumption, and thus
not a need to continually update the session object with the "current"
value (to be used when producing session tickets, so that the subsequent
resumption can be checked against the current value).  So we can just
relax the logic and only write to the session object for initial handshakes.
This still leaves us in a somewhat inconsistent state, since if the SNI value
does change across handshakes, the session object will continue to record
the initial handshake's value, even if that bears no relation to the
current handshake.  The current SSL_get_servername() implementation
prefers the value from the session if s->hit, but a more complete fix
for that and related issues is underway in
https://github.com/openssl/openssl/pull/10018; there is no need to wait
for the complete fix for SNI name handling in order to close the
race condition and avoid runtime crashes.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10441)
2019-11-21 18:09:59 -08:00
Pauli
bd65afdb21 Core: allow NULL argument to stored_namemap_free().
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10488)
2019-11-22 08:18:42 +10:00
Matt Caswell
e44192d14b Documentation updates due to naming tweaks
Also documents our new canonical naming.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10092)
2019-11-21 15:49:58 +00:00
Matt Caswell
cc35c3ed8f Tweak some algorithm naming inconsistencies
Make some algorithms names better match our "canonical" style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10092)
2019-11-21 15:45:37 +00:00
Pauli
ab5c77b476 EVP p_lib: Add NULL check to EVP_PKEY_missing_parameters.
Check for NULL and return error if so.
This can possibly be called from apps/ca.c with a NULL argument.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/10474)
2019-11-21 14:34:55 +10:00
Pauli
9bada854de Engine: Add NULL check.
Add NULL check for return from pkey_asn1_meths.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10473)
2019-11-21 14:31:58 +10:00
Pauli
cff7d199e0 ECDSA: don't clear free memory after verify.
Verifications are public, there is no need to clear the used storage before
freeing it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10475)
2019-11-21 14:28:37 +10:00
Richard Levitte
6a835fcfb1 Replumbing: pre-populate the EVP namemap with commonly known names
This adds ossl_namemap_empty(), to detect if a namemap is empty and
can thereby be pre-populated.

This also affects the way legacy NIDs are looked up in
evp_cipher_from_dispatch() and evp_md_from_dispatch().  Instead of
trying to find the NID directly, look up the legacy method structure
and grab the NID from there.  The reason is that NIDs can be aliases
for other NIDs, which looks like a clash even if wasn't really one.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8984)
2019-11-20 14:22:35 +01:00
Bernd Edlinger
9ce91035bc Fix sha512_block_data_order_avx2 backtrace info
We store a secondary frame pointer info for the debugger
in the red zone.

Fixes #8853

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9624)
2019-11-20 14:06:23 +01:00
Patrick Steuer
f7382fbbd8 Allow specifying the tag after AAD in CCM mode (2)
In addition to 67c81ec3 which introduced this behavior in CCM mode
docs but only implemented it for AES-CCM.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10331)
2019-11-20 10:40:55 +01:00
Patrick Steuer
51356a066e Dont pass zero length input to asm modules for ciphers
The asm modules may assume an input length > 0.

Fixes: #9262

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10323)
2019-11-20 10:24:53 +01:00