Richard Levitte [Tue, 16 Mar 2021 04:40:50 +0000 (05:40 +0100)]
CORE: pre-populate the namemap with legacy OIDs too
This also pre-populates the namemap with names derived from the
internal EVP_PKEY_ASN1_METHODs. This requires attention, as they
contain aliases that we may want (RSA == rsaEncryption), as well as
aliases that we absolutely do not want (SM2 == EC).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Richard Levitte [Thu, 11 Mar 2021 12:36:06 +0000 (13:36 +0100)]
CORE: Register all legacy "names" when generating the initial namemap
When generating the initial namemap from EVP cipher and digest names,
we din't do it quite as thoroughly as necessary, which meant that so
called "long names" weren't necessarily registered, and if anyone ever
tried to check the algorithm of an EVP_CIPHER or EVP_MD using a so
called "long name" would fail.
This doesn't deal with the fact that "long names" have a distinct role
as human readable descriptors, useful for printouts. Further changes
are necessary to deal with this.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Richard Levitte [Wed, 10 Mar 2021 11:58:53 +0000 (12:58 +0100)]
Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()
The intention is to allow for OIDs for which libcrypto has no
information, but are still fetchable for OSSL_ALGORITHM
implementations that specify an OID amongst their names.
Fixes #14278
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Richard Levitte [Wed, 10 Mar 2021 11:53:51 +0000 (12:53 +0100)]
TEST: Modify how the retrieved digest name for SM2 digestsign is checked
Because of aliases, retrieved names won't always match one specific
string. A safer way to check is to fetch the digest from the
retrieved name and check it's the expected one with the help of
EVP_MD_is_a().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Richard Levitte [Wed, 10 Mar 2021 10:32:45 +0000 (11:32 +0100)]
TEST: Modify testutil's run_tests to display NOSUBTEST cases individually
When test cases were added with ADD_ALL_TESTS_NOSUBTEST(), all those
iteration verdicts were summarized as if it was one single case. This
modification gets each iteration verdict displayed separately instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Richard Levitte [Wed, 10 Mar 2021 10:22:55 +0000 (11:22 +0100)]
PROV: Add OIDs we know to all provider applicable algorithms
The OIDs were extracted with the help of libcrypto's ASN1 OID database.
While doing this, we move all the names strings to macro definitions,
to avoid duplication and conflicting names declarations. Those macros
are all in providers/implementations/include/prov/names.h
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Rich Salz [Tue, 16 Feb 2021 22:51:56 +0000 (17:51 -0500)]
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
Rich Salz [Mon, 15 Feb 2021 17:31:36 +0000 (12:31 -0500)]
Standard style for all EVP_xxx_free routines
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
Matt Caswell [Mon, 12 Apr 2021 14:22:56 +0000 (15:22 +0100)]
Sanity check provider up-calls
When we store references to up-calls for future reference we run a sanity
check to make sure we either previously haven't set these values or they
are the same as last time. We don't support the scenario where an
application is linked against multiple versions of libcrypto but using a
shared fips.so file. This would result in different up-calls for different
calls to OSSL_provider_init(), which we currently can't handle.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14814)
Matt Caswell [Fri, 9 Apr 2021 16:26:34 +0000 (17:26 +0100)]
Store some FIPS global variables in the FIPS_GLOBAL structure
We had some FIPS global variables that were based on values from the
config file. In theory if two instances of the fips module are loaded
they could be based on different config files which would cause this to
fail. Instead we store them in the FIPS_GLOBAL structure.
Fixes #14364
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14814)
Add some additional NULL checks to prevent segfaults.
Fixes #14809
PR #14752 attempted to pass the libctx, propq in a few places related to
X509 signing. There were a few places that needed additional NULL checks so that they behavethe same as they did before.
OCSP_basic_sign() was changed to call EVP_DigestSignInit_ex() which passed the parameter EVP_MD_name(dgst). Since dgst can be NULL EVP_MD_name() was segfaulting.
Adding an additional NULL check EVP_MD_name() resolves this issue.
The other NULL checks are required to produce errors rather than
segfaults if the certificate is NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14826)
Add domain parameter match check for DH and ECDH key exchange.
Fixes #14808
Validation checks were moved into EVP_PKEY_derive_set_peer() which broke
an external negative test. Originally the old code was semi working by checking the peers public key was in the range of other parties p. It was not actually ever
checking that the domain parameters were consistent between the 2
parties. It now checks the parameters match as well as validating the
peers public key.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14823)
Matt Caswell [Mon, 12 Apr 2021 14:52:05 +0000 (15:52 +0100)]
Remove a TODO(3.0) from X509_PUBKEY_set
The comment talks about the EVP_PKEY that is contained within an
X509_PUBKEY object and whether it has to be exactly the same as the one
passed by the caller in X509_PUBKEY_set(). IMO it does, so the TODO should
be dropped.
Fixes #14378
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14845)
FdaSilvaYY [Wed, 28 Mar 2018 21:15:38 +0000 (23:15 +0200)]
crypto: raise error on malloc failure
clean a few style nits.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14806)
FdaSilvaYY [Sun, 6 May 2018 15:50:23 +0000 (17:50 +0200)]
nits: fix a few typo in template code
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14806)
This issue reveiled a more general problem, which applies to the tests as well:
unless openssl is installed, the openssl app must not use any preinstalled
configuration file. This holds in particular when the preinstalled configuration
file load providers, which caused the above failure.
The most consistent way to achieve this behaviour is to set the OPENSSL_CONF
environment variable to the correct location in the util/wrap.pl perl wrapper.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14136)
Petr Gotthard [Sat, 10 Apr 2021 09:08:58 +0000 (11:08 +0200)]
apps: call ERR_print_errors when OSSL_PROVIDER_load fails
The ERR_print_errors often displays the reason why the provider
couldn't be loaded. Hence it is quite important for debugging.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14818)
Compliance with IG 9.4 requires that an inverse cipher function be
tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this
requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse
function during decryption mode).
Added a mode to the cipher test so that the AES_GCM only does an encrypt
and AES_ECB only does a decrypt. TDES still does both.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14825)
Matt Caswell [Thu, 8 Apr 2021 15:22:51 +0000 (16:22 +0100)]
Remove the function EVP_PKEY_set_alias_type
OTC recently voted that EVP_PKEY types will be immutable in 3.0. This
means that EVP_PKEY_set_alias_type can no longer work and should be
removed entirely (applications will need to be rewritten not to use it).
It was primarily used for SM2 which no longer needs this call.
Applications should generate SM2 keys directly (without going via an EC
key first), or otherwise when loading keys they should automatically be
detected as SM2 keys.
Fixes #14379
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14803)
Matt Caswell [Wed, 7 Apr 2021 18:36:45 +0000 (19:36 +0100)]
Update KTLS documentation
KTLS support has been changed to be off by default, and configuration is
via a single "option" rather two "modes". Documentation is updated
accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14799)
Matt Caswell [Wed, 7 Apr 2021 15:53:28 +0000 (16:53 +0100)]
Only enable KTLS if it is explicitly configured
It has always been the case that KTLS is not compiled by default. However
if it is compiled then it was automatically used unless specifically
configured not to. This is problematic because it avoids any crypto
implementations from providers. A user who configures all crypto to use
the FIPS provider may unexpectedly find that TLS related crypto is actually
being performed outside of the FIPS boundary.
Instead we change KTLS so that it is disabled by default.
We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather
than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and
SSL_MODE_NO_KTLS_TX).
Fixes #13794
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14799)
These functions are prerequisites for implementing EVP_PKEY_todata().
OSSL_PARAM_dup() is required to make a deep copy of the exported
params (since the provider export() uses a OSSL_PARAM_BLD which throws away the
data after the call), and then use OSSL_PARAM_merge() to add some additional params
that can be passed to the EVP_PKEY_todata().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14785)
Pauli [Fri, 9 Apr 2021 06:20:15 +0000 (16:20 +1000)]
kmac: fix customistation string overflow bug
Previously there was an off by two error allowing a stack buffer overrun.
Avoided this by allocating a correct sized buffer on the stack. A side effect
is that the maximum size of the customisation string can be increased.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14810)
Armin Fuerst [Sat, 6 Mar 2021 11:19:18 +0000 (12:19 +0100)]
apps: fix warning about size_t / int conversion
Windows builds show the following warning:
(..\apps\ca.c(2643): warning C4267: 'function': conversion
from 'size_t' to 'int', possible loss of data)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14453)
Dave Coombs [Tue, 6 Apr 2021 16:49:21 +0000 (12:49 -0400)]
crl2pkcs7 shouldn't include empty optional sets
If using crl2pkcs7 -nocrl and with no -certfiles, we shouldn't include
the implicitly tagged [0] certs and [1] crls sets as they are marked
optional and would be empty.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14781)
Christian Heimes [Tue, 30 Mar 2021 10:02:42 +0000 (12:02 +0200)]
Inherit hostflags verify params even without hosts
X509_VERIFY_PARAM_inherit() now copies hostflags independently of hosts.
Previously hostflags were only copied when at least one host was set.
Typically applications don't configure hosts on SSL_CTX. The change
enables applications to configure hostflags on SSL_CTX and have OpenSSL
copy the flags from SSL_CTX to SSL.
Fixes: https://github.com/openssl/openssl/issues/14579 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14743)
Matt Caswell [Thu, 25 Mar 2021 16:55:51 +0000 (16:55 +0000)]
Update provider.pod
The previous commits moved some content out of provider.pod into other
pages, so that content is now removed. provider.pod is now exclusively
focussed on provider authors.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Configure: Check if 128-bit integers are supported by compiler
Add a config variable "use_int128" to indicate if 128-bit integers are
supported or not at the configure time. This makes it easier to
automatically select 64-bit versus 32-bit implementation for curve448.
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Mon, 1 Feb 2021 05:22:16 +0000 (16:22 +1100)]
curve448: Use constant time zero check function
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Mon, 1 Feb 2021 05:20:12 +0000 (16:20 +1100)]
Add a constant time zero check function for 64-bit integers
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Tue, 19 Jan 2021 03:05:24 +0000 (14:05 +1100)]
curve448: Remove the unrolled loop version
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Mon, 29 Mar 2021 06:26:41 +0000 (17:26 +1100)]
curve448: Use NLIMBS where appropriate to simplify the code
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Tue, 19 Jan 2021 03:04:48 +0000 (14:04 +1100)]
curve448: Modernise reference 64-bit code
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Tue, 19 Jan 2021 02:52:52 +0000 (13:52 +1100)]
curve448: Rename arch_ref64 to arch_64
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Mon, 29 Mar 2021 08:08:58 +0000 (19:08 +1100)]
curve448: Use relative includes to avoid explicit dependencies
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Mon, 29 Mar 2021 07:20:53 +0000 (18:20 +1100)]
Use numbers definition of int128_t and uint128_t
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Amitay Isaacs [Mon, 29 Mar 2021 07:06:13 +0000 (18:06 +1100)]
numbers: Define 128-bit integers if compiler supports
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)