Matt Caswell [Thu, 15 Oct 2020 10:37:38 +0000 (11:37 +0100)]
Add a CHANGES entry for the SSL_SECOP_TMP_DH change
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)
In most places this is what is passed. All these places occur server side.
However there is one client side call of this security operation and it
passes a DH object instead. This is incorrect according to the
definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other
locations.
Our own default security callback, and the debug callback in the apps,
never look at this value and therefore this issue was never noticed
previously. In theory a client side application could be relying on this
behaviour and could be broken by this change. This is probably fairly
unlikely but can't be ruled out.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13136)
Matt Caswell [Wed, 14 Oct 2020 09:45:21 +0000 (10:45 +0100)]
Concentrate deprecated libssl API usage in one file
We create a new file ssl/tls_depr.c to contain functions that need to call
deprecated APIs in libssl. This enables us to remove
OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files.
The deprecated API usage is either related to ENGINEs and is needed to
continue to support applications that use such ENGINEs. Or they are needed
to support some deprecated public libssl APIs.
One other file remains in libssl that still uses deprecated APIs: s3_cbc.c
This is needed to support the deprecated SSLv3.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13135)
Fix missing include of string.h in apps/lib/engine.c for strcmp.
This include is required for c99 on the NonStop TNS/X platform.
CLA: trivial
Fixes #13102
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13103)
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term libctx was used by far most often.)
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
Matt Caswell [Wed, 7 Oct 2020 14:59:28 +0000 (15:59 +0100)]
Remove CMS recipient info information out of the algorithm implementations
Low level algorithm implementations have no business knowing about details
of the higher level CMS concept. This knowledge is therefore moved into the
CMS layer.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13088)
Matt Caswell [Tue, 6 Oct 2020 15:02:43 +0000 (16:02 +0100)]
Move CMS enveloping code out of the algorithms and into CMS
There is quite a large amount of algorithm specific CMS code sitting in
the algorithm directories. However, this seems to break layering.
Algorithms really have no business knowing anything about CMS. Really it
should be the other way around. Where there is algorithm specific CMS code
it is the CMS layer that should know how to handle different algorithms.
Therefore we move this code into the CMS layer.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13088)
Yury Is [Mon, 12 Oct 2020 23:24:52 +0000 (02:24 +0300)]
syscall_random(): don't fail if the getentropy() function is a dummy
Several embedded toolchains may provide dummy implemented getentropy()
function which always returns -1 and sets errno to the ENOSYS.
As a result the function SSL_CTX_new() fails to create a new context.
Fixes #13002
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13114)
Reconciled c99 and loader arguments for float on NonStop TNS/E and TNS/X.
The default settings are now IEEE float.
CLA: Permission is granted by the author to the ITUGLIB team to use these modifications.
Fixes #12919
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13108)
Richard Levitte [Fri, 25 Sep 2020 07:28:14 +0000 (09:28 +0200)]
EVP: Take care of locks when downgrading an EVP_PKEY
The temporary copy that's made didn't have a lock, which could end up
with a crash. We now handle locks a bit better, and take extra care to
lock it and keep track of which lock is used where and which lock is
thrown away.
Fixes #12876
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12978)
In OpenSSL 1.1.1 the script run_tests.pl has an effectiver
workaround to fall back to Test::Harness, if TAP::Harness
is not available. That code has substantially changed,
but it seems it should still fall back but doesn't.
Observed on SuSE Linux Enterprise Server 11 (SLES11).
Error messages:
Can't locate TAP/Parser.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20.
BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 131.
and
Can't locate TAP/Harness.pm in @inc (@inc contains: /path/to/bld/openssl300/test/../util/perl /path/to/local/perl/lib/perl5 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /path/to/local/perl/lib/perl5/parent.pm line 20.
BEGIN failed--compilation aborted at /path/to/bld/openssl300/test/run_tests.pl line 215.
Concerning the fix: the docs for parent.pm show, that without
the "-norequire" it puts the require statement in a BEGIN block
which probably runs before the eval, to the loading is no
longer encapsulated by the eval. Without the additional require
line, the loading doesn't happen at all, so the availability
testing fails. Combining the "-norequire" and an explicit
"require" worked for me.
Tested on the original problem platform SLES 11, but also on
SLES 12 and 15, RHEL 6, 7 and 8 plus Solaris 10 Sparc.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12500)
Richard Levitte [Sun, 4 Oct 2020 09:51:20 +0000 (11:51 +0200)]
Make OpenSSL::ParseC and OpenSSL::Ordinals treat deprecation consistently
The triggering macro that decides if a symbol is to be considered
deprecated is OPENSSL_NO_DEPRECATEDIN_x_y[_z]. OpenSSL::ParseC
renames any OPENSSL_NO_DEPRECATED_x_y[_z] by inserting "IN".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
Richard Levitte [Sat, 3 Oct 2020 07:33:32 +0000 (09:33 +0200)]
Change OSSL_DEPRECATED to take a version argument
The macro value is changed to use deprecation messages where whose are
supported.
We also add the macro OSSL_DEPRECATED_FOR(), to be used whenever an
additional message text is desirable, for example to tell the user
what the deprecated is replaced with. Example:
OSSL_DEPRECATED_FOR(3.0,"use EVP_PKEY and EVP_PKEY_size() instead")
int RSA_size(const RSA *rsa);
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
Richard Levitte [Mon, 5 Oct 2020 12:27:37 +0000 (14:27 +0200)]
Adapt some code to OSSL_ENCODER_to_data() / OSSL_DECODER_from_data()
The functions i2d_PrivateKey(), try_key_value() i store_result.c and
X509_PUBKEY_set() were all essentially duplicating this functionality
to some degree.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13094)
Richard Levitte [Thu, 8 Oct 2020 06:11:32 +0000 (08:11 +0200)]
Fix diverse ERR code conflicts
There was a number of potential range conflicts between reason codes
from different places. Library specific reason codes are allowed to
start at 100, so it means that anything "global" is limited to the
range 1..99.
At the same time, we have the ERR_R_LIB_xxx reason codes, which have
the same numbers as ERR_LIB_xxx, potential range 1..255.
And then we have the common ERR_R_ reason codes, potential range in
OpenSSL 1.1.1 is 1..99, where fatal reasons occupy 64..99. For
OpenSSL 3.0-dev, the range for the common reason codes was pushed up
to 64..99 in an attempt to reduce the conflicts with the ERR_R_LIB_xxx
reason codes.
Currently existing conflicts in OpenSSL 1.1.1:
ERR_R_BUF_LIB and ERR_R_PASSED_INVALID_ARGUMENT have the same code.
There are currently no existing conflicts in OpenSSL 3.0-dev, but
considering that ERR_LIB_HTTP is 61, a few more modules and associated
ERR_R_LIB_xxx are going to sniff awfully close to 64, where the
common ERR_R_ codes currently start.
To avoid these range conflicts, the strategy to recognise common
reason codes is change to depend on a reason flag, ERR_RFLAG_COMMON,
and the common error codes themselves have moved start at 256, giving
them the potential range 256..2^18-1, and thus allowing ERR_R_LIB_xxx
the full range of library codes, 1..255.
The dual purpose ERR_R_FATAL is also handled in this change, by
allowing the rflags and reason codes to overlap by 1 bit, and make
both ERR_R_FATAL and ERR_RFLAG_FATAL have the same value, 2^18.
With this change, there's no need to worry about reason code conflicts
any more, every library specific range as well as the common range is
1..2^18-1.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13093)
Richard Levitte [Thu, 8 Oct 2020 04:27:51 +0000 (06:27 +0200)]
OpenSSL::Ordinals: Add options for the writing functions
OpenSSL::Ordinals::rewrite() and OpenSSL::Ordinals::write() now take
options, that are simply passed to OpenSSL::Ordinals::items(). The
'sort' option is forbidden, though, since write() already uses it, but
that means it's possible to filter the output.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13092)
Disabled symbol_presence test on NonStop due to different nm format.
CLA: trivial
Fixes #12996
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13036)
Daniel Bevenius [Mon, 5 Oct 2020 06:14:29 +0000 (08:14 +0200)]
Set mark and pop error in d2i_PrivateKey_ex
This commit sets the error mark before calling old_priv_decode and if
old_priv_decode returns false, and if EVP_PKCS82PKEY is successful, the
errors are popped to the previously set mark.
The motivation for this is an issue we found when linking Node.js
against OpenSSL 3.0. Details can be found in the link below and the
test case provided in this commit attempts cover this.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13073)
Allow to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
This unifies the behaviour of a single certificate with
an unknown CA certificate with a self-signed certificate.
The user callback can mask that error to retrieve additional
error information. So the user application can decide to
abort the connection instead to be forced by openssl.
This change in behaviour is backward compatible as user callbacks
who don't want to ignore UNABLE_TO_VERIFY_LEAF_SIGNATURE will
still abort the connection by default.
CLA: trivial
Fixes #11297
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13083)
Matt Caswell [Thu, 1 Oct 2020 16:17:58 +0000 (17:17 +0100)]
Fix the decoder start type handling
If an explicit decoder start type was provided then it wasn't being
handled correctly in all cases. Specifically if a PEM start type was
provided then the decoder would fail.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13050)
Richard Levitte [Tue, 6 Oct 2020 16:14:12 +0000 (18:14 +0200)]
Document install_fips in INSTALL.md
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
Richard Levitte [Tue, 29 Sep 2020 16:32:34 +0000 (18:32 +0200)]
providers/build.info: Tag the FIPS module, for the build file
The build file templates have code to pick up the 'fips' attribute and
thereby find out what module is the FIPS without having to resort to
ugly hard coding.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
Richard Levitte [Tue, 29 Sep 2020 16:31:58 +0000 (18:31 +0200)]
descrip.mms.tmpl: Add a target to install the FIPS module config
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
Richard Levitte [Tue, 29 Sep 2020 16:31:44 +0000 (18:31 +0200)]
windows-makefile.tmpl: Add a target to install the FIPS module config
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
Richard Levitte [Tue, 29 Sep 2020 09:11:38 +0000 (11:11 +0200)]
unix-Makefile.tmpl: Add a target to install the FIPS module config
Fixes #12195
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
Benny Baumann [Thu, 1 Oct 2020 23:06:12 +0000 (01:06 +0200)]
Avoid memory leak of parent on allocation failure for child structure
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13055)
Benny Baumann [Thu, 1 Oct 2020 23:04:06 +0000 (01:04 +0200)]
Use size of target buffer for allocation
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13055)
Replace [collapsed reference links][] for the CVEs by
[shortcut reference links], in order to to improve the
readability of the raw markdown text.
Consistently add parentheses around the CVE links at the
end of the CVE descriptions. (The NEWS file already had
the parentheses, in the CHANGES file they where missing.)
OBJ_OGRNIP denotes a specific legal status of the certificate owner.
OBJ_classSignTool* denotes a level of certification of the software
created the certificate.
http://www.garant.ru/products/ipo/prime/doc/70033464/ is the relevant
link (in Russian).
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8309)
Some of our apps turn off deprecation warnings solely for the sake of
ENGINE, and thereby shadowing other deprecations that we should take
better care of.
To solve this, all apps ENGINE functionality is move to one file,
where deprecation warning suppression is activate, and the same
suppression can then easily be removed in at least some of the apps.
Any remaining suppression that we still need to deal with should
happen as separate efforts.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13044)
Richard Levitte [Fri, 2 Oct 2020 12:21:51 +0000 (14:21 +0200)]
DECODER: Allow precise result type for OSSL_DECODER_CTX_new_by_EVP_PKEY()
There is some data that is very difficult to guess. For example, DSA
parameters and X9.42 DH parameters look exactly the same, a SEQUENCE
of 3 INTEGER. Therefore, callers may need the possibility to select
the exact keytype that they expect to get.
This will also allow use to translate d2i_TYPEPrivateKey(),
d2i_TYPEPublicKey() and d2i_TYPEParams() into OSSL_DECODER terms much
more smoothly.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13061)
drgler [Thu, 1 Oct 2020 19:20:33 +0000 (21:20 +0200)]
Ensure that _GNU_SOURCE is defined for NI_MAXHOST and NI_MAXSERV
Since glibc 2.8, these defines like `NI_MAXHOST` are exposed only
if suitable feature test macros are defined, namely: _GNU_SOURCE,
_DEFAULT_SOURCE (since glibc 2.19), or _BSD_SOURCE or _SVID_SOURCE
(before glibc 2.19), see GETNAMEINFO(3).
CLA: trivial
Fixes #13049
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13054)
Nicola Tuveri [Fri, 2 Oct 2020 00:58:10 +0000 (03:58 +0300)]
Fix segfault on missing provider_query_operation()
A provider without `provider_query_operation()` is admittedly quite
useless, yet technically the base provider functions are not mandatory
according to our documentation.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13058)
TLS AEAD ciphers: more bytes for key_block than needed
Fixes #12007
The key_block length was not written to trace, thus it was not obvious
that extra key_bytes were generated for TLS AEAD.
The problem was that EVP_CIPHER_iv_length was called even for AEAD ciphers
to figure out how many bytes from the key_block were needed for the IV.
The correct way was to take cipher mode (GCM, CCM, etc) into
consideration rather than simply callin the general function
EVP_CIPHER_iv_length.
The new function tls_iv_length_within_key_block takes this into
consideration.
Besides that, the order of addendums was counter-intuitive MAC length
was second, but it have to be first to correspond the order given in the RFC.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13035)
Richard Levitte [Wed, 30 Sep 2020 15:22:27 +0000 (17:22 +0200)]
EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use
We've had explicit checks for when to fall back to legacy code for
operations that use an EVP_PKEY. Unfortunately, the checks were
radically different in different spots, so we refactor that into a
macro that gets used everywhere.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13043)
Matt Caswell [Thu, 24 Sep 2020 09:56:03 +0000 (10:56 +0100)]
Fix some things the rename script didn't quite get right
The previous commit ran an automated rename throughout the codebase.
There are a small number of things it didn't quite get right so we fix
those in this commit.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)
rsa_mp_coeff_names should only have one entry in it for fips mode.
Reported by Tim Hudson
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13011)