cmp_mock_srv.c: Add missing OldCertID check for 'kur' cert update requests
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
CMP: Add missing getter functions to CRMF API and CMP API
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
Richard Levitte [Mon, 28 Jun 2021 03:52:42 +0000 (05:52 +0200)]
DECODER & ENCODER: Make sure to pass around the original selection bits
When decoding a key and asking the keymgmt to import the key data, it
was told that the key data includes everything. This may not be true,
since the user may have specified a different selection, and some
keymgmts may want to be informed.
Our key decoders' export function, on the other hand, didn't care
either, and simply export anything they could, regardless.
In both cases, the selection that was specified by the user is now
passed all the way.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
Hubert Kario [Fri, 25 Jun 2021 11:34:31 +0000 (13:34 +0200)]
doc: make error checking in ticket handling code explicit
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15918)
Richard Levitte [Mon, 28 Jun 2021 03:37:22 +0000 (05:37 +0200)]
ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt
If there are keymgmts and en/decoders from the same provider, try to
combine them first.
This avoids unnecessary export/import dances, and also tries to avoid
issues where the keymgmt doesn't fully support exporting and importing,
which we can assume will be the case for HSM protected keys.
Fixes #15932
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15933)
Matt Caswell [Thu, 24 Jun 2021 15:07:03 +0000 (16:07 +0100)]
Ensure ordinals are created during release process
We introduce a new makefile target "make release-update" that forces
ordinal file renumbering, and also does the fips checksum updates. We
then call that from the release script.
Fixes #15806
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15901)
Christian Heimes [Thu, 24 Jun 2021 15:47:30 +0000 (17:47 +0200)]
Fix segfault in openssl x509 -modulus
The command ``openssl x509 -noout -modulus -in cert.pem`` used to segfaults
sometimes because an uninitialized variable was passed to
``BN_lebin2bn``. The bug triggered an assertion in bn_expand_internal().
Fixes: https://github.com/openssl/openssl/issues/15899 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15900)
Theo Buehler [Thu, 24 Jun 2021 09:37:04 +0000 (11:37 +0200)]
Fix two typos in OSSL_trace_enabled.pod
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15894)
Pauli [Thu, 24 Jun 2021 01:47:48 +0000 (11:47 +1000)]
test: add EVP_Q_mac tests to evp_test
Fixes #15837
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)
Pauli [Thu, 24 Jun 2021 01:32:50 +0000 (11:32 +1000)]
test: add EVP_Q_digest tests to evp_test
Fixes #15837
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)
Petr Gotthard [Wed, 5 May 2021 16:32:55 +0000 (18:32 +0200)]
BIO_new_from_core_bio: Fix heap-use-after-free after attach
The providers have to call up_ref to keep the cbio pointer, just like
the internal bio_prov.c does.
OSSL_STORE_attach passes a cbio pointer to the provider and then calls
ossl_core_bio_free(cbio). If up_ref is not called, the cbio gets
freed way too early.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15163)
Tomas Mraz [Wed, 23 Jun 2021 15:16:36 +0000 (17:16 +0200)]
trace: Do not produce dead code calling BIO_printf if disabled
Fixes #15880
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15882)
Matt Caswell [Tue, 22 Jun 2021 14:39:40 +0000 (15:39 +0100)]
Fix a race in ossl_provider_add_to_store()
If two threads both attempt to load the same provider at the same time,
they will first both check to see if the provider already exists. If it
doesn't then they will both then create new provider objects and call the
init function. However only one of the threads will be successful in adding
the provider to the store. For the "losing" thread we should still return
"success", but we should deinitialise and free the no longer required
provider object, and return the object that exists in the store.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Tue, 22 Jun 2021 11:07:48 +0000 (12:07 +0100)]
Move OPENSSL_add_builtin back into provider.c
An earlier stage of the refactor in the last few commits moved this
function out of provider.c because it needed access to the provider
structure internals. The final version however no longer needs this so
it is moved back again.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 14:37:48 +0000 (15:37 +0100)]
Don't skip the current provider in ossl_provider_register_child_cb
This restriction was in place to avoid problems with recursive attempts
to aquire the flag lock/store lock from within a provider's init function.
Since those locks are no longer held when calling the init function there
is no reason for the restriction any more.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 12:01:57 +0000 (13:01 +0100)]
Add a test to check that RAND_bytes_ex() works with a child lib ctx
Previously, when locks were held while calling a provider init function,
then RAND_bytes_ex() would fail if called from the init function and
used in conjunction with a child lib ctx. We add an explicit test of that.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 11:49:59 +0000 (12:49 +0100)]
Don't hold any locks while calling the provider init function
Previously providers were added to the store first, and then subsequently
initialised. This meant that during initialisation the provider object
could be shared between multiple threads and hence the locks needed to be
held. However this causes problems because the provider init function is
essentially a user callback and could do virtually anything. There are
many API calls that could be invoked that could subsequently attempt to
acquire the locks. This will fail because the locks are already held.
However, now we have refactored things so that the provider is created and
initialised before being added to the store. Therefore at the point of
initialisation the provider object is not shared with other threads and so
no locks need to be held.
Fixes #15793
Fixes #15712
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 10:34:04 +0000 (11:34 +0100)]
Set use_fallbacks to zero when we add a provider to the store
Update use_fallbacks to zero when we add a provider to the store rather
than when we activate it. Its only at the point that we add it to the store
that it is actually usable and visible to other threads.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 10:06:12 +0000 (11:06 +0100)]
Remove flag_couldbechild
Now that a provider is no longer put into the store until after it has
been activated we don't need flag_couldbechild any more. This flag was
used to indicate whether a provider was eligible for conversion into a
child provider or not. This was only really interesting for predefined
providers that were automatically created.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Mon, 21 Jun 2021 08:23:30 +0000 (09:23 +0100)]
Add a new provider to the store only after we activate it
Rather than creating the provider, adding to the store and then activating
it, we do things the other way around, i.e. activate first and then add to
the store. This means that the activation should occur before other threads
are aware of the provider.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Fri, 18 Jun 2021 11:28:40 +0000 (12:28 +0100)]
Instantiate user-added builtin providers when we need them
Previously we created the provider object for builtin providers at the
point that OPENSSL_add_builtin() was called. Instead we delay that until
the provider is actually loaded.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Matt Caswell [Fri, 18 Jun 2021 09:08:23 +0000 (10:08 +0100)]
Instantiate predefined providers just-in-time
Previously we instantiated all the predefined providers at the point that
we create the provider store. Instead we move them to be instantiated as we
need them.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Tomas Mraz [Wed, 23 Jun 2021 07:23:53 +0000 (09:23 +0200)]
simpledynamic: Add missing include for AIX builds
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15874)
Richard Levitte [Wed, 23 Jun 2021 06:10:37 +0000 (08:10 +0200)]
test/recipes/90-test_shlibload.t: Modify to work with known file names
Using File::Temp::tempfile() is admirable, but isn't necessary for the
sort of thing we use it for.
Furthermore, since tempfile() returns an opened file handle for
reading for the file in question, it may have effect that the file
becomes unwritable. This is the default on VMS, and since tempfile()
doesn't seem to have any option to affect this, it means that
test/shlibloadtest.c can't write the magic line to that file.
Also, if we consider forensics, to be able to see what a test produced
to determine what went wrong, it's better to use specific and known
file names.
Therefore, this test is modified to use well known file names, and to
open them for reading after the shlibloadtest program has been run
instead of before.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15872)
Pauli [Tue, 22 Jun 2021 23:46:42 +0000 (09:46 +1000)]
doc: Document that the OBJ creation functions don't lock.
Neither OBJ_create() nor OBJ_add_sigid() use locks. They are not thread safe.
They can and will cause the other OBJ_ query functions to fail in mysterious
ways if called concurrently with them.
There is no problem calling multiple query functions concurrently.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15865)
Richard Levitte [Tue, 22 Jun 2021 16:11:03 +0000 (18:11 +0200)]
Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()
Fixes #15839
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)
Richard Levitte [Tue, 22 Jun 2021 16:09:25 +0000 (18:09 +0200)]
EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac()
This makes them more consistent with other new interfaces.
Fixes #15839
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)
Add assert.h to threads_pthread.c for NonStop thread compiles.
Fixes: #15809 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15812)
Robbie Harwood [Sat, 29 May 2021 16:02:28 +0000 (12:02 -0400)]
Update dependencies for krb5 external test
Dejagnu/TCL are no longer needed. Installing kdcproxy enables krb5's
proxying tests, which exercise the krb5 TLS integration.
Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15850)
Hubert Kario [Mon, 21 Jun 2021 14:52:14 +0000 (16:52 +0200)]
cross-reference the DH and RSA SECLEVEL to level of security mappings
Since the DH check is used only in DHE-PSK ciphersuites, it's
easy to miss it when updating the RSA mapping. Add cross-references
so that they remain consistent.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15853)
Richard Levitte [Mon, 21 Jun 2021 06:35:28 +0000 (08:35 +0200)]
test/recipes/80-test_cmp_http.t: use app() rather than cmd()
OpenSSL::Test::cmd() should be used with caution, as it is for special
cases only.
It's preferable to use OpenSSL::Test::app() or OpenSSL::Test::test().
Fixes #15833
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15846)
Richard Levitte [Fri, 18 Jun 2021 08:32:32 +0000 (10:32 +0200)]
Fix definition of ossl_intmax_t and ossl_uintmax_t
These definitions were located away from our definitions of other
sized int and uint types. Also, the fallback typedef wasn't quite
correct, and this changes it to be aliases for int64_t and uint64_t,
since those are the largest integers we commonly handle.
We also make sure to define corresponding numbers: OSSL_INTMAX_MIN,
OSSL_INTMAX_MAX and OSSL_UINTMAX_MAX
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)