OCSP HTTP: Restore API of undocumented and recently deprecated functions
Restore parameters of OCSP_REQ_CTX_new(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_i2d().
Fix a bug (wrong HTTP method selected on req == NULL in OCSP_sendreq_new().
Minor further fixes in OSSL_HTTP_REQ_CTX.pod
Fixes #13873
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
Matt Caswell [Mon, 18 Jan 2021 16:50:07 +0000 (16:50 +0000)]
Don't copy parameters on setting a key in libssl
Whenever we set a private key in libssl, we first found the certificate
that matched the key algorithm. Then we copied the key parameters from the
private key into the public key for the certficate before finally checking
that the private key matched the public key in the certificate. This makes
no sense! Part of checking the private key is to make sure that the
parameters match. It seems that this code has been present since SSLeay.
Perhaps at some point it made sense to do this - but it doesn't any more.
We remove that piece of code altogether. The previous code also had the
undocumented side effect of removing the certificate if the key didn't
match. This makes sense if you've just overwritten the parameters in the
certificate with bad values - but doesn't seem to otherwise. I've also
removed that error logic.
Due to issue #13893, the public key associated with the certificate is
always a legacy key. EVP_PKEY_copy_parameters will downgrade the "from"
key to legacy if the target is legacy, so this means that in libssl all
private keys were always downgraded to legacy when they are first set
in the SSL/SSL_CTX. Removing the EVP_PKEY_copy_parameters code has the
added benefit of removing that downgrade.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13899)
Matt Caswell [Tue, 19 Jan 2021 11:36:24 +0000 (11:36 +0000)]
Ensure legacy_asn1_ctrl_to_param can handle MDs not in the OBJ database
The legacy_asn1_ctrl_to_param implementation of
ASN1_PKEY_CTRL_DEFAULT_MD_NID calls EVP_PKEY_get_default_digest_name()
which returns an mdname. Previously we were using OBJ_sn2nid/OBJ_ln2nid
to lookup that name in the OBJ database. However we might get an md name
back that only exists in the namemap, not in the OBJ database. In that
case we need to check the various aliases for the name, to see if one of
those matches the name we are looking for.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13899)
Richard Levitte [Fri, 15 Jan 2021 11:20:25 +0000 (12:20 +0100)]
Unix Makefile generator: separate "simple" shared libraries from import libraries
For Unix like environments, we may have so called "simple" shared
library names (libfoo.so as opposed to libfoo.so.1.2), or we may have
"import" library names associated with a DLL (libfoo.dll.a for
libfoo.dll on Mingw and derivatives).
So far, "import" library names were treated the same as "simple"
shared library names, as some kind of normalization for the Unix way
of doing things.
We now shift to treat them separately, to make it clearer what is
what.
Fixes #13414, incidently
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13875)
Tim Hitchins [Wed, 20 Jan 2021 11:35:33 +0000 (11:35 +0000)]
Fix typo in crl2pkcs documentation
Fixes #13910
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13911)
Rich Salz [Tue, 8 Dec 2020 15:13:54 +0000 (10:13 -0500)]
Deprecate EVP_KEY_new_CMAC_key and EVP_PKEY_new_CMAC_key_ex
EVP_KEY_new_CMAC_key_ex was in the pre-release 3.0 only, so is safe
to remove.
Restore 1.1.1 version of EVP_PKEY_new_CMAC_key documentation.
Also make testing of EVP_PKEY_new_CMAC_key properly #ifdef'd.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13829)
Matt Caswell [Wed, 6 Jan 2021 17:03:44 +0000 (17:03 +0000)]
Ensure SRP BN_mod_exp follows the constant time path
SRP_Calc_client_key calls BN_mod_exp with private data. However it was
not setting BN_FLG_CONSTTIME and therefore not using the constant time
implementation. This could be exploited in a side channel attack to
recover the password.
Since the attack is local host only this is outside of the current OpenSSL
threat model and therefore no CVE is assigned.
Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
issue.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13888)
apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile options
Also prevent copying SKID and AKID extension, which make no sense in CSRs
and extend the use -ext to select with extensions are copied.
Further simplifiy the overall structure of the code.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
X509: Enable printing cert even with invalid validity times, saying 'Bad time value'
Add internal asn1_time_print_ex() that can return success on invalid time.
This is a workaround for inconsistent error behavior of ASN1_TIME_print(),
used in X509_print_ex().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13714)
Made some editorial changes to man3/OCSP_sendreq.pod; move the NOTES
text inline. Some of the original functions had no documentation:
OCSP_REQ_CTX_new, OCSP_REQ_CTX_http, OCSP_REQ_CTX_get0_mem_bio,
OCSP_REQ_CTX_nbio_d2i, and OCSP_REQ_CTX_nbio. Their new counterparts
are now documented in doc/man3/OSSL_HTTP_REQ_CTX.pod
Fixes #12234
Co-authored-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13742)
Kurt Roeckx [Thu, 17 Dec 2020 21:28:17 +0000 (22:28 +0100)]
Fix memory leak in mac_newctx() on error
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13702)
Jon Spillett [Wed, 13 Jan 2021 04:10:51 +0000 (14:10 +1000)]
Allow EVP_PKEY private key objects to be created without a public component
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13855)
Rich Salz [Tue, 5 Jan 2021 23:05:42 +0000 (18:05 -0500)]
Document openssl thread-safety
Also discuss reference-counting, mutability and safety.
Thanks to David Benjamin for pointing to comment text he added
to boringSSL's header files.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13788)
Daniel Bevenius [Wed, 13 Jan 2021 14:30:20 +0000 (15:30 +0100)]
Correct typo in rsa_oaep.c
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13861)
Michael Baentsch [Wed, 13 Jan 2021 10:06:13 +0000 (11:06 +0100)]
Enhance default provider documentation
Bring Wiki and man page documentation in line regarding default provider
fall-back behaviour.
Fixes #13844
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13859)
Matt Caswell [Tue, 12 Jan 2021 16:50:17 +0000 (16:50 +0000)]
Fix a failure where fetches can return NULL in multi-threaded code
When a fetch is attempted simultaneously from multiple threads then both
threads can attempt to construct the method. However only one of those
will get added to the global evp method store. The one that "lost" the
race to add the method to the global evp method store ended up with the
fetch call returning NULL, instead of returning the method that was
already available.
Fixes #13682
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
Matt Caswell [Mon, 11 Jan 2021 17:02:01 +0000 (17:02 +0000)]
Fix an issue in provider_activate_fallbacks()
The above function was running while holding the store lock with a read
lock. Unfortunately it actually modifies the store, so a write lock is
required instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
Matt Caswell [Fri, 8 Jan 2021 13:48:13 +0000 (13:48 +0000)]
Enable locking on the primary DRBG when we create it
The primary DRBG may be shared across multiple threads and therefore
we must use locking to access it. Previously we were enabling that locking
lazily when we attempted to obtain one of the child DRBGs. Part of the
process of enabling the lock, is to create the lock. But if we create the
lock lazily then it is too late - we may race with other threads where each
thread is independently attempting to enable the locking. This results
in multiple locks being created - only one of which "sticks" and the rest
are leaked.
Instead we enable locking on the primary when we first create it. This is
already locked and therefore we cannot race.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
Matt Caswell [Fri, 8 Jan 2021 13:22:59 +0000 (13:22 +0000)]
Make sure we take the ctx->lock in ossl_lib_ctx_generic_new()
The function ossl_lib_ctx_generic_new() modifies the exdata. This may
be simultaneously being modified by other threads and therefore we need
to make sure we take the lock before doing so.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
Matt Caswell [Fri, 11 Dec 2020 16:29:25 +0000 (16:29 +0000)]
Lock the provider operation_bits
The provider operation_bits array can see concurrent access by multiple
threads and can be reallocated at any time. Therefore we need to ensure
that it is appropriately locked.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
Matt Caswell [Thu, 10 Dec 2020 14:44:25 +0000 (14:44 +0000)]
Fix a crash with multi-threaded applications using the FIPS module
The FIPS implementation of the ossl_ctx_thread_stop function needs to
use an OSSL_LIB_CTX - but gets passed a provctx as an argument. It was
assuming that these are the same thing (which was true at one point
during development) - but that is no longer the case. The fix is to
get the OSSL_LIB_CTX out of the provctx.
Fixes #13469
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
Richard Levitte [Tue, 12 Jan 2021 14:44:43 +0000 (15:44 +0100)]
Make header references conform with man-pages(7) in all manuals
Details from man-pages(7) that are used:
Formatting conventions (general)
...
Filenames (whether pathnames, or references to header files) are always
in italics (e.g., <stdio.h>), except in the SYNOPSIS section, where in‐
cluded files are in bold (e.g., #include <stdio.h>). When referring to
a standard header file include, specify the header file surrounded by
angle brackets, in the usual C way (e.g., <stdio.h>).
...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13843)
Richard Levitte [Tue, 12 Jan 2021 15:10:15 +0000 (16:10 +0100)]
Make the OSSL_PARAM manual conform with man-pages(7)
Details from man-pages(7) that are used:
Formatting conventions for manual pages describing functions
...
Variable names should, like argument names, be specified in italics.
...
Formatting conventions (general)
...
Special macros, which are usually in uppercase, are in bold.
Exception: don't boldface NULL.
...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13848)