Richard Levitte [Thu, 18 Mar 2021 09:41:53 +0000 (10:41 +0100)]
PROV: Add type specific PKCS#8 decoding to the DER->key decoders
This required refactoring a number of functions from the diverse
EVP_PKEY_ASN1_METHOD implementations to become shared backend
functions. It also meant modifying a few of them to return pointers
to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of
manipulating an EVP_PKEY pointer directly, letting the caller do the
latter.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)
Richard Levitte [Fri, 29 Jan 2021 03:47:47 +0000 (04:47 +0100)]
PROV: Add RSA-PSS specific OSSL_FUNC_KEYMGMT_LOAD function
The OSSL_FUNC_KEYMGMT_LOAD function for both plain RSA and RSA-PSS
keys now also check that the key to be loaded is the correct type,
and refuse to load it if it's not.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)
Richard Levitte [Thu, 28 Jan 2021 07:48:55 +0000 (08:48 +0100)]
PROV: Refactor DER->key decoder
The decoding of DER into keys with keytype specific routines depended
entirely on the absence of the generic algo specific C type from
EVP_PKEYs. That is not necessary, and may even prove to be a bit of a
disadvantage, depending on what libcrypto has to offer in terms of
type specific d2i functionality for different kinds of input
structures.
To remedy, we try with all available type specific functions first,
and only turn to the general d2i functions (those that return an
EVP_PKEY) as a last resort.
Furthermore, there are cases where the decoder might not get the key
type it expected. This may happen when certain key types that share
the same OpenSSL structure may be mixed up somehow. The known cases
are EC vs SM2 and RSA vs RSA-PSS.
To remedy, we add the possibility to specify a checking function that
can check if the key that was decoded meets decoder expectations.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)
Richard Levitte [Thu, 18 Mar 2021 04:07:11 +0000 (05:07 +0100)]
Configure: check all DEPEND values against GENERATE, not just .h files
All files that are given to DEPEND statements in build.info files are
being checked against GENERATE statements, to see if it's reasonable
to look for them in the source tree or not. This was only done for .h
files, for reasons that are lost in history. We now change that check
to look at all files instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14598)
Tomas Mraz [Thu, 18 Mar 2021 13:22:20 +0000 (14:22 +0100)]
EVP_PKEY_get_*_param should work with legacy
Also do not shortcut the pkey == NULL case
to allow EVP_PKEY_get_params() to raise an error.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14606)
Matt Caswell [Tue, 16 Mar 2021 12:03:08 +0000 (12:03 +0000)]
Ensure we deregister thread handlers even after a failed init
If we attempt to init a provider but that init fails, then we should
still deregister any thread handlers. The provider may have failed after
these were registered.
Fixes #13338
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14576)
Pauli [Wed, 17 Mar 2021 02:23:52 +0000 (12:23 +1000)]
apps: fix coverity 966560: division by zero
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14586)
Kevin Cadieux [Wed, 17 Mar 2021 03:23:38 +0000 (20:23 -0700)]
Fixing stack buffer overflow error caused by incorrectly sized array.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14582)
Beat Bolli [Sun, 14 Feb 2021 18:27:56 +0000 (19:27 +0100)]
ASN1: limit the Unicode code point range in UTF8_getc() and UTF8_putc()
Since the Unicode 4.0.0 standard, the valid code point range is U+0000
to U+10FFFF. Make code points outside this range invalid when converting
from/to UTF-8.
Signed-off-by: Beat Bolli <dev@drbeat.li> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14185)
Tomas Mraz [Thu, 11 Mar 2021 12:31:13 +0000 (13:31 +0100)]
Make EVP_PKEY_missing_parameters work properly on provided RSA keys
This requires changing semantics of the keymgmt_has()
function a little in the sense that it now returns 1
if the selection has no meaning for the key type. It
was already doing so for ECX keys for example.
The keymgmt_validate function semantics is changed
similarly to allow passing validation on the same
selection that the key returns 1 for.
Fixes #14509
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14511)
Tomas Mraz [Mon, 15 Mar 2021 12:53:10 +0000 (13:53 +0100)]
apps/crl: Print just the hash value if printing just hash
This partially reverts the output format change for
openssl crl -hash output.
Fixes #14546
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14553)
Matt Caswell [Mon, 15 Mar 2021 16:21:45 +0000 (16:21 +0000)]
Remove a TODO(3.0) from EVP_PKEY_derive_set_peer()
The TODO described a case where a legacy derive operation is called, but
the peer key is provider based. In practice this will almost never be a
problem. We should never end up in our own legacy EVP_PKEY_METHOD
implementations if no ENGINE has been configured. If an ENGINE has been
configured then we we will be using a third party EVP_PKEY_METHOD
implementation and public APIs will be used to obtain the key data from the
peer key so there will be no "reaching inside" the pkey.
There is a theoretical case where a third party ENGINE wraps our own
internal EVP_PKEY_METHODs using EVP_PKEY_meth_find() or
EVP_PKEY_meth_get0(). For these cases we just ensure all our
EVP_PKEY_METHODs never reach "inside" the implementation of a peer key. We
can never assume that it is a legacy key.
Fixes #14399
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14555)
Matt Caswell [Mon, 15 Mar 2021 17:44:42 +0000 (17:44 +0000)]
Fix a TODO(3.0) in the siphash code
All 3 files that included crypto/siphash.h also included siphash_local.h,
and no other files included siphash_local.h independently. They probably
should be just one header file.
Fixes #14360
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14558)
Tomas Mraz [Fri, 12 Mar 2021 16:29:53 +0000 (17:29 +0100)]
provider_core: Remove two TODO 3.0
We need to keep the check for prov == NULL in ossl_provider_libctx
but it is not needed in core_get_libctx as there it can happen only when
there is a serious coding error in a third party provider and returning
NULL as libctx would be seriously wrong as that has a special meaning.
The second TODO is valid but not something that is relevant
for 3.0. Change it into a normal comment.
Fixes #14377
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14535)
Pauli [Sat, 13 Mar 2021 00:34:49 +0000 (10:34 +1000)]
property: default queries create the property values.
Without this, it is necessary to query an algorithm before setting the default
property query. With this, the value will be created and the default will
work.
Fixes #14516
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14542)
Matt Caswell [Tue, 9 Mar 2021 17:07:48 +0000 (17:07 +0000)]
Ensure that ECX keys pass EVP_PKEY_param_check()
RSA keys have no parameters and pass EVP_PKEY_param_check(). Previously,
ECX keys had no parammeters and failed EVP_PKEY_param_check(). We should
be consistent. It makes more sense to always pass, and therefore this
commit implements that behaviour.
Fixes #14482
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14485)
Shane Lontis [Thu, 11 Mar 2021 03:36:27 +0000 (13:36 +1000)]
Fix DSA EVP_PKEY_param_check() when defaults are used for param generation.
Fixes #14480
An internal flag that is set during param gen was not being tested, so
the wrong type was used to select the dsa domain param validation method.
In the default provider - if no gen_type is set then by default the fips186_4 gentype
will be selected when pbits >=2048 otherwise it selects fips186_2.
The fips provider ignores the gen_type and always uses fips186_4.
Before this change dsa used fips186_2 by default in the default
provider.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14508)
Tomas Mraz [Fri, 12 Mar 2021 16:14:09 +0000 (17:14 +0100)]
keymgmt_meth: remove two TODO 3.0
The first TODO 3.0 is not really a TODO, just a comment.
The second one is something that is needed for compatibility
with existing applications. There is no major reason in
trying to change this behavior right now.
Fixes #14400
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14534)
Matt Caswell [Fri, 12 Mar 2021 15:43:40 +0000 (15:43 +0000)]
Convert a TODO(3.0) in OPENSSL_thread_stop_ex to a comment
The TODO is describing something that would be nice to fix. In fact the
problem exists even in 1.1.1. It would be nice to fix it, but it does
not need to be done in the 3.0 timeframe.
Fixes #14376
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14533)
Matt Caswell [Fri, 12 Mar 2021 15:33:55 +0000 (15:33 +0000)]
Remove a TODO from async_delete_thread_state()
There is nothing to be done here for the time being. If at some point
we make the async code libctx aware then we might need to make a change
but there are no plans to do that at the moment.
Fixes #14402
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14532)
Shane Lontis [Fri, 12 Mar 2021 02:32:44 +0000 (12:32 +1000)]
Remove TODO in rsa_ameth.c
Fixes #14390
The only caller of this function tests EVP_KEYMGMT_is_a() beforehand
which will fail if the RSA key types do not match. So the test is not
necessary. The assert has been removed when it does the test.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14524)
Rich Salz [Thu, 18 Feb 2021 20:31:56 +0000 (15:31 -0500)]
Always check CRYPTO_LOCK_{read,write}_lock
Some functions that lock things are void, so we just return early.
Also make ossl_namemap_empty return 0 on error. Updated the docs, and added
some code to ossl_namemap_stored() to handle the failure, and updated the
tests to allow for failure.
Fixes: #14230 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14238)