Richard Levitte [Sat, 15 May 2021 05:45:31 +0000 (07:45 +0200)]
EVP: Modify EVP_PKEY_export() to handle legacy EVP_PKEYs
We use a fake EVP_KEYMGMT import function with the newly modified
EVP_PKEY_ASN1_METHOD export_to function to pass the exported
OSSL_PARAM array directly to the EVP_PKEY_export() callback instead of
exporting to an actual provided key and then getting the OSSL_PARAM
array from there, just to throw away that key again.
Fixes #15290
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15293)
Richard Levitte [Sat, 15 May 2021 05:43:06 +0000 (07:43 +0200)]
Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer
We previously took an EVP_KEYMGMT pointer, but now found it necessary
to use a different import function in some cases. Since that's the
only thing we use from EVP_KEYMGMT, we might as well pass the import
function directly, allowing for some flexibility in how export_to is
used.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15293)
Matt Caswell [Thu, 20 May 2021 09:47:47 +0000 (10:47 +0100)]
Refer to the migration guide rather than the wiki in our announcements
We now have a migration guide which should be the definitive source of
information for upgrading from a previous version of OpenSSL.
Fixes #15186
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15373)
Pauli [Tue, 18 May 2021 08:45:31 +0000 (18:45 +1000)]
app: add a -store_loaders option to list.
Fixes #15307
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15323)
Matt Caswell [Tue, 11 May 2021 15:50:27 +0000 (16:50 +0100)]
Ensure mirroring of properties works for subsequent updates
If the global properties are updated after a provider with a child libctx
has already started we need to make sure those updates are mirrored in
that child.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)
Benjamin Kaduk [Fri, 2 Apr 2021 17:04:24 +0000 (10:04 -0700)]
Let SSL_new_session_ticket() enter init immediately
The initial implementation always deferred the generation of the
requested ticket(s) until the next application write, but this
is not a great fit for what it actually does, architecturally wise.
A request to send a session ticket means entering back into the
handshake state machine (or "in init", as it's known in the
implementation). The state machine transition is not something that
only occurs at an application-data write, and in general could occur at
any time. The only constraint is that we can't enter "init" while in
the middle of writing application data. In such cases we will need to
wait until the next TLS record boundary to enter the state machine,
as is currently done.
However, there is no reason why we cannot enter the handshake state
machine immediately in SSL_new_session_ticket() if there are no
application writes pending. Doing so provides a cleaner API surface to
the application, as then calling SSL_do_handshake() suffices to drive
the actual ticket generation. In the previous state of affairs a dummy
zero-length SSL_write() would be needed to trigger the ticket
generation, which is a logical mismatch in the type of operation being
performed.
This commit should only change whether SSL_do_handshake() vs zero-length
SSL_write() is needed to immediately generate a ticket after the
SSL_new_session_ticket() call -- the default behavior is still to defer
the actual write until there is other application data to write, unless
the application requests otherwise.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)
Richard Levitte [Tue, 18 May 2021 16:22:57 +0000 (18:22 +0200)]
Make apps/progs.pl not look at apps/progs.c
apps/progs.pl will have apps/progs.c as output, and on some systems,
the output file of a program is locked against reading.
Unfortunately, apps/progs.c is also part of the sources that make up
apps/openssl, so it's necessary to mark that file in a way that makes
progs.pl skip over it.
Fortunately, this is easily done with a special attribute in
apps/build.info and a simple adaptation of apps/progs.pl.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15332)
Jake Cooke [Tue, 18 May 2021 08:50:54 +0000 (18:20 +0930)]
Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15316)
Richard Levitte [Mon, 17 May 2021 21:40:32 +0000 (23:40 +0200)]
VMS need to build DSO with name shortening, because of provider code
We have pretty long symbol names, so they need to be shortened to fit
in the linker's 31 character limit on symbols.
Symbol name shortening with the VMS C compiler works in such a way
that a symbol name that's longer than 31 characters is mangled into
its first original 22 characters, followed by a dollar sign and the
32-bit CRC of the original symbol name in hexadecimal.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
Richard Levitte [Mon, 17 May 2021 14:56:28 +0000 (16:56 +0200)]
Configurations/descrip.mms.tmpl: Change strategy for include directories
Instead of what we used to do, put all include directories in a number
of DCL variables and generate the /INCLUDE qualifier value on the
command line, we instead generate VMS C specific header files with
include directory pragmas, to be used with the VMS C's /FIRST_INCLUDE
qualifier. This also shortens the command line, the size of which is
limited.
VMS C needs to have those include directories specified in a Unix
form, to be able to safely merge #include paths with them when
searching through them.
Fixes #14247
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
Richard Levitte [Mon, 17 May 2021 13:04:42 +0000 (15:04 +0200)]
Fix OpenSSL::fallback for VMS
VMS unpackers will typically convert any period ('.') in directory
names to underscores, since the period is a path separator on VMS,
just like '/' is a path separator on Unix. Our fallback mechanism
needs to account for that.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
Richard Levitte [Mon, 17 May 2021 12:44:01 +0000 (14:44 +0200)]
Turn off VMS C's info about unsupported pragmas
VMS C can be notoriously informative about certain things, such as
unsupported pragmas. The case here is that it doesn't support
"#pragma once", and since we use those quite a lot, that's a lot of
repeated information. We simply turn that warning off.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
Richard Levitte [Mon, 17 May 2021 12:33:16 +0000 (14:33 +0200)]
Rework how a build file (Makefile, ...) is produced
The memory footprint of how we produced the Makefile was quite...
important, because we have all the processing in one perl snippet, and
generate the details of the build file by appending to the "magic"
variable $OUT. The result is that this variable gets to hold the
majority of the build file text, and depending on memory reallocation
strategies for strings, the heap may hold multiple (possibly not just
a few) copies of this string, almost all of them "freed" but still
taking up space. This has resulted in memory exhaustion.
We therefore change strategy, and generate the build file in two
phases, where the first phase generates the full template using small
perl snippets for each detail, and the second phase processes this
template. This is much kinder to process memory.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)
Rich Salz [Mon, 17 May 2021 16:03:19 +0000 (12:03 -0400)]
Remove "openssl ifdef" handling
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)
Rich Salz [Mon, 17 May 2021 15:46:58 +0000 (11:46 -0400)]
Remove '=for openssl ifdef'
No longer needed after rewrite of cmd-nits
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)
Matt Caswell [Sat, 15 May 2021 09:27:09 +0000 (10:27 +0100)]
Better error messages if there are no encoders/decoders/store loaders
If you don't have the base or default providers loaded and therefore there
are no encoders/decoders or store loaders then the error messages can be
cryptic. We provide better hints about how to fix the problem.
Fixes #13798
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15306)
Matt Caswell [Fri, 14 May 2021 14:33:40 +0000 (15:33 +0100)]
Fix a use-after-free in the child provider code
If the child provider context data gets cleaned up before all usage of
providers has finished then a use-after-free can occur. We change the
priority of this data so that it gets freed later.
Fixes #15284
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15286)
Rich Salz [Thu, 6 May 2021 16:56:35 +0000 (12:56 -0400)]
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.
Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)
Benjamin Kaduk [Wed, 17 Mar 2021 05:03:36 +0000 (22:03 -0700)]
Add extensive test coverage for SSL_get_negotiated_group()
This is nearly comprehensive, but we cannot exercise the functionality
for PSK-only TLS 1.3 resumption, since openssl talking to openssl will
always negotiate psk_dhe_ke.
Exercise both the TLS 1.3 and 1.2 cases, for initial handshakes
and resumptions, and for ECDHE and FFDHE.
Since RFC 7919 named groups (for FFDHE) are only supported for TLS 1.3,
the TLS 1.2 versions of those scenarios expect to get NID_undef since
the key exchange was not performed using a named group.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)
Benjamin Kaduk [Tue, 16 Mar 2021 23:10:04 +0000 (16:10 -0700)]
Extend SSL_get_negotiated_group() tests for TLS 1.2
We don't implement RFC 7919 named groups for TLS 1.2, so we can
only test the ECDHE case for non-TLS-1.3.
Interestingly, though the test_key_exchange() routine claimed to
be exercising ffdhe2048 with TLS 1.2, the configured ciphers were
incompatible with DHE key exchange, so we ended up just using RSA
key transport and not doing an ephemeral key exchange at all.
Reconfigure the tests to actually exercise ephemeral key exchange
for both the EC and FF cases (even though we don't use the named
group information for the finite-field case).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)
Benjamin Kaduk [Tue, 16 Mar 2021 20:42:00 +0000 (13:42 -0700)]
Regenerate testsid.pem
Convert this file to the new format, that includes the kex_group
integer value. This is needed in order for the round-trip conversion
test to return the same value as the initial input.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)
Benjamin Kaduk [Tue, 16 Mar 2021 14:47:09 +0000 (07:47 -0700)]
Promote SSL_get_negotiated_group() for non-TLSv1.3
It can be useful to know what group was used for the handshake's
key exchange process even on non-TLS 1.3 connections. Allow this
API, new in OpenSSL 3.0.0, to be used on other TLS versions as well.
Since pre-TLS-1.3 key exchange occurs only on full handshakes, this
necessitates adding a field to the SSL_SESSION object to carry the
group information across resumptions. The key exchange group in the
SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake
uses the "psk_ke" key-exchange mode, so also track whether a fresh key
exchange was done for TLS 1.3.
Since the new field is optional in the ASN.1 sense, there is no need
to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility
churn).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)
Richard Levitte [Fri, 14 May 2021 05:23:51 +0000 (07:23 +0200)]
ASN1: Fix i2d_provided() return value
i2d_provided() - which is the internal provider data function for
i2d_KeyParams(), i2d_PrivateKey(), i2d_PublicKey() - didn't treat the
returned length from OSSL_ENCODER_to_data() quite as well as it should
have. A simple added flag that records the state of |*pp| before
calling OSSL_ENCODER_to_data() fixes the problem.
Fixes #14655
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15277)
projects / thirdparty / openssl.git / log
