Matt Caswell [Thu, 12 Nov 2020 14:55:31 +0000 (14:55 +0000)]
Complain if we are attempting to encode with an invalid ASN.1 template
It never makes sense for multi-string or CHOICE types to have implicit
tagging. If we have a template that uses the in this way then we
should immediately fail.
Thanks to David Benjamin from Google for reporting this issue.
Matt Caswell [Thu, 12 Nov 2020 11:58:12 +0000 (11:58 +0000)]
Check that multi-strings/CHOICE types don't use implicit tagging
It never makes sense for multi-string or CHOICE types to use implicit
tagging since the content would be ambiguous. It is an error in the
template if this ever happens. If we detect it we should stop parsing.
Thanks to David Benjamin from Google for reporting this issue.
Ankita Shetty [Fri, 27 Nov 2020 16:05:30 +0000 (17:05 +0100)]
openssl.pod: Carve out Trusted Certificate, Pass Phrase, Name Format, and Format Options
Move detailed doc to specific new files in doc/man1/openssl-*-options.pod
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13315)
Richard Levitte [Fri, 4 Dec 2020 08:34:25 +0000 (09:34 +0100)]
EVP: Adjust EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()
These functions are documented to return 0 if the size they are
supposed to return 0 if the size isn't available. They needed a bit
of adjustment to actually do so, since the backend functions they call
might return negative numbers in that case.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13611)
Richard Levitte [Fri, 4 Dec 2020 07:55:19 +0000 (08:55 +0100)]
DSA: Make DSA_bits() and DSA_size() check that there are key parameters
Without these check, a DSA structure without key parameters will cause
these functions to crash. This is also the case in pre-3.0 OpenSSL,
but since we now extract these data early, to cache them in the
EVP_PKEY structure, the same crash happens earlier and much more
internally.
The added checks are of the same kind as DSA_security_bits() already
does.
Fixes #13610
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13611)
Matt Caswell [Wed, 2 Dec 2020 17:01:55 +0000 (17:01 +0000)]
Fix no-dsa
Skip tests that require DSA to be available. While we're doing this
we also remove an OPENSSL_NO_DSA guard in the dhparam app that is no
longer necessary (even though DSA may not be present in our own providers
it could be available via a third party provider).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13599)
Shane Lontis [Thu, 26 Nov 2020 05:03:10 +0000 (15:03 +1000)]
Fix ecdsa digest setting code to match dsa.
Fixes #13422
ecdsa_set_ctx_params() was not setting the digest correctly. The side
effect noted was that the check for sha1 when signing was not being
done in fips mode.
Also fixed the dupctx() so that propq is deep copied.
The usage of the variable 'flag_allow_md' was also copied from the dsa code.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13520)
Shane Lontis [Wed, 2 Dec 2020 10:54:08 +0000 (20:54 +1000)]
Fix EVP_PKEY_CTX propq so that it uses a copy
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
Shane Lontis [Wed, 2 Dec 2020 10:52:32 +0000 (20:52 +1000)]
fix x509_PUBKEY propq so that it uses a copy
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
Shane Lontis [Wed, 2 Dec 2020 10:50:32 +0000 (20:50 +1000)]
Fix x509_crl propq so that it uses a copy
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
Shane Lontis [Fri, 21 Aug 2020 05:14:42 +0000 (15:14 +1000)]
Fix X509 propq so it does not use references
Fixes #13486
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
x509_vfy.c: Restore rejection of expired trusted (root) certificate
The certificate path validation procedure specified in RFC 5280 does not
include checking the validity period of the trusted (root) certificate.
Still it is common good practice to perform this check.
Also OpenSSL did this until commit 0e7b1383e, which accidentally killed it.
The current commit restores the previous behavior.
It also removes the cause of that bug, namely counter-intuitive design
of the internal function check_issued(), which was complicated by checks
that actually belong to some other internal function, namely find_issuer().
Moreover, this commit adds a regression check and proper documentation of
the root cert validity period check feature, which had been missing so far.
Fixes #13427
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13590)
Richard Levitte [Mon, 30 Nov 2020 09:44:34 +0000 (10:44 +0100)]
Add test to demonstrate the app's new engine key loading
This adds a bit of functionality in ossltest, so it can now be used to
load PEM files. It takes the file name as key ID, but just to make
sure faults aren't ignored, it requires all file names to be prefixed
with 'ot:'.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13570)
Richard Levitte [Mon, 30 Nov 2020 06:25:46 +0000 (07:25 +0100)]
APPS: Adapt load_key() and load_pubkey() for the engine: loader
These two functions react when the FORMAT_ENGINE format is given, and
use the passed ENGINE |e| and the passed key argument to form a URI
suitable for the engine: loader.
Co-authored-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13570)
Matt Caswell [Tue, 1 Dec 2020 15:19:56 +0000 (15:19 +0000)]
Fix a compile error with the no-sock option
BIO_do_connect() can work even in no-sock builds (non socket based BIOs
have the right ctrls). Therefore we move the macro outside of the
OPENSSL_NO_SOCK guards
Fixes #12207
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13587)
Daiki Ueno [Mon, 26 Oct 2020 12:23:14 +0000 (13:23 +0100)]
openssl dgst: add option to specify output length for XOF
This adds the -xoflen option to control the output length of the XOF
algorithms, such as SHAKE128 and SHAKE256.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13245)
Richard Levitte [Fri, 27 Nov 2020 06:59:02 +0000 (07:59 +0100)]
ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY()
The passed 'pkey' already contains a library context, and the encoder
implementations should be found within the same context, so passing an
explicit library context seems unnecessary, and potentially dangerous.
It should be noted that it's possible to pass an EVP_PKEY with a
legacy internal key. The condition there is that it doesn't have a
library context assigned to it, so the NULL library context is used
automatically, thus requiring that appropriate encoders are available
through that context.
Fixes #13544
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13545)
Ankita Shetty [Tue, 24 Nov 2020 18:55:27 +0000 (19:55 +0100)]
cmp_client.c: Fix indentation and remove empty line
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13488)
Ankita Shetty [Mon, 23 Nov 2020 16:12:33 +0000 (17:12 +0100)]
cmp_client.c: Remove dead code of variable 'txt' in cert_response()
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13488)
Matt Caswell [Thu, 19 Nov 2020 13:58:21 +0000 (13:58 +0000)]
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Shane Lontis [Mon, 16 Nov 2020 02:42:18 +0000 (12:42 +1000)]
Add EVP_KDF-X942 to the fips module
The X942 KDF had been modified so that it supports all optional fields - not
just the fields used by CMS.
As there are 2 types of KDF for X942 - this has been made a bit clearer
by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an
alias of X963KDF.
This work was instigated as a result of the ACVP tests optionally being
able to use keybits for the supp_pubinfo field.
Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this
to be disabled.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13418)
Shane Lontis [Wed, 25 Nov 2020 08:19:27 +0000 (18:19 +1000)]
Fix s390 EDDSA HW support in providers.
Fixes #12476
Note this stopped working when ECX was swapped over to using
providers. The ECX_KEY keygen and exchange were converted, but not the ED
signing support.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13508)
Tim Hudson [Thu, 26 Nov 2020 02:31:25 +0000 (12:31 +1000)]
Correct system guessing for darwin64-arm64 target
Previously the system guessing logic would incorrectly guess
i686-apple-darwin as the fallback for any unspecified architecture
that is a Darwin target
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13517)
Kelvin Lee [Tue, 1 Dec 2020 13:25:01 +0000 (00:25 +1100)]
Fix simpledynamic.c - a typo and missed a header
CLA: trivial
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13584)
Richard Levitte [Wed, 25 Nov 2020 06:57:45 +0000 (07:57 +0100)]
TEST: Add a simple module loader, and test the FIPS module with it
This very simple module loader is only linked with the standard C
library, so cannot and should not provide any other symbol to the
module it tries to load. It can thereby be used to verify that the
module it tries to load doesn't have any surprising dependencies when
it's supposed to be self contained.
A test recipe is added to verify the FIPS module with this loader.
Fixes #11020
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13507)