Richard Levitte [Tue, 6 Jul 2021 06:44:37 +0000 (08:44 +0200)]
CRYPTO: Remove the check for built-in methods in the export_to function
That check was seen as necessary at the time, but other changes have
been made since, so we now have better control on when we're handling
legacy structures and methods, making it safe to run the export_to
function on keys with foreign methods.
The basic message is that foreign methods must set key structure
values according to our standards no matter what, or not set them at
all. This has really always been the case, but was harder to see at
the time because of interaction with other bugs.
Fixes #15927
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15996)
Pauli [Mon, 5 Jul 2021 01:01:59 +0000 (11:01 +1000)]
bn: procduce correct sign for result of BN_mod()
There is a problem that appears when calling BN_div(a, c, a, b) with negative b.
In this case, the sign of the remainder c is incorrect. The problem only
occurs if the dividend and the quotient are the same BIGNUM.
Fixes #15982
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15991)
Pauli [Tue, 6 Jul 2021 08:50:11 +0000 (18:50 +1000)]
err: remove ERR_GET_FUNC()
This is problematic in 3.0 because the function codes are all defined as zero.
This leads to either every error matching or no error ever matching. Both
are problematic for users. The OTC vote resolved to remove this function
completely.
Fixes #15946
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16004)
Pauli [Fri, 18 Jun 2021 23:54:55 +0000 (09:54 +1000)]
test: add some integral type size sanity checks
With the recent problem on VMS of maxint_t being defined as a 32 bit integer
despite OpenSSL mandating 64 bit integers being available, it seems prudent
to add some sanity checks for out integral types.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15830)
Matt Caswell [Wed, 23 Jun 2021 07:54:12 +0000 (08:54 +0100)]
Avoid "excessive message size" for session tickets
We received a report of an "excessive message size" for a received
session ticket. Our maximum size was significantly less than the theoretical
maximum. The server may put any data it likes in the session ticket
including (for example) the full certificate chain so we should be able to
handle longer tickets. Update the value to the maximum allowed by the spec.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15877)
Tomas Mraz [Thu, 1 Jul 2021 15:41:47 +0000 (17:41 +0200)]
update fips checksums
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)
Tomas Mraz [Thu, 1 Jul 2021 15:41:02 +0000 (17:41 +0200)]
fips module header inclusion fine-tunning
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)
Martin Schwenke [Thu, 1 Jul 2021 06:59:30 +0000 (16:59 +1000)]
bn: Make fixed-length Montgomery Multiplication conditional on PPC64
This code is currently unconditional even though build.info has:
$BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
This causes a build failure on 32-bit systems.
Fixes #15923
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)
Martin Schwenke [Thu, 1 Jul 2021 04:44:33 +0000 (14:44 +1000)]
bn: Fix .size directive
This requires the text address.
Fixes #15923
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)
Martin Schwenke [Thu, 1 Jul 2021 04:23:50 +0000 (14:23 +1000)]
bn: Use a basic branch-if-not-zero
Ancient toolchains fail the build because they don't like the hints,
newer ISAs recommend not using the hints and relying on dynamic branch
prediction.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)
Richard Levitte [Fri, 2 Jul 2021 10:38:18 +0000 (12:38 +0200)]
PROV & STORE: Make the 'file:' store loader understand more binary formats
The 'file:' store loader only understood DER natively. With all the
whatever to key decoders gone, direct support for other binary file
formats are gone, and we need to recreate them for this store loader.
With these changes, it now also understands MSBLOB and PVK files.
As a consequence, any store loader that handles some form of open file
data (such as a PEM object) can now simply pass that data back via
OSSL_FUNC_store_load()'s object callback. As long as libcrypto has
access to a decoder that can understand the data, the appropriate
OpenSSL object will be generated for it, even if the store loader sits
in a different provider than any decoder or keymgmt.
For example, an LDAP store loader, which typically finds diverse PEM
formatted blobs in the database, can simply pass those back via the
object callback, and let libcrypto do the rest of the work.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)
Richard Levitte [Fri, 2 Jul 2021 10:29:23 +0000 (12:29 +0200)]
PROV & STORE: Don't decode keys in the 'file:' store loader
This makes the 'file:' store loader only read the file, and only decode
down to a base level binary format, and simply pass that blob of data
back to the OSSL_FUNC_store_load() object callback.
This offloads the decoding into specific OpenSSL types to libcrypto,
which takes away the issue of origins, which provider is it that holds
the key (or other future types of objects).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)
Matt Caswell [Thu, 1 Jul 2021 10:58:35 +0000 (11:58 +0100)]
Work around a 32-bit mingw failure
Passing the return value from gmtime() directly to mktime() was producing
incorrect results under windows (but not under wine) when built with mingw
32-bit (but not VC-WIN32). We implement a workaround for this.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)
Matt Caswell [Fri, 25 Jun 2021 15:05:20 +0000 (16:05 +0100)]
Avoid some MinGW test failures
There were 4 classes of failure:
- line ending problems;
- unicode problems;
- file path munging problems; and
- a "hang" in test_cmp_http.
The unicode problems appear to be somewhere between wine or msys - they
don't actually appear to be a problem with the built binaries. We just skip
those tests for now.
Fixes #13558
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)
Oliver Mihatsch [Mon, 12 Apr 2021 14:46:16 +0000 (16:46 +0200)]
Fix memory leak in i2d_ASN1_bio_stream
When creating a signed S/MIME message using SMIME_write_CMS()
if the reading from the bio fails, the state is therefore
still ASN1_STATE_START when BIO_flush() is called by i2d_ASN1_bio_stream().
This results in calling asn1_bio_flush_ex cleanup but will only
reset retry flags as the state is not ASN1_STATE_POST_COPY.
Therefore 48 bytes (Linux x86_64) leaked since the
ndef_prefix_free / ndef_suffix_free callbacks are not executed
and the ndef_aux structure is not freed.
By always calling free function callback in asn1_bio_free() the
memory leak is fixed.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14844)
Tomas Mraz [Wed, 30 Jun 2021 14:11:17 +0000 (16:11 +0200)]
load_key_certs_crls: Avoid reporting any spurious errors
When there is other PEM data in between certs the OSSL_STORE_load
returns NULL and reports error. Avoid printing that error unless
there was nothing read at all.
Fixes #15945
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)
Defined out MUTEX attributes not available on NonStop SPT Threads.
Standard Posix Threads (SPT) Threads are an older separate branch of
pthreads that do not support some of the capabilities in the current
Posix User Threads (PUT).
The change also includes a rename of the close field of OSSL_STORE_LOADER
which was causing preprocessor conflicts.
Fixes #15885
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15886)
Pauli [Wed, 30 Jun 2021 00:21:17 +0000 (10:21 +1000)]
afalg: add some memory initialisation calls to pacify memory sanitisation.
The engine is modifying memory without the sanitiser realising. By pre-
initialising this memory, the sanitiser now thinks that read accesses are okay.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15952)
Document cross-compile considerations for NonStop x86 builds.
Fixes #15919
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15948)
David Benjamin [Tue, 29 Jun 2021 18:41:12 +0000 (14:41 -0400)]
Fix use of uninitialized memory in test_rsa_oaep
48f1739600f33c92387debce2002acec6e365f1d did not convert the RSA OAEP
tests correctly. The corrupted ciphertext and truncation tests were
really decrypting uninitialized memory, rather than the sample
ciphertext. This results in an error in tools like MSan.
The test is somewhat roundabout. In the original version, before the
conversion, ctext_ex was an OAEP test vector from key1(), etc.,
functions. The test would:
1. Encrypt ptext_ex as ctext.
2. Decrypt ctext and check it gives ptext_ex.
3. Decrypt ctext_ex and check it gives ptext_ex.
4. Try corrupted and truncated versions of ctext.
48f1739600f33c92387debce2002acec6e365f1d then moved steps 1 and 2 into
test_rsa_simple, which meant ctext is no longer available for step 4. It
then mistakenly left the variable around, but uninitialized, so the test
wasn't testing anything. (Confusingly, test_rsa_simple outputs ctext_ex
to the caller, but doesn't do anything with it. The ctext_ex output is
also only usable for OAEP, not PKCS#1 v1.5.)
It doesn't really matter whether we use ctext or ctext_ex for step 4, so
this PR fixes it by using ctext_ex instead.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15950)
OSSL_CRMF_{CERTTEMPLATE,CERTID}_get0_serialNumber(): Make result const for consistency
Also make doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod consistent with crmf.h.in regarding const results
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
cmp_mock_srv.c: Add missing OldCertID check for 'kur' cert update requests
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
CMP: Add missing getter functions to CRMF API and CMP API
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
Richard Levitte [Mon, 28 Jun 2021 03:52:42 +0000 (05:52 +0200)]
DECODER & ENCODER: Make sure to pass around the original selection bits
When decoding a key and asking the keymgmt to import the key data, it
was told that the key data includes everything. This may not be true,
since the user may have specified a different selection, and some
keymgmts may want to be informed.
Our key decoders' export function, on the other hand, didn't care
either, and simply export anything they could, regardless.
In both cases, the selection that was specified by the user is now
passed all the way.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
Hubert Kario [Fri, 25 Jun 2021 11:34:31 +0000 (13:34 +0200)]
doc: make error checking in ticket handling code explicit
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15918)
Richard Levitte [Mon, 28 Jun 2021 03:37:22 +0000 (05:37 +0200)]
ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt
If there are keymgmts and en/decoders from the same provider, try to
combine them first.
This avoids unnecessary export/import dances, and also tries to avoid
issues where the keymgmt doesn't fully support exporting and importing,
which we can assume will be the case for HSM protected keys.
Fixes #15932
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15933)
Matt Caswell [Thu, 24 Jun 2021 15:07:03 +0000 (16:07 +0100)]
Ensure ordinals are created during release process
We introduce a new makefile target "make release-update" that forces
ordinal file renumbering, and also does the fips checksum updates. We
then call that from the release script.
Fixes #15806
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15901)
Christian Heimes [Thu, 24 Jun 2021 15:47:30 +0000 (17:47 +0200)]
Fix segfault in openssl x509 -modulus
The command ``openssl x509 -noout -modulus -in cert.pem`` used to segfaults
sometimes because an uninitialized variable was passed to
``BN_lebin2bn``. The bug triggered an assertion in bn_expand_internal().
Fixes: https://github.com/openssl/openssl/issues/15899 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15900)
Theo Buehler [Thu, 24 Jun 2021 09:37:04 +0000 (11:37 +0200)]
Fix two typos in OSSL_trace_enabled.pod
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15894)
Pauli [Thu, 24 Jun 2021 01:47:48 +0000 (11:47 +1000)]
test: add EVP_Q_mac tests to evp_test
Fixes #15837
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)
Pauli [Thu, 24 Jun 2021 01:32:50 +0000 (11:32 +1000)]
test: add EVP_Q_digest tests to evp_test
Fixes #15837
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)
Petr Gotthard [Wed, 5 May 2021 16:32:55 +0000 (18:32 +0200)]
BIO_new_from_core_bio: Fix heap-use-after-free after attach
The providers have to call up_ref to keep the cbio pointer, just like
the internal bio_prov.c does.
OSSL_STORE_attach passes a cbio pointer to the provider and then calls
ossl_core_bio_free(cbio). If up_ref is not called, the cbio gets
freed way too early.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15163)
projects / thirdparty / openssl.git / log
