PROV: Fix encoding of MDWithRSAEncryption signature AlgorithmID

All {MD}WithRSAEncryption signature AlgorithmID have the parameters
being NULL, according to PKCS#1. We didn't. Now corr

PROV: Fix encoding of MDWithRSAEncryption signature AlgorithmID

All {MD}WithRSAEncryption signature AlgorithmID have the parameters
being NULL, according to PKCS#1. We didn't. Now corrected.

This bug was the topic of this thread on openssl-users@openssl.org:
https://mta.openssl.org/pipermail/openssl-users/2021-January/013416.html

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14030)

show more ...

Fix the cipher_overhead_test

Now that libssl no longer has any OPENSSL_NO_ALG guards the internal
cipher_overhead_test wasn't quite handling disabled ciphers correctly.

Reviewed

Fix the cipher_overhead_test

Now that libssl no longer has any OPENSSL_NO_ALG guards the internal
cipher_overhead_test wasn't quite handling disabled ciphers correctly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg

We should no longer be relying on compile time checks in libssl for
the availability of crypto algorithms. The availabilit

Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg

We should no longer be relying on compile time checks in libssl for
the availability of crypto algorithms. The availability of crypto
algorithms should be determined at runtime based on what providers have
been loaded.

Fixes #13616

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Remove OPENSSL_NO_EC guards from libssl

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

Make sure we don't use sigalgs that are not available

We may have compiled in sigalg values that we can't support at runtime.
Make sure we only use sigalgs that are actually enabled.

Make sure we don't use sigalgs that are not available

We may have compiled in sigalg values that we can't support at runtime.
Make sure we only use sigalgs that are actually enabled.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Add the nist group names as aliases for the normal TLS group names

By recognising the nist group names directly we can avoid having to call
EC_curve_nist2nid in libssl, which is not avai

Add the nist group names as aliases for the normal TLS group names

By recognising the nist group names directly we can avoid having to call
EC_curve_nist2nid in libssl, which is not available in a no-ec build.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Remove compile time guard checking from ssl3_get_req_cert_type

With 3.0 we need to know whether algs are available at run time not
at compile time. Actually the code as written is suffic

Remove compile time guard checking from ssl3_get_req_cert_type

With 3.0 we need to know whether algs are available at run time not
at compile time. Actually the code as written is sufficient to do this,
so we can simply remove the guards.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Check for availability of ciphersuites at run time

In 1.1.1 and below we would check for the availability of certain
algorithms based on compile time guards. However with 3.0 this is no

Check for availability of ciphersuites at run time

In 1.1.1 and below we would check for the availability of certain
algorithms based on compile time guards. However with 3.0 this is no
longer sufficient. Some algorithms that are unavailable at compile time
may become available later if 3rd party providers are loaded. Similarly,
algorithms that exist in our built-in providers at compile time may not
be available at run time if those providers are not loaded.

Fixes #13184

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Stop disabling TLSv1.3 if ec and dh are disabled

Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provid

Stop disabling TLSv1.3 if ec and dh are disabled

Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provider.

Fixes #13767

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Make supported_groups code independent of EC and DH

The supported groups code was checking the OPENSSL_NO_EC and
OPENSSL_NO_DH guards in order to work, and the list of default groups was

Make supported_groups code independent of EC and DH

The supported groups code was checking the OPENSSL_NO_EC and
OPENSSL_NO_DH guards in order to work, and the list of default groups was
based on those guards. However we now need it to work even in a no-ec
and no-dh build, because new groups might be added from providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Ensure default supported groups works even with no-ec and no-dh

The default supported groups code was disabled in the event of a build
with no-ec and no-dh. However now that providers ca

Ensure default supported groups works even with no-ec and no-dh

The default supported groups code was disabled in the event of a build
with no-ec and no-dh. However now that providers can add there own
groups (which might not fit into either of these categories), this is
no longer appropriate.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Remove OPENSSL_NO_DH guards from libssl

This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged

Remove OPENSSL_NO_DH guards from libssl

This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged
in via providers it is no longer needed to disable DH at compile time in
libssl. Instead it should detect at runtime whether DH is available from
the loaded providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...

Makefile template: Allow separate generation of .pod.in -> .pod

We do this by adding the attribute 'pod' to all .pod.in -> .pod
generations, like this:

DEPEND[NAME.pod]{pod}

Makefile template: Allow separate generation of .pod.in -> .pod

We do this by adding the attribute 'pod' to all .pod.in -> .pod
generations, like this:

DEPEND[NAME.pod]{pod}=NAME.pod.in,

... and selecting out the target files for those dependencies into a
dedicated target 'build_generated_pods', which the 'doc-nits' and
'cmd-nits' make targets are made to depend on.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14067)

show more ...

DOCS: Remove the "global" dependency on writing .pod files from .pod.in

The dependency was made in such a way that .pod.in -> .pod generation
would always be done, no matter what. This

DOCS: Remove the "global" dependency on writing .pod files from .pod.in

The dependency was made in such a way that .pod.in -> .pod generation
would always be done, no matter what. This changes the procedure so
that the generation is made "on demand", i.e. when the resulting .pod
files are needed.

This turned out to be duplicated dependencies, as the .pod -> .pod.in
dependencies were already in place. Just removing the duplicate fixes
the situation.

'make build_all_generated' still works, for those who do want to have
all file generations performed. (as a reminder, this is suitable to
generate the files a fast system and then copy the result to a slower
system, or system where there's no perl)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14067)

show more ...

TEST: Add an algorithm ID tester for libcrypto vs provider

Providers produce algorithm IDs of their own, and we need to compare
them against the same thing produced by libcrypto's ASN.1

TEST: Add an algorithm ID tester for libcrypto vs provider

Providers produce algorithm IDs of their own, and we need to compare
them against the same thing produced by libcrypto's ASN.1 code and
with legacy keys.

This tester can compare algorithm IDs for signatures and for keys,
given certificates that hold such data.

To verify key algorithm IDs, only one certificate is necessary, and
its public key is used.

To verify certificate algorithm IDs, we need to launch the signature
operation that would verify a certificate against the public key of
its signing CA, so that test needs two files.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14049)

show more ...

EVP: use evp_pkey_copy_downgraded() in EVP_PKEY_copy_parameters()

We used evp_pkey_downgrade() on 'from', which permanently converts 'from'
to have a legacy internal key. Now that we ha

EVP: use evp_pkey_copy_downgraded() in EVP_PKEY_copy_parameters()

We used evp_pkey_downgrade() on 'from', which permanently converts 'from'
to have a legacy internal key. Now that we have evp_pkey_copy_downgraded(),
it's better to use that (and thereby restore the constness contract).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13341)

show more ...

dev/release.sh: Fix typo

tagley -> tagkey

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://git

dev/release.sh: Fix typo

tagley -> tagkey

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14061)

show more ...

Remove the old DEPRECATEDIN macros

They serve no purpose any more

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13461)

ERR: Rebuild all generated error headers and source files

This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from htt

ERR: Rebuild all generated error headers and source files

This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)

show more ...

ERR: clean away everything related to _F_ macros from util/mkerr.pl

Instead, we preserve all the pre-3.0 _F_ macros in the backward
compatibility headers include/openssl/cryptoerr_legacy

ERR: clean away everything related to _F_ macros from util/mkerr.pl

Instead, we preserve all the pre-3.0 _F_ macros in the backward
compatibility headers include/openssl/cryptoerr_legacy.h and
include/openssl/sslerr_legacy.h

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)

show more ...

RSA: properly generate algorithm identifier for RSA-PSS signatures

Fixes #13969

- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting

RSA: properly generate algorithm identifier for RSA-PSS signatures

Fixes #13969

- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
reflects the actual parameters set
- when generating keys do not override previously set parameters
with defaults
- tests added to the test_req recipe that should cover the PSS signature
handling

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)

show more ...

provider-signature.pod: Fix formatting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl

provider-signature.pod: Fix formatting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)

show more ...

Don't make pthreads mutexes recursive.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13

Don't make pthreads mutexes recursive.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13924)

show more ...

Switch to BIO_snprintf to avoid missing symbol problems on Windows

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://git

Switch to BIO_snprintf to avoid missing symbol problems on Windows

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14063)

show more ...

EVP: Adapt EVP_PKEY_{set1,get1}_encoded_public_key()

These functions are modified to use EVP_PKEY_set_octet_string_param()
and EVP_PKEY_get_octet_string_param() instead of evp_keymgmt_se

EVP: Adapt EVP_PKEY_{set1,get1}_encoded_public_key()

These functions are modified to use EVP_PKEY_set_octet_string_param()
and EVP_PKEY_get_octet_string_param() instead of evp_keymgmt_set_params()
and evp_keymgmt_get_params().
To accomplish this fully, EVP_PKEY_get_octet_string_param() is changed
slightly to populate |*out_sz| with the return size, even if getting
the params resulted in an error.

We also modify EVP_PKEY_get_utf8_string_param() to match
EVP_PKEY_get_octet_string_param()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14056)

show more ...