Ensure the EVP_PKEY operation_cache is appropriately locked

The EVP_PKEY operation_cache caches references to provider side key
objects that have previously been exported for this EVP_PK

Ensure the EVP_PKEY operation_cache is appropriately locked

The EVP_PKEY operation_cache caches references to provider side key
objects that have previously been exported for this EVP_PKEY, and their
associated key managers. The cache may be updated from time to time as the
EVP_PKEY is exported to more providers. Since an EVP_PKEY may be shared by
multiple threads simultaneously we must be careful to ensure the cache
updates are locked.

Fixes #13818

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)

show more ...

Ensure access to FIPS_state and rate_limit is appropriately locked

These variables can be accessed concurrently from multiple threads so
we ensure that we properly lock them before read

Ensure access to FIPS_state and rate_limit is appropriately locked

These variables can be accessed concurrently from multiple threads so
we ensure that we properly lock them before read or write.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)

show more ...

Always ensure we hold ctx->lock when calling CRYPTO_get_ex_data()

Otherwise we can get data races.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/ope

Always ensure we hold ctx->lock when calling CRYPTO_get_ex_data()

Otherwise we can get data races.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)

show more ...

Avoid races by caching exported ciphers in the init function

TSAN was reporting a race of the exported ciphers cache that we create in
the default and fips providers. This was because we

Avoid races by caching exported ciphers in the init function

TSAN was reporting a race of the exported ciphers cache that we create in
the default and fips providers. This was because we cached it in the query
function rather than the init function, so this would cause a race if multiple
threads queried at the same time. In practice it probably wouldn't make much
difference since different threads should come up with the same answer.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)

show more ...

Refactor RAND_get0_primary() locking

Make sure we never read or write to dgbl->primary outside of a lock.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.

Refactor RAND_get0_primary() locking

Make sure we never read or write to dgbl->primary outside of a lock.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)

show more ...

Add a multi-thread test for shared EVP_PKEYs

EVP_PKEYs may be shared across mutliple threads. For example this is
common for users of libssl who provide a single EVP_PKEY private key for

Add a multi-thread test for shared EVP_PKEYs

EVP_PKEYs may be shared across mutliple threads. For example this is
common for users of libssl who provide a single EVP_PKEY private key for
an SSL_CTX, which is then shared between multiple threads for each SSL
object.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)

show more ...

Deprecate X509_certificate_type

Fixes: #13997

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://g

Deprecate X509_certificate_type

Fixes: #13997

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14002)

show more ...

Add some PKIX-RPKI objects

References:

RFC6482 - A Profile for Route Origin Authorizations (ROAs)
RFC6484 - Certificate Policy (CP) for the RPKI
RFC6493 - The RPKI Ghostbust

Add some PKIX-RPKI objects

References:

RFC6482 - A Profile for Route Origin Authorizations (ROAs)
RFC6484 - Certificate Policy (CP) for the RPKI
RFC6493 - The RPKI Ghostbusters Record
RFC8182 - The RPKI Repository Delta Protocol (RRDP)
RFC8360 - RPKI Validation Reconsidered
draft-ietf-sidrops-rpki-rta - A profile for RTAs

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13948)

show more ...

OSSL_HTTP_REQ_CTX.pod and OSSL_HTTP_transfer.pod: various improvements

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)

Constify OSSL_HTTP_REQ_CTX_get0_mem_bio()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)

HTTP: add more error detection to low-level API

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)

HTTP: Fix mistakes and unclarities on maxline and max_resp_len params

Also rename internal structure fields iobuf(len) to readbuf(len) for clarity

Reviewed-by: Paul Dale <pauli@open

HTTP: Fix mistakes and unclarities on maxline and max_resp_len params

Also rename internal structure fields iobuf(len) to readbuf(len) for clarity

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)

show more ...

Fix not backwards-compat X509_http_nbio() and X509_CRL_http_nbio()

Provides partial fix of #13127.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/ope

Fix not backwards-compat X509_http_nbio() and X509_CRL_http_nbio()

Provides partial fix of #13127.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)

show more ...

OSSL_HTTP_REQ_CTX_nbio(): Revert to having state var that keeps req len still to send

Otherwise, sending goes wrong in case BIO_write(rctx->wbio, ...) is incomplete at first.

Fixes

OSSL_HTTP_REQ_CTX_nbio(): Revert to having state var that keeps req len still to send

Otherwise, sending goes wrong in case BIO_write(rctx->wbio, ...) is incomplete at first.

Fixes #13938

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13960)

show more ...

PROV: Add SM2 encoders and decoders, as well as support functionality

The EC KEYMGMT implementation handled SM2 as well, except what's
needed to support decoding: loading functions for b

PROV: Add SM2 encoders and decoders, as well as support functionality

The EC KEYMGMT implementation handled SM2 as well, except what's
needed to support decoding: loading functions for both EC and SM2 that
checks for the presence or absence of the SM2 curve the same way as
the EC / SM2 import functions.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14028)

show more ...

Fix some odd names in our provider source code

ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions
ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions
sm2_as

Fix some odd names in our provider source code

ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions
ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions
sm2_asym_cipher_functions -> ossl_sm2_asym_cipher_functions
sm2_keymgmt_functions -> ossl_sm2_keymgmt_functions
sm2_signature_functions -> ossl_sm2_signature_functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14028)

show more ...

Test that EC keys without a public key in them work as expected

We create EC keys via both the "fromdata" and legacy key routes to make
sure that they can be used without a public key.

Test that EC keys without a public key in them work as expected

We create EC keys via both the "fromdata" and legacy key routes to make
sure that they can be used without a public key.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13922)

show more ...

Ensure EC keys with a private key but without a public key can be created

In 1.1.1 and earlier it was possible to create EC_KEYs that did not have
the public key in it. We need to ensure

Ensure EC keys with a private key but without a public key can be created

In 1.1.1 and earlier it was possible to create EC_KEYs that did not have
the public key in it. We need to ensure that this continues to work in 3.0.

Fixes #12612

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13922)

show more ...

rsa_kmgmt: Return OSSL_PKEY_PARAM_DEFAULT_DIGEST for unrestricted PSS keys

Add a testcase to the test_req covering the issue.

Fixes #13957

Reviewed-by: Richard Levitte <lev

rsa_kmgmt: Return OSSL_PKEY_PARAM_DEFAULT_DIGEST for unrestricted PSS keys

Add a testcase to the test_req covering the issue.

Fixes #13957

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13967)

show more ...

EVP: fix keygen for EVP_PKEY_RSA_PSS

This commit attempts to fix the an issue when generating a key of type
EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will
return

EVP: fix keygen for EVP_PKEY_RSA_PSS

This commit attempts to fix the an issue when generating a key of type
EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will
return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds
EVP_PKEY_RSA_PSS to also be accepted.

The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a
function and it is now called in legacy_ctrl_to_param.

Fixes #12384

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13099)

show more ...

Remove superfluous EVP_KDF_CTRL_ defines.

These defines were never used and not needed.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Richard Levitte <

Remove superfluous EVP_KDF_CTRL_ defines.

These defines were never used and not needed.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)

show more ...

Fix parameter types in sshkdf

Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
res

Fix parameter types in sshkdf

Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)

show more ...

Fix cipher reinit on s390x if no key is specified

If key==null on EVP_CipherInit_ex, the init functions for the hardware
implementation is not called. The s390x implementation of OFB an

Fix cipher reinit on s390x if no key is specified

If key==null on EVP_CipherInit_ex, the init functions for the hardware
implementation is not called. The s390x implementation of OFB and CFB mode
used the init function to copy the IV into the hardware causing test failures
on cipher reinit. Fix this by moving the copy operation into the cipher
operation.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13984)

show more ...

check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS

This is an upstream fix for #13931

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fro

check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key verify RSA-PSS

This is an upstream fix for #13931

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)

show more ...

Fix rsa_pss_asn1_meth to refert to rsa_sig_info_set

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13968)