"Downgrade" provider-native keys to legacy where needed

Some sub-systems and openssl sub-commands do not yet deal cleanly with
purely provider-native EVP_PKEYs. We compensate that by "d

"Downgrade" provider-native keys to legacy where needed

Some sub-systems and openssl sub-commands do not yet deal cleanly with
purely provider-native EVP_PKEYs. We compensate that by "downgrading"
keys in select places, or ensure that the 'file:' scheme ENGINE loader
is activated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8()

EVP_PKEY2PKCS8() relies on the presence of an EVP_PKEY_ASN1_METHOD,
which requires "downgrading" the EVP_PKEY to have a legacy internal
k

EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8()

EVP_PKEY2PKCS8() relies on the presence of an EVP_PKEY_ASN1_METHOD,
which requires "downgrading" the EVP_PKEY to have a legacy internal
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders

We want to perform the same tests with a provider implementation, and
also make sure that an ENGINE imple

TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders

We want to perform the same tests with a provider implementation, and
also make sure that an ENGINE implementation works as advertised.

OSSL_STORE_open() / OSSL_STORE_open_wirh_libctx() work in such a way
that they look for internal / engine implementations first, and only
failing that, they will try to fetch a provider implementation. This
ensures that when we do specify an engine, it gets exceptional priority.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

STORE: Deprecate legacy / ENGINE functions

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

STORE: Add a built-in 'file:' storemgmt implementation (loader)

This replaces the older 'file:' loader that is now an engine.

It's still possible to use the older 'file:' loader by

STORE: Add a built-in 'file:' storemgmt implementation (loader)

This replaces the older 'file:' loader that is now an engine.

It's still possible to use the older 'file:' loader by explicitly
using the engine, and tests will remain for it as long as ENGINEs are
still supported (even through deprecated).

To support this storemgmt implementation, a few internal OSSL_DECODER
modifications are needed:

- An internal function that implements most of
OSSL_DECODER_CTX_new_by_EVP_PKEY(), but operates on an already
existing OSSL_DECODER_CTX instead of allocating a new one.
- Allow direct creation of a OSSL_DECODER from an OSSL_ALGORITHM.
It isn't attached to any provider, and is only used internally, to
simply catch any DER encoded object to be passed back to the
object callback with no further checking. This implementation
becomes the last resort decoder, when all "normal"
decodation attempts (i.e. those that are supposed to result
in an OpenSSL object of some sort) have failed.

Because file_store_attach() uses BIO_tell(), we must also support
BIO_ctrl() as a libcrypto upcall.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

STORE: Move the built-in 'file:' loader to become an engine module

From this point on, this engine must be specifically specified.

To replace the internal EMBEDDED hack with somethi

STORE: Move the built-in 'file:' loader to become an engine module

From this point on, this engine must be specifically specified.

To replace the internal EMBEDDED hack with something unique for the
new module, functions to create application specific OSSL_STORE_INFO
types were added.

Furthermore, the following function had to be exported:

ossl_do_blob_header()
ossl_do_PVK_header()
asn1_d2i_read_bio()

Finally, evp_pkcs82pkey_int() has become public under a new name,
EVP_PKCS82PKEY_with_libctx()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

OSSL_ENCODER / OSSL_DECODER post-rename cleanup

There are a few remaining spots where 'deser' wasn't changed to 'decoder'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged fr

OSSL_ENCODER / OSSL_DECODER post-rename cleanup

There are a few remaining spots where 'deser' wasn't changed to 'decoder'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

Ensure EVP_MAC_update() passes the length even if it is 0

We leave it up to the EVP_MAC implemenations what to do with an update
where the data length is 0. In the TLS HMAC implemenation

Ensure EVP_MAC_update() passes the length even if it is 0

We leave it up to the EVP_MAC implemenations what to do with an update
where the data length is 0. In the TLS HMAC implemenation this is still
signficant.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

show more ...

Convert ssl3_cbc_digest_record() to use EVP_MD_is_a()

Previously it used EVP_MD_type(), which doesn't work when called inside
the FIPs module.

Reviewed-by: Tomas Mraz <tmraz@fed

Convert ssl3_cbc_digest_record() to use EVP_MD_is_a()

Previously it used EVP_MD_type(), which doesn't work when called inside
the FIPs module.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

show more ...

Update the EVP_PKEY MAC documentation

Include more information about the new HMAC parameter. Also fill in some
missing documentation about the EVP_PKEY MAC bridge.

Reviewed-by:

Update the EVP_PKEY MAC documentation

Include more information about the new HMAC parameter. Also fill in some
missing documentation about the EVP_PKEY MAC bridge.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

show more ...

Enable PKEY MAC bridge signature algs to take ctx params

The underlying MAC implementations may take ctx params. Therefore we allow
the bridge to pass these through.

Reviewed-by

Enable PKEY MAC bridge signature algs to take ctx params

The underlying MAC implementations may take ctx params. Therefore we allow
the bridge to pass these through.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

show more ...

Make ssl3_cbc_digest_record() use the real data_size

Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.

Reviewed-by

Make ssl3_cbc_digest_record() use the real data_size

Previously we passed it the data plus mac size. Now we just pass it the
data size. We already know the mac size.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

show more ...

Start using the provider side TLS HMAC implementation

This commit just moves the TLS1 and above implementation to use the TLS
HMAC implementation in the providers.

Reviewed-by:

Start using the provider side TLS HMAC implementation

This commit just moves the TLS1 and above implementation to use the TLS
HMAC implementation in the providers.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

show more ...

Add an HMAC implementation that is TLS aware

The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable

Add an HMAC implementation that is TLS aware

The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable
amount of padding.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

show more ...

Avoid AIX compiler issue by making the macro argument names not match any substring

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Mer

Avoid AIX compiler issue by making the macro argument names not match any substring

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12767)

show more ...

Fix typo in FIPS_MODULE endif macro comment

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dal

Fix typo in FIPS_MODULE endif macro comment

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12755)

show more ...

Fix post-condition in algorithm_do_this

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Me

Fix post-condition in algorithm_do_this

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12760)

show more ...

Fix use of OPENSSL_realloc in provider

Fix OPENSSL_realloc failure case; `provider->operation_bits` memory
is lost when `OPENSSL_realloc()` returns NULL.

`operation_bits_sz` is

Fix use of OPENSSL_realloc in provider

Fix OPENSSL_realloc failure case; `provider->operation_bits` memory
is lost when `OPENSSL_realloc()` returns NULL.

`operation_bits_sz` is never set to the length of the allocated array.
This means that operation_bits is always reallocated in
`ossl_provider_set_operation_bit()`, possibly shrinking the array.
In addition, it means that the `memset()` always zeros out the
whole reallocated array, not just the new part. Also, because
`operation_bits_sz` is always zero, the value of `*result` in
`ossl_provider_test_operation_bit()` will always be zero.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12760)

show more ...

apps/cmp.c: Clean up loading of certificates and CRLs

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751)

Avoid uninitialised variable warning for jobs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail

Avoid uninitialised variable warning for jobs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12762)

show more ...

Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp

* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP ap

Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp

* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)

show more ...

also zero pad DHE public key in ClientKeyExchange message for interop

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://gi

also zero pad DHE public key in ClientKeyExchange message for interop

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12331)

show more ...

Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data.

While here, check for failure from RAND_bytes_ex as well.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data.

While here, check for failure from RAND_bytes_ex as well.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)

show more ...

Fix two issues with AES-CCM KTLS tests.

- Apply the cipher list to the server context as well as the client
context. The tests still worked for AES-GCM cipher suites as those
ar

Fix two issues with AES-CCM KTLS tests.

- Apply the cipher list to the server context as well as the client
context. The tests still worked for AES-GCM cipher suites as those
are in the default list of ciphers. AES-CCM cipher suites are not
in the default list and require the cipher list to be set.

- Use the correct cipher name for AES-CCM.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)

show more ...