Commit Graph

112 Commits

Author SHA1 Message Date
Tomas Mraz 7ed6de997f Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:35:49 +02:00
Jamie Cui 25bd0c77bf Fix decoder error on SM2 private key
Added sm2 testcases to endecode_test.c.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25266)
2024-08-29 15:28:27 +02:00
sashan 6dacee485f RSA decoder should check also sanity of p, q, e, d ... with respect to n
This issue has been discovered by osss-fuzzer [1]. The test function decodes
RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which
proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long
exceeding timeout (45secs).

The idea is to fix OSSL_DECODER_from_data() code path so invalid
RSA keys will be refused.

[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134

Test case generated by the fuzzer is added.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25190)
2024-08-28 16:50:46 +02:00
Richard Levitte b646179229 Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
2024-04-09 13:43:26 +02:00
Richard Levitte 1d490694df Fix the encoding of SM2 keys
OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).

Such keys should be encoded as ECC keys.

Fixes #22184

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
2024-01-12 11:07:39 +01:00
Richard Levitte 1296c2ec78 Restore the meaning of EVP_PKEY_print_private()
With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD
function "priv_print", effectively asking the backend to print whatever it
regards as private key components.

In all backends that were built into libcrypto, this function printed what
was included in the private key structure, which usually includes the
public key components as well.

With OpenSSL 3.0, some of the corresponding key2text encoders got a
slightly different behavior, where the presence of the selector
OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector
OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be
regarded as private key components printed.  This isn't entirely consistent,
though, as the RSA key2text encoder will still print the public key
components regardless.

To compensate for the changed backend behavior, EVP_PKEY_print_private()
was made to ask the encoder to print the keypair rather than just the
private key, thereby moving the backend semantics to the application API.
Unfortunately, this causes confusion for providers where the key2text
encoder really should print the private key only.

This change restores the built-in 1.1.1 backend behavior in the encoders
that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its
documented behavior, leaving it to the backend to decide what it regards as
"private key components".

Fixes #22233

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22237)
2023-10-04 08:10:55 +02:00
Bernd Edlinger 46def829af Fix a memleak in prepare_rsa_params
This affects only RSA-PSS keys with params using
negative salt legth, or in case of out of memory.
This fixes a memory leak reported in #22049.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22061)
2023-09-13 07:46:46 +02:00
Matt Caswell da1c088f59 Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 09:59:15 +01:00
slontis 39ed7636e0 Fix decoders so that they use the passed in propq.
Fixes #21198

decoder objects were setting propq as NULL.
Added a set_ctx/settable_ctx to all decoders that should supply
a property query parameter to internal functions.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21219)
2023-08-16 18:02:51 +02:00
Tomas Mraz 2acb0d363c When exporting/importing decoded keys do not use 0 as selection
When decoding 0 as the selection means to decode anything
you get.

However when exporting and then importing the key data 0 as
selection is not meaningful.
So we set it to OSSL_KEYMGMT_SELECT_ALL to make the export/import
function export/import everything that we have decoded.

Fixes #21493

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21519)
2023-08-04 10:09:44 -04:00
Matt Caswell 6207f2b657 Don't add the msblob/pvk decoders if they're not suitable
msblob only decodes public/private keys (not just params).
pvk only decodes private keys.

If the requested selection doesn't intersect with the above then don't
consider those decoders.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)
2023-08-01 20:08:28 +02:00
Dimitri Papadopoulos eb4129e12c Fix typos found by codespell
Typos in doc/man* will be fixed in a different commit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20910)
2023-06-15 10:11:46 +10:00
Yi Li 4032cd9a14 configure: introduce no-ecx to remove ECX related feature
This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)
2023-06-14 13:06:22 +10:00
Irak Rigia 1e6bd31e58 Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays
Fixes #20710

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20745)
2023-04-21 16:19:11 +02:00
Tomas Mraz 604247bf75 Do not create DSA keys without parameters by decoder
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2023-02-07 17:05:10 +01:00
FdaSilvaYY f2a6f83862 Cleanup : directly include of `internal/nelem.h` when required.
And so clean a few useless includes

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19721)
2022-11-23 18:08:25 +01:00
Richard Levitte e077455e9e Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
2022-10-05 14:02:03 +02:00
K1 08ae9fa627 Support decode SM2 parameters
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18819)
2022-08-23 11:08:11 +10:00
Tomas Mraz ff54094cb9 dh_to_text: Print the dh->length if set
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
2022-07-18 08:06:17 +01:00
Tomas Mraz 4fa5ed5ce5 Check return value of ossl_parse_property()
Also check if we have d2i_public_key() function pointer.

Fixes https://github.com/openssl/openssl/pull/18355#issuecomment-1144893289

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18462)
2022-06-06 09:44:53 +02:00
Matt Caswell fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Zhou Qingyang 4dd085c03a Add the missing check of BN_bn2hex return value
CLA: trivial

Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17578)
2022-01-28 15:06:23 +01:00
Dr. David von Oheimb da198adb9c OSSL_STORE: Prevent spurious error during loading private keys
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)
2022-01-06 09:12:57 +01:00
Dimitris Apostolou e304aa87b3 Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
2022-01-05 12:37:20 +01:00
x2018 352a0bcaab Check the return value of ossl_bio_new_from_core_bio()
There are missing checks of its return value in 8 different spots.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17154)
2022-01-03 12:00:01 +01:00
Tomas Mraz c22b659213 key_to_type_specific_pem_bio_cb: Use passphrase callback from the arguments
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
2021-12-06 16:38:03 +01:00
Tomas Mraz 28257d6057 PVK decoder: prompt for PVK passphrase and not PEM
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
2021-12-06 16:38:03 +01:00
Tomas Mraz baa88d9d17 Fix pvk encoder to properly query for the passphrase
The passphrase callback data was not properly initialized.

Fixes #17054

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
2021-12-06 16:38:03 +01:00
PW Hu 2349d7ba57 Fix the return check of OBJ_obj2txt
Also update OBJ_nid2obj.pod to document the possible return values.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17005)
2021-11-22 11:17:48 +01:00
Richard Levitte 2d49519210 Fix DER encoder implementations for output structures "EC" and "SM2"
These DER encoder implementations are supposed to be aliases for the
"type-specific" output structure, but were made different in so far
that they would output a "type specific" public key, which turns out
to be garbage (it called i2o_ECPublicKey()).  The "type-specific"
output structure doesn't support that, and shouldn't.

Fixes #16977

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16983)

(cherry picked from commit 2cb802e16f)
2021-11-09 05:42:20 +01:00
x2018 1287dabd0b fix some code with obvious wrong coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16918)
2021-10-28 13:10:46 +10:00
Matt Caswell 6187d9eac2 Don't crash encoding a public key with no public key value
If asked to encode an EC_KEY public key, but no public key value is present
in the structure, we should fail rather than crash.

Fixes the crash seen here:
https://mta.openssl.org/pipermail/openssl-users/2021-October/014479.html

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16911)
2021-10-27 08:57:12 +10:00
Richard Levitte 0195cdd28f ENCODER PROV: Add encoders with EncryptedPrivateKeyInfo output
Since EncryptedPrivateKeyInfo is a recognised structure, it's
reasonable to think that someone might want to specify it.

To be noted is that if someone specifies the structure PrivateKeyInfo
but has also passed a passphrase callback, the result will still
become a EncryptedPrivateKeyInfo structure.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16466)
2021-09-05 21:34:51 +02:00
Richard Levitte 98408852c1 PEM to DER decoder: Specify object type and data structure more consistently
The data structure wasn't given for recognised certificates or CRLs.
It's better, though, to specify it for those objects as well, so they
can be used to filter what actually gets decoded, which will be
helpful for our OSSL_STORE 'file:' scheme implementation.

Fixes #16224

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16466)
2021-09-05 21:34:50 +02:00
Kelvin Lee 6ef8d2c69b Fix VS2019 compile error C4703: potentially uninitialized local pointer variable used.
encode_key2text.c(689): error C4703: potentially uninitialized local pointer variable 'modulus_label' used
encode_key2text.c(691): error C4703: potentially uninitialized local pointer variable 'exponent_label' used

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12845)
2021-08-06 09:24:23 +10:00
Richard Levitte 398f8fe1c4 DECODER & ENCODER: Make sure to pass around the original selection bits
When decoding a key and asking the keymgmt to import the key data, it
was told that the key data includes everything.  This may not be true,
since the user may have specified a different selection, and some
keymgmts may want to be informed.

Our key decoders' export function, on the other hand, didn't care
either, and simply export anything they could, regardless.

In both cases, the selection that was specified by the user is now
passed all the way.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
2021-06-29 13:50:51 +02:00
Richard Levitte 16561896ae PROV: Have our PEM->DER decoder only recognise our PEM names
This is to avoid creating confusion where other PEM decoder
implementations may know better what PEM names that are unknown to us
actually mean.

Fixes #15929

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15930)
2021-06-29 06:01:48 +02:00
Tomas Mraz 42fe3e8493 epki2pki_decode: passphrase callback failure is fatal error
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15878)
2021-06-24 15:26:56 +02:00
Matt Caswell 38fc02a708 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
2021-06-17 13:24:59 +01:00
Matt Caswell 8c7c1c84cb Add a generic SubjectPublicKeyInfo decoder
Previously all the SubjectPublicKeyInfo decoders were specific to a key
type. We would iterate over all them until a match was found for the correct
key type. Each one would fully decode the key before then testing whether
it was a match or not - throwing it away if not. This was very inefficient.

Instead we introduce a generic SubjectPublicKeyInfo decoder which figures
out what type of key is contained within it, before subsequently passing on
the data to a key type specific SubjectPublicKeyInfo decoder.

Fixes #15646

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15662)
2021-06-14 09:43:01 +01:00
Richard Levitte 6a2b8ff392 Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8
This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo",
which is sensible considering we already have "SubjectPublicKeyInfo".
We also add "EncryptedPrivateKeyInfo", and use it for a special decoder
that detects and decrypts an EncryptedPrivateKeyInfo structured DER
blob into a PrivateKeyInfo structured DER blob and passes that on to
the next decoder implementation.

The result of this change is that PKCS#8 decryption should only happen
once per decoding instead of once for every expected key type.
Furthermore, this new decoder implementation sets the data type to the
OID of the algorithmIdentifier field, thus reducing how many decoder
implementations are tentativaly run further down the call chain.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15498)
2021-06-09 17:00:10 +02:00
Richard Levitte 6a5f97a671 PROV: drop get_params() and gettable_params() from all encoder implementatio
They aren't needed at all any more, since the properties contain the
same information.

This also drops the parameter names OSSL_ENCODER_PARAM_OUTPUT_TYPE
and OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15570)
2021-06-05 20:30:47 +10:00
Richard Levitte 73c02a6201 ENCODER: Drop OSSL_ENCODER_PARAM_INPUT_TYPE
This was a poor substitute for using the name of the decoder implementation,
and since there is functionality to get the latter now, this parameter
can be dropped.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15570)
2021-06-05 20:30:47 +10:00
Richard Levitte 6462a4f050 PROV: drop get_params() and gettable_params() from all decoder implementations
They aren't needed at all any more, since the properties contain the
same information.

This also drops the parameter names OSSL_DECODER_PARAM_INPUT_TYPE
and OSSL_DECODER_PARAM_INPUT_STRUCTURE.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15570)
2021-06-05 20:30:35 +10:00
Pauli 0848b943a8 providers: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
2021-06-02 16:30:15 +10:00
Jon Spillett 5e2d22d53e Pass library context and property query into private key decoders
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
2021-06-01 12:16:27 +02:00
Jon Spillett e3c7595521 Fix up encoder/decoder issues caused by not passing a library context to the PKCS8 encrypt/decrypt
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
2021-06-01 12:16:27 +02:00
Jon Spillett 169eca602c Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
2021-06-01 12:16:27 +02:00
Tomas Mraz 202cbdd2fc A few cleanups of the provider build.infos
Remove a TODO that is no longer relevant and
drop some more non-fips sources from the fips checksums.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15191)
2021-05-12 13:23:33 +02:00
Daniel Bevenius 8be513ae46 Mark pop/clear error stack in der2key_decode_p8
This commit sets the error mark before calling d2i_X509_SIG
and clear it if that function call is successful.

The motivation for this is that if d2i_X509_SIG returns NULL then the
else clause will be entered and d2i_PKCS8_PRIV_KEY_INFO will be
called. If d2i_X509_SIG raised any errors those error will be on the
error stack when d2i_PKCS8_PRIV_KEY_INFO gets called, and even if it
returns successfully those errors will still be on the error stack.

We ran into this issue when upgrading Node.js to 3.0.0-alpha15.
More details can be found in the ref links below.

Refs: https://github.com/nodejs/node/issues/38373
Refs: https://github.com/danbev/learning-libcrypto/blob/master/notes/wrong-tag-issue2.md

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15067)
2021-05-09 11:31:52 -07:00