Commit Graph

32707 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
07626ea9e5 Avoid erroneous diagnostics in speed measuring
Fixes #20291

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20306)
2023-03-15 08:46:54 +11:00
Simo Sorce
3fc2b7d6b8 Add a flag so finalised contexts are not reused
The EVP layer should not rely on the underlying low level code to
handle catching incorrect reuse of contexts.
Add a flag to mark a context as finalised as needed and then catch and
immediately error on Update/Final operations if called improperly.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)
2023-03-15 08:42:59 +11:00
Simo Sorce
f3c0dd4f0c Add test for context duplication failure
This checks that the first operation successfully completes even if
context duplication fails. But follwing operations get errors as
if the context was finlised.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)
2023-03-15 08:42:56 +11:00
Simo Sorce
0fc00fc0e3 Do not fail if ctx dup does not succeed
If the ctx was *really* needed we'll probably fail later with an error
anyway, so no point in failing immediately.

Document that this behavior is dependent on the provider used to
implement the signature/verification.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)
2023-03-15 08:42:52 +11:00
Matt Caswell
dba97d4c71 Improve the performance of d2i_AutoPrivateKey and friends
Probe first to see if we have a PKCS8 file to improve decoder performance.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20416)
2023-03-15 08:39:25 +11:00
Tobias Nießen
fe52208c56 Document remaining obsolete SSL_OP_NETSCAPE_*_BUG
SSL_OP_NETSCAPE_CA_DN_BUG became obsolete in 3c33c6f6b1 and
support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG was removed by
7a4dadc3a6. The definitions are still listed under "OBSOLETE
OPTIONS retained for compatibility" in ssl.h.in, so this commit adds
them to the list of obsolete options in doc/man3.

Refs: https://github.com/nodejs/node/pull/46954

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20443)
2023-03-15 08:35:00 +11:00
ndossche
c09c202e9b Add missing assignment to EVP_get_digestbynid()
The assignment of the result of EVP_get_digestbynid() did not happen
which made the fallback not actually perform the fallback.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20447)
2023-03-15 08:33:41 +11:00
Dr. David von Oheimb
1caa4835eb doc/man3/X509_STORE_CTX_get_error.pod: make order consistent, add some missing entries
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20450)
2023-03-15 08:32:18 +11:00
afshinpir
6d45fd47f4 Segmentation fault in parent rng cleanup
CLA: trivial
When `cleanup_entropy()` is called to cleanup parent by calling
provided `OSSL_FUNC_rand_clear_seed_fn` method, incorrect random
context is passed to the method. So accessing that context creates
a segmentation fault. Parent context should be passed rather than
DRBG's own context.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20454)
2023-03-15 08:30:41 +11:00
afshinpir
a3207163ef Updated rsa_has() for correct validation
CLA: trivial
In RSA, `(n,e)` and `(n,d)` identify public key and private key.
Modulus `n` is the common part. So I updated `rsa_has()` to validate
these pairs correctly. `OSSL_KEYMGMT_SELECT_KEYPAIR` is common part
for both public and private key, so I changed it to check `n` of
RSA and for `OSSL_KEYMGMT_SELECT_PUBLIC_KEY`, `e` is checked. Before
this change, if `selection` was `OSSL_KEYMGMT_SELECT_PRIVATE_KEY` and
only `e` and `d` was in the RSA structure, the function returns 1
while it was incorrect.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20455)
2023-03-15 08:28:39 +11:00
Tomas Mraz
559e078d94 Fix size_t/int mismatch in cms_ec.c and rsa_sig.c
Fixes #20435

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20457)
2023-03-15 08:24:42 +11:00
Kornel Dulęba
27093ba733 aes/asm/bsaes-armv7.pl: Replace adrl with add
"adrl" is a pseudo-instruction used to calculate an address relative
to PC. It's not recognized by clang resulting in a compilation error.
I've stumbled upon it when trying to integrate the bsaes-armv7 assmebly
logic into FreeBSD kernel, which uses clang as it's default compiler.
Note that this affect the build only if BSAES_ASM_EXTENDED_KEY is
defined, which is not the default option in OpenSSL.

The solution here is to replace it with an add instruction.
This mimics what has already been done in !BSAES_ASM_EXTENDED_KEY logic.
Because of that I've marked this as trivial CLA.

CLA: trivial
Signed-off-by: Kornel Dulęba <mindal@semihalf.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20458)
2023-03-15 08:22:51 +11:00
zhangzhilei
6b08b786cc Remove duplicate code
since this code is also under GCM_HW_SET_KEY_CTR_FN macro

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20491)
2023-03-15 08:21:52 +11:00
Pauli
93b0a1ea61 Add missing copyright header
This file was only recently introduced and the missing header slipped through
the review process.

Fixes #20461

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20470)
2023-03-15 08:11:53 +11:00
Pauli
d90bd3468a doc: document that prediction resistance comes with a hidden cost
In the default setup, using prediction resistance cascades to a reseeding
of all DRBGs.  The cost for this will be excessive for highly threaded
applications.

Fixes #20414

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20452)
2023-03-15 08:09:17 +11:00
Dr. David von Oheimb
0e89b39619 apps/x509 etc.: allow private key input when public key is expected
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
2023-03-14 17:26:49 +01:00
Dr. David von Oheimb
b7cc2d2f29 test/smime-certs/{mksmime-certs.sh,ca.cnf}: simplify and speed up cert generation
Also remove inconsistent key usages from non-RSA certs.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
2023-03-14 17:26:49 +01:00
Dr. David von Oheimb
091fef4936 apps/{dsa,ec,rsa,pkey}.c: harmonize coding w.r.t. 'pubin' variable
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
2023-03-14 17:26:49 +01:00
Richard Levitte
5ec4f45ef5 Fix how util/wrap.pl is used in OpenSSL::Util::fixup_cmd()
The mechanism was pretty tentative and wasn't well tested for diverse
situations.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20415)
2023-03-08 12:29:22 +01:00
Richard Levitte
1939ee7f25 Fix util/wrap.pl.in for VMS usage
In the name of consistency, make sure that this same script is used
across more platforms, in this case VMS.  This removes the need for
util/local_shlib.com.in and util/unlocal_shlib.com.in, which were
under-used anyway.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20415)
2023-03-08 12:29:22 +01:00
Kurt Roeckx
9313694295 Run the punycode-test over the fuzz corpora during test.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20246)
2023-03-07 18:33:41 +01:00
Clemens Lang
451cb23c41 fips: Use salt >= 16 bytes in PBKDF2 selftest
NIST SP 800-132 [1] section 5.1 says "[t]he length of the
randomly-generated portion of the salt shall be at least
128 bits", which implies that the salt for PBKDF2 must be at least 16
bytes long (see also Appendix A.2.1).

The FIPS 140-3 IG [2] section 10.3.A requires that "the lengths and the
properties of the Password and Salt parameters, as well as the desired
length of the Master Key used in a CAST shall be among those supported
by the module in the approved mode."

As a consequence, the salt length in the self test must be at least 16
bytes long for FIPS 140-3 compliance. Switch the self test to use the
only test vector from RFC 6070 that uses salt that is long enough to
fulfil this requirement. Since RFC 6070 does not provide expected
results for PBKDF2 with HMAC-SHA256, use the output from [3], which was
generated with python cryptography, which was tested against the RFC
6070 vectors with HMAC-SHA1.

 [1]: https://doi.org/10.6028/NIST.SP.800-132
 [2]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf
 [3]: https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20429)
2023-03-07 18:28:54 +01:00
slontis
50ea5cdcb7 Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.
Fixes #19989

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20241)
2023-03-07 18:24:45 +01:00
Juergen Christ
de13699370 S390X: Accelerate keccak XOF
The keccak XOF used for KMAC can be simplified by using klmd.  This speeds up
XOF processing in cases where more than one result block is needed.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20431)
2023-03-07 18:21:51 +01:00
Richard Levitte
12c4e67675 test//bio_dgram_test.c: Skip test when BIO_bind() fails
This test isn't supposed to test BIO_bind() itself, so we can be a bit
sloppy and assume that it fails because the attempted binding is not
supported on the platform where this is run.  For example, BIO_bind()
fails when it's given an IPv6 address and the platform where this is
run doesn't support that address family.

In a case like this, it's sensible enough to simply skip the test when
BIO_bind() fails.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20449)
2023-03-07 15:24:54 +01:00
Richard Levitte
a8681703d4 bss_dgram.c: Use BIO_ADDR_sockaddr() and BIO_ADDR_sockaddr_size()
Especially, it's important to use BIO_ADDR_sockaddr_size() instead of
taking sizeof(addr), as BIO_ADDR is a union of several sockaddr variants
with different sizes, and some sendto() implementations are very picky
that the size is correct for the indicated sockaddr family.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20449)
2023-03-07 15:24:54 +01:00
Richard Levitte
ac57336cd2 DOCS: provider-keymgmt(7) - params for EVP_PKEY_get_default_digest_{name,nid}()
This describes them in detail in provider-keymgmt(7).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20430)
2023-03-07 07:54:04 +01:00
Tomas Mraz
bf762f9203 stream_frame_new(): Add missing allocation check
Reported by Marc Schönefeld.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)
2023-03-06 12:26:16 +01:00
Tomas Mraz
7fa216095a test_rstream_random(): Test adding final empty frame
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)
2023-03-06 12:26:16 +01:00
Tomas Mraz
330ce4a39b Test new ossl_quic_rstream API calls
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)
2023-03-06 12:26:16 +01:00
Tomas Mraz
2113ea584c Improve the QUIC_RSTREAM implementation
Add API calls to avoid copying data when reading
These are ossl_quic_rstream_get_record() and
ossl_quic_rstream_release_record().

Add side storage for the stream frame data.
When there are too many packets referenced by the
receiving stream the function ossl_quic_rstream_move_to_rbuf()
can be called to move the data to a ring buffer.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)
2023-03-06 12:26:16 +01:00
Richard Levitte
ac21c1780a VMS knows POSIX threads too!
include/internal/thread_arch.h didn't indicate this, now it does.

This also removes ossl_crypto_mem_barrier(), because we isn't used
anywhere, and doesn't build with compilers that don't support the GNU
extension __asm__.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20440)
2023-03-06 12:18:43 +01:00
Matt Caswell
52ce351a67 Improve the performance of EVP_PKCS82PKEY_ex
We can easily find out the keytype which should significantly improve
the performance of this function because we don't have to try every loaded
decoder.

Partial fix for #20399

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20412)
2023-03-06 10:53:31 +00:00
Matt Caswell
10836921e5 Test that there are no errors on the stack for rejected early data
If we reject early data then it is normal for decryption operations to
fail. We should ensure there are no spurious errors on the stack in that
case. This adds a test for that scenario.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20401)
2023-03-06 08:35:17 +11:00
Matt Caswell
79abf0dff9 Remove spurious error queue entries on early data
Early data decryption is expected to fail sometimes. If it does we should
not leave spurious error entries on the queue.

Fixes #20377

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20401)
2023-03-06 08:35:17 +11:00
Pauli
b1cd268c03 Fix cast.
Fixes #20424

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20425)
2023-03-06 08:19:13 +11:00
Todd Short
d108082377 Add "make help" option
Based on kubernetes controller Makefile help.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20407)
2023-03-06 08:00:58 +11:00
HansHoogerwerf
08a11ba204 Fix typo in base provider example code
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20411)
2023-03-03 10:34:01 +11:00
Tom Cosgrove
52a38144b0 Tidy up aarch64 feature detection code in armcap.c
Make the SIGILL-based code easier to read, and don't use it on Apple Silicon.

Also fix "error: 'HWCAP(2)_*' macro redefined" warnings on FreeBSD.

Fixes #20188

Change-Id: I5618bbe9444cc40cb5705c6ccbdc331c16bab794

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20305)
2023-03-03 10:28:17 +11:00
Pauli
dd573a2fc1 Coverity 1521557: Error handling issues
Check the return from DSA_set0_key and generate an error on failure.
Technically a false positive since the function always returns success.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20409)
2023-03-03 10:10:22 +11:00
Pauli
e8ca529feb Include supported branches in coveralls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20383)
2023-03-03 09:29:33 +11:00
dependabot[bot]
c4cb151b4d Bump coverallsapp/github-action from 1.2.3 to 1.2.4
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v1.2.3...v1.2.4)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20417)
2023-03-02 13:29:37 +01:00
dependabot[bot]
d0a3b9d1eb Bump coverallsapp/github-action from 1.1.3 to 1.2.3
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.1.3 to 1.2.3.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/1.1.3...v1.2.3)

---
updated-dependencies:
- dependency-name: coverallsapp/github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20405)
2023-03-01 20:36:14 +11:00
Hardik Shah
55aab29c1e Add fuzz test for v3name
v3name_fuzzer build modifications

create 99-test_fuzz_v3name_fuzzer.t

test corpus for cve-2023-0286

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20274)
2023-03-01 20:25:15 +11:00
slontis
1735531c8b Remove ossl_rsa_pss_params_30_set_maskgenalg().
This is an unused internal function. It should be added back
in if there is a need to set this value to something other than
NID_mgf1 (which is not likely).

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20321)
2023-03-01 20:04:10 +11:00
Pauli
977950bf38 Update AES documentation excluding AES SIV from the FIPS provider
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20386)
2023-03-01 18:35:01 +11:00
Pauli
c3f985cfd6 Remove AES SIV ciphers from the FIPS provider
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20386)
2023-03-01 18:35:01 +11:00
Pauli
a5ad015898 Don't do AES SIV tests with the FIPS provider
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20386)
2023-03-01 18:34:45 +11:00
Matt Caswell
2be5065b0a Ensure we use a non-zero time for tickets in early data
Our tests run so quickly that the ticket age is virtually zero. This may
not show up problems in the age calculations, so we artificially add some
age to the tickets in some runs.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20387)
2023-03-01 13:04:14 +11:00
Matt Caswell
0513a38364 Fix early_data age calculation
The ticket_age/age_add values use ms granualarity. We were incorrectly
treating them as seconds and so the ticket was always being rejected for
early data. We also clarify a comment which could have been the source of
the confusion.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20387)
2023-03-01 13:04:14 +11:00