Commit Graph

35880 Commits

Author SHA1 Message Date
Pauli
12d14de641 test: add FIPS version check for EC cofactor derive tests
These were added in #25548 but didn't include a FIPS version check which
causes failures testing older FIPS providers against later versions.

Also change some skips to use TEST_skip.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25582)
2024-10-01 09:28:27 +10:00
slontis
2f362e99a1 Fix bugs in ECDH cofactor FIPS indicator.
The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FIPS indicator error being triggered.

Added a test for all possible combinations of a EVP_PKEY setting
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH and the derive context setting
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE.

This only affects the B & K curves (which have a cofactor that is not 1).

Bug reported by @abkarcher

Testing this properly, also detected a memory leak of privk when the
FIPS indicator error was triggered (in the case where mode = 0 and
use_cofactor was 1).

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25548)
2024-09-30 20:07:09 +02:00
Dimitri John Ledkov
fc68cf21b5 kdfs: implement key length check in X9.42
Similar to other KDFs, the input key should be 112 bits long.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25529)
2024-09-30 20:03:49 +02:00
Dimitri John Ledkov
3be6387588 docs: document options added in openssl-fipsinstall 3.4+
Document new command line options added in 3.4.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
2024-09-30 10:49:02 +01:00
Dimitri John Ledkov
9331a202fe docs: document options added in openssl-fipsinstall 3.2+
Document new command line options added in 3.2.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
2024-09-30 10:48:29 +01:00
Dimitri John Ledkov
1b52b24aa4 docs: document options added in openssl-fipsinstall 3.1+
Document new command line options added in 3.1.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
2024-09-30 10:46:28 +01:00
Dimitri John Ledkov
634d84324a docs: add HISTORY section to openssl-fipsinstall (3.0+)
Documents when the command was added.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
2024-09-30 10:45:28 +01:00
Pauli
c788f1c6be Add CHANGES entry
To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25536)
2024-09-30 17:58:23 +10:00
Pauli
0081964805 test: fix unit tests for fips CRNG tests
To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25536)
2024-09-30 17:58:09 +10:00
Pauli
d927eb2950 doc: fix typo in CRNG test documentation.
To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25536)
2024-09-30 17:57:18 +10:00
Dimitri John Ledkov
ed68623287 fips: Prohibit SHA1 in DH & ECDH exchange
See Section 5 Key Agreement Using Diffie-Hellman and MQV of
[NIST SP 800-131Ar2](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf).

Strengths less than 112bits is disallowed, thus eliminating SHA1.

Skip cms test case that requires use of SHA1 with X9.42 DH.

Rename ossl_fips_ind_digest_check to ossl_fips_ind_digest_exch_check

Add myself to Changes for fips indicator work

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25517)
2024-09-27 09:13:05 +02:00
Зишан Мирза
3ef1b7426b Check file name for not being NULL before opening it
Fixes #24416

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25458)
2024-09-26 20:35:26 +02:00
Зишан Мирза
4f899849ce Fix examples in EVP_PKEY_encapsulate/decapsulate documentation
Fixes #25448

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25450)
2024-09-26 10:29:57 +02:00
Зишан Мирза
ffc5a29608 Remove double engine reference in ossl_ec_key_dup()
Fixes #25260

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25453)
2024-09-26 10:26:19 +02:00
Shawn C
8ac42a5f41 Fix NULL ptr dereference on EC_POINT *point
Use non-usual params of pkcs11 module will trigger a null ptr deref bug. Fix it for #25493

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25496)
2024-09-26 10:04:30 +02:00
Neil Horman
c4ec708bd5 Rename list macros
The quic implementation defined a set of LIST_* macros for list
manipulation, which conflicts with the generally support BSD api found
in the queue.h system header.  While this isn't normally a problem, A
report arrived indicating that MacOSX appears to implicitly include
queue.h from another system header which causes definition conflicts.

As the openssl macros are internal only, it seems the most sensible
thing to do is place them in a well known namespace for our library to
avoid the conflict, so add an OSSL_ prefix to all our macros

Fixes #25516

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/25519)
2024-09-26 10:02:30 +02:00
Dr. David von Oheimb
91ec19e92e check-format.pl: do checks regarding statement/block after for() also on {OSSL_,}LIST_FOREACH{,_*}
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25535)
2024-09-24 22:19:12 +02:00
Pauli
260ecea0d4 ctr-drbg: always use the DF for OpenSSL's DRBGs
Force the use of the derivation function when creating OpenSSL's internal
DRBGs.

FIPS mandates the use of a derivation function, so 3.4 cannot be validated as
it stands which run counter to the indicator work that was included.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25511)

(cherry picked from commit 0ab796ef96)
2024-09-24 17:53:26 +02:00
JohnnySavages
9d71a6622b Check sk_X509_value result before dereference
issuer passed as second parameter to check_issued may result in
NULL dereference

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24760)
2024-09-24 17:40:26 +02:00
Vladimir Kotal
e7abc2118f document the format of DSA signature
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23762)
2024-09-23 22:37:03 +02:00
David von Oheimb
1ef3032eac 80-test_cmp_http.t: fix handling of IPv6 server host (localhost '::1')
Fixes 22467

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
2024-09-23 22:15:50 +02:00
David von Oheimb
ac91bd88d9 doc/man{1,3}: fix details on IPv6 host addresses and of whitespace in no_proxy
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
2024-09-23 22:15:50 +02:00
David von Oheimb
fe004a09ac OSSL_HTTP_adapt_proxy(): fix handling of escaped IPv6 host addresses and of whitespace in no_proxy
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
2024-09-23 22:15:50 +02:00
David von Oheimb
1c90d36ab1 OSSL_HTTP_open(): fix completion with default port for IPv6 host addresses
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
2024-09-23 22:15:49 +02:00
David von Oheimb
ec4b123a96 http_server.{c,h}: make clear that IPv4 or IPv6 is used by http_server_init()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
2024-09-23 22:15:49 +02:00
David von Oheimb
7ec5d5916b http_server.c: fix checks of error return code in http_server_init()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
2024-09-23 22:15:39 +02:00
David von Oheimb
907ddee3ea BIO_s_accept.pod: fix whitespace nits: '<=0' -> '<= 0'
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
2024-09-23 22:15:39 +02:00
Jakub Zelenka
7f62adaf2b Fix smime-type for AuthEnvelopedData
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25482)
2024-09-19 20:59:25 +02:00
Alex Shaindlin
f5a8f65b80 doc/man3/OSSL_PARAM.pod: Correct the type of data_type
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25486)
2024-09-19 20:53:41 +02:00
erbsland-dev
1299699a90 Clarify Tag Length Setting in OCB Mode
Fixes #8331: Updated the description for setting the tag length in OCB mode to remove the misleading “when encrypting” and “during encryption” phrasing. This change emphasizes that setting a custom tag length requires a call with NULL, applicable to both encryption and decryption contexts.

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25424)
2024-09-19 20:51:38 +02:00
Paul E. Murphy
daead12df0 Fix big-endian Power10 chacha20 implementation
Some of the BE specific permutes were incorrect. Fix them.

This passes all tests on a P10/ppc64 debian unstable host.

Fixes #25451

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25483)
2024-09-19 11:13:35 +02:00
Michael Baentsch
27f20a464b deactivate failing Cloudflare PQ interop tests
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25488)
2024-09-19 11:06:08 +02:00
Pauli
5ac48fd813 test: add unit tests for fips CRNG tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)
2024-09-19 08:44:14 +10:00
Pauli
39dc3c0f34 doc: document the health test EVP_RAND
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)
2024-09-19 08:44:14 +10:00
Pauli
6f20c6804e fips: continuous random bit generator tests
For FIPS 140-3 the continuous tests specified in SP 800-90B need to be
included on the output of any entropy source.

They are implemented here as a replacement for the primary DRBG in the FIPS
provider.  This results in a setup that looks like this:

               +-------------+
               |             |
               | Seed Source |
               |             |
               +------+------+
                      |
                      |
                      v
               +-------------+
               |             |
               |  CRNG Test  |
               |             |
               ++----------+-+
                |          |
                |          |
                v          v
    +--------------+     +--------------+
    |              |     |              |
    | Public DRBG  |     | Private DRBG |
    |              |     |              |
    +--------------+     +--------------+

An additional benefit, that of avoiding DRBG chains, is also gained.
The current standards do not permit the output of one DRBG to be used
as the input for a second (i.e. a chain).

This also leaves open the future possibility of incorporating a seed
source inside the FIPS boundary.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)
2024-09-19 08:44:14 +10:00
Pauli
59eaa8c4af rand: remove unused field in DRBG structure
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)
2024-09-19 08:43:58 +10:00
Pauli
ce27133708 Add failed entropy continuous test error
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)
2024-09-19 08:43:58 +10:00
Pauli
ff157ee2f0 drbg: Fix typo
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)
2024-09-19 08:43:58 +10:00
Matt Caswell
a57c6f8492 Don't restrict what EVP_PKEY_Q_keygen can be used for
The EVP_PKEY_Q_keygen function contains a list of algorithm type names
and fails if the requested name is not in the list. This prevents the use
of this function for externally supplied key type names.

We should just assume that any unrecognised key type name does not require
a parameter.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25468)
2024-09-17 16:25:44 +01:00
Orgad Shaneh
6288aa440c Build: Fix circular object deps with old GCC
When both -o and -MT are used, GCC 4.1 prints the object file twice in
the dependency file. e.g.:

foo.o foo.o: foo.c

If the file name is long, then the second occurrence moves to the next
line. e.g.:

ssl/statem/libssl-shlib-statem_dtls.o \
  ssl/statem/libssl-shlib-statem_dtls.o: ../ssl/statem/statem_dtls.c \

add-depends script scans one line at a time, so when the first line is
processed, the object file becomes a dependency itself.

Fix by removing -MT altogether.

This also fixes makedepend for nonstop platform.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25455)
2024-09-17 07:19:33 +02:00
Jonathan M. Wilbur
27abf142f6 feat: use ossl_serial_number_print in X509_print_ex
fixup: Remove trailing space previously added

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25428)
2024-09-16 23:40:16 +02:00
Jonathan M. Wilbur
c90451d89d feat: use ossl_serial_number_print in X509_print_ex
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25428)
2024-09-16 22:56:02 +02:00
Jonathan M. Wilbur
935f6e63c9 feat: add ossl_serial_number_print
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25428)
2024-09-16 22:56:02 +02:00
Jonathan M. Wilbur
4455c1a309 test: the roleSpecCertIdentifier X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25428)
2024-09-16 22:56:02 +02:00
Jonathan M. Wilbur
f4887d723e doc: support the roleSpecCertIdentifier X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25428)
2024-09-16 22:56:02 +02:00
Jonathan M. Wilbur
bda7b3edbb feat: support the roleSpecCertIdentifier X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25428)
2024-09-16 22:56:02 +02:00
Dmitry Belyavskiy
d81709316f EVP_get_default_properties - tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25434)
2024-09-16 08:15:52 +10:00
Dmitry Belyavskiy
ac645995c4 EVP_get_default_properties - make update
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25434)
2024-09-16 08:15:52 +10:00
Dmitry Belyavskiy
41b51bf6bc EVP_get_default_properties - documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25434)
2024-09-16 08:15:52 +10:00
Dmitry Belyavskiy
54fb2fd013 EVP_get_default_properties - implementation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25434)
2024-09-16 08:15:52 +10:00