Commit Graph

4186 Commits

Author SHA1 Message Date
FdaSilvaYY
23b795d34f apps: directly inclusion of "e_os.h when needed
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14344)
2024-09-05 17:02:51 +02:00
Tomas Mraz
7ed6de997f Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:35:49 +02:00
slontis
14c45338e9 EVP_MD_size() updates
For SHAKE algorithms we now return 0 from EVP_MD_size().
So all the places that check for < 0 needed to change to <= 0
(Otherwise the behaviour will be to digest nothing in most cases).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
2024-08-29 10:29:53 +02:00
slontis
976dd3581a Update code to use EVP_MD_xof()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
2024-08-29 10:29:53 +02:00
slontis
f6a296c386 Cleanups for FIPS options..
The options in fipsprov.c are now generated using macros with fips_indicator_params.inc.
This should keep the naming consistent.

Some FIPS related headers have moved to providers/fips/include so that
they can use fips_indicator_params.inc.
securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes
fipscommon.h.

fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than
using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used.
fips_names.h just uses aliases now for existing public names.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25162)
2024-08-28 14:46:16 +02:00
slontis
ea396c7024 Add FIPS KMAC key check
This adds a FIPS indicator for KMAC key size.
Note that 112 bits keys are still smaller than the
sizes required to reach 128 bits for KMAC128 and
256 bits for KMAC256

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
2024-08-21 15:34:58 +02:00
slontis
390f00a1e9 Add HMAC FIPS keysize check.
HMAC has been changed to use a FIPS indicator for its key check.

HKDF and Single Step use a salt rather than a key when using HMAC,
so we need a mechanism to bypass this check in HMAC.

A seperate 'internal' query table has been added to the FIPS provider
for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore
the key check. If a KDF requires the key check then it must do the
check itself. The normal MAC dipatch table is used if the user fetches
HMAC directly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
2024-08-21 15:34:40 +02:00
erbsland-dev
dc6993a625 Enhance s_client Output
Fixes #8123: Clarify cipher and protocol version display
- Added a new line “Protocol:” to display the protocol version separately after the cipher line.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24921)
2024-08-20 11:16:22 +02:00
Tomas Mraz
5111eacd50 speed.c: Return success with -testmode -async_jobs if not ASYNC_is_capable()
Fixes #25203

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25204)
2024-08-19 09:06:33 +02:00
Andrew Dinh
47645bf7c6 list_tls_signatures(): Avoid leak with zero length builtin_sigalgs
Fixes Coverity 1616307

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25219)
2024-08-17 17:32:17 -04:00
Pauli
c14003578a Revert "fipsinstall: add ed_no_verify_digested option"
This reverts commit 70b6d57fd9.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25192)
2024-08-16 11:34:24 +10:00
slontis
05681e0e3e Add FIPS Indicator for ECDH cofactor.
FIPS KAS requires use of ECC CDH.

The EC 'B' and 'K' curves have a cofactor that is not 1, and this
MUST be multiplied by the private key when deriving the shared secret.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25139)
2024-08-15 19:48:15 +02:00
Andreas Treichel
0813ffee2f apps/cms.c, apps/smime.c: Fix -crlfeol help messages
CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24434)
2024-08-15 19:45:20 +02:00
Bhaskar Metiya
1d2cbd9b5a apps/req.c: No warning reading from stdin if redirected
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25179)
2024-08-15 17:59:28 +02:00
Matt Caswell
096a54ee45 Don't compile in support for DSA speed testing if not needed
If there is no DSA support in the library we should not compile in support
for speed testing of DSA. We should skip it in much the same way that we
do for other algorithms.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
2024-08-14 18:22:10 +02:00
Matt Caswell
8e82304adb Fix a memory leak in the speed app
Make sure we free the ecdsa_key object after we have finished using it.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
2024-08-14 18:22:10 +02:00
Matt Caswell
9309b0b8c7 Add a test mode to the speed app
We add a testmode option to the speed app which simply runs 1 iteration of
any speed tests. If anything fails along the way the app returns an error
code.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
2024-08-14 18:21:28 +02:00
Dmitry Belyavskiy
12b2e5552b Support of en/decapsulation in the pkeyutl command
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25127)
2024-08-13 11:03:11 +02:00
Michael Baentsch
38a7183102 adds TLS signature algorithms list feature
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24821)
2024-08-13 11:48:54 +10:00
pohsingwu
f3c03be3ad Restrict salt length for RSA-PSS in the FIPS provider
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25115)
2024-08-13 09:55:36 +10:00
Pauli
d8783a1807 fipsinstall: use correct macro for no drbg trunc digest option
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25020)
2024-08-12 09:30:43 +10:00
Pauli
c613f080ca Add signature digest check option to fipsinstall
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25020)
2024-08-12 09:30:43 +10:00
Dmitry Belyavskiy
d7b659e185 Fix PBMAC1 MAC verification in FIPS mode
The check for fetchability PKCS12KDF doesn't make sense when we have a
different MAC mechanism

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25144)
2024-08-11 10:11:33 +02:00
Pauli
090247b2e2 fipsinstall: add kbkdf key check option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
2024-08-08 08:42:59 +10:00
Pauli
dd43e8a9ec fipsinstall: add option to disable RSA PKCS#1 version 1.5 padding
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)
2024-08-07 19:35:51 +02:00
FdaSilvaYY
2432a9da03 apps: add missing entry to tls extension label list
noticed by @sftcd

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24968)
2024-08-07 19:25:10 +02:00
Dmitry Belyavskiy
fe79159be0 Implementation of the RFC 9579, PBMAC1 in PKCS#12
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24577)
2024-08-07 10:00:16 +02:00
Pauli
70b6d57fd9 fipsinstall: add ed_no_verify_digested option
FIPS doesn't permit message hashes to be processed by thee algorithms.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25032)
2024-08-07 17:12:58 +10:00
pohsingwu
aa3830c3fc Add new configurable item pbkdf2-lower-bound-check
Since FIPS provider performs lower bound check by default from v3.0, the
default value for new configurable item will be one.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24120)
2024-08-05 09:57:23 +10:00
Marc Brooks
871c534d39 Free fetched digest in show_digests
Fixes #24892

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25046)
2024-08-01 11:31:43 +02:00
pohsingwu
1b838621c3 Restrict the length of key-derivation key used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)
2024-08-01 16:47:12 +10:00
Tomas Mraz
4fa9d1f40f Avoid leaking *ba_ret on reconnections
Also fixes Coverity 1604639
There is no point in checking ba_ret as it can never be NULL.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24931)
2024-07-31 11:23:16 +02:00
slontis
07e4d7f474 Add RSA Signature restrictions for X9.31 padding in the FIPS provider.
In FIPS 140-3, RSA Signing with X9.31 padding is not approved,
but verification is allowed for legacy purposes. An indicator has been added
for RSA signing with X9.31 padding.

A strict restriction on the size of the RSA modulus has been added
i.e. It must be 1024 + 256 * s (which is part of the ANSI X9.31 spec).

Added implementation comments to the X9.31 padding code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24021)
2024-07-29 10:16:30 +10:00
slontis
bc43158797 Add FIPS indicator support for Triple-DES encryption.
This leaves 3DES with the FIPS query "FIPS=yes", which allows
Triple-DES to be used for Decryption by default.

Disallow CMAC using Triple-DES in FIPS.
This does not use a FIPS indicator.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24960)
2024-07-26 14:26:49 +10:00
Pauli
00231a6ae9 fipsinstall: add no_short_mac option
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)
2024-07-26 10:08:43 +10:00
slontis
85caa417e0 Disable DSA signing in the FIPS provider.
This is a FIPS 140-3 requirement.
This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0,
OR OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK is set to 0 in the dsa signing context.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24799)
2024-07-26 09:24:04 +10:00
pohsingwu
6d47e819f2 Restrict digest algorithm used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
2024-07-24 13:16:08 +10:00
Dimitri Papadopoulos
aececda752 unnecessary whitespace before a quoted newline
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
2024-07-22 06:55:35 -04:00
Dimitri Papadopoulos
f83707dc6d open brace '{' following struct go on the same line
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
2024-07-22 06:55:35 -04:00
Dimitri Papadopoulos
962431d58b that open brace { should be on the previous line
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
2024-07-22 06:55:35 -04:00
Dimitri Papadopoulos
1cf2f8231e Remove trailing whitespace
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)
2024-07-22 06:55:35 -04:00
Neil Horman
50066236eb Fix coverity-1604661
Coverity called out an error in asn1parse_main, indicating that the
for(;;) loop which repeatedly reads from a bio and updates the length
value num, may overflow said value prior to exiting the loop.

We could probably call this a false positive, but on very large PEM
file, I suppose it could happen, so just add a check to ensure that num
doesn't go from a large positive to a large negative value inside the
loop

Fixes openssl/private#571

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24910)
2024-07-18 19:09:10 +02:00
Dr. David von Oheimb
29bbe7d008 {CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18916)
2024-07-17 16:34:53 +02:00
Neil Horman
a753547eef Fix coverity-1604665
Coverity issued an error in the opt_uintmax code, detecting a potential
overflow on a cast to ossl_intmax_t

Looks like it was just a typo, casting m from uintmax_t to ossl_intmax_t

Fix it by correcting the cast to be ossl_uintmax_t, as would be expected

Theres also some conditionals that seem like they should be removed, but
I'll save that for later, as there may be some corner cases in which
ossl_uintmax_t isn't equal in size to uintmax_t..maybe.

Fixes openssl/private#567

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24897)
2024-07-17 09:50:36 +02:00
Jiasheng Jiang
45cada1339 apps/rehash.c: Add the check for the EVP_MD_get_size()
Add the check for the return value of EVP_MD_get_size() to avoid invalid negative
numbers and then explicitly cast from int to size_t.

Add the check to prevent that EVP_MD_get_size() returns a value greater
than EVP_MAX_MD_SIZE.

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24802)
2024-07-10 18:23:44 +02:00
Dr. David von Oheimb
39424d9601 apps/req: avoid needless hint on using -help on duplicate extensions added via -addext
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
2024-07-10 16:19:06 +02:00
erbsland-dev
6f811d839f Replace and Deprecate TS_VERIFY_CTX Functions
Fixes #18854

Replace and deprecate the functions `TS_VERIFY_CTX_set_data`,
`TS_VERIFY_CTX_set_store`, `TS_VERIFY_CTX_set_certs`, `TS_VERIFY_CTX_set_imprint`
with new versions: `TS_VERIFY_CTX_set0_data`,
`TS_VERIFY_CTX_set0_store`, `TS_VERIFY_CTX_set0_certs` and `TS_VERIFY_CTX_set0_imprint`.

The previous functions had poorly documented memory handling, potentially
leading to memory leaks. The new functions improve memory management and provide
clearer usage.

Also, update existing code to use the new function calls instead of the deprecated
ones.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24701)
2024-07-10 09:39:53 +02:00
Neil Horman
bf74cf35cf Fixes for defaults code
Fix up some indenting, and ensure that the run_once routines don't get
defined if OSSL_WINCTX isn't defined to avoid compiler errors

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
290452f2bd Augment version.c to not display -w options on non-windows
Don't need the -w option on non-windows builds

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
917f37195a Allow OPENSSLDIR/ENGINESDIR/MODULESDIR to be NULL
To prevent inadvertent use of insecure directories, we need to be able
to detect and react when our new registry keys aren't set, which implies
allowing the values for the dynamic representations of
OPENSSLDIR/ENGINESDIR/MODULESDIR to return NULL.  This in turn requires
that we detect and handle NULL string in several call sites that
previously assumed they would never be NULL.  This commit fixes those up

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00