Commit Graph

36103 Commits

Author SHA1 Message Date
Mohammed Alhabib
604411f886 speed.c: Changed the declaration of aead_ivlen to a #define
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26109)
2024-12-10 10:36:16 +01:00
Tomas Mraz
5fce85ec52 Exchange jitter and no-ct jobs between daily and on push CI
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26112)
2024-12-06 15:36:57 +01:00
Tomas Mraz
6bba373ec3 jitter_generate(): Properly mix in the additional input
By adding the additional input directly to the pool
we were using just the additional input.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26112)
2024-12-06 15:36:57 +01:00
willmafh
c8bee68185 A typo fix in a comment
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26095)
2024-12-06 15:31:35 +01:00
willmafh
282c405818 Add spaces to make macros more clear
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26095)
2024-12-06 15:28:09 +01:00
willmafh
2e407ea5c6 Code & comments changes to make them in consistent
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26095)
2024-12-06 15:27:51 +01:00
willmafh
df6a69a850 one more empty line for code style consistency
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26095)
2024-12-06 15:27:51 +01:00
willmafh
8a74ed5619 Change all one's complement to ones' complement for consistency
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26095)
2024-12-06 15:26:36 +01:00
willmafh
a1f07a0049 BN_secure_new function indentation correction
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26095)
2024-12-06 15:26:36 +01:00
willmafh
c77d9fcf8e Delete redundant parentheses for code consistency
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26095)
2024-12-06 15:26:27 +01:00
willmafh
764a876b64 Delete a redundant break
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26095)
2024-12-06 15:25:47 +01:00
Neil Horman
f7c4d4519c Run interop tests on feature/quic-server branch
We currently run interop tests as a client only from the master branch.
While we are developing quic-server it would be beneficial to also get
interop test results from the quic-server branch run as both a client
and a server, until such time as the feature branch is merged.  Add
building and running of a container in the test harness to our CI set

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26090)
2024-12-03 15:04:38 +01:00
jsondevers
4d41cc9103 Add handling for additional input in jitter rng
Fixes #25917

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25966)
2024-12-03 11:49:33 +01:00
Joachim Vandersmissen
04812ed1de fips: zeroization of ECX public keys
Commit fa338aa7cd added zeroization of public security parameters as
required by ISO 19790:2012/Cor.1:2015 7.9. However, that commit
overlooked ECX keys, which are used for EdDSA and X25519/X448.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25807)
2024-12-03 10:37:14 +01:00
Kyle Evans
3d090579e3 providers: stop probing for getentropy(3) on recent FreeBSD
FreeBSD has supported both getrandom(2) and getentropy(3) since 12.0.
The last version which did *not* have these went EoL in September 2021.
Use getrandom(2) unconditionally and fallback to sysctl kern.arandom if
we do happen to have a FreeBSD that old.

This is generally a necessary step for FreeBSD's _FORTIFY_SOURCE
implementation, which needs to do some symbol renaming tricks with the
getentropy declaration that would otherwise add some platform-specific
hacks here to accommodate.  getentropy(3) uses getrandom(2) internally
on FreeBSD, so we just cut out the middleman.

While we're here, it doesn't seem to make sense to ever prefer the
sysctl on FreeBSD or NetBSD.  For both platforms, it's limited to 256
bytes in a single request while getrandom(2) will generally use the same
backend but service the entire request in one shot, even for larger
amounts of entropy, modulo the EINTR possibility that presents itself
with larger requests.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24903)
2024-12-03 10:35:49 +01:00
Tomas Mraz
85f17585b0 fips-label.yml: Fix ABI change label removal
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26080)
2024-12-02 10:30:23 +01:00
Tomas Mraz
f2348f1f84 Avoid NULL dereference with PKCS7_OP_SET_DETACHED_SIGNATURE
We would dereference p7->d.sign pointer which can be NULL.

Reported by Han Zheng.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26078)
2024-12-02 09:44:58 +01:00
Michael Baentsch
4a4505cc64 Document version-specific utility of EVP_PKEY_Q_keygen
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26040)
2024-11-29 19:06:13 +01:00
Frederik Wedel-Heinen
54332adf29 Minor nit fix to EVP_CipherFinal_ex() return code documentation.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25849)
2024-11-29 19:03:16 +01:00
Holger Dengler
f4550fb5b5 Fix memleak in dsa_gen()
Free the stack return value `dsa` on each early exit.

Fixes #25905

Signed-off-by: Holger Dengler <dengler@linux.ibm.com>

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25948)
2024-11-29 19:01:01 +01:00
slontis
79c98fc6cc Fix EVP_PKEY_print_private() so that it works with non default providers.
At some point in time it was decided that the EC keymanagers ec_export()
function would only allow the selection to be both the public + private
parts. If just the private element is selected it returns an error.
Many openssl commandline apps use EVP_PKEY_print_private() which passes
EVP_PKEY_PRIVATE_KEY to the encoder. This selection propagates to
encoder_construct_pkey(). For external providers (such as the fips
provider this will call the keymanagers export() with the selection set
to just the private part.

So we either need to
1) change the selection in EVP_PKEY_print_private() or
2) modify the selection used in the export used in
   encoder_construct_pkey
3) Change the ec_export to allow this.

I have chosen 2) but I am not sure if this is the correct thing to do
or whether it should conditionally do this when the output_type ==
'text'.

Issue was reported by Ilia Okomin (Oracle).

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26004)
2024-11-29 17:11:23 +01:00
Alexandr Nedvedicky
578760bb6a die() in .tmpl file should not be silently ignored.
call to die() in perl templates is currently ignored.
any error printed by die() commad appears in template
output.

In order to make sure die() terminates processing we
must ensure we emite `undef` value. This is ensured
by adding a `BROKEN` callback to `fill_in()` Template
method. The callback must return undef to stop processing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26064)
2024-11-29 17:07:40 +01:00
Bartel Artem
fdded23b44 apps/passwd.c: Convert a redundant check to assert
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26053)
2024-11-29 14:33:30 +01:00
Neil Horman
4c04a19860 Fix solaris build in CRYPTO_atomic_store api
Misnamed variable, just correct it to dst

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26075)
2024-11-29 12:08:10 +01:00
sftcd
740668f0b5 Use static array (length 256) for copy of OPENSSL_MALLOC_FAILURES
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26039)
2024-11-28 17:01:28 +01:00
Tomas Mraz
0bba821881 Deprecate all BIO_meth_get_*() functions
Their use by applications is inherently unsafe.
Fixes #26047

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26056)
2024-11-28 16:48:43 +01:00
Niels Dossche
a64d26ac02 Use sk_X509_ATTRIBUTE_deep_copy() to copy attribute stacks in pk7_doit.c
Clean up the code by using the dedicated stack copy function.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25713)
2024-11-28 15:27:08 +01:00
Pauli
ce4b244415 ci: add daily runcheckers to exercise the -DOPENSSL_PEDANTIC_ZEROIZATION option
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
2024-11-28 15:13:35 +01:00
Pauli
01cfee2cdf fips: change integrity check zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
2024-11-28 15:13:35 +01:00
Pauli
8d09e61be6 pbkdf2: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
2024-11-28 15:13:35 +01:00
Pauli
db1d8c90d5 hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
2024-11-28 15:13:35 +01:00
Pauli
e73c1faa53 rsa: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
2024-11-28 15:13:35 +01:00
Pauli
de22c10b97 ffc: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
2024-11-28 15:13:35 +01:00
Pauli
f471061721 ec: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
2024-11-28 15:13:35 +01:00
willmafh
0b05db0e20 A typo fix in a comment
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26069)
2024-11-28 15:05:02 +01:00
David Benjamin
847a23757f Document expected BIO operations for libssl
If your custom BIO does not implement BIO_CTRL_FLUSH, it won't work, but
this is not document anywhere.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26060)
2024-11-27 13:02:56 +01:00
Richard Levitte
5dbcfbff16 Upgrade action/{upload,download}-artifact to v4
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25920)
2024-11-27 11:31:35 +01:00
Dimitri John Ledkov
b9886a6f34 fips-jitter: set provider into error state upon CRNG permanent failures
With fips-jitter build time option, jitter can be inside FIPS
boundary.

Calls to jent_read_entropy() can return permanent failures for
Repetitive Count Test (RTC), Adaptive Proportion Test (APT), LAG
prediction test.

Ensure the module enters error state upon permanent jitter failures.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25957)
2024-11-25 15:20:55 +01:00
Niels Dossche
98be2e8fb6 Fix potential memory leak on failure of ecx_gen_init()
When ecx_gen_set_params() returns 0, it could have duplicated the memory
for the parameter OSSL_KDF_PARAM_PROPERTIES already in gctx->propq,
leading to a memory leak.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26015)
2024-11-25 15:18:26 +01:00
Niels Dossche
d7e8f6f781 Fix potential memory leak on failure of dsa_gen_init()
When dsa_gen_set_params()  returns 0, it could have duplicated the memory for the parameter
OSSL_PKEY_PARAM_FFC_DIGEST already in gctx->mdname, leading to a memory leak.

Allocated here: 47a80fd203/providers/implementations/keymgmt/dsa_kmgmt.c (L524)
Can return 0 here: 47a80fd203/providers/implementations/keymgmt/dsa_kmgmt.c (L529-L536)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26016)
2024-11-25 15:11:08 +01:00
Tom Cosgrove
ea5817854c Enable AES and SHA3 optimisations on Apple Silicon M4-based macOS systems
AES gets a performance enhancement of 7-33%.

Tested on an M4 Pro, but the CPU cores are the same on M4 and M4 Max.

Change-Id: I634c03f1d2b50fa5f8ca97dd65975e49d970c72b

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/25940)
2024-11-22 14:56:04 +01:00
Dimitri John Ledkov
635bf4946a fips: remove redundant RSA encrypt/decrypt KAT
FIPS 140-2 IG D.9 has become FIPS 140-3 D.G (see "Mapping FIPS 140-2
IGs to FIPS 140-3" in the FIPS 140-3 IG).

The requirements w.r.t. RSA KATs have now been relaxed, meaning that
existing full-message RSA signature verification (which is performed
separately) is sufficient to meet KAT requirements for all RSA
usecases (KEM/Encrypt/Decrypt/Sign/Verify).

Dropping this KAT is very useful, because it is large/expensive on
module startup, but also because it enables in the future to block RSA
Encrypt/Decrypt operations with paddings other than OAEP, which are
legacy or deprecated by either current or draft algorithm transition
SP.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25988)
2024-11-22 14:26:01 +01:00
Dimitri John Ledkov
5946465a87 fips: zeroize temporary self-check out MD variable
At least this is done on module startup only.

To satisfy ISO/IEC 19790:2012/Cor.1:2015(E) Section 7.5 [05.10]
requirement.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25945)
2024-11-22 14:24:59 +01:00
Dmitry Belyavskiy
69d0d93954 .gitignore: Ignoring demo executables
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26009)
2024-11-22 14:23:10 +01:00
Peiwei Hu
7b08f2566b Remove the negative return values of EVP_KDF_* functions in documents
None of the EVP_KDF_* functions will ever return a negative value.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22 12:11:34 +01:00
Peiwei Hu
8baf61d51b Fix wrong return value checks for some functions
- in particular in use of X509_LOOKUP_load_file, EVP_PKEY_print_params,
EVP_PKEY_keygen, X509_CRL_add1_ext_i2d, EVP_PKEY_keygen_init

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22 12:10:26 +01:00
Peiwei Hu
b2b995ec2d Fix multiple wrong use of BN_check_prime
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22 12:09:38 +01:00
Peiwei Hu
1273fae170 Fix multiple wrong checks of EVP_PKEY_set1_encoded_public_key
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22 12:09:38 +01:00
Peiwei Hu
1a93be1eab apps/lib/apps.c: fix the wrong check in check_cert_attributes
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22 12:09:38 +01:00
Kai Pastor
e131868678 Mark OPENSSL_armcap_P .hidden in arm asm
Fixes #25601
Fixes #22414

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22181)
2024-11-22 11:22:00 +01:00