Commit Graph

32733 Commits

Author SHA1 Message Date
Tomas Mraz
6821acbffd Add sanity test for OSSL_sleep()
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20533)
2023-03-18 20:00:57 +01:00
Tomas Mraz
bea92b8c3d sleep.c: Limit the sleep time instead of sleeping for days or even years
As the sleep() call is interruptible, it is not even a good idea to call
it in a loop if the caller uses some ridiculously large value as an
infinity just waiting for an interrupt.

Fixes #20524

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20533)
2023-03-18 19:04:58 +01:00
Richard Levitte
46ce0854db providers/implementations/kdfs/argon2.c: Include openssl/e_os2.h instead of stdint.h
<stdint.h> may not exist with pre-C99 compilers.  <openssl/e_os2.h> deals
with that, so include it instead.

Similarly, include "internal/numbers.h" rather than <limits.h>, to deal
with things that may be lacking in the latter.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20537)
2023-03-17 16:56:11 +01:00
Tomas Mraz
e5dd732749 rsaz-*k-avx512.pl: fix wrong name of avx512 flag variable
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20519)

(cherry picked from commit d4765408c7)
2023-03-17 11:25:29 +01:00
Tomas Mraz
2dbddfab08 aes-gcm-avx512.pl: Fix the clang version detection on Apple Oses
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20519)

(cherry picked from commit 110dac5783)
2023-03-17 11:25:25 +01:00
Čestmír Kalina
6dfa998f7e providers: add Argon2 KDF
https://datatracker.ietf.org/doc/rfc9106/

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)
2023-03-17 11:12:47 +11:00
Čestmír Kalina
0e200d2a19 e_os2: add ossl_static_assert_type_eq
Add a gcc-only static assertion that a variable is of a specified type.

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)
2023-03-17 11:12:47 +11:00
Čestmír Kalina
232dd87c55 proverr: add PROV_R_{INVALID_MEMORY_SIZE,INVALID_THREAD_POOL_SIZE}
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)
2023-03-17 11:12:47 +11:00
Čestmír Kalina
ae1792e3d9 evp_test: add thread support
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)
2023-03-17 11:12:47 +11:00
Čestmír Kalina
786b9a8d3f providers: add XOF support to blake2b
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)
2023-03-17 11:12:45 +11:00
Čestmír Kalina
c8ebdd6a85 evp_test: add digest xoflen support
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12256)
2023-03-17 11:11:27 +11:00
Pauli
c879f8ac56 Fix copyright disclaimer.
The mention of the GPL shouldn't have been there.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20517)
2023-03-16 10:17:58 +01:00
Christoph Müllner
f3fed0d5fc riscv: GCM: Implement GHASH()
RISC-V currently only offers a GMULT() callback for accelerated
processing. Let's implement the missing piece to have GHASH()
available as well. Like GMULT(), we provide a variant for
systems with the Zbkb extension (including brev8).

The integration follows the existing pattern for GMULT()
in RISC-V. We keep the C implementation as we need to decide
if we can call an optimized routine at run-time.
The C implementation is the fall-back in case we don't have
any extensions available that can be used to accelerate
the calculation.

Tested with all combinations of possible extensions
on QEMU (limiting the available instructions accordingly).
No regressions observed.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)
2023-03-16 13:12:19 +11:00
Christoph Müllner
b24684369b riscv: GCM: Simplify GCM calculation
The existing GCM calculation provides some potential
for further optimizations. Let's use the demo code
from the RISC-V cryptography extension groups
(https://github.com/riscv/riscv-crypto), which represents
the extension architect's intended use of the clmul instruction.

The GCM calculation depends on bit and byte reversal.
Therefore, we use the corresponding instructions to do that
(if available at run-time).

The resulting computation becomes quite compact and passes
all tests.

Note, that a side-effect of this change is a reduced register
usage in .gmult(), which opens the door for an efficient .ghash()
implementation.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)
2023-03-16 13:12:19 +11:00
Christoph Müllner
75623ed8d0 riscv: GCM: Use riscv.pm
A recent commit introduced a Perl module for common code.
This patch changes the GCM code to use this module, removes duplicated code,
and moves the instruction encoding functions into the module.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)
2023-03-16 13:12:19 +11:00
Christoph Müllner
ac97cd6005 riscv.pm: Add improved error messages to read_reg code
On systems where Devel::StackTrace is available, we can use this module
to create more usable error messages. Further, don't print error
messages in case of official register aliases, but simply accept them.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)
2023-03-16 13:12:19 +11:00
Christoph Müllner
c8a641c39f riscv: aes: Move reusable Perl code into Perl module
Move helper functions and instruction encoding functions
into a riscv.pm Perl module to avoid pointless code duplication.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)
2023-03-16 13:12:19 +11:00
Christoph Müllner
86c69fe841 riscv: Clean up extension test macros
In RISC-V we have multiple extensions, that can be
used to accelerate processing.
The known extensions are defined in riscv_arch.def.
From that file test functions of the following
form are generated: RISCV_HAS_$ext().

In recent commits new ways to define the availability
of these test macros have been defined. E.g.:
  #define RV32I_ZKND_ZKNE_CAPABLE   \
          (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE())
  [...]
  #define RV64I_ZKND_ZKNE_CAPABLE   \
          (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE())

This leaves us with two different APIs to test capabilities.
Further, creating the same macros for RV32 and RV64 results
in duplicated code (see example above).

This inconsistent situation makes it hard to integrate
further code. So let's clean this up with the following steps:
* Replace RV32I_* and RV64I_* macros by RICSV_HAS_* macros
* Move all test macros into riscv_arch.h
* Use "AND" and "OR" to combine tests with more than one extension
* Rename include files for accelerated processing (remove extension
  postfix).

We end up with compile time tests for RV32/RV64 and run-time tests
for available extensions. Adding new routines (e.g. for vector crypto
instructions) should be straightforward.

Testing showed no regressions.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)
2023-03-16 13:12:19 +11:00
Andy Bernard
04af51c276 Fix documented function return types
The documented return type of the (incorrectly named; see below) OSSL_FUNC_decoder_export_object function signature is wrong; the correct type is int, due to the following line in core_dispatch.h:
OSSL_CORE_MAKE_FUNC(int, decoder_export_object,

Fixes #19543

Per the Github conversation with levitte and t8m for pull request #19964, the following issues are not addressed by this patch:

The macro OSSL_CORE_MAKE_FUNC in core_dispatch.h generates a function, and a corresponding function signature typedef with name ending in "_fn". The typedefed signature is unrelated to the signature of the function.
However, provider-decoder.pod describes typedefed signatures generated by the macro, but uses the names of the functions (lacking "_fn") instead of the typedefed signatures, which is a mismatch.

Also, the documented claim about OSSL_FUNC_decoder_export_object, etc that "None of these are actual functions" is contradicted by the fact that the code actually calls those functions, and calls them specifically by those names. E.g. in decoder_meth.c:
decoder->export_object = OSSL_FUNC_decoder_export_object(fns);

The functions are generated by OSSL_CORE_MAKE_FUNC.

The paragraph "None of these are actual functions"... should be replaced by something more like "These function signatures, generated by the OSSL_CORE_MAKE_FUNC macro, are for functions that are offered via function pointers in OSSL_DISPATCH arrays."

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19964)
2023-03-16 11:56:15 +11:00
zhangzhilei
738d43634a enable VPSM4_EX_CAPABLE for sm4_gcm
type     16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
before:
SM4-GCM  71134.38k    81512.39k    83432.11k    83808.60k    85183.15k    86199.57k
after:
SM4-GCM  30656.22k   108801.82k   196005.97k   198715.73k   199349.59k   199387.82k

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20498)
2023-03-15 12:59:04 +01:00
Pauli
b36e677f8f Coverity 1521490: resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20504)
2023-03-15 19:58:07 +11:00
Pauli
67bfdfa17b demo: Fix makefile target
The makefile target was incorrect and wouldn't build the rsa_encrypt demo.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20503)
2023-03-15 13:58:01 +11:00
klaus triendl
4a3b626660 Added a short description of VC-WIN*-HYBRIDCRT to Windows notes
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20081)
2023-03-15 08:49:40 +11:00
klaus triendl
18891efdf4 Added 'hybrid CRT' targets for the Windows platform
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20081)
2023-03-15 08:49:40 +11:00
slontis
9191dfb0ef Fix PKCS12_newpass() to work with PBES2.
Fixes #19092

The code looks like it was written to work with PBES1.
As it had no tests, this would of then broken when PBES2
was introduced at a later point.

Also added libctx and propq support.

This affects the shroudedkeybag object.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20134)
2023-03-15 08:49:03 +11:00
slontis
513b20a982 Add Tests for RSA signatures using X931 padding.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20211)
2023-03-15 08:48:21 +11:00
Dmitry Belyavskiy
07626ea9e5 Avoid erroneous diagnostics in speed measuring
Fixes #20291

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20306)
2023-03-15 08:46:54 +11:00
Simo Sorce
3fc2b7d6b8 Add a flag so finalised contexts are not reused
The EVP layer should not rely on the underlying low level code to
handle catching incorrect reuse of contexts.
Add a flag to mark a context as finalised as needed and then catch and
immediately error on Update/Final operations if called improperly.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)
2023-03-15 08:42:59 +11:00
Simo Sorce
f3c0dd4f0c Add test for context duplication failure
This checks that the first operation successfully completes even if
context duplication fails. But follwing operations get errors as
if the context was finlised.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)
2023-03-15 08:42:56 +11:00
Simo Sorce
0fc00fc0e3 Do not fail if ctx dup does not succeed
If the ctx was *really* needed we'll probably fail later with an error
anyway, so no point in failing immediately.

Document that this behavior is dependent on the provider used to
implement the signature/verification.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)
2023-03-15 08:42:52 +11:00
Matt Caswell
dba97d4c71 Improve the performance of d2i_AutoPrivateKey and friends
Probe first to see if we have a PKCS8 file to improve decoder performance.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20416)
2023-03-15 08:39:25 +11:00
Tobias Nießen
fe52208c56 Document remaining obsolete SSL_OP_NETSCAPE_*_BUG
SSL_OP_NETSCAPE_CA_DN_BUG became obsolete in 3c33c6f6b1 and
support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG was removed by
7a4dadc3a6. The definitions are still listed under "OBSOLETE
OPTIONS retained for compatibility" in ssl.h.in, so this commit adds
them to the list of obsolete options in doc/man3.

Refs: https://github.com/nodejs/node/pull/46954

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20443)
2023-03-15 08:35:00 +11:00
ndossche
c09c202e9b Add missing assignment to EVP_get_digestbynid()
The assignment of the result of EVP_get_digestbynid() did not happen
which made the fallback not actually perform the fallback.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20447)
2023-03-15 08:33:41 +11:00
Dr. David von Oheimb
1caa4835eb doc/man3/X509_STORE_CTX_get_error.pod: make order consistent, add some missing entries
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20450)
2023-03-15 08:32:18 +11:00
afshinpir
6d45fd47f4 Segmentation fault in parent rng cleanup
CLA: trivial
When `cleanup_entropy()` is called to cleanup parent by calling
provided `OSSL_FUNC_rand_clear_seed_fn` method, incorrect random
context is passed to the method. So accessing that context creates
a segmentation fault. Parent context should be passed rather than
DRBG's own context.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20454)
2023-03-15 08:30:41 +11:00
afshinpir
a3207163ef Updated rsa_has() for correct validation
CLA: trivial
In RSA, `(n,e)` and `(n,d)` identify public key and private key.
Modulus `n` is the common part. So I updated `rsa_has()` to validate
these pairs correctly. `OSSL_KEYMGMT_SELECT_KEYPAIR` is common part
for both public and private key, so I changed it to check `n` of
RSA and for `OSSL_KEYMGMT_SELECT_PUBLIC_KEY`, `e` is checked. Before
this change, if `selection` was `OSSL_KEYMGMT_SELECT_PRIVATE_KEY` and
only `e` and `d` was in the RSA structure, the function returns 1
while it was incorrect.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20455)
2023-03-15 08:28:39 +11:00
Tomas Mraz
559e078d94 Fix size_t/int mismatch in cms_ec.c and rsa_sig.c
Fixes #20435

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20457)
2023-03-15 08:24:42 +11:00
Kornel Dulęba
27093ba733 aes/asm/bsaes-armv7.pl: Replace adrl with add
"adrl" is a pseudo-instruction used to calculate an address relative
to PC. It's not recognized by clang resulting in a compilation error.
I've stumbled upon it when trying to integrate the bsaes-armv7 assmebly
logic into FreeBSD kernel, which uses clang as it's default compiler.
Note that this affect the build only if BSAES_ASM_EXTENDED_KEY is
defined, which is not the default option in OpenSSL.

The solution here is to replace it with an add instruction.
This mimics what has already been done in !BSAES_ASM_EXTENDED_KEY logic.
Because of that I've marked this as trivial CLA.

CLA: trivial
Signed-off-by: Kornel Dulęba <mindal@semihalf.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20458)
2023-03-15 08:22:51 +11:00
zhangzhilei
6b08b786cc Remove duplicate code
since this code is also under GCM_HW_SET_KEY_CTR_FN macro

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20491)
2023-03-15 08:21:52 +11:00
Pauli
93b0a1ea61 Add missing copyright header
This file was only recently introduced and the missing header slipped through
the review process.

Fixes #20461

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20470)
2023-03-15 08:11:53 +11:00
Pauli
d90bd3468a doc: document that prediction resistance comes with a hidden cost
In the default setup, using prediction resistance cascades to a reseeding
of all DRBGs.  The cost for this will be excessive for highly threaded
applications.

Fixes #20414

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20452)
2023-03-15 08:09:17 +11:00
Dr. David von Oheimb
0e89b39619 apps/x509 etc.: allow private key input when public key is expected
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
2023-03-14 17:26:49 +01:00
Dr. David von Oheimb
b7cc2d2f29 test/smime-certs/{mksmime-certs.sh,ca.cnf}: simplify and speed up cert generation
Also remove inconsistent key usages from non-RSA certs.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
2023-03-14 17:26:49 +01:00
Dr. David von Oheimb
091fef4936 apps/{dsa,ec,rsa,pkey}.c: harmonize coding w.r.t. 'pubin' variable
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
2023-03-14 17:26:49 +01:00
Richard Levitte
5ec4f45ef5 Fix how util/wrap.pl is used in OpenSSL::Util::fixup_cmd()
The mechanism was pretty tentative and wasn't well tested for diverse
situations.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20415)
2023-03-08 12:29:22 +01:00
Richard Levitte
1939ee7f25 Fix util/wrap.pl.in for VMS usage
In the name of consistency, make sure that this same script is used
across more platforms, in this case VMS.  This removes the need for
util/local_shlib.com.in and util/unlocal_shlib.com.in, which were
under-used anyway.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20415)
2023-03-08 12:29:22 +01:00
Kurt Roeckx
9313694295 Run the punycode-test over the fuzz corpora during test.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20246)
2023-03-07 18:33:41 +01:00
Clemens Lang
451cb23c41 fips: Use salt >= 16 bytes in PBKDF2 selftest
NIST SP 800-132 [1] section 5.1 says "[t]he length of the
randomly-generated portion of the salt shall be at least
128 bits", which implies that the salt for PBKDF2 must be at least 16
bytes long (see also Appendix A.2.1).

The FIPS 140-3 IG [2] section 10.3.A requires that "the lengths and the
properties of the Password and Salt parameters, as well as the desired
length of the Master Key used in a CAST shall be among those supported
by the module in the approved mode."

As a consequence, the salt length in the self test must be at least 16
bytes long for FIPS 140-3 compliance. Switch the self test to use the
only test vector from RFC 6070 that uses salt that is long enough to
fulfil this requirement. Since RFC 6070 does not provide expected
results for PBKDF2 with HMAC-SHA256, use the output from [3], which was
generated with python cryptography, which was tested against the RFC
6070 vectors with HMAC-SHA1.

 [1]: https://doi.org/10.6028/NIST.SP.800-132
 [2]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf
 [3]: https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20429)
2023-03-07 18:28:54 +01:00
slontis
50ea5cdcb7 Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.
Fixes #19989

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20241)
2023-03-07 18:24:45 +01:00
Juergen Christ
de13699370 S390X: Accelerate keccak XOF
The keccak XOF used for KMAC can be simplified by using klmd.  This speeds up
XOF processing in cases where more than one result block is needed.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20431)
2023-03-07 18:21:51 +01:00