FreeBSD also defines {make|swap|get|set}context for backward
compatibility, despite also exposing POSIX_VERSION 200809L
in FreeBSD 15-current.
Note: There's no fallback for POSIX_VERSION 200809 without
these routines, so maybe that should be a #error?
CLA: Trivial
Sponsored by: Netflix
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23885)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23875)
Fixes#23075
In OpenSSL 3.2 EVP_DigestSign and EVP_DigestVerify
were changed so that a flag is set once these functions
do a one-shot sign or verify operation. This PR updates the
documentation to match the behaviour.
Investigations showed that prior to 3.2 different key
type behaved differently if multiple calls were done.
By accident X25519 and X448 would produce the same signature,
but ECDSA and RSA remembered the digest state between calls,
so the signature was different when multiple calls were done.
Because of this undefined behaviour something needed to be done,
so keeping the 'only allow it to be called once' behaviour
seems a reasonable approach.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23834)
It is not present in other alert description strings.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23675)
Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly
cast them to size_t to avoid the integer overflow.
Fixes: 75d44c0452 ("Store digests as EVP_MD instead of a NID.")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23953)
GCC 13.1.0 were reporting a compilation warning with -O2/3 and
-Waggressive-loop-optimizations. GCC is raising an undefined behavior in the
while loop. Replace the while loop with a memset call at the top of the
function.
Fixes#21088
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23898)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24015)
According to NIST SP 800-131Ar2 section 8, the length of the
key-derivation key shall be at least 112 bits.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23833)
The handling of sig=NULL was broken in this function, but since it
is only used internally and was never called with sig=NULL, it is
better to return an error in that case.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23529)
The problem is, that it almost works to pass sig=NULL to the
ECDSA_sign, ECDSA_sign_ex and DSA_sign, to compute the necessary
space for the resulting signature.
But since the ECDSA signature is non-deterministic
(except when ECDSA_sign_setup/ECDSA_sign_ex are used)
the resulting length may be different when the API is called again.
This can easily cause random memory corruption.
Several internal APIs had the same issue, but since they are
never called with sig=NULL, it is better to make them return an
error in that case, instead of making the code more complex.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23529)
The syntax check of the -addext fails because the
X509V3_CTX is used to lookup the referenced section,
but the wrong configuration file is used, where only
a default section with all passed in -addext lines is available.
Thus it was not possible to use the subjectAltName=dirName:section
as an -addext parameter. Probably other extensions as well.
This change affects only the syntax check, the real extension
was already created with correct parameters.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23669)
Alter the check since 0 md size is an error.
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23940)
Add the check before cast from int to unsigned to avoid integer overflow since EVP_MD_get_size() may return negative numbers.
Fixes: 919ba00942 ("DANE support structures, constructructors and accessors")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23940)
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23919)
Alter the variable name to make it more meaningful.
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23942)
Replace the type of variables with int to avoid implicit cast when they are assigned by EVP_MD_get_size().
Moreover, add the checks to avoid integer overflow.
Fixes: 6612d87b89 ("Use the correct size for TLSv1.3 finished keys")
Fixes: 34574f193b ("Add support for TLS1.3 secret generation")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23942)
Add checks for the EVP_MD_get_size() to avoid unexpected negative numbers.
Fixes: b362ccab5c ("Security framework.")
Fixes: 0fe3db251a ("Use size of server key when selecting signature algorithm.")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23943)
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.
Fixes: 8bf3665196 ("Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23944)
I neglected to add locks to the calls to CRYPTO_atomic_add in these
test, which on newer compilers is fine, as atomic operations are
defined. However on older compilers the __ATOMIC_ACQ_REL definition is
missing causing these function to be implemented using an rwlock, which
when NULL causes the locks to fail.
Fix this my creating the lock and using them appropriately
Fixes#24000
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24001)
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.
Fixes: 8bf3665196 ("Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23945)
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.
Fixes: 6e624a6453 ("KMAC implementation using EVP_MAC")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23946)
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.
Fixes: 6f4b766315 ("PROV: add RSA signature implementation")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23949)
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.
Fixes: f3090fc710 ("Implement deterministic ECDSA sign (RFC6979)")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23950)
Add the check for the EVP_MD_CTX_get_size() to avoid integer overflow when it is implicitly casted from int to size_t in evp_pkey_ctx_store_cached_data().
The call path is do_PRF() -> EVP_PKEY_CTX_add1_tls1_prf_seed() -> evp_pkey_ctx_set1_octet_string() -> EVP_PKEY_CTX_ctrl() -> evp_pkey_ctx_store_cached_data().
Fixes: 16938284cf ("Add basic test for Cisco DTLS1_BAD_VER and record replay handling")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23952)
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23955)
Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overflow.
Fixes: fac8673b8a ("STORE: Add the possibility to search for specific information")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23955)
Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overflow.
Fixes: 9d04f83410 ("Add DSA digest length checks.")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23954)
Add the check for the return value of EVP_MD_CTX_get_size() to avoid invalid negative numbers.
Fixes: 786dd2c22c ("Add support for custom signature parameters")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23956)
Break the if statement up into 2 if statements to avoid call
EVP_MD_get_size() twice.
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23959)
Add the check for the return value of EVP_MD_CTX_get_size() to avoid invalid negative numbers.
Fixes: d0b79f8631 ("Add SM2 signature algorithm to default provider")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23959)
Though support for provider-based signature algorithms was added in
ee58915 this functionality did not work with the SignatureAlgorithms
configuration command. If SignatureAlgorithms is set then the provider
sigalgs are not used and instead it used the default value.
This PR adds a check against the provider-base sigalg list when parsing
the SignatureAlgorithms value.
Based-on-patch-by: Martin Schmatz <mrt@zurich.ibm.com>
Fixes#22761
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22779)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23965)
Add the check for the EVP_MD_get_size() to avoid invalid negative numbers.
Fixes: 17c63d1cca ("RSA PSS ASN1 signing method")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23973)
Stochastic failures in the RCU test on MACOSX are occuring. Due to beta
release, disabling this test on MACOSX until post 3.3 release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23967)
Printing content of an invalid test certificate causes application crash, because of NULL dereference:
user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: Segmentation fault (core dumped)
Added test cases for pkcs12 bad certificates
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23632)
Replace the type of "digest_size" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size().
Moreover, add the check for the "digest_size".
Fixes: 29ce1066bc ("Update the demos/README file because it is really old. New demos should provide best practice for API use. Add demonstration for computing a SHA3-512 digest - digest/EVP_MD_demo")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23924)
Replace the type of "digest_length" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size().
Otherwise, it may pass the following check and cause the integer overflow error when EVP_MD_get_size() returns negative numbers.
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23922)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23938)
