Commit Graph

35927 Commits

Author SHA1 Message Date
Dr. David von Oheimb
d1a0bbe658 test/recipes/tconversion.pl: add sub test_file_contains
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25559)
2024-10-09 11:10:04 +02:00
Pauli
47ebeb1c10 doc: add note about fips jitter option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
4bdbd830ac doc: add note about the configuration option for the jitter source.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
4c44603d55 TEMPORARY: run daily checks on PR
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
348c928d66 fips: fix locking issues
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
b448cc1ac4 test: add test for fips-jitter
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
ed524da19a add news and changes entries for the internal jitter source in FIPS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
fc5fb3c925 fips: mention the internal jitter source in the FIPS README
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
3a01d5d65b jitter: support an internal jitter entropy source in the FIPS provider
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
61f032cc7b Add configuration option to allow the FIPS provider to use the jitter source internally
Enabling this breaks FIPS compliance unless an entropy assessment and a revalidation
are undertaken.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
01ec59defd jitter: avoid a signed vs unsigned comparison
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Dimitri John Ledkov
6f08353a4b doc: EVP_KDF document the semantic meaning of output
Explicitely document what semantic meaning do various EVP_KDF
algorithms produce.

PBKDF2 produces cryptographic keys that are subject to cryptographic
security measures, for example as defined in NIST SP 800-132.

All other algorithms produce keying material, not subject to explicit
output length checks in any known standards.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25610)
2024-10-08 16:05:59 +02:00
Dmitry Belyavskiy
cdbe47bf3c Increase limit for CRL download
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25608)
2024-10-08 15:59:38 +02:00
Dmitry Belyavskiy
e647220c00 Documenting CRL download usage and restrictions
Fixes #25603

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25608)
2024-10-08 15:59:38 +02:00
Pauli
73e720c3a5 evp_libctx_test: fix provider compat CI regression
The regression was introduced by #25522.

Fixes #25632

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25633)
2024-10-08 09:28:32 +02:00
Niels Dossche
0a2a8d970f Fix potential memory leak in save_statusInfo()
If sk_ASN1_UTF8STRING_push() fails then the duplicated string will leak
memory. Add a ASN1_UTF8STRING_free() to fix this.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25604)
2024-10-07 17:58:12 +02:00
Niels Dossche
d8b7a6eae9 Fix potential memory leak in PKCS7_signatureVerify()
Fixes #25594

The code jumps to an error block when EVP_VerifyUpdate fails.
This error block does not free abuf.
In the success path the abuf memory is freed.
Move the free operation to the error block.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25596)
2024-10-07 17:55:13 +02:00
Olivier Chéron
80a31435e5 Test PBMAC1 with absent PBKDF2 PRF
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25568)
2024-10-07 17:51:54 +02:00
Olivier Chéron
f3652dff2f Handle PBMAC1 with absent PBKDF2 PRF
PRF in PBKDF2-params is optional and defaults to hmacWithSHA1.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25568)
2024-10-07 17:51:54 +02:00
Beat Bolli
0d6544cdf8 check-format-commit: call fewer unneeded processes
`wc` does not output a file name if the input is stdin.

`awk` reads its file argument; there's no need for `cat`.

`sort -u` outputs unique lines. It should be supported on all platforms,
as it's specified by POSIX.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25562)
2024-10-07 17:50:27 +02:00
Neil Horman
1c1223ff53 Add some documentation to describe the encap/decap requirements
Document the fact that we now require unwrappedlen/wrappedlen to be set
to the size of the unwrapped/wrapped buffers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25522)
2024-10-07 17:47:17 +02:00
Neil Horman
796b2caa9e Adjust tests to fetch the output len for EVP_PKEY_[en|de]cap
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25522)
2024-10-07 17:47:17 +02:00
Neil Horman
0f9516855e Update rsasve_recover to properly store outlen on success
Outlen was never validated in this function prior to use, nor is it set
to the decrypted value on sucess.  Add both of those operations

Fixes #25509

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25522)
2024-10-07 17:44:23 +02:00
Tomas Mraz
5bc13d5d8c cmp_vfy_test.c: Avoid NULL pointer dereference
Fixes Coverity 1619463

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25503)
2024-10-07 17:41:22 +02:00
Klaus Holst Jacobsen
445017152b Added check for __QNX__ define when using in_pktinfo.ipi_spec_dst
CLA: trivial

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24361)
2024-10-07 17:39:27 +02:00
lan1120
b69ca92a5e Drop the aid field of the signature prov ctx
Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23094)
2024-10-07 17:35:28 +02:00
Neil Horman
76c4f0e8ea Update test/quic-openssl-docker/run_endpoint.sh
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)
2024-10-04 17:42:49 +02:00
Neil Horman
a941f5d52e quic-interop: exlude multiplexing
The multiplexing test works on local runs, but
appears to be failing in CI, possibly due to some environmental
limitation (the test generates a large list of requests in an
environment variable), leading to not sending all the requests needed.
Disable the test for now, and look to re-enable it after release when we
can appropriately diagnose the problem

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)
2024-10-04 17:42:49 +02:00
Neil Horman
c8b050eef1 Update quic interop docker container for chacha20
Need to update the docker interop container to use the quic-hq-interop
client so that the right alpn is negotiated for chacha20 testing

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)
2024-10-04 17:42:49 +02:00
Neil Horman
5f43a3376b Add SSL_CIPHER_SUITES env variable to quic-hq-interop
To run the chacha20 test in interop we need to:
1) negotiate an hq-interop alpn
2) only use chacha 20

Item 1 requires the use of quic-hq-interop, the latter requires this
change

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)
2024-10-04 17:42:49 +02:00
slontis
ffa5465e54 Exclude EVP_DigestSign and EVP_DigestVerify related APIs from the FIPS
provider.

Revert changes to m_sigver.c related to #ifdef FIPS_MODULE and exclude
the file using build.info instead.

Also exclude these calls inside EVP_DigestUpdate() within the FIPS
provider since this API should only be used for self testing digests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25570)
2024-10-04 17:41:13 +02:00
slontis
349815b57f Fix rsa_sigalg_set_ctx_params() to return 1 for unknown parameters.
This keeps the code consistent with the changes done for other
algorithms that support sigalg_set_ctx_params().

set_ctx_params() should always return 1 if the parameter is unknown.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25570)
2024-10-04 17:41:13 +02:00
slontis
923baa12e1 Change FIPS self tests to use EVP_PKEY_sign/verify API.
Self tests no longer use the EVP_DigestSign/Verify API's.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25570)
2024-10-04 17:41:13 +02:00
Maks Mishin
4f48629c9d v3_ncons: Fix difference args names in nc_match_single function
The arguments of the `nc_match_single` function have different names
in the declaration and definition or are mixed up in places.

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25592)
2024-10-04 12:20:19 +02:00
Dr. David von Oheimb
a571425492 add test/recipes/15-test_pkey.t
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
c8359abb88 APPS/pkey: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
d5c4a8aecc APPS/pkcs8: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
421e8d7af8 APPS/ocsp: fix case where reqin and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
1dbb67c4f1 APPS/{ecparam,pkeyparam}: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
32189981a3 APPS/dsaparam: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
9ae1e6596f APPS/dhparam: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Tomas Mraz
93d1bb6dff os-zoo.yml: Disable stringop-overflow warning on alpine edge
fortify-headers are broken due to this warning.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25599)
2024-10-03 13:12:40 +02:00
Richard Levitte
27af422b1c Update fips-label.yml to make 'Cleanup artifact' conditional
If it's not conditional in the same manner as the other steps, it fails
because the artifacts aren't present => job failure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25584)
2024-10-03 13:06:38 +02:00
Dimitri John Ledkov
c262cc0c04 fips: add lots of potentially missing ossl_prov_is_running checks
After rudimentary analysis, it appears the below functions can
potentially produce output, whilst the provider is in error state.

These functions were detected using this method:

```
CFLAGS='-save-temps' ./Configure enable-fips --debug
make -j10
find . -name '*.i' | xargs git add -f
git grep --cached -p ossl_prov_is_running | grep libfips-lib > ossl_prov_is_running.txt
git grep --cached -p 'return' | grep  libfips-lib > return.txt
grep '\.i=' return.txt > func-with_return.txt
grep '\.i=' ossl_prov_is_running.txt > func-with-ossl_prov_is_running.txt
grep --fixed-strings --line-regexp --file=func-with-ossl_prov_is_running.txt return.txt > func-without-ossl_prov_is_running.txt
grep -e newctx -e initctx -e dupctx func-without-ossl_prov_is_running.txt  | grep -v ossl_prov_is_running
```

And from there doing manual inspection, as the list was short at that
point.

As in compile with keeping pre-processed source code; and use `git
grep --cached -p` to find these preprocessed files, and scan for calls
to return or opssl_prov_is_running, with function name printed. And
then exclude one from the other, to hopefully get a list of all the
functions that do not check for ossl_prov_is_running.

As number of functions without "func-without-ossl_prov_is_running"
check is large, I do wonder which other functions are "interesting" to
check for. I think I'm not scanning for _update functions
correctly. Any tips on improving above analysis will help with
maintaining such checks going forward.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25580)
2024-10-02 12:20:53 +02:00
Simo Sorce
5c91f70ba8 Use the correct length value for input salt
In this function the salt can be either a zero buffer of exactly mdlen
length, or an arbitrary salt of prevsecretlen length.
Although in practice OpenSSL will always pass in a salt of mdlen size
bytes in the current TLS 1.3 code, the openssl kdf command can pass in
arbitrary values (I did it for testing), and a future change in the
higher layer code could also result in unmatched lengths.

If prevsecretlen is > mdlen this will cause incorrect salt expansion, if
prevsecretlen < mdlen this could cause a crash or reading random
information. Inboth case the generated output would be incorrect.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25579)
2024-10-02 12:05:39 +02:00
Pauli
c477fa5a22 ci: add 3.4 to prov-compat-label tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25583)
2024-10-02 08:11:05 +02:00
Pauli
3cc299258c ci: add 3.4 to the provider compatibility test
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25583)
2024-10-02 08:11:05 +02:00
Pauli
12d14de641 test: add FIPS version check for EC cofactor derive tests
These were added in #25548 but didn't include a FIPS version check which
causes failures testing older FIPS providers against later versions.

Also change some skips to use TEST_skip.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25582)
2024-10-01 09:28:27 +10:00
slontis
2f362e99a1 Fix bugs in ECDH cofactor FIPS indicator.
The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FIPS indicator error being triggered.

Added a test for all possible combinations of a EVP_PKEY setting
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH and the derive context setting
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE.

This only affects the B & K curves (which have a cofactor that is not 1).

Bug reported by @abkarcher

Testing this properly, also detected a memory leak of privk when the
FIPS indicator error was triggered (in the case where mode = 0 and
use_cofactor was 1).

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25548)
2024-09-30 20:07:09 +02:00
Dimitri John Ledkov
fc68cf21b5 kdfs: implement key length check in X9.42
Similar to other KDFs, the input key should be 112 bits long.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25529)
2024-09-30 20:03:49 +02:00