Commit Graph

35927 Commits

Author SHA1 Message Date
Zhiqing Xie
d20cf21b20 Fix compile err when building VC-CLANG-WIN64-CLANGASM-ARM target
The error happens with MSVC v143,C++ Clang Compiler for Windows(16.0.5)

Error is "brackets expression not supported on this target" in libcrypto-shlib-bsaes-armv8.obj.asm

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25293)
2024-08-29 15:38:57 +02:00
Jamie Cui
25bd0c77bf Fix decoder error on SM2 private key
Added sm2 testcases to endecode_test.c.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25266)
2024-08-29 15:28:27 +02:00
slontis
14c45338e9 EVP_MD_size() updates
For SHAKE algorithms we now return 0 from EVP_MD_size().
So all the places that check for < 0 needed to change to <= 0
(Otherwise the behaviour will be to digest nothing in most cases).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
2024-08-29 10:29:53 +02:00
slontis
976dd3581a Update code to use EVP_MD_xof()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
2024-08-29 10:29:53 +02:00
slontis
c48e56874c XOF / EVP_MD_size() changes.
Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and
does a ctx get rather than just returning EVP_MD_size().
SHAKE did not have a get_ctx_params() so that had to be added to return the xoflen.

Added a helper function EVP_MD_xof()
EVP_MD_CTX_size() was just an aliased macro for EVP_MD_size(), so to
keep it the same I added an extra function.

EVP_MD_size() always returns 0 for SHAKE now, since it caches the value
of md_size at the time of an EVP_MD_fetch(). This is probably better
than returning the incorrect initial value it was before e.g (16 for
SHAKE128) and returning tht always instead of the set xoflen.

Note BLAKE2B uses "size" instead of "xoflen" to do a similar thing.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
2024-08-29 10:29:53 +02:00
sashan
6dacee485f RSA decoder should check also sanity of p, q, e, d ... with respect to n
This issue has been discovered by osss-fuzzer [1]. The test function decodes
RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which
proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long
exceeding timeout (45secs).

The idea is to fix OSSL_DECODER_from_data() code path so invalid
RSA keys will be refused.

[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134

Test case generated by the fuzzer is added.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25190)
2024-08-28 16:50:46 +02:00
slontis
f6a296c386 Cleanups for FIPS options..
The options in fipsprov.c are now generated using macros with fips_indicator_params.inc.
This should keep the naming consistent.

Some FIPS related headers have moved to providers/fips/include so that
they can use fips_indicator_params.inc.
securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes
fipscommon.h.

fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than
using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used.
fips_names.h just uses aliases now for existing public names.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25162)
2024-08-28 14:46:16 +02:00
Richard Levitte
accd835f8d fix: for exporters to work for build config, there may be two include dirs
For CMake / pkg-config configuration files to be used for an uninstalled
build, the include directory in the build directory isn't enough, if that
one is separate from the source directory.  The include directory in the
source directory must be accounted for too.

This includes some lighter refactoring of util/mkinstallvars.pl, with the
result that almost all variables in builddata.pm and installdata.pm have
become arrays, even though unnecessarily for most of them; it was simpler
that way.  The CMake / pkg-config templates are adapted accordingly.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24918)
2024-08-27 17:20:12 +02:00
Richard Levitte
a82d9e572c fix: exporters/cmake/OpenSSLConfig.cmake.in to work for build config
This template file is made to make both:

1. OpenSSLConfig.cmake (CMake config used when building a CMake package
   against an uninstalled OpenSSL build)
2. exporters/OpenSSLConfig.cmake (CMake config that's to be installed
   alongside OpenSSL, and is used when building a CMake package against
   an OpenSSL installation).

Variant 1 was unfortunately getting the internal '_ossl_prefix' variable
wrong, which is due to how the perl snippet builds the command(s) to figure
out its value.  That needed some correction.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24918)
2024-08-27 17:20:12 +02:00
Jonathan M. Wilbur
0acb32052a test: issuedOnBehalfOf X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25241)
2024-08-27 16:48:57 +02:00
Jonathan M. Wilbur
254693280d feat: add support for issuedOnBehalfOf X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25241)
2024-08-27 16:48:57 +02:00
Richard Levitte
873f269697 fix coding style
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)
2024-08-27 13:56:28 +02:00
Richard Levitte
9524ca1bf4 doc: Document EVP_{TYPE}_CTX_get_algor etc
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)
2024-08-27 13:56:28 +02:00
Richard Levitte
033dcce2ba feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor()
This should be sufficient to cover the intent with the following legacy ctrls:

- EVP_PKEY_CTRL_PKCS7_ENCRYPT (through EVP_ASYM_CIPHER implementations)
- EVP_PKEY_CTRL_PKCS7_DECRYPT (through EVP_ASYM_CIPHER implementations)
- EVP_PKEY_CTRL_PKCS7_SIGN (through EVP_SIGNATURE implementations)
- EVP_PKEY_CTRL_CMS_ENCRYPT (through EVP_ASYM_CIPHER implementations)
- EVP_PKEY_CTRL_CMS_DECRYPT (through EVP_ASYM_CIPHER implementations)
- EVP_PKEY_CTRL_CMS_SIGN (through EVP_SIGNATURE implementations)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)
2024-08-27 13:56:28 +02:00
Richard Levitte
258aaa97b8 feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor()
EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can
be used instead of EVP_CIPHER_asn1_to_param() and EVP_CIPHER_param_to_asn1().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)
2024-08-27 13:56:28 +02:00
Richard Levitte
3b1ea04650 fix: in RC2 implementation, handle both old and new AID.params keys
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)
2024-08-27 13:56:28 +02:00
Richard Levitte
0941666728 Amend the design of AlgorithmIdentifier parameter passing
I realised that any application that passes AlgorithmIdentifier parameters
to and from a provider may also be interested in the full AlgorithmIdentifier
of the implementation invocation.

Likewise, any application that wants to get the full AlgorithmIdentifier
from an implementation invocation may also want to pass AlgorithmIdentifier
parameters to that same implementation invocation.

These amendments should be useful to cover all intended uses of the legacy
ctrls for PKCS7 and CMS:

- EVP_PKEY_CTRL_PKCS7_ENCRYPT
- EVP_PKEY_CTRL_PKCS7_DECRYPT
- EVP_PKEY_CTRL_PKCS7_SIGN
- EVP_PKEY_CTRL_CMS_ENCRYPT
- EVP_PKEY_CTRL_CMS_DECRYPT
- EVP_PKEY_CTRL_CMS_SIGN

It should also cover a number of other cases that were previously implemented
through EVP_PKEY_ASN1_METHOD, as well as all sorts of other cases where the
application has had to assemble a X509_ALGOR on their own.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)
2024-08-27 13:56:20 +02:00
cx
c07a34e18b Return SSL_AD_UNEXPECTED_MESSAGE alert when receiving any other change_cipher_spec value(RFC 8446)
Fixes: #25086

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25257)
2024-08-26 10:58:10 +01:00
Jonathan M. Wilbur
91432b9ea0 fix: alias auditEntity OID
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24754)
2024-08-26 10:38:44 +01:00
Jonathan M. Wilbur
dbd3d65d7c test: auditIdentity X.509v3 extension decoding and display
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24754)
2024-08-26 10:38:44 +01:00
Jonathan M. Wilbur
9216859f7b feat: support auditIdentity X.509v3 extension
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24754)
2024-08-26 10:38:44 +01:00
Jonathan M. Wilbur
bce3a8d57e fix: wrong name for OID -> auditIdentity
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24754)
2024-08-26 10:25:23 +01:00
slontis
8e7f39e883 Cleanups for FIPS indicator documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25195)
2024-08-26 08:28:44 +10:00
slontis
5139b51cea Add FIPS indicator documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25195)
2024-08-26 08:28:44 +10:00
slontis
c37e21763b Add FIPS indicators to X25519 and X448.
X25519 and X448 are unapproved in FIPS 140-3
So always trigger the indicator callback if these Keys are used,
and add "fips-indicator" getters that return 0.

This has been added to keygen and key exchange.
(KEM will also require it if ever becomes a FIPS algorithm).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25246)
2024-08-25 10:50:05 +10:00
slontis
32b43b9160 Update new FIPS indicator evp_tests to use FIPSversion + Availablein options.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25267)
2024-08-23 21:26:03 +02:00
slontis
f2a5c80ca4 Revert evp_test change that made "FIPSversion" skip the default provider.
Fixes #25199
This should be done using "Availablein" if required.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25267)
2024-08-23 21:25:41 +02:00
slontis
bb1aab38a6 FIPS: Add EDDSA public key validation.
EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to
determine if the public key is a valid point on the curve.

The FIPS ACVP tests require public key validation tests.
See https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/EDDSA-KeyVer-1.0/internalProjection.json

Note that this is NOT required to be called before EDDSA signature verification
since it is done internally.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25265)
2024-08-23 21:23:53 +02:00
slontis
f7fd43402c Update FIPS 140-3 self tests
Cleanup + remove a few tests that are not required.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25222)
2024-08-23 11:07:36 +02:00
slontis
06179b4be0 FIPS: Change fips tests to use SHA2 for corruption test.
Fixes cross testing with OpenSSL 3.4 with removed SHA1 from the self
tests.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25262)
2024-08-23 10:23:37 +02:00
Ingo Franzki
19b87d2d2b s390x: Fix memory leak in s390x_HMAC_CTX_copy()
When s390x_HMAC_CTX_copy() is called, but the destination context already
has a buffer allocated, it is not freed before duplicating the buffer from
the source context.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25238)
2024-08-23 09:11:01 +02:00
Pauli
fe1ce91f7f acvptest: add positive and negative tests for verify message param
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25211)
2024-08-23 07:17:03 +10:00
Pauli
f5c8000c0a rsa: add verify_message param support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25211)
2024-08-23 07:17:03 +10:00
Pauli
b80e2ddb66 ecdsa: add verify_message param support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25211)
2024-08-23 07:17:03 +10:00
Pauli
38f1e18e93 param: add OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE parameter name
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25211)
2024-08-23 07:17:02 +10:00
Pauli
a9fc8702e0 doc: document the OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE parameter
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25211)
2024-08-23 07:17:02 +10:00
Tomas Mraz
3c1713aeed fuzz/hashtable.c: rc == -1 on insert is OK when fuzzing
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25273)
2024-08-22 14:52:43 +02:00
Tomas Mraz
8951ee06b4 ossl_ht_insert(): Allow for 4 iterations of grow_hashtable()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25273)
2024-08-22 14:52:43 +02:00
Joachim Vandersmissen
6c39d21a48 Replace PKCS#1 v1.5 padding in RSA PCT
After December 31, 2023, SP 800-131Ar2 [0] no longer allows PKCS#1 v1.5
padding for RSA "key-transport" (aka encryption and decryption).
There's a few good options to replace this usage in the RSA PCT, but
the simplest is verifying m = (m^e)^d mod n, (where 1 < m < (n − 1)).
This is specified in SP 800-56Br2 (Section 6.4.1.1) [1] and allowed by
FIPS 140-3 IG 10.3.A. In OpenSSL, this corresponds to RSA_NO_PADDING.

[0]: https://doi.org/10.6028/NIST.SP.800-131Ar2
[1]: https://doi.org/10.6028/NIST.SP.800-56Br2

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23832)
2024-08-22 07:24:29 +10:00
Joachim Vandersmissen
9341e6683c Replace PKCS#1 v1.5 encryption in RSA PCT
After December 31, 2023, SP 800-131Ar2 [0] no longer allows PKCS#1 v1.5
padding for RSA "key-transport" (aka encryption and decryption).
There's a few good options to replace this usage in the RSA PCT, but
signature generation and verification using PKCS#1 v1.5 padding (which
remains approved) is the simplest.

[0]: https://doi.org/10.6028/NIST.SP.800-131Ar2

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23832)
2024-08-22 07:24:08 +10:00
Bernd Edlinger
e91384d5b0 Fix error handling in OBJ_add_object
This fixes the possible memory leak in OBJ_add_object
when a pre-existing object is replaced by a new one,
with identical NID, OID, and/or short/long name.
We do not try to delete any orphans, but only mark
them as type == -1, because the previously returned
pointers from OBJ_nid2obj/OBJ_nid2sn/OBJ_nid2ln
may be cached by applications and can thus not
be cleaned up before the application terminates.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22534)
2024-08-21 15:53:37 +02:00
Beat Bolli
223e0020e4 x_attrib: fix a memory leak
The X509_NAME object needs to be free'd even if printing it fails.

Introduced in be5adfd6e3 ("Support subjectDirectoryAttributes and
associatedInformation exts", 2024-06-18), but subsequently moved in
7bcfb41489 ("ossl_print_attribute_value(): use a sequence value only if
type is a sequence", 2024-08-05).

Signed-off-by: Beat Bolli <dev@drbeat.li>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25207)
2024-08-21 15:51:29 +02:00
Neil Horman
1fb39522a2 Add Changes entry for debuginfo generation
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25174)
2024-08-21 15:50:30 +02:00
Neil Horman
0fdbcf4c3c Add a test for debuginfo generation
Add a check to ensure debug info generation works.

We piggyback on a test that already builds DWARF symbols (--debug)
The test
1) makes the debuginfo files
2) runs gdb, loading the libcrypto.so.3 file
3) Check to make sure that the output of gdb indicates that it loads the
   .debug file base on the reference in the loaded file

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25174)
2024-08-21 15:50:17 +02:00
Neil Horman
a5d56626b9 Add debuginfo build target
In the webinar we are currently producing on debugging openssl
applications, we talk about ways to allow debugable binaries without
having to ship all the debug DWARF information to production systems.

Add an optional target to do that DWARF separation to aid users

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25174)
2024-08-21 15:50:17 +02:00
Jiasheng Jiang
55662b6745 test/provider_test.c: Add OSSL_PROVIDER_unload() to avoid memory leak
Add OSSL_PROVIDER_unload() when OSSL_PROVIDER_add_builtin() fails to avoid memory leak.

Fixes: 5442611dff ("Add a test for OSSL_LIB_CTX_new_child()")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25109)
2024-08-21 15:38:58 +02:00
Jiasheng Jiang
6e8a1031ed test/provider_fallback_test.c: Add OSSL_PROVIDER_unload() to avoid memory leak
Add OSSL_PROVIDER_unload() when test_provider() fails to avoid memory leak.

Fixes: f995e5bdcd ("TEST: Add provider_fallback_test, to test aspects of
fallback providers")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25108)
2024-08-21 15:37:05 +02:00
Matt Caswell
60358f2c5e Fix the alert used on a missing key_share
RFC8446 requires we send an illegal_parameter alert if we don't get a
key_share back from the server and our kex_modes require one. We were
instead reporting this as missing_extension.

Fixes #25040

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25059)
2024-08-21 15:35:51 +02:00
slontis
95994ded95 Add additional test cases for Single Step KDF.
SSKDF KMAC tests added.
Added FIPS indicator tests for SSKDF Hash, HMAC, and KMAC cases.
Added short salt length tests for SSKDF HMAC and KMAC.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
2024-08-21 15:34:58 +02:00
slontis
ea396c7024 Add FIPS KMAC key check
This adds a FIPS indicator for KMAC key size.
Note that 112 bits keys are still smaller than the
sizes required to reach 128 bits for KMAC128 and
256 bits for KMAC256

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
2024-08-21 15:34:58 +02:00