]> git.ipfire.org Git - thirdparty/openssl.git/log
thirdparty/openssl.git
12 months agoAdd FIPS indicator to CMAC.
slontis [Mon, 29 Jul 2024 07:47:46 +0000 (17:47 +1000)] 
Add FIPS indicator to CMAC.

There is a issue currently related to CMAC TDES, when the new provider
is tested against older branches.

The new strict check caused backwards compatibility issues when
using old branch with the new FIPS provider.

To get around this CMAC now allows TDES by default, but it can be either
enabled via config or a settable. (i.e it uses an indicator)

Where the TDES cipher check can be done turned out to be problematic.
Shifting the check in the TDES cipherout of the init doesnt work because
ciphers can run thru either final or cipher (and checking on every
cipher call seemed bad). This means it needs to stay in the cipher init.
So the check needs to be done in CMAC BEFORE the underlying TDES cipher
does it check.
When using an indicator the TDES cipher needs its "encrypt-check" set
so that needs to be propagated from the CMAC object. This requires
the ability to set the param at the time the cipher ctx is inited.
An internal function was required in order to pass params to CMAC_Init.

Note also that the check was done where it is, because EVP_Q_mac() calls
EVP_MAC_CTX_set_params(ctx, cipher_param)
EVP_MAC_CTX_set_params(ctx, params)
EVP_MAC_init(ctx, key, keylen, params)
Where the second call to set_params would set up "encrypt-check" after
"cipher".

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25022)

12 months agoAdd negative tests for SHAKE with PBKDF2 and X9.42 KDF
Pauli [Fri, 12 Jul 2024 02:30:00 +0000 (12:30 +1000)] 
Add negative tests for SHAKE with PBKDF2 and X9.42 KDF

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24862)

12 months agoDisallow SHAKE when using PBKDF2 and X9.42 KDF
Pauli [Fri, 12 Jul 2024 02:29:08 +0000 (12:29 +1000)] 
Disallow SHAKE when using PBKDF2 and X9.42 KDF

The operation is non-sensical.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24862)

12 months agoAdd RSA Signature restrictions for X9.31 padding in the FIPS provider.
slontis [Mon, 29 Jul 2024 00:16:30 +0000 (10:16 +1000)] 
Add RSA Signature restrictions for X9.31 padding in the FIPS provider.

In FIPS 140-3, RSA Signing with X9.31 padding is not approved,
but verification is allowed for legacy purposes. An indicator has been added
for RSA signing with X9.31 padding.

A strict restriction on the size of the RSA modulus has been added
i.e. It must be 1024 + 256 * s (which is part of the ANSI X9.31 spec).

Added implementation comments to the X9.31 padding code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24021)

12 months agodrbg: streamline test for allowed digests
Pauli [Fri, 26 Jul 2024 01:59:09 +0000 (11:59 +1000)] 
drbg: streamline test for allowed digests

Under FIPS, we've got a whitelist of algorithms.  There is no need to then
also check for XOF digests because they aren't possible.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25007)

12 months agofix Coverity 1604662
Neil Horman [Thu, 25 Jul 2024 16:24:04 +0000 (12:24 -0400)] 
fix Coverity 1604662

Coverity flagged an issue in our bio_enc tests in which we failed to
check the return code of BIO_read for an error condition which can lead
to our length computation going backwards.

Just check the error code before adding it to length

Fixes openssl/project#779

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25006)

12 months agoFix second error from Coverity-161057
Neil Horman [Wed, 24 Jul 2024 19:51:53 +0000 (15:51 -0400)] 
Fix second error from Coverity-161057

Coverity flagged a second error in this code

we're comparing block_padding and hs_padding for >= 0, which is always
true

With the change to the use of strtoul, inputs that are preceded with a -
(i.e. negative values), are caught already, so the check is redundant

just remove the check entirely

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24993)

12 months agoFix coverity-993406
Neil Horman [Wed, 24 Jul 2024 20:10:53 +0000 (16:10 -0400)] 
Fix coverity-993406

Coverity flagged an overflow warning in the cmsapitest.

Its pretty insignificant, but if a huge file is passed in via BIO, its
possible for the length variable returned to overflow.

Just check it as we read to silence coverity on it.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24995)

12 months agoAdd FIPS indicator support for Triple-DES encryption.
slontis [Mon, 22 Jul 2024 07:24:53 +0000 (17:24 +1000)] 
Add FIPS indicator support for Triple-DES encryption.

This leaves 3DES with the FIPS query "FIPS=yes", which allows
Triple-DES to be used for Decryption by default.

Disallow CMAC using Triple-DES in FIPS.
This does not use a FIPS indicator.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24960)

12 months agotest: fix failing KDF tests with changed behaviour
Pauli [Thu, 25 Jul 2024 00:29:39 +0000 (10:29 +1000)] 
test: fix failing KDF tests with changed behaviour

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agochanges: add no_short_mac entry
Pauli [Wed, 24 Jul 2024 01:45:51 +0000 (11:45 +1000)] 
changes: add no_short_mac entry

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agotest: add unit tests for no-short-mac
Pauli [Wed, 17 Jul 2024 03:56:21 +0000 (13:56 +1000)] 
test: add unit tests for no-short-mac

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agoprov: add no-short-mac code to KMAC
Pauli [Wed, 17 Jul 2024 03:56:08 +0000 (13:56 +1000)] 
prov: add no-short-mac code to KMAC

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agofips: wire in the no-short-mac option
Pauli [Wed, 17 Jul 2024 03:55:35 +0000 (13:55 +1000)] 
fips: wire in the no-short-mac option

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agodoc: document no-short-mac param
Pauli [Wed, 17 Jul 2024 01:09:34 +0000 (11:09 +1000)] 
doc: document no-short-mac param

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agoparamnames: add params for no-short-mac option
Pauli [Wed, 17 Jul 2024 01:09:01 +0000 (11:09 +1000)] 
paramnames: add params for no-short-mac option

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agodoc: document no_short_mac option to fipsinstall
Pauli [Wed, 17 Jul 2024 00:35:56 +0000 (10:35 +1000)] 
doc: document no_short_mac option to fipsinstall

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agofipsinstall: add no_short_mac option
Pauli [Wed, 17 Jul 2024 00:35:37 +0000 (10:35 +1000)] 
fipsinstall: add no_short_mac option

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agoevp_test: check MAC FIPS approved flag
Pauli [Wed, 17 Jul 2024 21:59:01 +0000 (07:59 +1000)] 
evp_test: check MAC FIPS approved flag

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)

12 months agoDisable DSA signing in the FIPS provider.
slontis [Thu, 4 Jul 2024 01:59:43 +0000 (11:59 +1000)] 
Disable DSA signing in the FIPS provider.

This is a FIPS 140-3 requirement.
This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0,
OR OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK is set to 0 in the dsa signing context.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24799)

12 months agoFix Coverity-1604641
Neil Horman [Tue, 23 Jul 2024 19:30:38 +0000 (15:30 -0400)] 
Fix Coverity-1604641

Coverity flagged an overflow warning here that can occur if BIO_write
returns an error.

The overflow itself is a bit of a non-issue, but if BIO_write returns
< 0, then the return from i2a_ASN1_OBJECT will be some odd value
representing whatever the offset from the error code to the number of
bytes the dump may or may not have written (or some larger negative
error code if both fail.

So lets fix it.  Only do the dump if the BIO_write call returned 0 or
greaater.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/24976)

12 months agoFix typo in mk-fipsmodule-cnf.pl
pohsingwu [Wed, 24 Jul 2024 04:54:40 +0000 (12:54 +0800)] 
Fix typo in mk-fipsmodule-cnf.pl

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24977)

12 months agodoc: the basicAttConstraints X.509v3 extension
Jonathan M. Wilbur [Wed, 10 Jul 2024 22:31:37 +0000 (22:31 +0000)] 
doc: the basicAttConstraints X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24847)

12 months agotest: the basicAttConstraints X.509v3 extension
Jonathan M. Wilbur [Wed, 10 Jul 2024 22:31:27 +0000 (22:31 +0000)] 
test: the basicAttConstraints X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24847)

12 months agofeat: support the basicAttConstraints X.509v3 extension
Jonathan M. Wilbur [Wed, 10 Jul 2024 22:31:06 +0000 (22:31 +0000)] 
feat: support the basicAttConstraints X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24847)

12 months agoFix strtoul test on alpine/musl
Neil Horman [Tue, 23 Jul 2024 15:34:29 +0000 (11:34 -0400)] 
Fix strtoul test on alpine/musl

The strtoul tests that were recently added had a compile time check for
__WORDSIZE to properly determine the string to use for an maximal
unsigned long.  Unfortunately musl libc doesn't define __WORDSIZE so we
were in a position where on that platform we fall to the 32 bit unsigned
long variant, which breaks on x86 platforms.

Fix it by doing a preprocessor comparisong on ULONG_MAX instead.

NOTE: This works because preprocessors do arithmetic evaluation on
macros for every compiler we support.  We should be wary of some more
esoteric compilers though.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24974)

12 months agoRestrict digest in set_ctx_params
pohsingwu [Wed, 17 Jul 2024 07:19:51 +0000 (15:19 +0800)] 
Restrict digest in set_ctx_params

In this commit, we also return different error if the digest is XOF.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)

12 months agoAdd FIPS indicator tests for KDFs
pohsingwu [Fri, 12 Jul 2024 14:53:33 +0000 (22:53 +0800)] 
Add FIPS indicator tests for KDFs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)

12 months agoRestrict digest algorithm used in KDFs
pohsingwu [Sun, 2 Jun 2024 11:32:59 +0000 (19:32 +0800)] 
Restrict digest algorithm used in KDFs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)

12 months agoEnsure cmd from fuzz buffer is always valid
Neil Horman [Tue, 9 Jul 2024 19:43:56 +0000 (15:43 -0400)] 
Ensure cmd from fuzz buffer is always valid

The quic-srtm fuzzer uses a loop in which an integer command is
extracted from the fuzzer buffer input to determine the action to take,
switching on the values between 0 and 3, and ignoring all other
commands.  Howver in the failing fuzzer test case here:
https://oss-fuzz.com/testcase-detail/5618331942977536

The buffer provided shows a large number of 0 values (indicating an SRTM
add command), and almost no 1, 2, or 3 values.  As such, the fuzzer only
truly exercises the srtm add path, which has the side effect of growing
the SRTM hash table unboundedly, leading to a timeout when 10 entries
need to be iterated over when the hashtable doall command is executed.

Fix this by ensuring that the command is always valid, and reasonably
distributed among all the operations with some modulo math.

Introducing this change bounds the hash table size in the reproducer
test case to less than half of the initially observed size, and avoids
the timeout.

Fixes openssl/project#679

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24827)

12 months agounnecessary whitespace before a quoted newline
Dimitri Papadopoulos [Wed, 13 Sep 2023 20:36:43 +0000 (22:36 +0200)] 
unnecessary whitespace before a quoted newline

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)

12 months agoPrefer ARRAY_SIZE(...)
Dimitri Papadopoulos [Wed, 13 Sep 2023 20:31:50 +0000 (22:31 +0200)] 
Prefer ARRAY_SIZE(...)

In OpenSSL, it's actually OSSL_NELEM() in "internal/nelem.h".

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)

12 months agoopen brace '{' following struct go on the same line
Dimitri Papadopoulos [Wed, 13 Sep 2023 18:41:58 +0000 (20:41 +0200)] 
open brace '{' following struct go on the same line

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)

12 months agothat open brace { should be on the previous line
Dimitri Papadopoulos [Wed, 13 Sep 2023 18:32:54 +0000 (20:32 +0200)] 
that open brace { should be on the previous line

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)

12 months agoRemove trailing whitespace
Dimitri Papadopoulos [Wed, 13 Sep 2023 17:53:39 +0000 (19:53 +0200)] 
Remove trailing whitespace

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)

12 months agoUpdate X509V3_get_d2i.pod returned pointer needs to be freed
jasper-smit-servicenow [Thu, 18 Jul 2024 07:45:22 +0000 (09:45 +0200)] 
Update X509V3_get_d2i.pod returned pointer needs to be freed

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24927)

12 months agoi2d_name_canon(): Check overflow in len accumulation
Tomas Mraz [Thu, 18 Jul 2024 08:48:58 +0000 (10:48 +0200)] 
i2d_name_canon(): Check overflow in len accumulation

Fixes Coverity 1604638

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24930)

12 months agogitignore: add .DS_Store
Georgi Valkov [Fri, 19 Jul 2024 10:24:27 +0000 (13:24 +0300)] 
gitignore: add .DS_Store

macOS creates .DS_Store files all over the place while browsing
directories. Add it to the list of ignored files.

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24942)

12 months agofix: style nits
Richard Levitte [Thu, 11 Jul 2024 08:11:49 +0000 (10:11 +0200)] 
fix: style nits

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24854)

12 months agofix: refactor the EVP_PKEY_OP checks
Richard Levitte [Thu, 11 Jul 2024 07:03:49 +0000 (09:03 +0200)] 
fix: refactor the EVP_PKEY_OP checks

On the one hand, we have public macros that are collections of EVP_PKEY_OP
bits, like EVP_PKEY_OP_TYPE_SIG, obviously meant to be used like this:

    if ((ctx->operation & EVP_PKEY_OP_TYPE_SIG) == 0) ...

On the other hand, we also have internal test macros, like
EVP_PKEY_CTX_IS_SIGNATURE_OP(), obviously meant to be used like this:

    if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) ...

Unfortunately, these two sets of macros were completely separate, forcing
developers to keep them both sync, manually.

This refactor makes the internal macros use the corresponding public macros,
and adds the missing public macros, for consistency.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24854)

12 months agotls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length()
Tomas Mraz [Thu, 18 Jul 2024 08:21:04 +0000 (10:21 +0200)] 
tls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length()

Fixes Coverity 1598052

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24929)

12 months agoRemove check for RSA encryption allowing X9.31 padding.
slontis [Fri, 19 Jul 2024 02:11:05 +0000 (12:11 +1000)] 
Remove check for RSA encryption allowing X9.31 padding.

X9.31 is a Signature Standard, and should not apply to encryption.

rsa_ossl_public_encrypt() does not allow this padding mode.
The openssl rsautil command line tool already failed if the
-x931 option was used with -encrypt

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24938)

12 months agofips: correctly initialise FIPS indicator settables
Pauli [Thu, 18 Jul 2024 02:53:22 +0000 (12:53 +1000)] 
fips: correctly initialise FIPS indicator settables

The `memset(3)` just happened to work because 2s complement.
This is more robust.

Also reduced the size of the indicator structure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24923)

12 months agoprov-compat-label.yml: Do not test fips provider from master
Tomas Mraz [Thu, 18 Jul 2024 15:39:40 +0000 (17:39 +0200)] 
prov-compat-label.yml: Do not test fips provider from master

The master branch will be modified by the PR so the result will
be misleading.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24933)

12 months agoFix the provider compatibility CI
Tomas Mraz [Thu, 18 Jul 2024 15:21:51 +0000 (17:21 +0200)] 
Fix the provider compatibility CI

Added missing fips version checks in rand_test.c and evprand.txt

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24933)

12 months agoFix coverity-1604661
Neil Horman [Tue, 16 Jul 2024 15:38:33 +0000 (11:38 -0400)] 
Fix coverity-1604661

Coverity called out an error in asn1parse_main, indicating that the
for(;;) loop which repeatedly reads from a bio and updates the length
value num, may overflow said value prior to exiting the loop.

We could probably call this a false positive, but on very large PEM
file, I suppose it could happen, so just add a check to ensure that num
doesn't go from a large positive to a large negative value inside the
loop

Fixes openssl/private#571

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24910)

12 months agoFix coverity-1610057
Neil Horman [Fri, 12 Jul 2024 18:34:01 +0000 (14:34 -0400)] 
Fix coverity-1610057

Coverity caught a error in a recent change, in which atoi was used to
assign a value to two size_t variables, and then checked them for being
>= 0, which will always be true.

given that atoi returns an undefined value (usually zero) in the event
of a failure, theres no good way to check the return value of atoi for
validitiy.

Instead use OPENSSL_strtoul and confirm both that the translation
passed, and that the endptr value is at the NULL terminator (indicating
that the entire string was consumed)

Fixes openssl/private#552

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24861)

12 months agoAdd a stroul test
Neil Horman [Fri, 12 Jul 2024 15:01:02 +0000 (11:01 -0400)] 
Add a stroul test

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24861)

12 months agoAdd an OPENSSL_strtoul wrapper
Neil Horman [Fri, 12 Jul 2024 14:46:23 +0000 (10:46 -0400)] 
Add an OPENSSL_strtoul wrapper

utility function to give us sane checking on strtoul conversions

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24861)

12 months agoAllow short reads in asn1_d2i_read_bio()
Tomas Mraz [Tue, 24 Oct 2023 07:27:23 +0000 (09:27 +0200)] 
Allow short reads in asn1_d2i_read_bio()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22486)

12 months agoImprove clarity and readability of password input documentation
erbsland-dev [Sun, 14 Jul 2024 17:14:49 +0000 (19:14 +0200)] 
Improve clarity and readability of password input documentation

Fixed #7310: Enhanced existing documentation for password input methods
- Refined descriptions for password input methods: `file:`, `fd:`, and `stdin`
- Enhanced readability and consistency in the instructions
- Clarified handling of multiple lines in read files.
- Clarified that `fd:` is not supported on Windows.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24878)

12 months agoChange strnlen() to OPENSSL_strnlen() in fuzz/provider.
Randall S. Becker [Tue, 16 Jul 2024 16:40:58 +0000 (17:40 +0100)] 
Change strnlen() to OPENSSL_strnlen() in fuzz/provider.

strnlen() is not portable. It is preferable to use the wrapper.

Fixes: #24908
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24912)

12 months agofix vs2019 warning
Gerd Hoffmann [Mon, 15 Jul 2024 15:22:01 +0000 (17:22 +0200)] 
fix vs2019 warning

windows vs2019 throws warnings when compiling openssl for edk2:

ERROR - Compiler #2220 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : the following warning is treated as an error
WARNING - Compiler #4701 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local variable 'peer_rpk' used
WARNING - Compiler #4703 from [2024-07-15 13:43:34] [build-stdout] d:\a\edk2\edk2\CryptoPkg\Library\OpensslLib\openssl\ssl\statem\statem_clnt.c(1895) : potentially uninitialized local pointer variable 'peer_rpk' used

Explicitly initialize the peer_rpk variable to make the compiler happy.

Yes, it's a false positive, but you have to check the tls_process_rpk()
body in another source file to see that, which apparently is beyond the
compiler's capabilities.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24895)

12 months agoFix test_cms recipe
Tomas Mraz [Thu, 18 Jul 2024 07:42:57 +0000 (09:42 +0200)] 
Fix test_cms recipe

The number of tests was not bumped in 29bbe7d008

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24926)

12 months agofix: util/check-format-commit.sh to handle one-line diff hunks
Richard Levitte [Tue, 16 Jul 2024 03:28:30 +0000 (05:28 +0200)] 
fix: util/check-format-commit.sh to handle one-line diff hunks

For multi-line hunks, 'git diff -U0' outputs a pair of START,COUNT
indicators to show where the hunk starts and ends.  However, if the hunk is
just one line, only START is output, with the COUNT of 1 being implied.
Typically, this happens for copyright change hunks, like this:

    --- a/crypto/evp/evp_err.c
    +++ b/crypto/evp/evp_err.c
    @@ -3 +3 @@
    - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
    + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.

This is normal unified diff output, and our script must adapt.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24900)

12 months agoEVP_PKEY-DH.pod: Clarify the manpage in regards to DH and DHX types
Tomas Mraz [Tue, 9 Jul 2024 15:58:47 +0000 (17:58 +0200)] 
EVP_PKEY-DH.pod: Clarify the manpage in regards to DH and DHX types

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24819)

12 months agoDocument that DH and DHX key types cannot be used together in KEX
Tomas Mraz [Tue, 9 Jul 2024 07:17:05 +0000 (09:17 +0200)] 
Document that DH and DHX key types cannot be used together in KEX

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24819)

12 months agothreads_pthread, threads_win: improve code consistency
Georgi Valkov [Wed, 10 Jul 2024 14:29:09 +0000 (17:29 +0300)] 
threads_pthread, threads_win: improve code consistency

Improve code consistency between threads_pthread.c and threads_win.c
threads_pthread.c has good comments, let's copy them to threads_win.c
In many places uint64_t or LONG int was used, and assignments were
performed between variables with different sizes.
Unify the code to use uint32_t. In 32 bit architectures it is easier
to perform 32 bit atomic operations. The size is large enough to hold
the list of operations.
Fix result of atomic_or_uint_nv improperly casted to int *
instead of int.

Note:
In general size_t should be preferred for size and index, due to its
descriptive name, however it is more convenient to use uint32_t for
consistency between platforms and atomic calls.

READER_COUNT and ID_VAL return results that fit 32 bit. Cast them to
uint32_t to save a few CPU cycles, since they are used in 32 bit
operations anyway.

TODO:
In struct rcu_lock_st, qp_group can be moved before id_ctr
for better alignment, which would save 8 bytes.

allocate_new_qp_group has a parameter count of type int.
Signed values should be avoided as size or index.
It is better to use unsigned, e.g uint32_t, even though
internally this is assigned to a uint32_t variable.

READER_SIZE is 16 in threads_pthread.c, and 32 in threads_win.c
Using a common size for consistency should be prefered.

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24803)

12 months agothreads_win: fix build error with mingw64
Georgi Valkov [Wed, 10 Jul 2024 14:28:28 +0000 (17:28 +0300)] 
threads_win: fix build error with mingw64

This fixes a build error regression on mingw64 introduced by me in
16beec98d26644b96d57bd8da477166d0bc7d05c

In get_hold_current_qp, uint32_t variables were improperly
used to hold the value of reader_idx, which is defined as long int.
So I used CRYPTO_atomic_load_int, where a comment states
On Windows, LONG is always the same size as int

There is a size confusion, because
Win32 VC x86/x64: LONG, long, long int are 32 bit
MingW-W64: LONG, long, long int are 32 bit
cygwin64: LONG is 32 bit, long, long int are 64 bit

Fix:
- define reader_idx as uint32_t
- edit misleading comment, to clarify:
On Windows, LONG (but not long) is always the same size as int.

Fixes the following build error, reported in [1].
crypto/threads_win.c: In function 'get_hold_current_qp':
crypto/threads_win.c:184:32: error: passing argument 1 of 'CRYPTO_atomic_load_int' from incompatible pointer type [-Wincompatible-pointer-types]
  184 |         CRYPTO_atomic_load_int(&lock->reader_idx, (int *)&qp_idx,
      |                                ^~~~~~~~~~~~~~~~~
      |                                |
      |                                volatile long int *

[1] https://github.com/openssl/openssl/pull/24405#issuecomment-2211602282

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24803)

12 months ago{CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building
Dr. David von Oheimb [Wed, 4 Oct 2023 19:32:00 +0000 (21:32 +0200)] 
{CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18916)

12 months agoCMS_get1_{certs,crls}(): make sure they return NULL only on error
Dr. David von Oheimb [Wed, 4 Oct 2023 19:28:04 +0000 (21:28 +0200)] 
CMS_get1_{certs,crls}(): make sure they return NULL only on error

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18916)

12 months agoFix coverity-1604666
Neil Horman [Mon, 15 Jul 2024 18:30:16 +0000 (14:30 -0400)] 
Fix coverity-1604666

Coverity recently flaged an error in which the return value for
EVP_MD_get_size wasn't checked for negative values prior to use, which
can cause underflow later in the function.

Just add the check and error out if get_size returns an error.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24896)

12 months agoFix coverity-1604665
Neil Horman [Mon, 15 Jul 2024 19:59:14 +0000 (15:59 -0400)] 
Fix coverity-1604665

Coverity issued an error in the opt_uintmax code, detecting a potential
overflow on a cast to ossl_intmax_t

Looks like it was just a typo, casting m from uintmax_t to ossl_intmax_t

Fix it by correcting the cast to be ossl_uintmax_t, as would be expected

Theres also some conditionals that seem like they should be removed, but
I'll save that for later, as there may be some corner cases in which
ossl_uintmax_t isn't equal in size to uintmax_t..maybe.

Fixes openssl/private#567

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24897)

12 months agoUnit test for switching from KMAC to other MAC in kbkdf.
Pauli [Mon, 15 Jul 2024 04:53:54 +0000 (14:53 +1000)] 
Unit test for switching from KMAC to other MAC in kbkdf.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24883)

12 months agoFix kbkdf bug if MAC is set to KMAC and then something else
Pauli [Mon, 15 Jul 2024 03:26:50 +0000 (13:26 +1000)] 
Fix kbkdf bug if MAC is set to KMAC and then something else

A context that is set to KMAC sets the is_kmac flag and this cannot be reset.
So a user that does kbkdf using KMAC and then wants to use HMAC or CMAC will
experience a failure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24883)

12 months agoDocument the fips-indicator param for the test RNG
Pauli [Thu, 11 Jul 2024 04:36:25 +0000 (14:36 +1000)] 
Document the fips-indicator param for the test RNG

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24851)

12 months agoAdd unit tests for the TEST-RAND FIPS indicator
Pauli [Thu, 11 Jul 2024 00:54:05 +0000 (10:54 +1000)] 
Add unit tests for the TEST-RAND FIPS indicator

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24851)

12 months agoAdd FIPS indicator for TEST-RAND
Pauli [Thu, 11 Jul 2024 00:50:16 +0000 (10:50 +1000)] 
Add FIPS indicator for TEST-RAND

The indicator is always non-FIPS, since this is used for internal tasks and
hasn't been validated.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24851)

12 months agoAdd tests for long configuration lines with backslashes
erbsland-dev [Mon, 15 Jul 2024 15:07:52 +0000 (17:07 +0200)] 
Add tests for long configuration lines with backslashes

Introduce new test files to verify behavior with config lines longer than 512 characters containing backslashes. Updated test plan to include these new test scenarios.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24890)

12 months agoFix line continuation check in config parser
erbsland-dev [Mon, 15 Jul 2024 10:16:09 +0000 (12:16 +0200)] 
Fix line continuation check in config parser

Fixes #8038: Previously, line continuation logic did not account for the 'again' flag, which could cause incorrect removal of a backslash character in the middle of a line. This fix ensures that line continuation is correctly handled only when 'again' is false, thus improving the reliability of the configuration parser.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24890)

12 months agoClarify in-place encryption behavior in documentation
erbsland-dev [Mon, 15 Jul 2024 08:50:37 +0000 (10:50 +0200)] 
Clarify in-place encryption behavior in documentation

Fixes #7941: Update the `EVP_EncryptUpdate` documentation to specify that in-place encryption is guaranteed only if the context does not contain incomplete data from previous operations.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24887)

12 months agoFix cmake generator
Neil Horman [Sun, 14 Jul 2024 12:57:25 +0000 (08:57 -0400)] 
Fix cmake generator

PR #24678 modified some environment variables and locations that the
cmake exporter depended on, resulting in empty directory resolution.
Adjust build build.info and input variable names to match up again

Fixes #24874

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24877)

12 months agoOptimization of ossl_ec_key_public_check()
Tomas Mraz [Mon, 8 Jul 2024 16:01:34 +0000 (18:01 +0200)] 
Optimization of ossl_ec_key_public_check()

We can do just the quick check if cofactor == 1 as the
fact that the point is on the curve already implies
that order * point = infinity.

Fixes #21833

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24816)

12 months agoSet down_load factor on hash table when culling items in doall
Neil Horman [Fri, 12 Jul 2024 13:38:52 +0000 (09:38 -0400)] 
Set down_load factor on hash table when culling items in doall

oss-fuzz noted this issue:
https://oss-fuzz.com/testcase-detail/5363002606419968

Which reports a heap buffer overflow during ossl_method_cache_flush_some

Its occuring because we delete items from the hash table while inside
its doall iterator

The iterator in lhash.c does a reverse traversal of all buckets in the
hash table, and at some point a removal during an iteration leads to the
hash table shrinking, by calling contract.  When that happens, the
bucket index becomes no longer valid, and if the index we are on is
large, it exceeds the length of the list, leading to an out of band
reference, and the heap buffer overflow report.

Fix it by preventing contractions from happening during the iteration,
but setting the down_load factor to 0, and restoring it to its initial
value after the iteration is done

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24867)

12 months agoFix parameter types int -> integer changes
Pauli [Mon, 15 Jul 2024 01:06:45 +0000 (11:06 +1000)] 
Fix parameter types int -> integer changes

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24881)

12 months agoFix a copy & paste error in the EVP_RAND docs
Matt Caswell [Fri, 12 Jul 2024 08:16:36 +0000 (09:16 +0100)] 
Fix a copy & paste error in the EVP_RAND docs

The "max_request" string is defined via the OSSL_RAND_PARAM_MAX_REQUEST
macro.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24863)

12 months agoRearrange code examples in docs for clarity
Daniel Gustafsson [Fri, 12 Jul 2024 10:08:04 +0000 (12:08 +0200)] 
Rearrange code examples in docs for clarity

The introduction of a deprecation notice between the header include
line and the function prototypes left the inclusion in the previous
block.  Move the #include to after the deprecation notice to ensure
that the headers is included together with the corresponding MDX_y*
functions.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24864)

12 months agoFix coverity-1510058
Neil Horman [Thu, 11 Jul 2024 20:04:28 +0000 (16:04 -0400)] 
Fix coverity-1510058

coverity noted a recent change made a call to OSSL_PARAM_get_size_t
without checking the return code, as is practice in all other call
sites.

Just add the check.

Fixes openssl/private#551

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24860)

12 months agoConvert check-format-commits.sh to use allowlist
Neil Horman [Fri, 12 Jul 2024 11:25:20 +0000 (07:25 -0400)] 
Convert check-format-commits.sh to use allowlist

Initially check-format-commits.sh tried to check everything, using a
banlist to exlude files not appropriate for checking.

Its becoming clear that that approach isn't workable, given that the
number of files that we should not check far outweighs the number of
files that we should check.

Ideally we should be checking .c files, .h files and their .in
counterparts, everything else should be excluded (at least for now)

convert the script to using an allowlist, only checking the above list,
and ignoring everything else

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24865)

12 months agoFix a minor typo in the documentation of RAND_set_seed_source_type()
Matt Caswell [Thu, 11 Jul 2024 14:49:21 +0000 (15:49 +0100)] 
Fix a minor typo in the documentation of RAND_set_seed_source_type()

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24858)

12 months agofix(stylecheck): Take advantage of check-format-commit.sh's new capability
Richard Levitte [Thu, 11 Jul 2024 10:41:33 +0000 (12:41 +0200)] 
fix(stylecheck): Take advantage of check-format-commit.sh's new capability

.github/workflows/style-checks.yml now runs util/check-format-commit.sh
with the whole range of commits of the given PR.  This allows code style
fixups to be in a separate commit.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24856)

12 months agofeat: enhance util/check-format-commit.sh to be able to handle a commit range
Richard Levitte [Thu, 11 Jul 2024 10:40:29 +0000 (12:40 +0200)] 
feat: enhance util/check-format-commit.sh to be able to handle a commit range

Additionally, the 'git diff' call is modified to not show context lines, as
it's confusing to have style nits displayed on lines the author of the
commits hasn't touched.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24856)

12 months agoDocument Internal EVP_MD_CTX_ Flags
erbsland-dev [Thu, 11 Jul 2024 12:02:53 +0000 (14:02 +0200)] 
Document Internal EVP_MD_CTX_ Flags

Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and
`EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for
internal use only and must not be used in user code.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24829)

12 months agoo_fopen: fix coding style and build error with VS2010
Georgi Valkov [Thu, 11 Jul 2024 06:32:47 +0000 (09:32 +0300)] 
o_fopen: fix coding style and build error with VS2010

Follow the coding style to place variable definitions before code

Fixes a build error on Windows 2003 with VS2010 introduced in [1]
crypto\o_fopen.c(45) : error C2143: syntax error : missing ';' before 'type'
crypto\o_fopen.c(46) : error C2275: 'DWORD' : illegal use of this type as an expression
        E:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\windef.h(152) : see declaration of 'DWORD'
crypto\o_fopen.c(46) : error C2146: syntax error : missing ';' before identifier 'flags'
crypto\o_fopen.c(46) : error C2065: 'flags' : undeclared identifier

[1] https://github.com/openssl/openssl/commit/917f37195ac95252a4c90e86d7d7414c5569aed8

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24853)

12 months agox_attrib.c: Fix print_hex() function
Tomas Mraz [Mon, 1 Jul 2024 07:52:53 +0000 (09:52 +0200)] 
x_attrib.c: Fix print_hex() function

- Better handle 0 length input
- Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex()
  which fixes insufficient length of the allocate buffer.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24771)

12 months agoriscv: Fix cpuid_obj asm checks for sm4/sm3
Hongren Zheng [Fri, 24 May 2024 06:12:47 +0000 (14:12 +0800)] 
riscv: Fix cpuid_obj asm checks for sm4/sm3

Similar to #22881 / #23752

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/24486)

12 months agofix: drop DSA <=> dsaWithSHA1 aliasing
Richard Levitte [Wed, 10 Jul 2024 05:15:50 +0000 (07:15 +0200)] 
fix: drop DSA <=> dsaWithSHA1 aliasing

For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
first place.

This was first discovered with 'openssl list':

    $ openssl list -signature-algorithms
    ...
    { 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default

This isn't good at all, as it confuses the key algorithms signature
function with a signature scheme that involves SHA1, and it makes it
look like OpenSSL's providers offer a DSA-SHA1 implementation (which
they currently do not do).

Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption
and dsaEncryption-old separately from the names that involve SHA) appears
harmless as far as OpenSSL's test suite goes.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24828)

12 months agodeploy docs.openssl.org on doc changes
Dmitry Misharov [Wed, 10 Jul 2024 12:51:04 +0000 (14:51 +0200)] 
deploy docs.openssl.org on doc changes

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24839)

12 months agoignore various files in commit checker
Neil Horman [Wed, 10 Jul 2024 18:04:46 +0000 (14:04 -0400)] 
ignore various files in commit checker

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24845)

12 months agoEVP_DigestUpdate(): Check if ctx->update is set
sashan [Thu, 27 Jun 2024 14:31:41 +0000 (16:31 +0200)] 
EVP_DigestUpdate(): Check if ctx->update is set

The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.

    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1

the issue has been introduced with openssl 3.0.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)

12 months agoLimit the number of commands that can be used in the quic-lcidm fuzzer
Matt Caswell [Tue, 9 Jul 2024 15:52:12 +0000 (16:52 +0100)] 
Limit the number of commands that can be used in the quic-lcidm fuzzer

The fuzzer was reporting a spurious timeout due to excessive numbers of
commands in a single file. We limit the number of commands to avoid this.

Found by OSSFuzz

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24831)

12 months agoModify check-format to match line length coding style
Neil Horman [Wed, 10 Jul 2024 14:57:26 +0000 (10:57 -0400)] 
Modify check-format to match line length coding style

In an effort to clarify our coding style, generally line lengths SHOULD
be no longer than 80 columns but MUST be no longer than 100 columns

Modify the check-format.pl script to account for this.

Replace the -l|--sloppy-len option (which modifies the max line length
to 84 rather than 80 cols), with -l|--strict-len which reduces allowed
line length to 80 cols from the new default 100 cols).

Also fix up a typo in the docs indicating --sloppy-bodylen has a short
-l option (its actually -b)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/24841)

12 months agoDependabot update
dependabot[bot] [Wed, 10 Jul 2024 17:07:01 +0000 (17:07 +0000)] 
Dependabot update

CLA: trivial

(deps): Bump actions/setup-python

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5.1.0...v5.1.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24843)

12 months agoAdd FIPS indicators to evp_test 24848/head
slontis [Wed, 3 Jul 2024 01:12:39 +0000 (11:12 +1000)] 
Add FIPS indicators to evp_test

evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
until the run phase, which allows the context to initialize in a controlled order.
This allows params to be passed into the algorithm init function.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

12 months agoChange all existing FIPS configurable checks to use FIPS indicators.
slontis [Mon, 1 Jul 2024 01:36:58 +0000 (11:36 +1000)] 
Change all existing FIPS configurable checks to use FIPS indicators.

This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Failure of a check causes
either a failure OR the FIPS indicator callback to be triggered.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

12 months agoAdd FIPS indicator helpers
slontis [Mon, 1 Jul 2024 01:27:58 +0000 (11:27 +1000)] 
Add FIPS indicator helpers

Each provider algorithm context can use these helpers to add indicator
support.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

12 months ago Add FIPS indicator callback.
slontis [Mon, 1 Jul 2024 01:11:16 +0000 (11:11 +1000)] 
 Add FIPS indicator callback.

Add a FIPS indicator callback that can be set via
OSSL_INDICATOR_set_callback(). This callback is intended to be run
whenever a non approved algorithm check has occurred and strict checking
has been disabled.The callback may be used to
log non approved algorithms. The callback is passed a type and
description string as well as the cbarg specified in OSSL_INDICATOR_set_callback.
The return value can be either 0 or 1.
A value of 0 can be used for testing purposes to force an error to occur from the algorithm
that called the callback.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

12 months agoapps/rehash.c: Add the check for the EVP_MD_get_size()
Jiasheng Jiang [Fri, 5 Jul 2024 18:05:35 +0000 (18:05 +0000)] 
apps/rehash.c: Add the check for the EVP_MD_get_size()

Add the check for the return value of EVP_MD_get_size() to avoid invalid negative
numbers and then explicitly cast from int to size_t.

Add the check to prevent that EVP_MD_get_size() returns a value greater
than EVP_MAX_MD_SIZE.

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24802)

12 months agoextend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overrid...
Dr. David von Oheimb [Thu, 4 Jul 2024 07:42:00 +0000 (09:42 +0200)] 
extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions

Fixes #11169

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)

12 months agoadd X509v3_add_extensions()
Dr. David von Oheimb [Thu, 4 Jul 2024 07:39:25 +0000 (09:39 +0200)] 
add X509v3_add_extensions()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)