Burkov Egor [Wed, 19 Feb 2025 13:42:07 +0000 (16:42 +0300)]
fix: add OOM handler for x509 fuzz test
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26830)
Bernd Edlinger [Mon, 24 Feb 2025 06:51:16 +0000 (07:51 +0100)]
Revert wrong macos RCU fix
This reverts #23974 which seems to be no longer needed now,
due to other fixes nearby. Most likely the change did just
slightly decrease the performance of the reader threads, and
did therefore create the wrong impression that it fixed the issue.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26881)
Viktor Dukhovni [Fri, 21 Feb 2025 08:47:36 +0000 (19:47 +1100)]
More seed and private key checks for ML-DSA
- Check seed/key consistency when generating from a seed and the private
key is also given.
- Improve error reporting when the private key does not match an
explicit public key.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26865)
Neil Horman [Thu, 20 Feb 2025 14:15:26 +0000 (09:15 -0500)]
separate intval into separate variable in OSSL_PARAMS
construction of int params holds a pointer to an int rather than an int
value, so we need to use separate variables when constructing separate
int params.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26851)
Fails because the fuzzer occasionaly provides inputs which drives the
fuzzer to create an octet-string for the context_string param which
violates the 255 byte constraint documented on that parameter.
Fix it by detecting that condition, expecting failure in the call to
EVP_sign_message_init, and bailing out when it occurs.
Fixes openssl/project#1109
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26851)
Bernd Edlinger [Wed, 19 Feb 2025 17:55:42 +0000 (18:55 +0100)]
Re-enable RCU torture test on MACOSX
This test was disabled due to "Stochastic failures in
the RCU test on MACOSX" by #23967, which sounds like an
issue that is probably fixed now.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26834)
Pauli [Fri, 21 Feb 2025 01:22:15 +0000 (12:22 +1100)]
doc: fixup FIPS self test names
Missing names and categories in the documentation
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26859)
Pauli [Fri, 21 Feb 2025 01:21:48 +0000 (12:21 +1100)]
fipsinstall: update tests to use corrent key gen test name
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26859)
Pauli [Fri, 21 Feb 2025 01:21:26 +0000 (12:21 +1100)]
fips: update FIPS self test defines
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26859)
Pauli [Fri, 21 Feb 2025 00:37:43 +0000 (11:37 +1100)]
fips: refactor to unify the ST_KAT_PARAM -> OSSL_PARAM code
This code was duplicated multiple times throughout the self tests.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26859)
Pauli [Fri, 21 Feb 2025 00:36:56 +0000 (11:36 +1100)]
fips: refactor ML-KEM tests so that key generation is separate
Encapsulation and decapsulation remain as their own CAST.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26859)
Pauli [Fri, 21 Feb 2025 00:36:48 +0000 (11:36 +1100)]
fips: add key generation name for ML-KEM CASTs
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26859)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26832)
Michael Baentsch [Thu, 20 Feb 2025 10:35:09 +0000 (11:35 +0100)]
Update oqsprovider git submodule and start testing with it again
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26848)
Clemens Lang [Thu, 20 Feb 2025 14:04:51 +0000 (15:04 +0100)]
Provide aliases to ML-DSA without dashes
oqsprovider did not use dashes in the algorithm names for ML-DSA. Make
the transition smoother by also accepting the names without dashes as
aliases.
See also #26326 for the same thing for ML-KEM.
Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26853)
Tomas Mraz [Wed, 19 Feb 2025 14:03:35 +0000 (15:03 +0100)]
cross-compiles.yml: Disable FIPS for cross compiles
When running tests things are too slow due to SLH-DSA POST.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26820)
Tomas Mraz [Wed, 19 Feb 2025 13:57:12 +0000 (14:57 +0100)]
run-checker-daily.yml: Add memory sanitizer run with SLH-DSA enabled
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26820)
Tomas Mraz [Wed, 19 Feb 2025 13:56:19 +0000 (14:56 +0100)]
make-test: No verbose tar output
This just clutters the logs otherwise.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26820)
Tomas Mraz [Wed, 19 Feb 2025 13:49:43 +0000 (14:49 +0100)]
run-checker-daily.yml: Adjust the list of jobs
Some of the disablables are already disabled by default.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26820)
Tomas Mraz [Tue, 18 Feb 2025 17:13:22 +0000 (18:13 +0100)]
Disable SLH-DSA in memory sanitizer
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26820)
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26843)
Pauli [Wed, 19 Feb 2025 23:34:36 +0000 (10:34 +1100)]
fips: change SLH-DSA key generation to use a fast algorithm flavour
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26837)
Pauli [Wed, 19 Feb 2025 23:48:55 +0000 (10:48 +1100)]
slh-dsa: avoid pairwise test when doing key generation CAST
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)
Pauli [Wed, 19 Feb 2025 23:48:37 +0000 (10:48 +1100)]
ml-kem: avoid pairwise test when doing key generation CAST
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)
Pauli [Wed, 19 Feb 2025 23:48:25 +0000 (10:48 +1100)]
ml-dsa: avoid pairwise test when doing key generation CAST
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)
Pauli [Wed, 19 Feb 2025 23:41:56 +0000 (10:41 +1100)]
fips: add function to detect if the self tests are running
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26838)
Shakti Shah [Wed, 19 Feb 2025 16:08:36 +0000 (21:38 +0530)]
Make org.openssl.winstore: work in openssl-ts
Fixes #26739
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26833)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26831)
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26825)
Pauli [Wed, 19 Feb 2025 03:51:18 +0000 (14:51 +1100)]
slh-dsa: use fast flavours for FIPS Power Up Self Test
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26821)
Pauli [Fri, 14 Feb 2025 01:55:21 +0000 (12:55 +1100)]
slh-dsa: add signature generation tests
This marks the first use of the extended test feature in evp_test.
The reason behind this is the amount of time the full SLH-DSA tests consume.
The non-extended tests chosen so that they exercise all of the algorithms
at least once and all the varying combinations of features for the fast
algorithms.
On my build machine the full test suite takes: 290 seconds.
With the reduction to a dozen tests it takes: 10.5 seconds.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26750)
Viktor Dukhovni [Tue, 18 Feb 2025 07:42:41 +0000 (18:42 +1100)]
More consistent ML-KEM key checks
- Cross-check seed `z` value on import as well as load.
- In import/load When re-generating from a seed, check hash of any
explicit private key when both provided.
- Avoid leak of expanded key encoding when load fails.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26812)
Viktor Dukhovni [Tue, 18 Feb 2025 09:41:13 +0000 (20:41 +1100)]
Typo fix
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26813)
Viktor Dukhovni [Tue, 18 Feb 2025 14:44:17 +0000 (01:44 +1100)]
ssl3_ctrl(): Fix condition in SSL_CTRL_GET_PEER_SIGNATURE_NAME
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26819)
Neil Horman [Tue, 18 Feb 2025 14:01:40 +0000 (09:01 -0500)]
Relax checking of supported-groups/keyshare ordering
quic interop testing showed that interop with the mvfst client was
failing, due to detecting mis ordering of supported groups and keyshare
extensions
This is strictly a mvfst problem to fix, but RFC 8446 indicates that we
MAY check the ordering but don't strictly have to.
We've opened an issue with the client to fix this, but in the interests
of client compatibility relax the ordering check so that, instead of
issuing a fatal alert, we just log a trace message indicating the
discrepancy
Fixes openssl/project#1106
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26818)
Pauli [Tue, 18 Feb 2025 01:45:58 +0000 (12:45 +1100)]
ssl_test: correctly handle ML-DSA being disabled
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26806)
Pauli [Mon, 17 Feb 2025 23:04:58 +0000 (10:04 +1100)]
mldsa: add run-checker workflow for no-ml-dsa option
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26806)
Pauli [Mon, 17 Feb 2025 23:08:11 +0000 (10:08 +1100)]
ml-kem: add ML-KEM to bulk disable cascade
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26807)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26793)
Neil Horman [Mon, 17 Feb 2025 15:13:32 +0000 (10:13 -0500)]
Free hashtable prior to freeing atomic worker_lock
lhash_test uses a hashtable that may not be empty at the end of the test
Given that the free function frees the elements in the list and uses the
atomic worker_lock to do so, we need to free the hash table prior to
freeing the working lock to avoid the use of unallocated memory.
Fixes #26798
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26800)
Neil Horman [Fri, 7 Feb 2025 19:37:57 +0000 (14:37 -0500)]
Initial slh-dsa fuzzer
Current preforms the following operations
1) Generates arbitrary key pairs
2) Generates key pairs with parameters (both correct and incorrect)
based on fuzzer input buffer
3) Exports and re-imports keys, confirming validity
4) Preforms Sign and Verify operations with optional parameters based on
fuzzer input buffer
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26708)
slontis [Tue, 11 Feb 2025 04:30:59 +0000 (15:30 +1100)]
SLH-DSA: Add EVP_PKEY_CTX_dup() support.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26701)
slontis [Tue, 4 Feb 2025 06:39:34 +0000 (17:39 +1100)]
SLH_DSA: Make apps.c do_X509_REQ_verify() call work correctly.
- Added sigid_algs for SLH_DSA such that OBJ_find_sigid_algs() works.
- OBJ_sn2nid() was also being called, so the SN form of SLH_DSA
algorithms needed to be added to the provider dispatch tables.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26625)
slontis [Tue, 4 Feb 2025 03:35:38 +0000 (14:35 +1100)]
SLH_DSA: Add support for generating X509 certs via the openssl
command line app.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26625)
slontis [Tue, 28 Jan 2025 03:14:53 +0000 (14:14 +1100)]
SLH-DSA cleanups
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 23 Jan 2025 03:51:42 +0000 (14:51 +1100)]
SLH-DSA More fixups
Also added slh_dsa_key_dup()
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 22 Jan 2025 23:26:51 +0000 (10:26 +1100)]
SLH-DSA: Remove legacy ASN1 method tables for SLH-DSA. Update to use
custom encoders for SLH_DSA decode_der2key.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 22 Jan 2025 21:20:58 +0000 (08:20 +1100)]
SLH-DSA cleanups
Addressed some review comments.
- Ref counting has been removed from SLH_DSA_KEY (EVP_PKEY is responsible
for the keys ref counting).
- Moved constants and prefetched objects into SLH_DSA_KEY.
- The SLH_DSA_HASH_CTX is still required since there are multiple
contexts that need to propagate to a lot of functions, but it no
longer contains the constants. Note that it also holds a pointer to
the SLH_DSA_KEY.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 21 Nov 2024 05:09:18 +0000 (16:09 +1100)]
Add SLH_DSA key validation.
The pairwise test requires that the computed PK_ROOT key matches the
keys PK_ROOT value. The public and private key tests just require the
key elements to exist.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 21 Nov 2024 01:15:24 +0000 (12:15 +1100)]
Add SLH-DSA FIPS self tests
This requires a keygen test, as well as Sign/Verify tests for at least 1
sha2 algorithm and 1 shake related algorithm.
A pairwise consistency test has also been added to the key generation.
Note that self test datat for the signature is currently stored as a
sha256 digest in order to reduce the memory footprint.
(Since the signature size for sha2/shake using 128s = ~8K, and for 128f = ~17K)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 19 Nov 2024 04:40:13 +0000 (15:40 +1100)]
Add SLH-DSA encoder/decoder support.
This required adding additional EVP_PKEY_ASN1_METHOD methods.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 12 Nov 2024 23:59:10 +0000 (10:59 +1100)]
Address style check nits for SLH-DSA
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
projects / thirdparty / openssl.git / log
