slontis [Thu, 22 Aug 2024 01:50:17 +0000 (11:50 +1000)]
FIPS: Add EDDSA public key validation.
EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to
determine if the public key is a valid point on the curve.
The FIPS ACVP tests require public key validation tests.
See https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/EDDSA-KeyVer-1.0/internalProjection.json
Note that this is NOT required to be called before EDDSA signature verification
since it is done internally.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25265)
slontis [Wed, 21 Aug 2024 23:09:14 +0000 (09:09 +1000)]
FIPS: Change fips tests to use SHA2 for corruption test.
Fixes cross testing with OpenSSL 3.4 with removed SHA1 from the self
tests.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25262)
Ingo Franzki [Tue, 20 Aug 2024 09:35:20 +0000 (11:35 +0200)]
s390x: Fix memory leak in s390x_HMAC_CTX_copy()
When s390x_HMAC_CTX_copy() is called, but the destination context already
has a buffer allocated, it is not freed before duplicating the buffer from
the source context.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25238)
Tomas Mraz [Thu, 22 Aug 2024 12:49:05 +0000 (14:49 +0200)]
fuzz/hashtable.c: rc == -1 on insert is OK when fuzzing
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25273)
Tomas Mraz [Thu, 22 Aug 2024 12:44:02 +0000 (14:44 +0200)]
ossl_ht_insert(): Allow for 4 iterations of grow_hashtable()
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25273)
After December 31, 2023, SP 800-131Ar2 [0] no longer allows PKCS#1 v1.5
padding for RSA "key-transport" (aka encryption and decryption).
There's a few good options to replace this usage in the RSA PCT, but
the simplest is verifying m = (m^e)^d mod n, (where 1 < m < (n − 1)).
This is specified in SP 800-56Br2 (Section 6.4.1.1) [1] and allowed by
FIPS 140-3 IG 10.3.A. In OpenSSL, this corresponds to RSA_NO_PADDING.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23832)
After December 31, 2023, SP 800-131Ar2 [0] no longer allows PKCS#1 v1.5
padding for RSA "key-transport" (aka encryption and decryption).
There's a few good options to replace this usage in the RSA PCT, but
signature generation and verification using PKCS#1 v1.5 padding (which
remains approved) is the simplest.
[0]: https://doi.org/10.6028/NIST.SP.800-131Ar2
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23832)
Bernd Edlinger [Fri, 27 Oct 2023 10:05:05 +0000 (12:05 +0200)]
Fix error handling in OBJ_add_object
This fixes the possible memory leak in OBJ_add_object
when a pre-existing object is replaced by a new one,
with identical NID, OID, and/or short/long name.
We do not try to delete any orphans, but only mark
them as type == -1, because the previously returned
pointers from OBJ_nid2obj/OBJ_nid2sn/OBJ_nid2ln
may be cached by applications and can thus not
be cleaned up before the application terminates.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22534)
Beat Bolli [Thu, 15 Aug 2024 10:35:02 +0000 (12:35 +0200)]
x_attrib: fix a memory leak
The X509_NAME object needs to be free'd even if printing it fails.
Introduced in be5adfd6e3 ("Support subjectDirectoryAttributes and
associatedInformation exts", 2024-06-18), but subsequently moved in 7bcfb41489 ("ossl_print_attribute_value(): use a sequence value only if
type is a sequence", 2024-08-05).
Signed-off-by: Beat Bolli <dev@drbeat.li> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25207)
Neil Horman [Thu, 15 Aug 2024 12:29:34 +0000 (08:29 -0400)]
Add Changes entry for debuginfo generation
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25174)
Neil Horman [Wed, 14 Aug 2024 15:18:04 +0000 (11:18 -0400)]
Add a test for debuginfo generation
Add a check to ensure debug info generation works.
We piggyback on a test that already builds DWARF symbols (--debug)
The test
1) makes the debuginfo files
2) runs gdb, loading the libcrypto.so.3 file
3) Check to make sure that the output of gdb indicates that it loads the
.debug file base on the reference in the loaded file
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25174)
Neil Horman [Tue, 13 Aug 2024 19:16:08 +0000 (15:16 -0400)]
Add debuginfo build target
In the webinar we are currently producing on debugging openssl
applications, we talk about ways to allow debugable binaries without
having to ship all the debug DWARF information to production systems.
Add an optional target to do that DWARF separation to aid users
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25174)
Jiasheng Jiang [Tue, 6 Aug 2024 19:18:34 +0000 (19:18 +0000)]
test/provider_test.c: Add OSSL_PROVIDER_unload() to avoid memory leak
Add OSSL_PROVIDER_unload() when OSSL_PROVIDER_add_builtin() fails to avoid memory leak.
Fixes: 5442611dff ("Add a test for OSSL_LIB_CTX_new_child()") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25109)
Matt Caswell [Wed, 31 Jul 2024 14:25:48 +0000 (15:25 +0100)]
Fix the alert used on a missing key_share
RFC8446 requires we send an illegal_parameter alert if we don't get a
key_share back from the server and our kex_modes require one. We were
instead reporting this as missing_extension.
Fixes #25040
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25059)
slontis [Mon, 5 Aug 2024 05:25:35 +0000 (15:25 +1000)]
Add FIPS KMAC key check
This adds a FIPS indicator for KMAC key size.
Note that 112 bits keys are still smaller than the
sizes required to reach 128 bits for KMAC128 and
256 bits for KMAC256
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
HMAC has been changed to use a FIPS indicator for its key check.
HKDF and Single Step use a salt rather than a key when using HMAC,
so we need a mechanism to bypass this check in HMAC.
A seperate 'internal' query table has been added to the FIPS provider
for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore
the key check. If a KDF requires the key check then it must do the
check itself. The normal MAC dipatch table is used if the user fetches
HMAC directly.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
Tomas Mraz [Fri, 16 Aug 2024 13:54:15 +0000 (15:54 +0200)]
core_namemap.c: 2048 hashtable buckets should be sufficient
It is unlikely we would need more than 4000 names and even
with more names (up to 8192) it would still work, just
the performance fo the namemap would degrade.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24504)
Tomas Mraz [Mon, 27 May 2024 14:50:05 +0000 (16:50 +0200)]
Use the new hashtable for core_namemap
This replaces LHASH in core_namemap with the new hashtable and adds
a reverse mapping in form of stack of stacks instead of iterating
the existing hash table members.
The new hashtable is used in lockless-read mode.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24504)
Richard Levitte [Tue, 16 Jul 2024 04:52:07 +0000 (06:52 +0200)]
fix: Have util/mkerr.pl comply better with our coding style
util/mkerr.pl produced lines like these:
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
According to our coding style, they should look like this:
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
This nit was correctly picked up by util/check-format.pl
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24902)
Richard Levitte [Mon, 19 Aug 2024 06:38:56 +0000 (08:38 +0200)]
Enable RSA-SM3 in the default provider
It turns out that we didn't allow the combination RSA + SM3 anywhere.
This is perfectly reasonable in the FIPS module, but less so in the default
provider. This change enables it in the default provider, and adds a simple
evp_test stanza for the RSA-SM3 signature scheme.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23416)
Richard Levitte [Sat, 6 Jul 2024 14:26:39 +0000 (16:26 +0200)]
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites
(in the code, "sigalg" is used to refer to these composite algorithms,
which is a nod to libcrypto and libssl, where that term is commonly used
for composite algorithms)
To make this implementation possible, wrappers were added around the hash
function itself, allowing the use of existing hash implementations through
their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch
of hash implementations when the digest_sign / digest_verify functionality
is used. This wrapper allows implementing the RSA+hash composites through
simple initializer function and a custom OSSL_DISPATCH table for each.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23416)
Richard Levitte [Thu, 18 Jan 2024 14:27:34 +0000 (15:27 +0100)]
Implement functionality for direct use of composite signature algorithms
The following API groups are extended with a new init function, as well
as an update and final function, to allow the use of explicitly fetched
signature implementations for any composite signature algorithm, like
"sha1WithRSAEncryption":
To support this, providers are required to add a few new functions, not
the least one that declares what key types an signature implementation
supports.
While at this, the validity check in evp_signature_from_algorithm() is
also refactored; the SIGNATURE provider functionality is too complex for
counters. It's better, or at least more readable, to check function
combinations.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23416)
When calling ASN1_item_i2d () check both returned length and allocated pointer
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24979)
Fixes #8123: Clarify cipher and protocol version display
- Added a new line “Protocol:” to display the protocol version separately after the cipher line.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24921)
slontis [Fri, 16 Aug 2024 09:10:22 +0000 (19:10 +1000)]
Add FIPS self test updates
After reviewing the FIPS 140-3 IG self tests requirements the following
were added:
- TDES Decryption (Not sure why this was missing)
- DH changed to use ffdhe2048 instead of P,Q,G params.
- Signature code has been changed to use a msg rather than a digest as input.
(Since some digests dont provide the one shot API, the EVP_DigestSignFinal and
EVP_DigestVerifyFinal needed to be exposed to the FIPS provider). The
code is now shared between ED and the other key types.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25217)
Ingo Franzki [Fri, 2 Feb 2024 13:55:32 +0000 (14:55 +0100)]
test/hmactest: Add further tests for HMAC with multiple update calls
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25161)
Ingo Franzki [Thu, 1 Feb 2024 14:15:27 +0000 (15:15 +0100)]
s390x: Add hardware acceleration for HMAC
The CPACF instruction KMAC provides support for accelerating the HMAC
algorithm on newer machines for HMAC with SHA-224, SHA-256, SHA-384, and
SHA-512.
Preliminary measurements showed performance improvements of up to a factor
of 2, dependent on the message size, whether chunking is used and the size
of the chunks.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25161)
Ingo Franzki [Wed, 31 Jan 2024 15:26:52 +0000 (16:26 +0100)]
s390x: Add defines for new CPACF functions
Add defines for new CPACF functions codes, its required MSA levels, and
document how to disable these functions via the OPENSSL_s390xcap environment
variable.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25161)
If fdopen() call fails we need to close the fd. Also
return early as this is most likely some fatal error.
Fixes #25064
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25081)
Tomas Mraz [Fri, 16 Aug 2024 09:54:00 +0000 (11:54 +0200)]
speed.c: Return success with -testmode -async_jobs if not ASYNC_is_capable()
Fixes #25203
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25204)
Pauli [Sun, 18 Aug 2024 22:31:15 +0000 (08:31 +1000)]
test: add a default greeting to avoid printing a null pointer.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/25221)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25219)
We can't check policy if we got an empty stack of certs
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25186)
Bernd Edlinger [Tue, 12 Mar 2024 19:04:56 +0000 (20:04 +0100)]
Fix unpredictible refcount handling of d2i functions
The passed in reference of a ref-counted object
is free'd by d2i functions in the error handling.
However if it is not the last reference, the
in/out reference variable is not set to null here.
This makes it impossible for the caller to handle
the error correctly, because there are numerous
cases where the passed in reference is free'd
and set to null, while in other cases, where the
passed in reference is not free'd, the reference
is left untouched.
Therefore the passed in reference must be set
to NULL even when it was not the last reference.
Fixes #23713
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22809)
Bernd Edlinger [Fri, 24 Nov 2023 06:02:35 +0000 (07:02 +0100)]
Extend test case for reused PEM_ASN1_read_bio
This is related to #22780, simply add test cases
for the different failure modes of PEM_ASN1_read_bio.
Depending on whether the PEM or the DER format is valid or not,
the passed in CRL may be deleted ot not, therefore a statement
like this:
The EVP_PKEY_CTX is now created in keygen_test_run().
keygen_test_parse() inserts all values into KEYGEN_TEST_DATA.
The 'Ctrl' parameters have been changed to just be settables,
rather than using legacy controls.
Added EC keygen tests
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25008)
Matt Caswell [Mon, 12 Aug 2024 15:41:56 +0000 (16:41 +0100)]
Ensure the msg_callback is called on CCS receipt in TLSv1.3
CCS records are ignore in TLSv1.3. But we should still call the msg_callback
anyway.
Fixes #25166
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25169)
Andreas Treichel [Sat, 18 May 2024 06:27:46 +0000 (08:27 +0200)]
apps/cms.c, apps/smime.c: Fix -crlfeol help messages
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24434)
David Benjamin [Fri, 8 Mar 2024 04:38:58 +0000 (23:38 -0500)]
Fix SSL_CTX_set1_groups documentation on preference orders
The documentation currently describes SSL_CTX_set1_groups as a
preference order, but this does not match the typical interpretation of
"preference order" in OpenSSL and TLS. Typically, an application can
order more secure options ahead of less secure ones and pick up TLS's
usual downgrade protection guarantees.
TLS 1.3 servers need to balance an additional consideration: some
options will perform worse than others due to key share prediction. The
prototypical selection procedure is to first select the set of more
secure options, then select the most performant among those.
OpenSSL follows this procedure, but it *unconditionally* treats all
configured curves as equivalent security. Per discussion on GitHub,
OpenSSL's position is that this is an intended behavior.
While not supported by built-in providers, OpenSSL now documents that
external providers can extend the group list and CHANGES.md explicitly
cites post-quantum as a use case. With post-quantum providers, it's
unlikely that application developers actually wanted options to be
equivalent security. To avoid security vulnerabilities arising from
mismatched expectations, update the documentation to clarify the server
behavior.
Per the OTC decision in
https://github.com/openssl/openssl/issues/22203#issuecomment-1744465829,
this documentation fix should be backported to stable branches.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23776)
Bhaskar Metiya [Wed, 14 Aug 2024 07:27:14 +0000 (12:57 +0530)]
apps/req.c: No warning reading from stdin if redirected
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25179)
Bhaskar Metiya [Wed, 14 Aug 2024 06:04:01 +0000 (11:34 +0530)]
Return SSL_AD_DECRYPT_ERROR alert on PSK binder validation failure (RFC 8446)
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25176)
FIPS providers need to specify identifiable names and versions. Allow
to customize the fips provider name prefix, via VERSION.dat which
already allows to customize version & buildinfo. With this patch
in-place it removes the need of patching code to set customized
provider name.
E.g. echo FIPS_VENDOR=ACME >> VERSION.dat, results in
```
$ OPENSSL_CONF=fips-and-base.cnf ../util/wrap.pl ../apps/openssl list -providers --verbose
Providers:
base
name: OpenSSL Base Provider
version: 3.4.0
status: active
build info: 3.4.0-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
fips
name: ACME FIPS Provider for OpenSSL
version: 3.4.0
status: active
build info: 3.4.0-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
security-checks: integer (arbitrary size)
tls1-prf-ems-check: integer (arbitrary size)
drbg-no-trunc-md: integer (arbitrary size)
```
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24368)
Matt Caswell [Mon, 12 Aug 2024 08:32:56 +0000 (09:32 +0100)]
Don't compile in support for DSA speed testing if not needed
If there is no DSA support in the library we should not compile in support
for speed testing of DSA. We should skip it in much the same way that we
do for other algorithms.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
Matt Caswell [Mon, 12 Aug 2024 08:04:19 +0000 (09:04 +0100)]
Fix a memory leak in the speed app
Make sure we free the ecdsa_key object after we have finished using it.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
Matt Caswell [Fri, 9 Aug 2024 14:59:16 +0000 (15:59 +0100)]
Add a test recipe for testing the speed command
Previously there was no test for the speed command. We just do some simple
testing, running the command with various options to confirm that it doesn't
crash or report errors. We use the new -testmode option to ensure that this
happens quickly and doesn't really run full speed tests.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
Matt Caswell [Fri, 9 Aug 2024 13:43:01 +0000 (14:43 +0100)]
Document the new -testmode option to the speed command
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
Matt Caswell [Fri, 9 Aug 2024 12:27:11 +0000 (13:27 +0100)]
Add a test mode to the speed app
We add a testmode option to the speed app which simply runs 1 iteration of
any speed tests. If anything fails along the way the app returns an error
code.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25153)
Shih-Yi Chen [Wed, 7 Aug 2024 21:33:53 +0000 (21:33 +0000)]
Update krb5 to latest master to pick up CVE fixes
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25131)
See FIPS 140-3 IG Section 10.3.A Part 11
Indicates ECDSA requires a sign and verify test.
Note 11 states that HashEdDSA is not required to be tested if PureEdDSA is tested.
Note 12 indicates that both ED25519 and X448 need to be tested.
Since ED uses the oneshot interface, additional API's needed to be exposed to the
FIPS provider using #ifdef FIPS_MODULE.
Changed ED25518 and ED448 to use fips=true in the FIPS provider.
Updated documentation for provider lists for EDDSA.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22112)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25127)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25127)
Support of en/decapsulation in the pkeyutl command
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25127)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24821)
projects / thirdparty / openssl.git / log
