summaryrefslogtreecommitdiffstats
path: root/providers/legacyprov.c (unfollow)
Commit message (Collapse)AuthorFilesLines
8 daysAdd handling for additional input in jitter rngjsondevers1-0/+8
Fixes #25917 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25966)
8 daysfips: zeroization of ECX public keysJoachim Vandersmissen1-0/+3
Commit fa338aa7cd added zeroization of public security parameters as required by ISO 19790:2012/Cor.1:2015 7.9. However, that commit overlooked ECX keys, which are used for EdDSA and X25519/X448. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25807)
8 daysproviders: stop probing for getentropy(3) on recent FreeBSDKyle Evans1-23/+28
FreeBSD has supported both getrandom(2) and getentropy(3) since 12.0. The last version which did *not* have these went EoL in September 2021. Use getrandom(2) unconditionally and fallback to sysctl kern.arandom if we do happen to have a FreeBSD that old. This is generally a necessary step for FreeBSD's _FORTIFY_SOURCE implementation, which needs to do some symbol renaming tricks with the getentropy declaration that would otherwise add some platform-specific hacks here to accommodate. getentropy(3) uses getrandom(2) internally on FreeBSD, so we just cut out the middleman. While we're here, it doesn't seem to make sense to ever prefer the sysctl on FreeBSD or NetBSD. For both platforms, it's limited to 256 bytes in a single request while getrandom(2) will generally use the same backend but service the entire request in one shot, even for larger amounts of entropy, modulo the EINTR possibility that presents itself with larger requests. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24903)
9 daysfips-label.yml: Fix ABI change label removalTomas Mraz1-1/+1
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26080)
9 daysAvoid NULL dereference with PKCS7_OP_SET_DETACHED_SIGNATURETomas Mraz1-0/+5
We would dereference p7->d.sign pointer which can be NULL. Reported by Han Zheng. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26078)
12 daysDocument version-specific utility of EVP_PKEY_Q_keygenMichael Baentsch1-3/+4
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26040)
12 daysMinor nit fix to EVP_CipherFinal_ex() return code documentation.Frederik Wedel-Heinen1-5/+8
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25849)
12 daysFix memleak in dsa_gen()Holger Dengler1-1/+1
Free the stack return value `dsa` on each early exit. Fixes #25905 Signed-off-by: Holger Dengler <dengler@linux.ibm.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25948)
12 daysFix EVP_PKEY_print_private() so that it works with non default providers.slontis2-3/+32
At some point in time it was decided that the EC keymanagers ec_export() function would only allow the selection to be both the public + private parts. If just the private element is selected it returns an error. Many openssl commandline apps use EVP_PKEY_print_private() which passes EVP_PKEY_PRIVATE_KEY to the encoder. This selection propagates to encoder_construct_pkey(). For external providers (such as the fips provider this will call the keymanagers export() with the selection set to just the private part. So we either need to 1) change the selection in EVP_PKEY_print_private() or 2) modify the selection used in the export used in encoder_construct_pkey 3) Change the ec_export to allow this. I have chosen 2) but I am not sure if this is the correct thing to do or whether it should conditionally do this when the output_type == 'text'. Issue was reported by Ilia Okomin (Oracle). Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26004)
12 daysdie() in .tmpl file should not be silently ignored.Alexandr Nedvedicky2-2/+11
call to die() in perl templates is currently ignored. any error printed by die() commad appears in template output. In order to make sure die() terminates processing we must ensure we emite `undef` value. This is ensured by adding a `BROKEN` callback to `fill_in()` Template method. The callback must return undef to stop processing. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26064)
12 daysapps/passwd.c: Convert a redundant check to assertBartel Artem1-2/+1
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26053)
12 daysFix solaris build in CRYPTO_atomic_store apiNeil Horman1-1/+1
Misnamed variable, just correct it to dst Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26075)
13 daysUse static array (length 256) for copy of OPENSSL_MALLOC_FAILURESsftcd3-5/+18
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26039)
13 daysDeprecate all BIO_meth_get_*() functionsTomas Mraz6-53/+118
Their use by applications is inherently unsafe. Fixes #26047 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/26056)
13 daysUse sk_X509_ATTRIBUTE_deep_copy() to copy attribute stacks in pk7_doit.cNiels Dossche1-20/+2
Clean up the code by using the dedicated stack copy function. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25713)
13 daysci: add daily runcheckers to exercise the -DOPENSSL_PEDANTIC_ZEROIZATION optionPauli1-0/+2
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26068)
13 daysfips: change integrity check zeroization to use the ↵Pauli1-0/+2
OPENSSL_PEDANTIC_ZEROIZATION define Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26068)
13 dayspbkdf2: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION definePauli1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26068)
13 dayshkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION definePauli1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26068)
13 daysrsa: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION definePauli1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26068)
13 daysffc: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION definePauli1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26068)
13 daysec: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION definePauli1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26068)
13 daysA typo fix in a commentwillmafh1-1/+1
CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26069)
2024-11-27Document expected BIO operations for libsslDavid Benjamin1-0/+9
If your custom BIO does not implement BIO_CTRL_FLUSH, it won't work, but this is not document anywhere. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26060)
2024-11-27Upgrade action/{upload,download}-artifact to v4Richard Levitte4-22/+22
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25920)
2024-11-25fips-jitter: set provider into error state upon CRNG permanent failuresDimitri John Ledkov1-2/+6
With fips-jitter build time option, jitter can be inside FIPS boundary. Calls to jent_read_entropy() can return permanent failures for Repetitive Count Test (RTC), Adaptive Proportion Test (APT), LAG prediction test. Ensure the module enters error state upon permanent jitter failures. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25957)
2024-11-25Fix potential memory leak on failure of ecx_gen_init()Niels Dossche1-1/+1
When ecx_gen_set_params() returns 0, it could have duplicated the memory for the parameter OSSL_KDF_PARAM_PROPERTIES already in gctx->propq, leading to a memory leak. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26015)
2024-11-25Fix potential memory leak on failure of dsa_gen_init()Niels Dossche1-1/+1
When dsa_gen_set_params() returns 0, it could have duplicated the memory for the parameter OSSL_PKEY_PARAM_FFC_DIGEST already in gctx->mdname, leading to a memory leak. Allocated here: https://github.com/openssl/openssl/blob/47a80fd2034cd4314d3b4958539dcd3106087109/providers/implementations/keymgmt/dsa_kmgmt.c#L524 Can return 0 here: https://github.com/openssl/openssl/blob/47a80fd2034cd4314d3b4958539dcd3106087109/providers/implementations/keymgmt/dsa_kmgmt.c#L529-L536 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/26016)
2024-11-22Enable AES and SHA3 optimisations on Apple Silicon M4-based macOS systemsTom Cosgrove1-1/+2
AES gets a performance enhancement of 7-33%. Tested on an M4 Pro, but the CPU cores are the same on M4 and M4 Max. Change-Id: I634c03f1d2b50fa5f8ca97dd65975e49d970c72b Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/25940)
2024-11-22fips: remove redundant RSA encrypt/decrypt KATDimitri John Ledkov3-153/+1
FIPS 140-2 IG D.9 has become FIPS 140-3 D.G (see "Mapping FIPS 140-2 IGs to FIPS 140-3" in the FIPS 140-3 IG). The requirements w.r.t. RSA KATs have now been relaxed, meaning that existing full-message RSA signature verification (which is performed separately) is sufficient to meet KAT requirements for all RSA usecases (KEM/Encrypt/Decrypt/Sign/Verify). Dropping this KAT is very useful, because it is large/expensive on module startup, but also because it enables in the future to block RSA Encrypt/Decrypt operations with paddings other than OAEP, which are legacy or deprecated by either current or draft algorithm transition SP. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25988)
2024-11-22fips: zeroize temporary self-check out MD variableDimitri John Ledkov1-0/+1
At least this is done on module startup only. To satisfy ISO/IEC 19790:2012/Cor.1:2015(E) Section 7.5 [05.10] requirement. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25945)
2024-11-22.gitignore: Ignoring demo executablesDmitry Belyavskiy1-0/+43
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26009)
2024-11-22Remove the negative return values of EVP_KDF_* functions in documentsPeiwei Hu1-3/+1
None of the EVP_KDF_* functions will ever return a negative value. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22Fix wrong return value checks for some functionsPeiwei Hu5-5/+5
- in particular in use of X509_LOOKUP_load_file, EVP_PKEY_print_params, EVP_PKEY_keygen, X509_CRL_add1_ext_i2d, EVP_PKEY_keygen_init Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22Fix multiple wrong use of BN_check_primePeiwei Hu2-3/+7
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22Fix multiple wrong checks of EVP_PKEY_set1_encoded_public_keyPeiwei Hu3-3/+3
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22apps/lib/apps.c: fix the wrong check in check_cert_attributesPeiwei Hu1-3/+3
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22Mark OPENSSL_armcap_P .hidden in arm asmKai Pastor8-0/+8
Fixes #25601 Fixes #22414 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22181)
2024-11-21Fix SSL_write_[ex|ex2] on blocking quic streamsNeil Horman1-2/+13
When writing to a blocking quic stream, we sometimes get duplicate transmitted data. This occurs when a call to quic_write_blocking has to wait for space to become available in the ring buffer. When we do a wait, the call sets *written to the value returned in args.total_written as filled out by the calls to block_until_pred->quic_write_again. However, the value there is based on the amount we requested, which is only the remaining data that we didn't append in xso_sstream_write. So if we call quic_write_blocking with a buffer of length X, and initially append Y bytes, and write the remainig X-Y bytes via a block_until_pred call, then *written will return with the value X-Y, even though we wrote the full X bytes to the ring buffer. Fix it by recording the initial amount appended into *written, and then add the args.total_written value if we have to wait on more space Fixes openssl/project#924 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26023)
2024-11-21sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start()Tomas Mraz1-4/+8
In case of memory allocation failure this could happen. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25994)
2024-11-21add new keytype test for EVP_PKEY_Q_keygenMichael Baentsch2-1/+54
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25972)
2024-11-20pkeyutl.c: Avoid freeing pkey at multiple placesTomas Mraz1-13/+4
Also fixes a leak of pkey in error case for -verifyrecover. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25987)
2024-11-20README.md: Fix typo. Change 'the are' to 'there are'spectre1-1/+1
This pull request fixes a typo in the documentation. The phrase "the are" has been corrected to "there are". CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25977)
2024-11-20s_cb.c: Move the negotiated group outputMichael Baentsch1-6/+7
It needs to be always displayed not just with -brief. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25959)
2024-11-20Add CTX copy function for EVP_MD to optimize the performance of ↵wangcheng8-15/+116
EVP_MD_CTX_copy_ex. 1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_CTX to the new one. 2. Add implementation of OSSL_FUNC_digest_copyctx_fn function for default providers. 3. Modify EVP_MD_CTX_copy_ex: When the fetched digest is the same in in and out contexts, use the copy function to copy the members in EVP_MD_CTX if the OSSL_FUNC_digest_copyctx_fn function exists. Otherwise, use the previous method to copy. 4. Add documentation for OSSL_FUNC_digest_copyctx function in doc/man7/provider-digest.pod. 5. Add testcase. Fixes #25703 Signed-off-by: wangcheng <bangwangnj@163.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25726)
2024-11-20x509_vfy.c and x509_lu.c: refactor find_issuer(), ↵Dr. David von Oheimb2-137/+74
X509_STORE_CTX_get1_issuer(), etc. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18762)
2024-11-20os-zoo CI: Replace macos-12 run with macos-15Tomas Mraz1-1/+1
macos-12 runners will be removed in December. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25715)
2024-11-19Make ossl_trace_param_values an official api functionNeil Horman7-104/+222
lots of people may want to print params to a buffer. Make it part of our api Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630)
2024-11-19Add QUERY trace pointsNeil Horman4-40/+211
Adds trace messages for method store add/remove and fetch operations Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630)
2024-11-19Add a QUERY trace categoryNeil Horman2-1/+3
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630)