diff --git a/CHANGES.md b/CHANGES.md index 7b7222bb1a..185c5caf00 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -41,6 +41,11 @@ OpenSSL 4.0 *Igor Ustinov* + * Enabled Server verification by default in `s_server` when option + verify_return_error is enabled. + + *Ryan Hooper* + OpenSSL 3.6 ----------- @@ -291,6 +296,105 @@ OpenSSL 3.6 OpenSSL 3.5 ----------- +### Changes between 3.5.3 and 3.5.4 [xx XXX xxxx] + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap + + Issue summary: An application trying to decrypt CMS messages encrypted using + password based encryption can trigger an out-of-bounds read and write. + + Impact summary: This out-of-bounds read may trigger a crash which leads to + Denial of Service for an application. The out-of-bounds write can cause + a memory corruption which can have various consequences including + a Denial of Service or Execution of attacker-supplied code. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9230]) + + *Viktor Dukhovni* + + * Fix Timing side-channel in SM2 algorithm on 64 bit ARM + + Issue summary: A timing side-channel which could potentially allow remote + recovery of the private key exists in the SM2 algorithm implementation on + 64 bit ARM platforms. + + Impact summary: A timing side-channel in SM2 signature computations on + 64 bit ARM platforms could allow recovering the private key by an attacker. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9231]) + + *Stanislav Fort and Tomáš Mráz* + + * Fix Out-of-bounds read in HTTP client no_proxy handling + + Issue summary: An application using the OpenSSL HTTP client API functions + may trigger an out-of-bounds read if the "no_proxy" environment variable is + set and the host portion of the authority component of the HTTP URL is an + IPv6 address. + + Impact summary: An out-of-bounds read can trigger a crash which leads to + Denial of Service for an application. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9232]) + + *Stanislav Fort* + +### Changes between 3.5.2 and 3.5.3 [16 Sep 2025] + + * Avoided a potential race condition introduced in 3.5.1, where + `OSSL_STORE_CTX` kept open during lookup while potentially being used + by multiple threads simultaneously, that could lead to potential crashes + when multiple concurrent TLS connections are served. + + *Matt Caswell* + + * The FIPS provider no longer performs a PCT on key import for RSA, DH, + and EC keys (that was introduced in 3.5.2), following the latest update + on that requirement in FIPS 140-3 IG 10.3.A additional comment 1. + + *Dr Paul Dale* + + * Secure memory allocation calls are no longer used for HMAC keys. + + *Dr Paul Dale* + + * `openssl req` no longer generates certificates with an empty extension list + when SKID/AKID are set to `none` during generation. + + *David Benjamin* + + * The man page date is now derived from the release date provided + in `VERSION.dat` and not the current date for the released builds. + + *Enji Cooper* + + * Hardened the provider implementation of the RSA public key "encrypt" + operation to add a missing check that the caller-indicated output buffer + size is at least as large as the byte count of the RSA modulus. The issue + was reported by Arash Ale Ebrahim from SYSPWN. + + This operation is typically invoked via `EVP_PKEY_encrypt(3)`. Callers that + in fact provide a sufficiently large buffer, but fail to correctly indicate + its size may now encounter unexpected errors. In applications that attempt + RSA public encryption into a buffer that is too small, an out-of-bounds + write is now avoided and an error is reported instead. + + *Viktor Dukhovni* + + * Added FIPS 140-3 PCT on DH key generation. + + *Nikola Pajkovsky* + + * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. + + *Richard Levitte* + ### Changes between 3.5.1 and 3.5.2 [5 Aug 2025] * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. @@ -21497,6 +21601,9 @@ ndif +[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 +[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 +[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 [CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index bc7fc36b46..7c9918bb20 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -950,7 +950,9 @@ EOF } elsif (-f $inprologue) { my $local_scripture .= <<"EOF"; $outprologue : $inprologue + IF F$SEARCH("$outprologue") .EQS. "" SET FILE/PROT=(O:RWD) $outprologue COPY $inprologue $outprologue + SET FILE/PROT=(O:RD) $outprologue EOF $includefile_cache{$outprologue} = $local_scripture; @@ -962,7 +964,9 @@ EOF } elsif (-f $inepilogue) { my $local_scripture .= <<"EOF"; $outepilogue : $inepilogue + IF F$SEARCH("$outepilogue") .EQS. "" SET FILE/PROT=(O:RWD) $outepilogue COPY $inepilogue $outepilogue + SET FILE/PROT=(O:RD) $outepilogue EOF $includefile_cache{$outepilogue} = $local_scripture; @@ -1116,7 +1120,9 @@ EOF return <<"EOF"; $args{src} : $gen0 $deps + IF F$SEARCH("\$\@") .EQS. "" SET FILE/PROT=(O:RWD) \$\@ \$(PERL)$perlmodules $dofile "-o$target{build_file}" $gen0$gen_args > \$\@ + SET FILE/PROT=(O:RD) \$\@ $decc_include_scripture EOF } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { @@ -1479,10 +1485,11 @@ EOF rel2abs($config{builddir})); return <<"EOF"; $script : $sources configdata.pm - \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile - + IF F$SEARCH("$script") .EQS. "" SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script + \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile - "-o$target{build_file}" $sources > $script - SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script - PURGE $script + SET FILE/PROT=(S:RWED,O:RE,G:RE,W:RE) $script + PURGE $script EOF } "" # Important! This becomes part of the template result. diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 6f3e540b95..7fdb0b86eb 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1683,7 +1683,9 @@ EOF return <<"EOF"; $args{src}: $gen0 $deps + if [ -r "\$@" ]; then chmod u+w \$@; fi \$(PERL)$perlmodules "$dofile" "-o$target{build_file}" $gen0$gen_args > \$@ + chmod a-w \$@ EOF } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { # @@ -2040,10 +2042,11 @@ EOF rel2abs($config{builddir})); return <<"EOF"; $script: $sources configdata.pm + if [ -r "$script" ]; then chmod u+w $script; fi \$(RM) "$script" \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\ "-o$target{build_file}" $sources > "$script" - chmod a+x $script + chmod a+x,a-w $script EOF } sub generatedir { diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index b5872124de..ef39bb4c27 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -845,7 +845,9 @@ EOF return <<"EOF"; $args{src}: "$gen0" $deps + if exist \$@ attrib -r \$@ "\$(PERL)"$perlmodules "$dofile" "-o$target{build_file}" "$gen0"$gen_args > \$@ + attrib +r \$@ EOF } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { # @@ -1054,8 +1056,10 @@ EOF rel2abs($config{builddir})); return <<"EOF"; $script: $sources configdata.pm + if exist $script attrib -r $script "\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\ "-o$target{build_file}" $sources > \$@ + attrib +r $script EOF } sub generatedir { diff --git a/NEWS.md b/NEWS.md index 1a8160ab1c..a08f2541cc 100644 --- a/NEWS.md +++ b/NEWS.md @@ -37,9 +37,7 @@ OpenSSL 3.6 This release incorporates the following potentially significant or incompatible changes: - * Added PCT for key import for SLH-DSA when in FIPS mode - - * Added FIPS 140-3 PCT on DH key generation + * Added FIPS 140-3 PCT on DH key generation. * Added NIST security categories for PKEY objects. @@ -55,7 +53,7 @@ changes: * The VxWorks platforms have been removed. - * Added an `openssl configutl` utility for processing the openssl + * Added an `openssl configutl` utility for processing the OpenSSL configuration file and dumping the equal configuration file. * Added support for FIPS 186-5 deterministic ECDSA signature @@ -66,12 +64,40 @@ changes: OpenSSL 3.5 ----------- -### Changes between 3.5.1 and 3.5.2 [5 Aug 2025] +### Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [under development] - * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. - This is mandated by FIPS 140-3 IG 10.3.A additional comment 1. +OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this +release is Moderate. - *Dr Paul Dale* +This release incorporates the following bug fixes and mitigations: + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. + ([CVE-2025-9230]) + + * Fix Timing side-channel in SM2 algorithm on 64 bit ARM. + ([CVE-2025-9231]) + + * Fix Out-of-bounds read in HTTP client no_proxy handling. + ([CVE-2025-9232]) + +### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025] + +OpenSSL 3.5.3 is a bug fix release. + +This release incorporates the following bug fixes and mitigations: + + * Added FIPS 140-3 PCT on DH key generation. + + * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. + + * Removed PCT on key import in the FIPS provider as it is not required by + the standard. + +### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025] + +OpenSSL 3.5.2 is a bug fix release. + + * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. ### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025] @@ -81,9 +107,9 @@ release is Low. This release incorporates the following bug fixes and mitigations: * Fix x509 application adds trusted use instead of rejected use. - ([CVE-2025-4575]) + ([CVE-2025-4575]) -### Major changes between OpenSSL 3.4 and OpenSSL 3.5 [8 Apr 2025] +### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025] OpenSSL 3.5.0 is a feature release adding significant new functionality to OpenSSL. @@ -316,7 +342,7 @@ This release adds the following new features: * Added X509_STORE_get1_objects to avoid issues with the existing X509_STORE_get0_objects API in multi-threaded applications. - * Support for using certificate profiles and extened delayed delivery in CMP + * Support for using certificate profiles and extended delayed delivery in CMP This release incorporates the following potentially significant or incompatible changes: @@ -1949,6 +1975,9 @@ OpenSSL 0.9.x * Support for various new platforms +[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 +[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 +[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 [CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 diff --git a/NOTES-C99.md b/NOTES-C99.md index ad3be43b61..47b153a88d 100644 --- a/NOTES-C99.md +++ b/NOTES-C99.md @@ -20,3 +20,16 @@ The list here is going to be updated by features we either The list of C-99 features we don't support in OpenSSL project follows: - do not use `//` for comments, stick to `/* ... */` + + - do not use ``. MSVC doesn't quite implement it to standard. + + - do not use variable length arrays, i.e. arrays where the size is + determined by another variable. MSVC doesn't implement it at all. + For clarity, this is an example of such an array: + + ``` C + int fun(size_t n) + { + char s[n]; /* variable size array */ + ... + ``` diff --git a/README.md b/README.md index 3a290e67d5..4c792a218f 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ Welcome to the OpenSSL Project [![Provider Compatibility](https://github.com/openssl/openssl/actions/workflows/provider-compatibility.yml/badge.svg)](https://github.com/openssl/openssl/actions/workflows/provider-compatibility.yml) [![Quic Interop](https://github.com/openssl/openssl/actions/workflows/run_quic_interop.yml/badge.svg)](https://github.com/openssl/openssl/actions/workflows/run_quic_interop.yml) [![Daily checks](https://github.com/openssl/openssl/actions/workflows/run-checker-daily.yml/badge.svg)](https://github.com/openssl/openssl/actions/workflows/run-checker-daily.yml) +[![LFX Health Score](https://insights.linuxfoundation.org/api/badge/health-score?project=openssl)](https://insights.linuxfoundation.org/project/openssl) OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the TLS (formerly SSL), DTLS and QUIC protocols. diff --git a/apps/lib/apps.c b/apps/lib/apps.c index fe9519e1ef..ffb5a07af6 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -932,7 +932,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, SET_EXPECT1(pparams, OSSL_STORE_INFO_PARAMS); SET_EXPECT1(pcert, OSSL_STORE_INFO_CERT); /* - * Up to here, the follwing holds. + * Up to here, the following holds. * If just one of the ppkey, ppubkey, pparams, and pcert function parameters * is nonzero, expect > 0 indicates which type of credential is expected. * If expect == 0, more than one of them is nonzero (multiple types expected). diff --git a/apps/s_server.c b/apps/s_server.c index 3edb53d00a..94f225f442 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1568,6 +1568,7 @@ int s_server_main(int argc, char *argv[]) goto end; break; case OPT_VERIFY_RET_ERROR: + s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; verify_args.return_error = 1; break; case OPT_VERIFY_QUIET: diff --git a/apps/speed.c b/apps/speed.c index 2eb8ee3b60..cafd4c4880 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -4317,7 +4317,7 @@ int speed_main(int argc, char **argv) } /* - * Try explicitly fetching the signature algoritm implementation to + * Try explicitly fetching the signature algorithm implementation to * use in case the algorithm does not support EVP_PKEY_sign_init */ ERR_set_mark(); @@ -4354,7 +4354,7 @@ int speed_main(int argc, char **argv) } if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) { BIO_printf(bio_err, - "Error while obtaining signature bufffer length for %s.\n", + "Error while obtaining signature buffer length for %s.\n", sig_name); goto sig_err_break; } diff --git a/apps/storeutl.c b/apps/storeutl.c index f8ebde4448..bb489d6d9b 100644 --- a/apps/storeutl.c +++ b/apps/storeutl.c @@ -328,25 +328,14 @@ int storeutl_main(int argc, char *argv[]) return ret; } -static int indent_printf(int indent, BIO *bio, const char *format, ...) +static void indent_printf(int indent, BIO *bio, const char *format, ...) { va_list args; - int ret, vret; - - ret = BIO_printf(bio, "%*s", indent, ""); - if (ret < 0) - return ret; + BIO_printf(bio, "%*s", indent, ""); va_start(args, format); - vret = BIO_vprintf(bio, format, args); + BIO_vprintf(bio, format, args); va_end(args); - - if (vret < 0) - return vret; - if (vret > INT_MAX - ret) - return INT_MAX; - - return ret + vret; } static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, diff --git a/crypto/aes/asm/aes-sha1-armv8.pl b/crypto/aes/asm/aes-sha1-armv8.pl index 710a39666b..404d52025e 100644 --- a/crypto/aes/asm/aes-sha1-armv8.pl +++ b/crypto/aes/asm/aes-sha1-armv8.pl @@ -413,7 +413,7 @@ $code.=<<___; /* get outstanding bytes of the digest */ sub x8,x5,x2 - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* * main combined loop CBC @@ -2443,7 +2443,7 @@ asm_sha1_hmac_aescbc_dec: rev32 v28.16b,v28.16b /* endian swap w2 */ rev32 v29.16b,v29.16b /* endian swap w3 */ - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* * now we can do the loop prolog, 1st sha1 block @@ -2567,7 +2567,7 @@ asm_sha1_hmac_aescbc_dec: ld1 {v29.16b},[x3],16 /* next w3 */ sha1p q24,s22,v23.4s - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* * aes_blocks_left := number after the main (sha) block is done. @@ -2812,7 +2812,7 @@ $code.=<<___; add v25.4s,v25.4s,v21.4s /* save aes res, bump aes_out_ptr */ st1 {v3.16b},[x1],16 - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* loop if more to do */ cbnz x15,.Ldec_main_loop diff --git a/crypto/aes/asm/aes-sha256-armv8.pl b/crypto/aes/asm/aes-sha256-armv8.pl index 4b872caa32..e719bf850a 100644 --- a/crypto/aes/asm/aes-sha256-armv8.pl +++ b/crypto/aes/asm/aes-sha256-armv8.pl @@ -427,7 +427,7 @@ $code.=<<___; /* get outstanding bytes of the digest */ sub x12,x5,x2 - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* @@ -2590,7 +2590,7 @@ asm_sha256_hmac_aescbc_dec: rev32 v28.16b,v28.16b /* endian swap w2 */ rev32 v29.16b,v29.16b /* endian swap w3 */ - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* * now we can do the loop prolog, 1st sha256 block @@ -2746,7 +2746,7 @@ asm_sha256_hmac_aescbc_dec: sha256h q22, q23, v7.4s sha256h2 q23, q21, v7.4s - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* @@ -3017,7 +3017,7 @@ $code.=<<___; add v25.4s,v25.4s,v23.4s /* EFGH += working copy */ /* save aes res, bump aes_out_ptr */ st1 {v3.16b},[x1],16 - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 cbnz x15,.Ldec_main_loop /* loop if more to do */ /* diff --git a/crypto/aes/asm/aesni-xts-avx512.pl b/crypto/aes/asm/aesni-xts-avx512.pl index 0dc6958983..2e20a6e6b8 100644 --- a/crypto/aes/asm/aesni-xts-avx512.pl +++ b/crypto/aes/asm/aesni-xts-avx512.pl @@ -2194,7 +2194,7 @@ ___ vpxorq %zmm6,%zmm5,%zmm5{%k2} vpxord %zmm5,%zmm7,%zmm10 - # Make next 8 tweek values by all x 2^8 + # Make next 8 tweak values by all x 2^8 vpsrldq \$0xf,%zmm9,%zmm13 vpclmulqdq \$0x0,%zmm25,%zmm13,%zmm14 vpslldq \$0x1,%zmm9,%zmm11 @@ -2234,7 +2234,7 @@ ___ jmp .L_do_n_blocks_${rndsuffix} .L_start_by8_${rndsuffix}: - # Make first 7 tweek values + # Make first 7 tweak values vbroadcasti32x4 ($TW),%zmm0 vbroadcasti32x4 shufb_15_7(%rip),%zmm8 mov \$0xaa,$tmp1 diff --git a/crypto/armcap.c b/crypto/armcap.c index b9ccae72ad..e294b1d44c 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -76,7 +76,7 @@ uint32_t OPENSSL_rdtsc(void) # endif # if defined(__FreeBSD__) || defined(__OpenBSD__) # include -# if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \ +# if (defined(__FreeBSD__) && __FreeBSD_version >= 1104000) || \ (defined(__OpenBSD__) && OpenBSD >= 202409) # include # define OSSL_IMPLEMENT_GETAUXVAL diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 41b6965a80..a5b77c4a35 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -309,53 +309,23 @@ int BIO_sock_should_retry(int i) int BIO_sock_non_fatal_error(int err) { - switch (err) { # if defined(OPENSSL_SYS_WINDOWS) -# if defined(WSAEWOULDBLOCK) - case WSAEWOULDBLOCK: + return err == WSAEWOULDBLOCK + || err == WSAENOTCONN + || err == WSAEINTR + || err == WSAEINPROGRESS + || err == WSAEALREADY; +# else /* POSIX.1-2001 */ + return err == EWOULDBLOCK + || err == EAGAIN + || err == ENOTCONN + || err == EINTR +# if ! defined (__DJGPP__) + || err == EPROTO # endif + || err == EINPROGRESS + || err == EALREADY; # endif - -# ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK - case EWOULDBLOCK: -# endif -# else - case EWOULDBLOCK: -# endif -# endif - -# if defined(ENOTCONN) - case ENOTCONN: -# endif - -# ifdef EINTR - case EINTR: -# endif - -# ifdef EAGAIN -# if EWOULDBLOCK != EAGAIN - case EAGAIN: -# endif -# endif - -# ifdef EPROTO - case EPROTO: -# endif - -# ifdef EINPROGRESS - case EINPROGRESS: -# endif - -# ifdef EALREADY - case EALREADY: -# endif - return 1; - default: - break; - } - return 0; } #endif /* #ifndef OPENSSL_NO_SOCK */ diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 106bd98dc7..ba8646f93c 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, /* Check byte failure */ goto err; } - if (inlen < (size_t)(tmp[0] - 4)) { + if (inlen < 4 + (size_t)tmp[0]) { /* Invalid length value */ goto err; } diff --git a/crypto/cpuid.c b/crypto/cpuid.c index 538a5a039f..c061377708 100644 --- a/crypto/cpuid.c +++ b/crypto/cpuid.c @@ -146,7 +146,7 @@ void OPENSSL_cpuid_setup(void) OPENSSL_ia32cap_P[index + 1] = (unsigned int)(vecx >> 32); } } - /* skip delimeter */ + /* skip delimiter */ if ((env = ossl_strchr(env, ':')) != NULL) env++; } else { /* zeroize the next two indexes */ diff --git a/crypto/ec/ecp_sm2p256.c b/crypto/ec/ecp_sm2p256.c index aabe74b6e4..7c7857807e 100644 --- a/crypto/ec/ecp_sm2p256.c +++ b/crypto/ec/ecp_sm2p256.c @@ -56,10 +56,6 @@ ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = { 0xffffffffffffffff, 0xffffffff00000000, 0xffffffffffffffff, 0xfffffffeffffffff }; -ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = { - 0x53bbf40939d54123, 0x7203df6b21c6052b, - 0xffffffffffffffff, 0xfffffffeffffffff -}; ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0}; @@ -177,13 +173,6 @@ static ossl_inline void ecp_sm2p256_mod_inverse(BN_ULONG* out, BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p); } -/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */ -static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out, - const BN_ULONG* in) { - BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord, - def_ord); -} - /* Point double: R <- P + P */ static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P) { @@ -454,52 +443,6 @@ static int ecp_sm2p256_is_affine_G(const EC_POINT *generator) } #endif -/* - * Convert Jacobian coordinate point into affine coordinate (x,y) - */ -static int ecp_sm2p256_get_affine(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) -{ - ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0}; - - if (EC_POINT_is_at_infinity(group, point)) { - ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - - if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0 - || ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0 - || ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) { - ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - return 0; - } - - ecp_sm2p256_mod_inverse(z_inv3, point_z); - ecp_sm2p256_sqr(z_inv2, z_inv3); - - if (x != NULL) { - ecp_sm2p256_mul(x_aff, point_x, z_inv2); - if (!bn_set_words(x, x_aff, P256_LIMBS)) - return 0; - } - - if (y != NULL) { - ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2); - ecp_sm2p256_mul(y_aff, point_y, z_inv3); - if (!bn_set_words(y, y_aff, P256_LIMBS)) - return 0; - } - - return 1; -} - /* r = sum(scalar[i]*point[i]) */ static int ecp_sm2p256_windowed_mul(const EC_GROUP *group, P256_POINT *r, @@ -689,44 +632,6 @@ static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r, return 1; } -static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *x, BN_CTX *ctx) -{ - int ret = 0; - ALIGN32 BN_ULONG t[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG out[P256_LIMBS] = {0}; - - if (bn_wexpand(r, P256_LIMBS) == NULL) { - ECerr(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if ((BN_num_bits(x) > 256) || BN_is_negative(x)) { - BIGNUM *tmp; - - if ((tmp = BN_CTX_get(ctx)) == NULL - || !BN_nnmod(tmp, x, group->order, ctx)) { - ECerr(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - x = tmp; - } - - if (!ecp_sm2p256_bignum_field_elem(t, x)) { - ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - - ecp_sm2p256_mod_ord_inverse(out, t); - - if (!bn_set_words(r, out, P256_LIMBS)) - goto err; - - ret = 1; -err: - return ret; -} - const EC_METHOD *EC_GFp_sm2p256_method(void) { static const EC_METHOD ret = { @@ -747,7 +652,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) ossl_ec_GFp_simple_point_copy, ossl_ec_GFp_simple_point_set_to_infinity, ossl_ec_GFp_simple_point_set_affine_coordinates, - ecp_sm2p256_get_affine, + ossl_ec_GFp_simple_point_get_affine_coordinates, 0, 0, 0, ossl_ec_GFp_simple_add, ossl_ec_GFp_simple_dbl, @@ -763,7 +668,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) ecp_sm2p256_field_mul, ecp_sm2p256_field_sqr, 0 /* field_div */, - 0 /* field_inv */, + ossl_ec_GFp_simple_field_inv, 0 /* field_encode */, 0 /* field_decode */, 0 /* field_set_to_one */, @@ -779,7 +684,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) ossl_ecdsa_simple_sign_setup, ossl_ecdsa_simple_sign_sig, ossl_ecdsa_simple_verify_sig, - ecp_sm2p256_inv_mod_ord, + 0, /* use constant‑time fallback for inverse mod order */ 0, /* blind_coordinates */ 0, /* ladder_pre */ 0, /* ladder_step */ diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 38ec94c867..0129fe4946 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -560,7 +560,7 @@ static int block_in(BIO *b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; - unsigned long tl = 0; + size_t tl = 0; unsigned char tmp[EVP_MAX_MD_SIZE]; int md_size; @@ -571,15 +571,18 @@ static int block_in(BIO *b) goto berr; assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ - tl = ctx->buf[0]; - tl <<= 8; - tl |= ctx->buf[1]; - tl <<= 8; - tl |= ctx->buf[2]; - tl <<= 8; - tl |= ctx->buf[3]; + tl = ((size_t)ctx->buf[0] << 24) + | ((size_t)ctx->buf[1] << 16) + | ((size_t)ctx->buf[2] << 8) + | ((size_t)ctx->buf[3]); - if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) + if (tl > OK_BLOCK_SIZE) + goto berr; + + if (tl > SIZE_MAX - OK_BLOCK_BLOCK - (size_t)md_size) + goto berr; + + if (ctx->buf_len < tl + OK_BLOCK_BLOCK + (size_t)md_size) return 1; if (!EVP_DigestUpdate(md, @@ -587,7 +590,7 @@ static int block_in(BIO *b) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { + if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, (size_t)md_size) == 0) { /* there might be parts from next block lurking around ! */ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; ctx->buf_len_save = ctx->buf_len; diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 76dd8e0d36..0ddc2acfc8 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -2878,7 +2878,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, * function to put it to good use, or maybe affect it. * * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented - * as return positive on Success and 0 or negative on falure. There + * as return positive on Success and 0 or negative on failure. There * maybe parameters (e.g. ecdh_cofactor), which actually return 0 * as success value. That is why we do POST_PARAMS_TO_CTRL for 0 * value as well diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 213e2162f6..f292dcadd9 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1135,15 +1135,14 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey) } else { const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - const char *supported_sig = - pkey->keymgmt->query_operation_name != NULL - ? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE) - : EVP_KEYMGMT_get0_name(pkey->keymgmt); - EVP_SIGNATURE *signature = NULL; + EVP_SIGNATURE *sig; + const char *name; - signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL); - if (signature != NULL) { - EVP_SIGNATURE_free(signature); + name = evp_keymgmt_util_query_operation_name(pkey->keymgmt, + OSSL_OP_SIGNATURE); + sig = EVP_SIGNATURE_fetch(libctx, name, NULL); + if (sig != NULL) { + EVP_SIGNATURE_free(sig); return 1; } } diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 463c595b02..15bd583d48 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -842,7 +842,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) if (*p != '\r' && *p != '\n') break; } - if (*p != '\0') /* not end of headers or not end of error reponse content */ + if (*p != '\0') /* not end of headers or not end of error response content */ goto next_line; /* Found blank line(s) indicating end of headers */ diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index fcf8a69e07..022b8c194c 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -263,6 +263,7 @@ static int use_proxy(const char *no_proxy, const char *server) /* strip leading '[' and trailing ']' from escaped IPv6 address */ sl -= 2; strncpy(host, server + 1, sl); + host[sl] = '\0'; server = host; } diff --git a/crypto/info.c b/crypto/info.c index 4d70471be2..de69a57533 100644 --- a/crypto/info.c +++ b/crypto/info.c @@ -23,6 +23,9 @@ #if defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" # define CPU_INFO_STR_LEN 128 +#elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC) +# include "crypto/ppc_arch.h" +# define CPU_INFO_STR_LEN 128 #elif defined(__s390__) || defined(__s390x__) # include "s390x_arch.h" # define CPU_INFO_STR_LEN 2048 @@ -77,6 +80,15 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings) BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), " env:%s", env); +# elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC) + const char *env; + + BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), + CPUINFO_PREFIX "OPENSSL_ppccap=0x%x", OPENSSL_ppccap_P); + if ((env = getenv("OPENSSL_ppccap")) != NULL) + BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); # elif defined(__s390__) || defined(__s390x__) const char *env; diff --git a/crypto/lms/lm_ots_params.c b/crypto/lms/lm_ots_params.c index d2a23e5b7e..09613ce9b8 100644 --- a/crypto/lms/lm_ots_params.c +++ b/crypto/lms/lm_ots_params.c @@ -56,7 +56,7 @@ uint16_t ossl_lm_ots_params_checksum(const LM_OTS_PARAMS *params, { uint16_t sum = 0; uint16_t i; - /* Largest size is 8 * 32 / 1 = 256 (which doesnt quite fit into 8 bits) */ + /* Largest size is 8 * 32 / 1 = 256 (which doesn't quite fit into 8 bits) */ uint16_t bytes = (8 * params->n / params->w); uint16_t end = (1 << params->w) - 1; diff --git a/crypto/lms/lm_ots_verify.c b/crypto/lms/lm_ots_verify.c index 5cdadfdf88..0579fdb17c 100644 --- a/crypto/lms/lm_ots_verify.c +++ b/crypto/lms/lm_ots_verify.c @@ -27,7 +27,7 @@ static int lm_ots_compute_pubkey_final(EVP_MD_CTX *ctx, EVP_MD_CTX *ctxIq, * that returns a non finalized value of H(I || q) * @param sig An LM_OTS_SIG object that contains C and y * @param pub The public key LM_OTS_PARAMS - * @param Id A 16 byte indentifier (I) associated with a LMS tree + * @param Id A 16 byte identifier (I) associated with a LMS tree * @param q The leaf index of the LMS tree. * @param msg A message to verify * @param msglen The size of |msg| diff --git a/crypto/lms/lms_verify.c b/crypto/lms/lms_verify.c index a4aa93d456..43633ce034 100644 --- a/crypto/lms/lms_verify.c +++ b/crypto/lms/lms_verify.c @@ -51,7 +51,7 @@ int lms_sig_compute_tc_from_path(const unsigned char *paths, uint32_t n, /* * Calculate the public key Tc using the path - * The root hash is the hash of its 2 childrens Hash values. + * The root hash is the hash of its 2 children's Hash values. * A child hash for each level is passed in by paths, and we have * a leaf value that can be used with the path to calculate the parent * hash. diff --git a/crypto/ml_dsa/ml_dsa_key.c b/crypto/ml_dsa/ml_dsa_key.c index e2cb399098..94f906a9fc 100644 --- a/crypto/ml_dsa/ml_dsa_key.c +++ b/crypto/ml_dsa/ml_dsa_key.c @@ -319,6 +319,7 @@ int ossl_ml_dsa_key_has(const ML_DSA_KEY *key, int selection) static int public_from_private(const ML_DSA_KEY *key, EVP_MD_CTX *md_ctx, VECTOR *t1, VECTOR *t0) { + int ret = 0; const ML_DSA_PARAMS *params = key->params; uint32_t k = (uint32_t)params->k, l = (uint32_t)params->l; POLY *polys; @@ -351,9 +352,10 @@ static int public_from_private(const ML_DSA_KEY *key, EVP_MD_CTX *md_ctx, /* Zeroize secret */ vector_zero(&s1_ntt); + ret = 1; err: OPENSSL_free(polys); - return 1; + return ret; } int ossl_ml_dsa_key_public_from_private(ML_DSA_KEY *key) diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c index f93ef92ba6..f316aaa812 100644 --- a/crypto/ml_kem/ml_kem.c +++ b/crypto/ml_kem/ml_kem.c @@ -50,7 +50,7 @@ /* * Return whether a value that can only be 0 or 1 is non-zero, in constant time * in practice! The return value is a mask that is all ones if true, and all - * zeros otherwise (twos-complement arithmentic assumed for unsigned values). + * zeros otherwise (twos-complement arithmetic assumed for unsigned values). * * Although this is used in constant-time selects, we omit a value barrier * here. Value barriers impede auto-vectorization (likely because it forces @@ -506,7 +506,7 @@ static void scalar_mult_const(scalar *s, uint16_t a) } /*- - * FIPS 203, Section 4.3, Algoritm 9: "NTT". + * FIPS 203, Section 4.3, Algorithm 9: "NTT". * In-place number theoretic transform of a given scalar. Note that ML-KEM's * kPrime 3329 does not have a 512th root of unity, so this transform leaves * off the last iteration of the usual FFT code, with the 128 relevant roots of @@ -539,7 +539,7 @@ static void scalar_ntt(scalar *s) } /*- - * FIPS 203, Section 4.3, Algoritm 10: "NTT^(-1)". + * FIPS 203, Section 4.3, Algorithm 10: "NTT^(-1)". * In-place inverse number theoretic transform of a given scalar, with pairs of * entries of s->v being interpreted as elements of GF(3329^2). Just as with * the number theoretic transform, this leaves off the first step of the normal @@ -596,7 +596,7 @@ static void scalar_sub(scalar *lhs, const scalar *rhs) * GF(3329)[X]/(X^2 - 17^(2*bitreverse(i)+1)). * * The value of 17^(2*bitreverse(i)+1) mod 3329 is stored in the precomputed - * ModRoots table. Note that our Barrett transform only allows us to multipy + * ModRoots table. Note that our Barrett transform only allows us to multiply * two reduced numbers together, so we need some intermediate reduction steps, * even if an uint64_t could hold 3 multiplied numbers. */ @@ -2080,5 +2080,5 @@ int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2) * No match if just one of the public keys is not available, otherwise both * are unavailable, and for now such keys are considered equal. */ - return (ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2)); + return (!(ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2))); } diff --git a/crypto/modes/asm/aes-gcm-avx512.pl b/crypto/modes/asm/aes-gcm-avx512.pl index 79ee59f9e0..054672bb6b 100644 --- a/crypto/modes/asm/aes-gcm-avx512.pl +++ b/crypto/modes/asm/aes-gcm-avx512.pl @@ -2592,7 +2592,7 @@ ___ $code .= <<___; vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]} vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs - vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct + vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction ___ } @@ -3222,7 +3222,7 @@ ___ $code .= <<___; vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]} vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs - vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct + vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction ___ } diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index 72526b849e..4e52d8eb87 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -202,9 +202,12 @@ int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, sizeof(ctx->d.byte))) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); + ctx->cipher_ctx = NULL; EVP_MAC_CTX_free(ctx->mac_ctx_init); + ctx->mac_ctx_init = NULL; EVP_MAC_CTX_free(mac_ctx); EVP_MAC_free(ctx->mac); + ctx->mac = NULL; return 0; } EVP_MAC_CTX_free(mac_ctx); diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 6d97f20024..469e8b5784 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -39,6 +39,7 @@ struct added_obj_st { static unsigned long added_obj_hash(const ADDED_OBJ *ca); static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb); +static int add_object(const ASN1_OBJECT *obj, int indirect); static LHASH_OF(ADDED_OBJ) *added = NULL; static CRYPTO_RWLOCK *ossl_obj_lock = NULL; @@ -155,6 +156,19 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) return ret; } +/* + * Compare two ASN1_OBJECTs, including SNAME and LNAME, but not NIDs. + */ +static int obj_equivalent(const ASN1_OBJECT *a, const ASN1_OBJECT *b) +{ + return a->length == b->length + && memcmp(a->data, b->data, (size_t)a->length) == 0 + && (a->sn == NULL) == (b->sn == NULL) + && strcmp(a->sn ? a->sn : "", b->sn ? b->sn : "") == 0 + && (a->ln == NULL) == (b->ln == NULL) + && strcmp(a->ln ? a->ln : "", b->ln ? b->ln : "") == 0; +} + static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) { ASN1_OBJECT *a, *b; @@ -722,15 +736,11 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) goto err; } - tmpoid->nid = OBJ_new_nid(1); - - if (tmpoid->nid == NID_undef) - goto err; - + tmpoid->nid = NID_undef; tmpoid->sn = (char *)sn; tmpoid->ln = (char *)ln; - ok = OBJ_add_object(tmpoid); + ok = add_object(tmpoid, 1); tmpoid->sn = NULL; tmpoid->ln = NULL; @@ -754,14 +764,35 @@ const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj) return obj->data; } -int OBJ_add_object(const ASN1_OBJECT *obj) +static int add_object(const ASN1_OBJECT *obj, int indirect) { - ASN1_OBJECT *o = NULL; + ASN1_OBJECT *o = NULL, *dup = NULL; ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop[4]; - int i; + int i, ret = NID_undef, nid = obj->nid; + + /* + * Indirect calls leave the NID unspecified, in which case we generate a + * fresh NID here. Direct calls via `OBJ_add_object()` must explicity + * specify the nid, and we then also check against the compile-time bsearch + * lists that the indirect calls have checked while holding a read lock. + */ + if (indirect) { + if (nid != NID_undef + || (nid = OBJ_new_nid(1)) < NUM_NID + || (o = OBJ_dup(obj)) == NULL) + return ret; + o->nid = nid; + } else if (nid < NUM_NID + || (obj->data != NULL + && OBJ_bsearch_obj(&obj, obj_objs, NUM_OBJ) != NULL) + || (obj->sn != NULL + && OBJ_bsearch_sn(&obj, sn_objs, NUM_SN) != NULL) + || (obj->ln != NULL + && OBJ_bsearch_ln(&obj, ln_objs, NUM_LN) != NULL) + || (o = OBJ_dup(obj)) == NULL) { + return ret; + } - if ((o = OBJ_dup(obj)) == NULL) - return NID_undef; if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL || (o->length != 0 && obj->data != NULL @@ -778,24 +809,41 @@ int OBJ_add_object(const ASN1_OBJECT *obj) } for (i = ADDED_DATA; i <= ADDED_NID; i++) { - if (ao[i] != NULL) { - ao[i]->type = i; - ao[i]->obj = o; - aop[i] = lh_ADDED_OBJ_retrieve(added, ao[i]); - if (aop[i] != NULL) - aop[i]->type = -1; - (void)lh_ADDED_OBJ_insert(added, ao[i]); - if (lh_ADDED_OBJ_error(added)) { - if (aop[i] != NULL) - aop[i]->type = i; - while (i-- > ADDED_DATA) { + if (ao[i] == NULL) + continue; + ao[i]->type = i; + ao[i]->obj = o; + if ((aop[i] = lh_ADDED_OBJ_retrieve(added, ao[i])) != NULL) + dup = aop[i]->obj; + } + + if (dup != NULL) { + /* + * We found a possible conflict. If the caller did not specify a NID, + * return NID_undef to signal the conflict. Otherwise, if the NID and + * parameters are unchanged, return the old NID, else NID_undef to + * signal the conflict. This ensures that object registrations are + * immutable. + * + * In the future, ideally also return an equivalent existing NID also + * when the caller did not specify a NID, as in OBJ_create(). + */ + if (obj->nid == dup->nid && obj_equivalent(obj, dup)) + ret = dup->nid; + goto err; + } + + for (i = ADDED_DATA; i <= ADDED_NID; i++) { + if (ao[i] == NULL) + continue; + (void)lh_ADDED_OBJ_insert(added, ao[i]); + if (lh_ADDED_OBJ_error(added)) { + while (i-- > ADDED_DATA) { + if (ao[i] != NULL) lh_ADDED_OBJ_delete(added, ao[i]); - if (aop[i] != NULL) - aop[i]->type = i; - } - ERR_raise(ERR_LIB_OBJ, ERR_R_CRYPTO_LIB); - goto err; } + ERR_raise(ERR_LIB_OBJ, ERR_R_CRYPTO_LIB); + goto err; } } o->flags &= @@ -811,7 +859,12 @@ int OBJ_add_object(const ASN1_OBJECT *obj) for (i = ADDED_DATA; i <= ADDED_NID; i++) OPENSSL_free(ao[i]); ASN1_OBJECT_free(o); - return NID_undef; + return ret; +} + +int OBJ_add_object(const ASN1_OBJECT *obj) +{ + return add_object(obj, 0); } int OBJ_obj2nid(const ASN1_OBJECT *a) diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 13ebf97315..d4d3c8206d 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -101,7 +101,7 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) #if defined(__FreeBSD__) || defined(__OpenBSD__) # include -# if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \ +# if (defined(__FreeBSD__) && __FreeBSD_version >= 1104000) || \ (defined(__OpenBSD__) && OpenBSD >= 202409) # include # define OSSL_IMPLEMENT_GETAUXVAL diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 3a67754224..23963c89bc 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -641,7 +641,7 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) } quotes = quote != '\0'; - if (*remain == 0) { + if (*remain <= (size_t)quotes) { *needed += 2 * quotes; return; } diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 74b7d3d8ac..010a2262e1 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -1038,7 +1038,7 @@ static int provider_init(OSSL_PROVIDER *prov) #ifndef FIPS_MODULE OSSL_TRACE_BEGIN(PROVIDER) { BIO_printf(trc_out, - "(provider %s) initalizing\n", prov->name); + "(provider %s) initializing\n", prov->name); } OSSL_TRACE_END(PROVIDER); #endif diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 62cbb57577..0cbcebeced 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -734,18 +734,3 @@ err: return ret; } - -#ifdef FIPS_MODULE -int ossl_rsa_key_pairwise_test(RSA *rsa) -{ - OSSL_CALLBACK *stcb; - void *stcbarg; - int res; - - OSSL_SELF_TEST_get_callback(rsa->libctx, &stcb, &stcbarg); - res = rsa_keygen_pairwise_test(rsa, stcb, stcbarg); - if (res <= 0) - ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); - return res; -} -#endif /* FIPS_MODULE */ diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 78e4bad69e..a3235fcbc3 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -129,7 +129,7 @@ static const unsigned char digestinfo_ripemd160_der[] = { # ifndef OPENSSL_NO_SM3 /* SM3 (1 2 156 10197 1 401) */ static const unsigned char digestinfo_sm3_der[] = { - ASN1_SEQUENCE, 0x0f + SM3_DIGEST_LENGTH, + ASN1_SEQUENCE, 0x10 + SM3_DIGEST_LENGTH, ASN1_SEQUENCE, 0x0c, ASN1_OID, 0x08, 1 * 40 + 2, 0x81, 0x1c, 0xcf, 0x55, 1, 0x83, 0x78, ASN1_NULL, 0x00, diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 2efc0768e0..bd85c82ede 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -257,14 +257,25 @@ int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) return 0; if ((loc >= st->num) || (loc < 0)) { - st->data[st->num] = data; + loc = st->num; + st->data[loc] = data; } else { memmove(&st->data[loc + 1], &st->data[loc], sizeof(st->data[0]) * (st->num - loc)); st->data[loc] = data; } st->num++; - st->sorted = st->num <= 1; + if (st->sorted && st->num > 1) { + if (st->comp != NULL) { + if (loc > 0 && (st->comp(&st->data[loc - 1], &st->data[loc]) > 0)) + st->sorted = 0; + if (loc < st->num - 1 + && (st->comp(&st->data[loc + 1], &st->data[loc]) < 0)) + st->sorted = 0; + } else { + st->sorted = 0; + } + } return st->num; } @@ -302,7 +313,7 @@ void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc) return internal_delete(st, loc); } -static int internal_find(OPENSSL_STACK *st, const void *data, +static int internal_find(const OPENSSL_STACK *st, const void *data, int ret_val_options, int *pnum_matched) { const void *r; @@ -367,17 +378,17 @@ static int internal_find(OPENSSL_STACK *st, const void *data, return r == NULL ? -1 : (int)((const void **)r - st->data); } -int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data) +int OPENSSL_sk_find(const OPENSSL_STACK *st, const void *data) { return internal_find(st, data, OSSL_BSEARCH_FIRST_VALUE_ON_MATCH, NULL); } -int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data) +int OPENSSL_sk_find_ex(const OPENSSL_STACK *st, const void *data) { return internal_find(st, data, OSSL_BSEARCH_VALUE_ON_NOMATCH, NULL); } -int OPENSSL_sk_find_all(OPENSSL_STACK *st, const void *data, int *pnum) +int OPENSSL_sk_find_all(const OPENSSL_STACK *st, const void *data, int *pnum) { return internal_find(st, data, OSSL_BSEARCH_FIRST_VALUE_ON_MATCH, pnum); } diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 5d5d64baf2..9d9958e68f 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -92,8 +92,10 @@ __tsan_mutex_post_lock((x), 0, 0) /* * The Non-Stop KLT thread model currently seems broken in its rwlock * implementation + * Likewise is there a problem with the glibc implementation on riscv. */ -# if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_) +# if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_) \ + && !defined(__riscv) # define USE_RWLOCK # endif @@ -309,7 +311,7 @@ static struct rcu_qp *get_hold_current_qp(struct rcu_lock_st *lock) /* if the idx hasn't changed, we're good, else try again */ if (qp_idx == ATOMIC_LOAD_N(uint32_t, &lock->reader_idx, - __ATOMIC_RELAXED)) + __ATOMIC_ACQUIRE)) break; ATOMIC_SUB_FETCH(&lock->qp_group[qp_idx].users, (uint64_t)1, @@ -440,8 +442,12 @@ static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock, uint32_t *curr_id) *curr_id = lock->id_ctr; lock->id_ctr++; + /* + * make the current state of everything visible by this release + * when get_hold_current_qp acquires the next qp + */ ATOMIC_STORE_N(uint32_t, &lock->reader_idx, lock->current_alloc_idx, - __ATOMIC_RELAXED); + __ATOMIC_RELEASE); /* * this should make sure that the new value of reader_idx is visible in diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 05ee7c8c6b..eb2d47955b 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -408,7 +408,6 @@ static int x509_store_add(X509_STORE *store, void *x, int crl) } if (!X509_STORE_lock(store)) { - obj->type = X509_LU_NONE; X509_OBJECT_free(obj); return 0; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1a7b35d066..92f83c9de8 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -408,7 +408,7 @@ static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert) * Likely it would be good if build_chain() sets |check_signing_allowed|. * Yet if |sk| is a list of trusted certs, as with X509_STORE_CTX_set0_trusted_stack(), * better not set |check_signing_allowed|. - * Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatiblity. + * Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatibility. */ static X509 *get0_best_issuer_sk(X509_STORE_CTX *ctx, int check_signing_allowed, int no_dup, STACK_OF(X509) *sk, X509 *x) diff --git a/demos/quic/poll-server/quic-server-ssl-poll-http.c b/demos/quic/poll-server/quic-server-ssl-poll-http.c index 8b7cd68b47..91452ef355 100644 --- a/demos/quic/poll-server/quic-server-ssl-poll-http.c +++ b/demos/quic/poll-server/quic-server-ssl-poll-http.c @@ -75,7 +75,7 @@ * This is a simple non-blocking QUIC HTTP/1.0 server application. * Server accepts QUIC connections. It then accepts bi-directional * stream from client and reads request. By default it sends - * 12345 bytes back as HHTTP/1.0 response to any GET request. + * 12345 bytes back as HTTP/1.0 response to any GET request. * If GET request comes with URL for example as follows: * /foo/bar/file_65535.txt * then the server sends 64kB of data in HTTP/1.0 response. @@ -216,7 +216,7 @@ struct poll_event_connection { * Members in poll manager deserve some explanation: * - pm_head, holds a list of poll_event structures (connections and * streams) - * - pm_event_count number of events to montior in SSL_poll(3ossl) + * - pm_event_count number of events to monitor in SSL_poll(3ossl) * - pm_poll_set array of events to poll on * - pm_poll_set_sz number of slots (space) available in pm_poll_set * - pm_need_rebuild whenever list of events to monitor in a list changes diff --git a/doc/designs/ML-KEM.md b/doc/designs/ML-KEM.md index 267656dfba..b1ca4098e0 100644 --- a/doc/designs/ML-KEM.md +++ b/doc/designs/ML-KEM.md @@ -44,7 +44,7 @@ subsequent computations (encapsulation). Since the private key includes the public key as one of its components, the matrix is also pre-computed and stored with the private key, and then need not be regenerated during decapsulation. -During encapsulation (typically peformed by servers), it is in principle +During encapsulation (typically performed by servers), it is in principle possible to save space and compute the matrix elements *just-in-time*, as each matrix element is used exactly once. This is not currently implemented, and the matrix is pre-computed in full. @@ -90,7 +90,7 @@ Keys can be generated via the usual **EVP_PKEY_generate()** and An explicit seed can be specified by setting the key generation **OSSL_PKEY_PARAM_ML_KEM_SEED** parameter to a 64-byte octet-string -(concatentation of the **d** and **z** values (32-bytes each) in that order). +(concatenation of the **d** and **z** values (32-bytes each) in that order). KEM API ------- diff --git a/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md b/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md index cb4df1a40c..d474c588bd 100644 --- a/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md +++ b/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md @@ -54,7 +54,7 @@ and `EVP_PKEY_verify()` remain supported. Some more recent verification algorithms need to obtain the signature before processing the data. This is particularly important for streaming modes of operation. -This design proposes a mechanism to accomodate these algorithms +This design proposes a mechanism to accommodate these algorithms and modes of operation. New public API - API Reference diff --git a/doc/designs/ml-dsa.md b/doc/designs/ml-dsa.md index 2504b51889..efe8138fc5 100644 --- a/doc/designs/ml-dsa.md +++ b/doc/designs/ml-dsa.md @@ -103,7 +103,7 @@ the API's used should be OpenSSL command line support ---------------------------- -For backwards compatability reasons `EVP_DigestSignInit_ex()`, +For backwards compatibility reasons `EVP_DigestSignInit_ex()`, `EVP_DigestSign()`, `EVP_DigestVerifyInit_ex()` and `EVP_DigestVerify()` may also be used, but the digest passed in `mdname` must be NULL (i.e. it effectively behaves the same as above). diff --git a/doc/designs/quic-design/quic-concurrency.md b/doc/designs/quic-design/quic-concurrency.md index 55af2a94db..1f8e23e336 100644 --- a/doc/designs/quic-design/quic-concurrency.md +++ b/doc/designs/quic-design/quic-concurrency.md @@ -386,7 +386,7 @@ int ossl_cml_write(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle, /* * Returns the number of bytes a receiving pipe currently has waiting to be * read. The returned value may increase over time asynchronously but will only - * decreate in response to an ossl_cml_read call. + * decrease in response to an ossl_cml_read call. */ size_t ossl_cml_read_available(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle); diff --git a/doc/designs/quic-design/server/quic-polling.md b/doc/designs/quic-design/server/quic-polling.md index 68b2c8a89d..cda4ffef5e 100644 --- a/doc/designs/quic-design/server/quic-polling.md +++ b/doc/designs/quic-design/server/quic-polling.md @@ -1072,7 +1072,7 @@ typedef struct ssl_poll_event_st { * this, applications must still ensure no events in an SSL_POLL_EVENT * structure recorded from a previous call to this function are left over, which * may still reference that poll descriptor. Therefore, applications must still - * excercise caution when freeing resources which are registered, or which were + * exercise caution when freeing resources which are registered, or which were * previously registered in a poll group. */ #define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0) @@ -1324,13 +1324,13 @@ void process_event(const SSL_POLL_EVENT *event) for (i = 0; i < nevents; ++i) { process_event(&events[i]); /* do something in application */ - /* We have processed the event so now reenable it. */ + /* We have processed the event so now re-enable it. */ SSL_POLL_CHANGE_chflag(chg++, events[i].desc, events[i].instance, SSL_POLL_EVENT_FLAG_DISABLE, 0); ++nchanges; } - /* Reenable any event we processed and go to sleep again. */ + /* Re-enable any event we processed and go to sleep again. */ if (!SSL_POLL_GROUP_change_poll(pg, changes, nchanges, sizeof(changes[0]), events, OSSL_NELEM(events), sizeof(events[0]), NULL, 0, &nevents)) @@ -1419,7 +1419,7 @@ There are two kinds of polling that occur: Firstly, the `SSL_POLL_METHOD` object is defined abstractly as follows: ```c -/* API (Psuedocode) */ +/* API (Pseudocode) */ #define SSL_POLL_METHOD_CAP_IMMEDIATE (1U << 0) /* supports immediate mode */ #define SSL_POLL_METHOD_CAP_RETAINED (1U << 1) /* supports retained mode */ diff --git a/doc/designs/rfc4514.md b/doc/designs/rfc4514.md index 93b707e2c7..1523480b1e 100644 --- a/doc/designs/rfc4514.md +++ b/doc/designs/rfc4514.md @@ -121,7 +121,7 @@ Only the entries of type "A" (Attribute Type) are potentially relevant. All the *mainstream* attribute types are already listed in `crypto/objects/objects.txt` and should be already supported: -| Atribute Name | OID | Reference | +| Attribute Name | OID | Reference | |---|---|---| | uid | 0.9.2342.19200300.100.1.1 | [RFC4519] | | userId | 0.9.2342.19200300.100.1.1 | [RFC4519] | diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod index 34a5dbdb58..7d65af2af0 100644 --- a/doc/man3/DEFINE_STACK_OF.pod +++ b/doc/man3/DEFINE_STACK_OF.pod @@ -52,9 +52,9 @@ OPENSSL_sk_sort, OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc); int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx); TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); - int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); - int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); - int sk_TYPE_find_all(STACK_OF(TYPE) *sk, TYPE *ptr, int *pnum); + int sk_TYPE_find(const STACK_OF(TYPE) *sk, TYPE *ptr); + int sk_TYPE_find_ex(const STACK_OF(TYPE) *sk, TYPE *ptr); + int sk_TYPE_find_all(const STACK_OF(TYPE) *sk, TYPE *ptr, int *pnum); void sk_TYPE_sort(const STACK_OF(TYPE) *sk); int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); @@ -170,15 +170,14 @@ B_set>() sets element I of I to I replacing the current element. The new element value is returned or NULL if an error occurred: this will only happen if I is NULL or I is out of range. -B_find>() searches I for the element I. In the case -where no comparison function has been specified, the function performs -a linear search for a pointer equal to I. The index of the first -matching element is returned or B<-1> if there is no match. In the case -where a comparison function has been specified, I is sorted and -B_find>() returns the index of a matching element or B<-1> if there -is no match. Note that, in this case the comparison function will usually -compare the values pointed to rather than the pointers themselves and -the order of elements in I can change. +B_find>() searches I for the element I. In the +case where no comparison function has been specified, the function +performs a linear search for a pointer equal to I. In the case +where a comparison function has been specified, the function performs +a search for a element that the comparison function indicates is a +match. If the stack is sorted, a binary search is used, otherwise, a +linear search is used. B_find>() returns the index of a +matching element or B<-1> if there is no match. B_find_ex>() operates like B_find>() except when a comparison function has been specified and no matching element is found. diff --git a/doc/man3/EVP_SKEY.pod b/doc/man3/EVP_SKEY.pod index 2124f4e3dc..9f013cc8c7 100644 --- a/doc/man3/EVP_SKEY.pod +++ b/doc/man3/EVP_SKEY.pod @@ -135,7 +135,7 @@ EVP_SKEY_up_ref() returns 1 for success and 0 on failure. EVP_SKEY_export() and EVP_SKEY_get0_raw_key() return 1 for success and 0 on failure. EVP_SKEY_get0_skeymgmt_name() and EVP_SKEY_get0_provider_name() return the -names of the associated EVP_SKEYMGMT object and its provider correspondigly. +names of the associated EVP_SKEYMGMT object and its provider correspondingly. EVP_SKEY_is_a() returns 1 if I has the key type I, otherwise 0. diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 1c1818a1f0..f90b5d7a9e 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -206,7 +206,7 @@ I. For each capability of that name supported by the provider it will call the callback I and supply a set of Ls describing the capability. It will also pass back the argument I. For more details about capabilities and what they can be used for please see -L. +L. =head1 RETURN VALUES diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index e5dff33dcd..fc30dc0737 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -256,6 +256,13 @@ L The macros and functions described here were added in OpenSSL 3.0, except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num(). +=head1 BUGS + +There was a discrepancy between this manual and commentary + code +in F<< >>, where the latter suggested that the +four least significant bits of B could be +C<0x0f> in released OpenSSL versions. + =head1 COPYRIGHT Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod index 8e65b1f31c..752db3bd4a 100644 --- a/doc/man3/PKCS12_gen_mac.pod +++ b/doc/man3/PKCS12_gen_mac.pod @@ -81,7 +81,7 @@ https://meganorm.ru/mega_doc/norm/prikaz/25/r_1323565_1_041-2022_rekomendatsii_p If this environment variable is set, MAC generation that utilises GOST R 34.11-94 or GOST 34.11-2012 hashing algorithms is performed the usual way and not in accordance with the specification provided in the methodical -recommendation MP 26.2.002-2012 (or in its later versions, standartisation +recommendation MP 26.2.002-2012 (or in its later versions, standardisation recommendation P 50.1.112-2016 or P 1323565.1.041-2022) of Technical Committee 26, that specifies that the key used for MAC generation should be the last 32 bytes of the 96-byte sequence generated diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 09b7280bdd..4a159a68b8 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -37,7 +37,7 @@ SSL_CIPHER_get_protocol_id int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); - uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); + uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); =head1 DESCRIPTION diff --git a/doc/man3/SSL_CTX_set_domain_flags.pod b/doc/man3/SSL_CTX_set_domain_flags.pod index cc9ad59114..6c12642889 100644 --- a/doc/man3/SSL_CTX_set_domain_flags.pod +++ b/doc/man3/SSL_CTX_set_domain_flags.pod @@ -42,7 +42,7 @@ Specifying this flag configures the Single-Threaded Concurrency Model (SCM). =item B -Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless +Specifying this flag configures the Contentive Concurrency Model (CCM) (unless B is also specified). If OpenSSL was built without thread support, this is identical to diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index f7add16d7b..0140deee9a 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -23,9 +23,10 @@ SSL_SESSION_set1_alpn_selected =head1 DESCRIPTION -SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the -client when the session was created if it was accepted by the server. Otherwise -NULL is returned. +SSL_SESSION_get0_hostname() retrieves the Server Name Indication (SNI) value +that was sent by the client when the session was created if the server +acknowledged the client's SNI extension by including an empty SNI extension +in response. Otherwise NULL is returned. The value returned is a pointer to memory maintained within B and should not be free'd. @@ -44,8 +45,7 @@ B. =head1 RETURN VALUES -SSL_SESSION_get0_hostname() returns either a string or NULL based on if there -is the SNI value sent by client. +SSL_SESSION_get0_hostname() returns the SNI string if available, or NULL if not. SSL_SESSION_set1_hostname() returns 1 on success or 0 on error. diff --git a/engines/e_padlock.c b/engines/e_padlock.c index 84d84abebb..5e7fc4df30 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -203,9 +203,9 @@ struct padlock_cipher_data { int rounds:4; int dgst:1; /* n/a in C3 */ int align:1; /* n/a in C3 */ - int ciphr:1; /* n/a in C3 */ + int cipher:1; /* n/a in C3 */ unsigned int keygen:1; - int interm:1; + int intern:1; unsigned int encdec:1; int ksize:2; } b; diff --git a/fuzz/ml-kem.c b/fuzz/ml-kem.c index 0ad1f0fd51..497b2f6425 100644 --- a/fuzz/ml-kem.c +++ b/fuzz/ml-kem.c @@ -640,7 +640,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) return -1; /* * Get the first byte of the buffer to tell us what operation - * to preform + * to perform */ buffer_cursor = consume_uint8t(buf, &len, &operation); if (buffer_cursor == NULL) diff --git a/fuzz/slh-dsa.c b/fuzz/slh-dsa.c index dada29a62d..0f7019bb1f 100644 --- a/fuzz/slh-dsa.c +++ b/fuzz/slh-dsa.c @@ -378,7 +378,7 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1, /* * the context_string parameter can be no more than 255 bytes, so if * our random input buffer is greater than that, we expect failure above, - * which we check for. In that event, theres nothing more we can do here + * which we check for. In that event, there's nothing more we can do here * so bail out */ if (expect_init_rc == 0) @@ -439,7 +439,7 @@ static void slh_dsa_export_import(uint8_t **buf, size_t *len, void *key1, * EVP_PKEY returns: * 1 if the keys are equivalent * 0 if the keys are not equivalent - * -1 if the key types are differnt + * -1 if the key types are different * -2 if the operation is not supported */ OPENSSL_assert(EVP_PKEY_eq(alice, new) == 1); @@ -578,7 +578,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) return -1; /* * Get the first byte of the buffer to tell us what operation - * to preform + * to perform */ buffer_cursor = consume_uint8t(buf, &len, &operation); if (buffer_cursor == NULL) diff --git a/include/crypto/ml_kem.h b/include/crypto/ml_kem.h index 43f6848e42..b7da3979e3 100644 --- a/include/crypto/ml_kem.h +++ b/include/crypto/ml_kem.h @@ -154,7 +154,7 @@ typedef struct { int security_category; } ML_KEM_VINFO; -/* Retrive global variant-specific parameters */ +/* Retrieve global variant-specific parameters */ const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type); /* Known as ML_KEM_KEY via crypto/types.h */ diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index ffbc95a778..55cc814ce9 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -124,10 +124,6 @@ ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx); int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, const X509_ALGOR *sigalg, EVP_PKEY *pkey); -# ifdef FIPS_MODULE -int ossl_rsa_key_pairwise_test(RSA *rsa); -# endif /* FIPS_MODULE */ - # if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]); void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst); diff --git a/include/openssl/opensslv.h.in b/include/openssl/opensslv.h.in index e547281ff5..69b9caacf4 100644 --- a/include/openssl/opensslv.h.in +++ b/include/openssl/opensslv.h.in @@ -89,12 +89,12 @@ extern "C" { # define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}" -/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PP0L */ # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ |(OPENSSL_VERSION_MINOR<<20) \ |(OPENSSL_VERSION_PATCH<<4) \ - |{- @config{prerelease} ? "0x0L" : "0xfL" -} ) + |0x0L ) # ifdef __cplusplus } diff --git a/include/openssl/safestack.h.in b/include/openssl/safestack.h.in index ed1d182741..031029521e 100644 --- a/include/openssl/safestack.h.in +++ b/include/openssl/safestack.h.in @@ -161,17 +161,18 @@ extern "C" { { \ return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ } \ - static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + static ossl_unused ossl_inline int sk_##t1##_find(const STACK_OF(t1) *sk, t2 *ptr) \ { \ - return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + return OPENSSL_sk_find((const OPENSSL_STACK *)sk, (const void *)ptr); \ } \ - static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(const STACK_OF(t1) *sk, t2 *ptr) \ { \ - return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + return OPENSSL_sk_find_ex((const OPENSSL_STACK *)sk, (const void *)ptr); \ } \ - static ossl_unused ossl_inline int sk_##t1##_find_all(STACK_OF(t1) *sk, t2 *ptr, int *pnum) \ + static ossl_unused ossl_inline int sk_##t1##_find_all(const STACK_OF(t1) *sk, t2 *ptr, \ + int *pnum) \ { \ - return OPENSSL_sk_find_all((OPENSSL_STACK *)sk, (const void *)ptr, pnum); \ + return OPENSSL_sk_find_all((const OPENSSL_STACK *)sk, (const void *)ptr, pnum); \ } \ static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ { \ diff --git a/include/openssl/stack.h b/include/openssl/stack.h index 419f56184b..0b2e5c6957 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -45,9 +45,9 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); -int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); -int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); -int OPENSSL_sk_find_all(OPENSSL_STACK *st, const void *data, int *pnum); +int OPENSSL_sk_find(const OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(const OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_all(const OPENSSL_STACK *st, const void *data, int *pnum); int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); void *OPENSSL_sk_shift(OPENSSL_STACK *st); diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index ee15947a3b..e8dbe61c1e 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -1450,6 +1450,18 @@ static const ST_KAT_PARAM rsa_priv_key[] = { ST_KAT_PARAM_END() }; +/*- + * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; + +static const ST_KAT_PARAM rsa_enc_params[] = { + ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), + ST_KAT_PARAM_END() +}; + static const unsigned char rsa_sig_msg[] = "Hello World!"; static const unsigned char rsa_expected_sig[256] = { @@ -3664,3 +3676,33 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = { # endif }; #endif /* !OPENSSL_NO_ML_DSA || !OPENSSL_NO_SLH_DSA */ + +static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { + { + OSSL_SELF_TEST_DESC_ASYM_RSA_ENC, + "RSA", + 1, + rsa_pub_key, + rsa_enc_params, + ITM(rsa_asym_plaintext_encrypt), + ITM(rsa_asym_expected_encrypt), + }, + { + OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, + "RSA", + 0, + rsa_priv_key, + rsa_enc_params, + ITM(rsa_asym_expected_encrypt), + ITM(rsa_asym_plaintext_encrypt), + }, + { + OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, + "RSA", + 0, + rsa_crt_key, + rsa_enc_params, + ITM(rsa_asym_expected_encrypt), + ITM(rsa_asym_plaintext_encrypt), + }, +}; diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 156e7920f8..f1a54c6609 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -858,6 +858,93 @@ err: } #endif +/* + * Test an encrypt or decrypt KAT.. + * + * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt + * and decrypt.. + */ +static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st, + OSSL_LIB_CTX *libctx) +{ + int ret = 0; + OSSL_PARAM *keyparams = NULL, *initparams = NULL; + OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL; + EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL; + EVP_PKEY *key = NULL; + BN_CTX *bnctx = NULL; + unsigned char out[256]; + size_t outlen = sizeof(out); + + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc); + + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; + + /* Load a public or private key from data */ + keybld = OSSL_PARAM_BLD_new(); + if (keybld == NULL + || !add_params(keybld, t->key, bnctx)) + goto err; + keyparams = OSSL_PARAM_BLD_to_param(keybld); + keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL); + if (keyctx == NULL || keyparams == NULL) + goto err; + if (EVP_PKEY_fromdata_init(keyctx) <= 0 + || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0) + goto err; + + /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */ + encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL); + if (encctx == NULL + || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0) + || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0)) + goto err; + + /* Add any additional parameters such as padding */ + if (t->postinit != NULL) { + initbld = OSSL_PARAM_BLD_new(); + if (initbld == NULL) + goto err; + if (!add_params(initbld, t->postinit, bnctx)) + goto err; + initparams = OSSL_PARAM_BLD_to_param(initbld); + if (initparams == NULL) + goto err; + if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0) + goto err; + } + + if (t->encrypt) { + if (EVP_PKEY_encrypt(encctx, out, &outlen, + t->in, t->in_len) <= 0) + goto err; + } else { + if (EVP_PKEY_decrypt(encctx, out, &outlen, + t->in, t->in_len) <= 0) + goto err; + } + /* Check the KAT */ + OSSL_SELF_TEST_oncorrupt_byte(st, out); + if (outlen != t->expected_len + || memcmp(out, t->expected, t->expected_len) != 0) + goto err; + + ret = 1; +err: + BN_CTX_free(bnctx); + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(encctx); + EVP_PKEY_CTX_free(keyctx); + OSSL_PARAM_free(keyparams); + OSSL_PARAM_BLD_free(keybld); + OSSL_PARAM_free(initparams); + OSSL_PARAM_BLD_free(initbld); + OSSL_SELF_TEST_onend(st, ret); + return ret; +} + /* * Test a data driven list of KAT's for digest algorithms. * All tests are run regardless of if they fail or not. @@ -899,6 +986,17 @@ static int self_test_kems(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) return ret; } +static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) +{ + int i, ret = 1; + + for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { + if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) + ret = 0; + } + return ret; +} + static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) { int i, ret = 1; @@ -1151,6 +1249,8 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) ret = 0; if (!self_test_kems(st, libctx)) ret = 0; + if (!self_test_asym_ciphers(st, libctx)) + ret = 0; RAND_set0_private(libctx, saved_rand); return ret; diff --git a/providers/implementations/encode_decode/ml_common_codecs.c b/providers/implementations/encode_decode/ml_common_codecs.c index 6ec6dd25cf..2b0176f2dd 100644 --- a/providers/implementations/encode_decode/ml_common_codecs.c +++ b/providers/implementations/encode_decode/ml_common_codecs.c @@ -57,7 +57,7 @@ ossl_ml_common_pkcs8_fmt_order(const char *algorithm_name, /* * Formats are case-insensitive, separated by spaces, tabs or commas. - * Duplicate formats are allowed, the first occurence determines the order. + * Duplicate formats are allowed, the first occurrence determines the order. */ do { if (*(fmt += strspn(fmt, sep)) == '\0') diff --git a/providers/implementations/encode_decode/ml_dsa_codecs.c b/providers/implementations/encode_decode/ml_dsa_codecs.c index d034befcaa..7850c94e3b 100644 --- a/providers/implementations/encode_decode/ml_dsa_codecs.c +++ b/providers/implementations/encode_decode/ml_dsa_codecs.c @@ -126,7 +126,7 @@ ossl_ml_dsa_d2i_PUBKEY(const uint8_t *pk, int pk_len, int evp_type, if (!ossl_ml_dsa_pk_decode(ret, pk, (size_t) pk_len)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, - "errror parsing %s public key from input SPKI", + "error parsing %s public key from input SPKI", params->alg); ossl_ml_dsa_key_free(ret); return NULL; diff --git a/providers/implementations/encode_decode/ml_kem_codecs.c b/providers/implementations/encode_decode/ml_kem_codecs.c index 53425aa499..bbc52aa10c 100644 --- a/providers/implementations/encode_decode/ml_kem_codecs.c +++ b/providers/implementations/encode_decode/ml_kem_codecs.c @@ -125,7 +125,7 @@ ossl_ml_kem_d2i_PUBKEY(const uint8_t *pubenc, int publen, int evp_type, if (!ossl_ml_kem_parse_public_key(pubenc, (size_t) publen, ret)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, - "errror parsing %s public key from input SPKI", + "error parsing %s public key from input SPKI", v->algorithm_name); ossl_ml_kem_key_free(ret); return NULL; diff --git a/providers/implementations/kdfs/krb5kdf.c.in b/providers/implementations/kdfs/krb5kdf.c.in index 03878b0b3f..029c668fbf 100644 --- a/providers/implementations/kdfs/krb5kdf.c.in +++ b/providers/implementations/kdfs/krb5kdf.c.in @@ -359,7 +359,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, { int klen, ret; - ret = EVP_EncryptInit_ex(ctx, cipher, engine, key, NULL); + ret = EVP_EncryptInit_ex(ctx, cipher, engine, NULL, NULL); if (!ret) goto out; /* set the key len for the odd variable key len cipher */ @@ -371,6 +371,9 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, goto out; } } + ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL); + if (!ret) + goto out; /* we never want padding, either the length requested is a multiple of * the cipher block size or we are passed a cipher that can cope with * partial blocks via techniques like cipher text stealing */ diff --git a/providers/implementations/kem/rsa_kem.c.in b/providers/implementations/kem/rsa_kem.c.in index 1613dd7307..0806cdd43e 100644 --- a/providers/implementations/kem/rsa_kem.c.in +++ b/providers/implementations/kem/rsa_kem.c.in @@ -302,7 +302,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, /* * If outlen is specified, then it must report the length * of the out buffer on input so that we can confirm - * its size is sufficent for encapsulation + * its size is sufficient for encapsulation */ if (outlen != NULL && *outlen < nlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); @@ -334,7 +334,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, /** * rsasve_recover - Recovers a secret value from ciphertext using an RSA * private key. Once, recovered, the secret value is considered to be a - * shared secret. Algorithm is preformed as per + * shared secret. Algorithm is performed as per * NIST SP 800-56B Rev 2 * 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER). * diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c.in b/providers/implementations/keymgmt/ecx_kmgmt.c.in index 1a75cd1c32..cd1a8fa354 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c.in +++ b/providers/implementations/keymgmt/ecx_kmgmt.c.in @@ -229,14 +229,6 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[]) include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_ecx_key_fromdata(key, p.pub, p.priv, include_private); -#ifdef FIPS_MODULE - if (ok > 0 && ecx_key_type_is_ed(key->type) && !ossl_fips_self_testing()) - if (key->haspubkey && key->privkey != NULL) { - ok = ecd_fips140_pairwise_test(key, key->type, 1); - if (ok <= 0) - ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); - } -#endif /* FIPS_MODULE */ return ok; } diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c index efe9ba1d9b..d07940b42c 100644 --- a/providers/implementations/macs/blake2_mac_impl.c +++ b/providers/implementations/macs/blake2_mac_impl.c @@ -146,7 +146,7 @@ static int blake2_mac_final(void *vmacctx, return BLAKE2_FINAL(out, &macctx->ctx); } -/* See blake2.h for parameter defintion */ +/* See blake2.h for parameter definition */ static const OSSL_PARAM *blake2_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { diff --git a/providers/implementations/signature/rsa_sig.c.in b/providers/implementations/signature/rsa_sig.c.in index 90b6f5d154..cb0c736619 100644 --- a/providers/implementations/signature/rsa_sig.c.in +++ b/providers/implementations/signature/rsa_sig.c.in @@ -111,7 +111,7 @@ typedef struct { unsigned int mgf1_md_set : 1; /* * Flags to say what are the possible next external calls in what - * consitutes the life cycle of an algorithm. The relevant calls are: + * constitutes the life cycle of an algorithm. The relevant calls are: * - init * - update * - final diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 47d2b94f92..61e54570b1 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -2478,7 +2478,7 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch, int channel_only) while (PACKET_remaining(&vpkt) > 0) { /* * We only support quic version 1 at the moment, so - * look to see if thats offered + * look to see if that's offered */ if (!PACKET_get_net_4(&vpkt, &supported_ver)) return; diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 09c010ebba..e5f5eea7b4 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -3241,6 +3241,7 @@ int ossl_quic_conn_stream_conclude(SSL *s) QCTX ctx; QUIC_STREAM *qs; int err; + int ret; if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx)) return 0; @@ -3248,13 +3249,15 @@ int ossl_quic_conn_stream_conclude(SSL *s) qs = ctx.xso->stream; if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) { + ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); qctx_unlock(&ctx); - return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); + return ret; } if (!quic_validate_for_write(ctx.xso, &err)) { + ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); qctx_unlock(&ctx); - return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); + return ret; } if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) { diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c index bc41e8284c..7cad535c5c 100644 --- a/ssl/quic/quic_port.c +++ b/ssl/quic/quic_port.c @@ -520,9 +520,9 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx, /* * Creating a a new channel is made a bit tricky here as there is a - * bit of a circular dependency. Initalizing a channel requires that + * bit of a circular dependency. Initializing a channel requires that * the ch->tls and optionally the qlog_title be configured prior to - * initalization, but we need the channel at least partially configured + * initialization, but we need the channel at least partially configured * to create the new handshake layer, so we have to do this in a few steps. */ @@ -1033,7 +1033,7 @@ err: /** * @brief Parses contents of a buffer into a validation token. * - * VALIDATION_TOKEN should already be initalized. Does some basic sanity checks. + * VALIDATION_TOKEN should already be initialized. Does some basic sanity checks. * * @param token Validation token to fill data in. * @param buf Buffer of previously marshaled validation token. @@ -1291,7 +1291,7 @@ static void port_send_version_negotiation(QUIC_PORT *port, BIO_ADDR *peer, } /** - * @brief defintions of token lifetimes + * @brief definitions of token lifetimes * * RETRY tokens are only valid for 10 seconds * NEW_TOKEN tokens have a lifetime of 3600 sec (1 hour) diff --git a/ssl/quic/quic_record_util.c b/ssl/quic/quic_record_util.c index d7c3cece88..c452835a35 100644 --- a/ssl/quic/quic_record_util.c +++ b/ssl/quic/quic_record_util.c @@ -44,7 +44,7 @@ int ossl_quic_hkdf_extract(OSSL_LIB_CTX *libctx, * at least 8 bytes. It means that the length of destination connection ID * may be less than the minimum length for HKDF required by FIPS provider. * - * Therefore, we need to set `key-check` to zero to allow using destionation + * Therefore, we need to set `key-check` to zero to allow using destination * connection ID as IKM. */ *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_KEY_CHECK, &key_check); diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index f69dd0b055..6ee265021c 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1093,9 +1093,12 @@ int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec) return 0; } - if (rl->msg_callback != NULL) - rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &rec->type, - 1, rl->cbarg); + if (rl->msg_callback != NULL) { + unsigned char ctype = (unsigned char)rec->type; + + rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &ctype, + 1, rl->cbarg); + } /* * TLSv1.3 alert and handshake records are required to be non-zero in diff --git a/ssl/rio/rio_notifier.c b/ssl/rio/rio_notifier.c index 6dbb2bdc47..d4d290d658 100644 --- a/ssl/rio/rio_notifier.c +++ b/ssl/rio/rio_notifier.c @@ -83,7 +83,7 @@ static int create_socket(int domain, int socktype, int protocol) /* * Its also possible that someone is building a binary on a newer windows * SDK, but running it on a runtime that doesn't support inheritance - * supression. In that case the above will return INVALID_SOCKET, and + * suppression. In that case the above will return INVALID_SOCKET, and * our response for those older platforms is to try the call again * without the flag */ @@ -142,7 +142,7 @@ static int create_socket(int domain, int socktype, int protocol) * * Win32 does not support socketpair(2), and Win32 pipes are not compatible with * Winsock select(2). This means our only means of making select(2) wakeable is - * to artifically create a loopback TCP connection and send bytes to it. + * to artificially create a loopback TCP connection and send bytes to it. */ int ossl_rio_notifier_init(RIO_NOTIFIER *nfy) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bd97075056..8660824f1d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3962,8 +3962,8 @@ static long check_keylog_bio_free(BIO *b, int oper, const char *argp, /* * Note we _dont_ take the keylog_lock here * This is intentional, because we only free the keylog lock - * During SSL_CTX_free, in which we already posess the lock, so - * Theres no need to grab it again here + * During SSL_CTX_free, in which we already possess the lock, so + * There's no need to grab it again here */ if (oper == BIO_CB_FREE) keylog_bio = NULL; @@ -4319,7 +4319,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, /* Make sure we have a global lock allocated */ if (!RUN_ONCE(&ssl_keylog_once, ssl_keylog_init)) { /* use a trace message as a warning */ - OSSL_TRACE(TLS, "Unable to initalize keylog data\n"); + OSSL_TRACE(TLS, "Unable to initialize keylog data\n"); goto out; } diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index a1ea7ed105..d2b7b171c8 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -1056,10 +1056,13 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr } } - if (!X509_up_ref(x509)) + if (!X509_up_ref(x509)) { + OSSL_STACK_OF_X509_free(dup_chain); goto out; + } if (!EVP_PKEY_up_ref(privatekey)) { + OSSL_STACK_OF_X509_free(dup_chain); X509_free(x509); goto out; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 02955752a7..81c251523b 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -901,7 +901,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, goto end; /* - * We now have the folowing lists available to make a decision for + * We now have the following lists available to make a decision for * which group the server should use for key exchange : * From client: clntgroups[clnt_num_groups], * keyshares_arr[keyshares_cnt], encoded_pubkey_arr[keyshares_cnt] diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a53a8c290f..941455bc8a 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -72,7 +72,7 @@ static int tls1_PRF(SSL_CONNECTION *s, *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, (void *)seed5, (size_t)seed5_len); /* - * If we have a propery query string, the kdf needs to know about it in the event + * If we have a property query string, the kdf needs to know about it in the event * the specific kdf in use allocated a digest as part of its implementation */ if (SSL_CONNECTION_GET_CTX(s)->propq != NULL) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e556bff263..98fe213381 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1583,10 +1583,10 @@ static int tuple_cb(const char *tuple, int len, void *arg) /* * Set groups and prepare generation of keyshares based on a string of groupnames, * names separated by the group or the tuple delimiter, with per-group prefixes to - * (1) add a key share for this group, (2) ignore the group if unkown to the current + * (1) add a key share for this group, (2) ignore the group if unknown to the current * context, (3) delete a previous occurrence of the group in the current tuple. * - * The list parsing is done in two hierachical steps: The top-level step extracts the + * The list parsing is done in two hierarchical steps: The top-level step extracts the * string of a tuple using tuple_cb, while the next lower step uses gid_cb to * parse and process the groups inside a tuple */ @@ -1646,7 +1646,7 @@ int tls1_set_groups_list(SSL_CTX *ctx, } /* - * We check whether a tuple was completly emptied by using "-" prefix + * We check whether a tuple was completely emptied by using "-" prefix * excessively, in which case we remove the tuple */ for (i = j = 0; j < gcb.tplcnt; j++) { @@ -1693,7 +1693,7 @@ int tls1_set_groups_list(SSL_CTX *ctx, /* * tuple_cb and gid_cb combo ensures there are no duplicates or unknown groups so we - * can just go ahead and set the results (after diposing the existing) + * can just go ahead and set the results (after disposing the existing) */ OPENSSL_free(*grpext); *grpext = gcb.gid_arr; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index ed8112a94b..640552c0ba 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -548,8 +548,12 @@ static const ssl_trace_tbl ssl_groups_tbl[] = { {258, "ffdhe4096"}, {259, "ffdhe6144"}, {260, "ffdhe8192"}, + {512, "MLKEM512"}, + {513, "MLKEM768"}, + {514, "MLKEM1024"}, {4587, "SecP256r1MLKEM768"}, {4588, "X25519MLKEM768"}, + {4589, "SecP384r1MLKEM1024"}, {25497, "X25519Kyber768Draft00"}, {25498, "SecP256r1Kyber768Draft00"}, {0xFF01, "arbitrary_explicit_prime_curves"}, @@ -1306,7 +1310,7 @@ static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent, x = NULL; } if (x == NULL) - BIO_puts(bio, "\n"); + BIO_puts(bio, "\n"); else { BIO_puts(bio, "\n------details-----\n"); X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); @@ -1537,7 +1541,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc p = msg; nm = d2i_X509_NAME(NULL, &p, (long)dlen); if (!nm) { - BIO_puts(bio, "\n"); + BIO_puts(bio, "\n"); } else { X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); BIO_puts(bio, "\n"); diff --git a/test/build.info b/test/build.info index 4f70870515..57ee94071a 100644 --- a/test/build.info +++ b/test/build.info @@ -31,7 +31,8 @@ IF[{- !$disabled{tests} -}] testutil/format_output.c testutil/load.c testutil/fake_random.c \ testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \ testutil/options.c testutil/test_options.c testutil/provider.c \ - testutil/apps_shims.c testutil/random.c testutil/helper.c $LIBAPPSSRC + testutil/apps_shims.c testutil/random.c testutil/helper.c \ + testutil/compare.c $LIBAPPSSRC INCLUDE[libtestutil.a]=../include ../apps/include .. DEPEND[libtestutil.a]=../libcrypto diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c index 9948c381e8..26b56831f6 100644 --- a/test/fake_rsaprov.c +++ b/test/fake_rsaprov.c @@ -35,6 +35,8 @@ static int exptypes_selection; static int query_id; static int key_deleted; +unsigned fake_rsa_query_operation_name = 0; + typedef struct { OSSL_LIB_CTX *libctx; } PROV_FAKE_RSA_CTX; @@ -90,7 +92,7 @@ static const char *fake_rsa_keymgmt_query(int id) /* record global for checking */ query_id = id; - return "RSA"; + return fake_rsa_query_operation_name ? NULL: "RSA"; } static int fake_rsa_keymgmt_import(void *keydata, int selection, diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h index cb2e66eb68..b2bc5d9ab5 100644 --- a/test/fake_rsaprov.h +++ b/test/fake_rsaprov.h @@ -14,5 +14,14 @@ /* Fake RSA provider implementation */ OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx); void fake_rsa_finish(OSSL_PROVIDER *p); + OSSL_PARAM *fake_rsa_key_params(int priv); void fake_rsa_restore_store_state(void); + +/* + * When fake_rsa_query_operation_name is set to a non-zero value, + * query_operation_name() will return NULL. + * + * By default, it is 0, in which case query_operation_name() will return "RSA". + */ +extern unsigned fake_rsa_query_operation_name; diff --git a/test/lms_test.c b/test/lms_test.c index 46b4264430..96fff510d4 100644 --- a/test/lms_test.c +++ b/test/lms_test.c @@ -551,6 +551,7 @@ int setup_tests(void) { OPTION_CHOICE o; char *config_file = NULL; + EVP_PKEY_CTX *ctx = NULL; /* Swap the libctx to test non-default context only */ propq = "provider=default"; @@ -571,6 +572,11 @@ int setup_tests(void) if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, NULL)) return 0; + ctx = EVP_PKEY_CTX_new_from_name(libctx, "LMS", propq); + if (ctx == NULL && ERR_get_error() == EVP_R_UNSUPPORTED_ALGORITHM) + return TEST_skip("LMS algorithm is not available in provider"); + EVP_PKEY_CTX_free(ctx); + ADD_TEST(lms_bad_pub_len_test); ADD_TEST(lms_key_validate_test); ADD_TEST(lms_key_eq_test); diff --git a/test/ml_kem_evp_extra_test.c b/test/ml_kem_evp_extra_test.c index bfa52c9af2..b867b14ad1 100644 --- a/test/ml_kem_evp_extra_test.c +++ b/test/ml_kem_evp_extra_test.c @@ -140,9 +140,19 @@ static int test_ml_kem(void) if (!TEST_int_gt(EVP_PKEY_copy_parameters(bkey, akey), 0)) goto err; + /* Bob's empty key is not equal to Alice's */ + if (!TEST_false(EVP_PKEY_eq(akey, bkey)) + || !TEST_false(EVP_PKEY_eq(bkey, akey))) + goto err; + if (!TEST_true(EVP_PKEY_set1_encoded_public_key(bkey, rawpub, publen))) goto err; + /* Bob's copy of Alice's public key makes the two equal */ + if (!TEST_true(EVP_PKEY_eq(akey, bkey)) + || !TEST_true(EVP_PKEY_eq(bkey, akey))) + goto err; + /* Encapsulate Bob's key */ ctx = EVP_PKEY_CTX_new_from_pkey(testctx, bkey, NULL); if (!TEST_ptr(ctx)) diff --git a/test/p_ossltest.c b/test/p_ossltest.c index 19d83f94cd..7dcc9d1f4c 100644 --- a/test/p_ossltest.c +++ b/test/p_ossltest.c @@ -1369,7 +1369,8 @@ static int ossl_test_aes128cbchmacsha1_set_ctx_params(void *vprovctx, const OSSL p = OSSL_PARAM_locate((OSSL_PARAM *)params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); if (p != NULL) { - OSSL_PARAM_get_octet_string_ptr(p, (const void **)&val, &vlen); + if (OSSL_PARAM_get_octet_string_ptr(p, (const void **)&val, &vlen) != 1) + return 0; len = val[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | val[EVP_AEAD_TLS1_AAD_LEN - 1]; ctx->tls_ver = val[EVP_AEAD_TLS1_AAD_LEN - 4] << 8 | val[EVP_AEAD_TLS1_AAD_LEN -3]; @@ -1665,8 +1666,10 @@ static int drbg_ctr_get_ctx_params(void *vdrbg, OSSL_PARAM params[]) { OSSL_PARAM *p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST); - if (p != NULL) - OSSL_PARAM_set_size_t(p, (size_t)(1 << 16)); + if (p != NULL && !OSSL_PARAM_set_size_t(p, (size_t)(1 << 16))) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } return 1; } diff --git a/test/property_test.c b/test/property_test.c index 18f8cc8740..d908d398e5 100644 --- a/test/property_test.c +++ b/test/property_test.c @@ -687,6 +687,22 @@ static int test_property_list_to_string(int i) return ret; } +static int test_property_list_to_string_bounds(void) +{ + OSSL_PROPERTY_LIST *pl = NULL; + char buf[16]; + int ret = 0; + + if (!TEST_ptr(pl = ossl_parse_query(NULL, "provider='$1'", 1))) + goto err; + if (!TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf, 10), 14)) + goto err; + ret = 1; + err: + ossl_property_free(pl); + return ret; +} + int setup_tests(void) { ADD_TEST(test_property_string); @@ -701,5 +717,6 @@ int setup_tests(void) ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); + ADD_TEST(test_property_list_to_string_bounds); return 1; } diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c index 128f2138ff..77c165e590 100644 --- a/test/provider_pkey_test.c +++ b/test/provider_pkey_test.c @@ -239,6 +239,77 @@ end: return ret; } +static int test_pkey_can_sign(void) +{ + OSSL_PROVIDER *fake_rsa = NULL; + EVP_PKEY *pkey_fake = NULL; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM *params = NULL; + int ret = 0; + + if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx))) + return 0; + + /* + * Ensure other tests did not forget to reset fake_rsa_query_operation_name + * to its default value: 0 + */ + if (!TEST_int_eq(fake_rsa_query_operation_name, 0)) + goto end; + + if (!TEST_ptr(params = fake_rsa_key_params(0)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", + "provider=fake-rsa")) + || !TEST_true(EVP_PKEY_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY, + params)) + || !TEST_true(EVP_PKEY_can_sign(pkey_fake)) + || !TEST_ptr(pkey_fake)) + goto end; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(pkey_fake); + pkey_fake = NULL; + OSSL_PARAM_free(params); + params = NULL; + + /* + * Documented behavior for OSSL_FUNC_keymgmt_query_operation_name() + * allows it to return NULL, in which case the fallback should be to use + * EVP_KEYMGMT_get0_name(). That is exactly the thing we are testing here. + */ + fake_rsa_query_operation_name = 1; + + if (!TEST_ptr(params = fake_rsa_key_params(0)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", + "provider=fake-rsa")) + || !TEST_true(EVP_PKEY_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY, + params)) + || !TEST_true(EVP_PKEY_can_sign(pkey_fake)) + || !TEST_ptr(pkey_fake)) + goto end; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(pkey_fake); + pkey_fake = NULL; + OSSL_PARAM_free(params); + params = NULL; + + ret = 1; +end: + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey_fake); + OSSL_PARAM_free(params); + fake_rsa_query_operation_name = 0; + + fake_rsa_finish(fake_rsa); + return ret; +} + static int test_pkey_store(int idx) { OSSL_PROVIDER *deflt = NULL; @@ -719,6 +790,7 @@ int setup_tests(void) ADD_TEST(test_pkey_sig); ADD_TEST(test_alternative_keygen_init); ADD_TEST(test_pkey_eq); + ADD_TEST(test_pkey_can_sign); ADD_ALL_TESTS(test_pkey_store, 2); ADD_TEST(test_pkey_delete); ADD_TEST(test_pkey_store_open_ex); diff --git a/test/quicapitest.c b/test/quicapitest.c index c98764b00f..fa0185c6b8 100644 --- a/test/quicapitest.c +++ b/test/quicapitest.c @@ -429,91 +429,6 @@ static int test_version(void) } #if defined(DO_SSL_TRACE_TEST) -static void strip_line_ends(char *str) -{ - size_t i; - - for (i = strlen(str); - i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r'); - i--); - - str[i] = '\0'; -} - -static int compare_with_file(BIO *membio) -{ - BIO *file = NULL, *newfile = NULL; - char buf1[8192], buf2[8192]; - char *reffile; - int ret = 0; - size_t i; - -#ifdef OPENSSL_NO_ZLIB - reffile = test_mk_file_path(datadir, "ssltraceref.txt"); -#else - reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); -#endif - if (!TEST_ptr(reffile)) - goto err; - - file = BIO_new_file(reffile, "rb"); - if (!TEST_ptr(file)) - goto err; - - newfile = BIO_new_file("ssltraceref-new.txt", "wb"); - if (!TEST_ptr(newfile)) - goto err; - - while (BIO_gets(membio, buf2, sizeof(buf2)) > 0) - if (BIO_puts(newfile, buf2) <= 0) { - TEST_error("Failed writing new file data"); - goto err; - } - - if (!TEST_int_ge(BIO_seek(membio, 0), 0)) - goto err; - - while (BIO_gets(file, buf1, sizeof(buf1)) > 0) { - size_t line_len; - - if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) { - TEST_error("Failed reading mem data"); - goto err; - } - strip_line_ends(buf1); - strip_line_ends(buf2); - line_len = strlen(buf1); - if (line_len > 0 && buf1[line_len - 1] == '?') { - /* Wildcard at the EOL means ignore anything after it */ - if (strlen(buf2) > line_len) - buf2[line_len] = '\0'; - } - if (line_len != strlen(buf2)) { - TEST_error("Actual and ref line data length mismatch"); - TEST_info("%s", buf1); - TEST_info("%s", buf2); - goto err; - } - for (i = 0; i < line_len; i++) { - /* '?' is a wild card character in the reference text */ - if (buf1[i] == '?') - buf2[i] = '?'; - } - if (!TEST_str_eq(buf1, buf2)) - goto err; - } - if (!TEST_true(BIO_eof(file)) - || !TEST_true(BIO_eof(membio))) - goto err; - - ret = 1; - err: - OPENSSL_free(reffile); - BIO_free(file); - BIO_free(newfile); - return ret; -} - /* * Tests that the SSL_trace() msg_callback works as expected with a QUIC * connection. This also provides testing of the msg_callback at the same time. @@ -525,6 +440,7 @@ static int test_ssl_trace(void) QUIC_TSERVER *qtserv = NULL; int testresult = 0; BIO *bio = NULL; + char *reffile = NULL; if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) || !TEST_ptr(bio = BIO_new(BIO_s_mem())) @@ -548,7 +464,13 @@ static int test_ssl_trace(void) if (!TEST_int_gt(BIO_pending(bio), 0)) goto err; } else { - if (!TEST_true(compare_with_file(bio))) + +# ifdef OPENSSL_NO_ZLIB + reffile = test_mk_file_path(datadir, "ssltraceref.txt"); +# else + reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); +# endif + if (!TEST_true(compare_with_reference_file(bio, reffile))) goto err; } @@ -558,6 +480,7 @@ static int test_ssl_trace(void) SSL_free(clientquic); SSL_CTX_free(cctx); BIO_free(bio); + OPENSSL_free(reffile); return testresult; } diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 1f9110ef60..3dcbe67c6d 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -63,7 +63,7 @@ my @commandline = ( 'x942kdf_key_check', 'x942kdf-key-check' ) ); -plan tests => 40 + (scalar @pedantic_okay) + (scalar @pedantic_fail) +plan tests => 41 + (scalar @pedantic_okay) + (scalar @pedantic_fail) + 4 * (scalar @commandline); my $infile = bldtop_file('providers', platform->dso('fips')); @@ -392,6 +392,16 @@ SKIP: { "fipsinstall fails when the ML-KEM decapsulate implicit failure result is corrupted"); } +# corrupt an Asymmetric cipher test +SKIP: { + skip "Skipping Asymmetric RSA corruption test because of no rsa in this build", 1 + if disabled("rsa") || disabled("fips-post"); + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-corrupt_desc', 'RSA_Encrypt', + '-corrupt_type', 'KAT_AsymmetricCipher'])), + "fipsinstall fails when the asymmetric cipher result is corrupted"); +} + # 'local' ensures that this change is only done in this file. local $ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir()); diff --git a/test/recipes/30-test_evp_data/evpkdf_krb5.txt b/test/recipes/30-test_evp_data/evpkdf_krb5.txt index d8f6aa72a1..972897d61f 100644 --- a/test/recipes/30-test_evp_data/evpkdf_krb5.txt +++ b/test/recipes/30-test_evp_data/evpkdf_krb5.txt @@ -129,3 +129,11 @@ Ctrl.cipher = cipher:DES-EDE3-CBC Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 Ctrl.hexconstant = hexconstant:0000000155 Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705 + +#Erroneous key size for the cipher as XTS has double key size +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-256-XTS +Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 +Ctrl.hexconstant = hexconstant:0000000255 +Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA +Result = KDF_DERIVE_ERROR diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt b/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt index 5083cc2bde..f333920c62 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt @@ -186,4 +186,4 @@ Output = 6a7fc08e9999fc9d50cda476e973a01a06efeb52eece1c78cb1422950476cbff67408c6 Availablein = default Sign-Message = RSA-SM3:RSA-2048 Input = "Hello World" -Output = 92657e22036214c343d8e95d129c0c47430d5a1ae452371a7847a963f533f96e018aa6658958e6a584cf0d380aa9435175cf2de3dfa60100aca893b76aa6d8f0cc9154ee982cb5ea8f19153fe8a9c801aa2da8bb4451c7ec6fd836e81ecdacf022b68294db068efa47decf3a7c548ea7088a16433029b8733b9573053b7e7122ea10b662726fc97bd149c663617434a9707b672b024f95865d91077edfb79c8ed4c8528032204c46c984a6c82b17794cbf9c4dfe4c1af1d59535f7755540ff36d6a2b55accbf046896c4aae9287a33f38c2a269a02abdac46c17b1b55ee89cc9eb3011a84916596f982c5375dd2110633be6dc43532919466d83bd0f3e406978 +Output = b74e03c18050807541bde949aa0ac91d43fb9730f0b529d5100d5776f4f446d0ca0f0992359dc5f89386ed45bc3bf52cac1f75fbcc088fc2ea77624fd962569d2d317e90886dec424fb6757c4eba1e881ddf4f7942e8003b54e05cc974558dea171ce23a2fc158f71a5621c9a2c3ce45c9af4c706d3f60efe0c0f087a6ec504f771b08e2a1d78e0316c74706c678869bf121d5da00e2e8c8dc1cd273315b4ad8ab9962c62f81cebc5fb393b7f8860ee68545578413feada82b1c2bbfabfa157e298f0354bffc1cc6aa68f058a5d34b6b70ffacd3532c6b2c6a0de059bf605edf392ac8adbf1769555a0a50b2b13c63cae98a461498fae7f0d1729b710f05f39e diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 650e0d1ffb..9bb5c50c47 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -45,7 +45,10 @@ ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", - "dhparams.pem")])), + "dhparams.pem"), + srctop_dir("test", + "recipes", + "90-test_sslapi_data")])), "running sslapitest"); SKIP: { @@ -62,7 +65,10 @@ SKIP: { srctop_file("test", "recipes", "90-test_sslapi_data", - "dhparams.pem")])), + "dhparams.pem"), + srctop_dir("test", + "recipes", + "90-test_sslapi_data")])), "running sslapitest with default fips config"); run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), @@ -140,7 +146,10 @@ SKIP: { srctop_file("test", "recipes", "90-test_sslapi_data", - "dhparams.pem")])), + "dhparams.pem"), + srctop_dir("test", + "recipes", + "90-test_sslapi_data")])), "running sslapitest with modified fips config"); } diff --git a/test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt b/test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt new file mode 100644 index 0000000000..05aed8299b --- /dev/null +++ b/test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt @@ -0,0 +1,255 @@ +Sent TLS Record +Header: + Version = TLS 1.0 (0x301) + Content Type = Handshake (22) + Length = ? + ClientHello, Length=? + client_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x? + random_bytes (len=28): ? + session_id (len=? + cipher_suites (len=2) + {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_methods (len=1) + No Compression (0x00) + extensions, length = ? + extension_type=ec_point_formats(11), length=4 + uncompressed (0) + ansiX962_compressed_prime (1) + ansiX962_compressed_char2 (2) + extension_type=supported_groups(10), length=20 + MLKEM512 (512) + MLKEM768 (513) + MLKEM1024 (514) + X25519MLKEM768 (4588) + SecP256r1MLKEM768 (4587) + SecP384r1MLKEM1024 (4589) + secp521r1 (P-521) (25) + secp384r1 (P-384) (24) + secp256r1 (P-256) (23) + extension_type=session_ticket(35), length=0 + extension_type=encrypt_then_mac(22), length=0 + extension_type=extended_master_secret(23), length=0 + extension_type=signature_algorithms(13), length=? + mldsa65 (0x0905) + mldsa87 (0x0906) + mldsa44 (0x0904) + ecdsa_secp256r1_sha256 (0x0403) + ecdsa_secp384r1_sha384 (0x0503) + ecdsa_secp521r1_sha512 (0x0603) + ed25519 (0x0807) + ed448 (0x0808) + ecdsa_brainpoolP256r1tls13_sha256 (0x081a) + ecdsa_brainpoolP384r1tls13_sha384 (0x081b) + ecdsa_brainpoolP512r1tls13_sha512 (0x081c) + rsa_pss_pss_sha256 (0x0809) + rsa_pss_pss_sha384 (0x080a) + rsa_pss_pss_sha512 (0x080b) + rsa_pss_rsae_sha256 (0x0804) + rsa_pss_rsae_sha384 (0x0805) + rsa_pss_rsae_sha512 (0x0806) + rsa_pkcs1_sha256 (0x0401) + rsa_pkcs1_sha384 (0x0501) + rsa_pkcs1_sha512 (0x0601) + extension_type=supported_versions(43), length=3 + TLS 1.3 (772) + extension_type=psk_key_exchange_modes(45), length=2 + psk_dhe_ke (1) + extension_type=key_share(51), length=806 + NamedGroup: MLKEM512 (512) + key_exchange: (len=800): ? + extension_type=compress_certificate(27), length=3 + zlib (1) + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = Handshake (22) + Length = 858 + ServerHello, Length=854 + server_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x? + random_bytes (len=28): ? + session_id (len=? + cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_method: No Compression (0x00) + extensions, length = ? + extension_type=supported_versions(43), length=2 + TLS 1.3 (772) + extension_type=key_share(51), length=772 + NamedGroup: MLKEM512 (512) + key_exchange: (len=768): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ChangeCipherSpec (20) + Length = 1 + change_cipher_spec (1) + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 23 + Inner Content Type = Handshake (22) + EncryptedExtensions, Length=2 + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 839 + Inner Content Type = Handshake (22) + Certificate, Length=818 + context (len=0): + certificate_list, length=814 + ASN.1Cert, length=809 +------details----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Root CA + Validity + Not Before: Jan 14 22:29:46 2016 GMT + Not After : Jan 15 22:29:46 2116 GMT + Subject: CN = server.example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d5:5d:60:6a:df:fc:61:ee:48:aa:8c:11:48:43: + a5:6d:b6:52:5d:aa:98:49:b1:61:92:35:b1:fc:3a: + 04:25:0c:6d:79:ff:b4:d5:c9:e9:5c:1c:3b:e0:ab: + b3:b8:7d:a3:de:6d:bd:e0:dd:d7:5a:bf:14:47:11: + 42:5e:a6:82:d0:61:c1:7f:dd:13:46:e6:09:85:07: + 0e:f2:d4:fc:1a:64:d2:0a:ad:20:ab:20:6b:96:f0: + ad:cc:c4:19:53:55:dc:01:1d:a4:b3:ef:8a:b4:49: + 53:5d:8a:05:1c:f1:dc:e1:44:bf:c5:d7:e2:77:19: + 57:5c:97:0b:75:ee:88:43:71:0f:ca:6c:c1:b4:b2: + 50:a7:77:46:6c:58:0f:11:bf:f1:76:24:5a:ae:39: + 42:b7:51:67:29:e1:d0:55:30:6f:17:e4:91:ea:ad: + f8:28:c2:43:6f:a2:64:a9:fb:9d:98:92:62:48:3e: + eb:0d:4f:82:4a:8a:ff:3f:72:ee:96:b5:ae:a1:c1: + 98:ba:ef:7d:90:75:6d:ff:5a:52:9e:ab:f5:c0:7e: + d0:87:43:db:85:07:07:0f:7d:38:7a:fd:d1:d3:ee: + 65:1d:d3:ea:39:6a:87:37:ee:4a:d3:e0:0d:6e:f5: + 70:ac:c2:bd:f1:6e:f3:92:95:5e:a9:f0:a1:65:95: + 93:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C0:E7:84:BF:E8:59:27:33:10:B0:52:4F:51:52:2F:06:D6:C0:7A:CD + X509v3 Authority Key Identifier: + 70:7F:2E:AE:83:68:59:98:04:23:2A:CD:EB:3E:17:CD:24:DD:01:49 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Alternative Name: + DNS:server.example + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7b:d3:04:43:75:8a:0f:11:ae:c4:fb:d7:a1:a2:9e:fe:20:18: + d5:f4:2f:31:88:46:b6:75:8c:ee:e5:9b:97:a6:b9:a3:cd:60: + 9a:46:c3:48:97:e5:97:68:f7:5a:86:35:73:d9:69:9e:f9:5f: + 74:b9:e6:94:13:01:cb:6a:dc:e3:c4:04:e9:65:da:9c:a4:8b: + 28:f3:f9:9a:7f:bf:97:1f:45:92:e5:05:b1:56:e6:0b:f6:47: + de:1e:89:b6:2b:e1:4d:df:4a:7e:01:d3:23:dc:97:8c:47:fe: + 5f:c7:cc:98:46:0e:c4:83:5b:ca:8a:f1:52:09:be:6b:ec:3f: + 09:8b:d0:93:02:bf:e1:51:e7:d1:7e:34:56:19:74:d0:ff:28: + 25:de:b7:9f:56:52:91:7d:20:29:85:0a:80:44:5f:71:32:25: + 71:0f:c2:16:e2:5f:6b:1d:3f:32:5b:0a:3c:74:1c:b9:62:f1: + ed:07:50:a3:6d:b4:b4:31:0a:c0:53:44:6a:3a:88:84:8b:2d: + a9:b0:37:8e:e6:18:36:bd:9a:20:40:0f:01:92:8b:3d:aa:61: + e7:ae:2c:ed:36:cd:3a:07:86:74:3a:29:b3:d7:3a:b4:00:a9: + c2:f5:92:78:0e:e2:0f:a3:fe:bb:be:e0:06:53:84:59:1d:90: + 69:e5:b6:f9 +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= +-----END CERTIFICATE----- +------------------ + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 281 + Inner Content Type = Handshake (22) + CertificateVerify, Length=260 + Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) + Signature (len=256): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 53 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ? + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ChangeCipherSpec (20) + Length = 1 + change_cipher_spec (1) + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 53 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 234 + Inner Content Type = Handshake (22) + NewSessionTicket, Length=213 + ticket_lifetime_hint=7200 + ticket_age_add=? + ticket_nonce (len=8): ? + ticket (len=192): ? + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 234 + Inner Content Type = Handshake (22) + NewSessionTicket, Length=213 + ticket_lifetime_hint=7200 + ticket_age_add=? + ticket_nonce (len=8): ? + ticket (len=192): ? + No extensions + diff --git a/test/recipes/90-test_sslapi_data/ssltraceref.txt b/test/recipes/90-test_sslapi_data/ssltraceref.txt new file mode 100644 index 0000000000..5d332da235 --- /dev/null +++ b/test/recipes/90-test_sslapi_data/ssltraceref.txt @@ -0,0 +1,253 @@ +Sent TLS Record +Header: + Version = TLS 1.0 (0x301) + Content Type = Handshake (22) + Length = ? + ClientHello, Length=? + client_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x? + random_bytes (len=28): ? + session_id (len=? + cipher_suites (len=2) + {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_methods (len=1) + No Compression (0x00) + extensions, length = ? + extension_type=ec_point_formats(11), length=4 + uncompressed (0) + ansiX962_compressed_prime (1) + ansiX962_compressed_char2 (2) + extension_type=supported_groups(10), length=20 + MLKEM512 (512) + MLKEM768 (513) + MLKEM1024 (514) + X25519MLKEM768 (4588) + SecP256r1MLKEM768 (4587) + SecP384r1MLKEM1024 (4589) + secp521r1 (P-521) (25) + secp384r1 (P-384) (24) + secp256r1 (P-256) (23) + extension_type=session_ticket(35), length=0 + extension_type=encrypt_then_mac(22), length=0 + extension_type=extended_master_secret(23), length=0 + extension_type=signature_algorithms(13), length=? + mldsa65 (0x0905) + mldsa87 (0x0906) + mldsa44 (0x0904) + ecdsa_secp256r1_sha256 (0x0403) + ecdsa_secp384r1_sha384 (0x0503) + ecdsa_secp521r1_sha512 (0x0603) + ed25519 (0x0807) + ed448 (0x0808) + ecdsa_brainpoolP256r1tls13_sha256 (0x081a) + ecdsa_brainpoolP384r1tls13_sha384 (0x081b) + ecdsa_brainpoolP512r1tls13_sha512 (0x081c) + rsa_pss_pss_sha256 (0x0809) + rsa_pss_pss_sha384 (0x080a) + rsa_pss_pss_sha512 (0x080b) + rsa_pss_rsae_sha256 (0x0804) + rsa_pss_rsae_sha384 (0x0805) + rsa_pss_rsae_sha512 (0x0806) + rsa_pkcs1_sha256 (0x0401) + rsa_pkcs1_sha384 (0x0501) + rsa_pkcs1_sha512 (0x0601) + extension_type=supported_versions(43), length=3 + TLS 1.3 (772) + extension_type=psk_key_exchange_modes(45), length=2 + psk_dhe_ke (1) + extension_type=key_share(51), length=806 + NamedGroup: MLKEM512 (512) + key_exchange: (len=800): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = Handshake (22) + Length = 858 + ServerHello, Length=854 + server_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x? + random_bytes (len=28): ? + session_id (len=? + cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_method: No Compression (0x00) + extensions, length = ? + extension_type=supported_versions(43), length=2 + TLS 1.3 (772) + extension_type=key_share(51), length=772 + NamedGroup: MLKEM512 (512) + key_exchange: (len=768): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ChangeCipherSpec (20) + Length = 1 + change_cipher_spec (1) + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 23 + Inner Content Type = Handshake (22) + EncryptedExtensions, Length=2 + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 839 + Inner Content Type = Handshake (22) + Certificate, Length=818 + context (len=0): + certificate_list, length=814 + ASN.1Cert, length=809 +------details----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Root CA + Validity + Not Before: Jan 14 22:29:46 2016 GMT + Not After : Jan 15 22:29:46 2116 GMT + Subject: CN = server.example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d5:5d:60:6a:df:fc:61:ee:48:aa:8c:11:48:43: + a5:6d:b6:52:5d:aa:98:49:b1:61:92:35:b1:fc:3a: + 04:25:0c:6d:79:ff:b4:d5:c9:e9:5c:1c:3b:e0:ab: + b3:b8:7d:a3:de:6d:bd:e0:dd:d7:5a:bf:14:47:11: + 42:5e:a6:82:d0:61:c1:7f:dd:13:46:e6:09:85:07: + 0e:f2:d4:fc:1a:64:d2:0a:ad:20:ab:20:6b:96:f0: + ad:cc:c4:19:53:55:dc:01:1d:a4:b3:ef:8a:b4:49: + 53:5d:8a:05:1c:f1:dc:e1:44:bf:c5:d7:e2:77:19: + 57:5c:97:0b:75:ee:88:43:71:0f:ca:6c:c1:b4:b2: + 50:a7:77:46:6c:58:0f:11:bf:f1:76:24:5a:ae:39: + 42:b7:51:67:29:e1:d0:55:30:6f:17:e4:91:ea:ad: + f8:28:c2:43:6f:a2:64:a9:fb:9d:98:92:62:48:3e: + eb:0d:4f:82:4a:8a:ff:3f:72:ee:96:b5:ae:a1:c1: + 98:ba:ef:7d:90:75:6d:ff:5a:52:9e:ab:f5:c0:7e: + d0:87:43:db:85:07:07:0f:7d:38:7a:fd:d1:d3:ee: + 65:1d:d3:ea:39:6a:87:37:ee:4a:d3:e0:0d:6e:f5: + 70:ac:c2:bd:f1:6e:f3:92:95:5e:a9:f0:a1:65:95: + 93:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C0:E7:84:BF:E8:59:27:33:10:B0:52:4F:51:52:2F:06:D6:C0:7A:CD + X509v3 Authority Key Identifier: + 70:7F:2E:AE:83:68:59:98:04:23:2A:CD:EB:3E:17:CD:24:DD:01:49 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Alternative Name: + DNS:server.example + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7b:d3:04:43:75:8a:0f:11:ae:c4:fb:d7:a1:a2:9e:fe:20:18: + d5:f4:2f:31:88:46:b6:75:8c:ee:e5:9b:97:a6:b9:a3:cd:60: + 9a:46:c3:48:97:e5:97:68:f7:5a:86:35:73:d9:69:9e:f9:5f: + 74:b9:e6:94:13:01:cb:6a:dc:e3:c4:04:e9:65:da:9c:a4:8b: + 28:f3:f9:9a:7f:bf:97:1f:45:92:e5:05:b1:56:e6:0b:f6:47: + de:1e:89:b6:2b:e1:4d:df:4a:7e:01:d3:23:dc:97:8c:47:fe: + 5f:c7:cc:98:46:0e:c4:83:5b:ca:8a:f1:52:09:be:6b:ec:3f: + 09:8b:d0:93:02:bf:e1:51:e7:d1:7e:34:56:19:74:d0:ff:28: + 25:de:b7:9f:56:52:91:7d:20:29:85:0a:80:44:5f:71:32:25: + 71:0f:c2:16:e2:5f:6b:1d:3f:32:5b:0a:3c:74:1c:b9:62:f1: + ed:07:50:a3:6d:b4:b4:31:0a:c0:53:44:6a:3a:88:84:8b:2d: + a9:b0:37:8e:e6:18:36:bd:9a:20:40:0f:01:92:8b:3d:aa:61: + e7:ae:2c:ed:36:cd:3a:07:86:74:3a:29:b3:d7:3a:b4:00:a9: + c2:f5:92:78:0e:e2:0f:a3:fe:bb:be:e0:06:53:84:59:1d:90: + 69:e5:b6:f9 +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= +-----END CERTIFICATE----- +------------------ + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 281 + Inner Content Type = Handshake (22) + CertificateVerify, Length=260 + Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) + Signature (len=256): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 53 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ? + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ChangeCipherSpec (20) + Length = 1 + change_cipher_spec (1) + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 53 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 234 + Inner Content Type = Handshake (22) + NewSessionTicket, Length=213 + ticket_lifetime_hint=7200 + ticket_age_add=? + ticket_nonce (len=8): ? + ticket (len=192): ? + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 234 + Inner Content Type = Handshake (22) + NewSessionTicket, Length=213 + ticket_lifetime_hint=7200 + ticket_age_add=? + ticket_nonce (len=8): ? + ticket (len=192): ? + No extensions + diff --git a/test/recipes/95-test_external_oqsprovider.t b/test/recipes/95-test_external_oqsprovider.t index 66b584f384..139fc811be 100644 --- a/test/recipes/95-test_external_oqsprovider.t +++ b/test/recipes/95-test_external_oqsprovider.t @@ -19,10 +19,10 @@ plan skip_all => "oqsprovider tests not available on Windows or VMS" if $^O =~ /^(VMS|MSWin32)$/; plan skip_all => "oqsprovider tests only available in a shared build" if disabled("shared"); -plan skip_all => "oqsprovider tests not supported in out of tree builds" - if bldtop_dir() ne srctop_dir(); plan tests => 1; +$ENV{SHLIB_VERSION_NUMBER} = config('shlib_version'); + ok(run(cmd(["sh", data_file("oqsprovider.sh")])), "running oqsprovider tests"); diff --git a/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh b/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh index 4568309766..31a1e7f9be 100755 --- a/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh +++ b/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh @@ -16,22 +16,28 @@ PWD="$(pwd)" SRCTOP="$(cd $SRCTOP; pwd)" BLDTOP="$(cd $BLDTOP; pwd)" +INSTALLTOP=$BLDTOP/oqs-provider/.local -if [ "$SRCTOP" != "$BLDTOP" ] ; then - echo "Out of tree builds not supported with oqsprovider test!" - exit 1 -fi +# Prepare minimal local OpenSSL "installation" +mkdir -p $INSTALLTOP/bin +mkdir -p $INSTALLTOP/include/openssl +mkdir -p $INSTALLTOP/lib +ln -sf $SRCTOP/include/openssl/*.h $INSTALLTOP/include/openssl/ +ln -sf $BLDTOP/include/openssl/*.h $INSTALLTOP/include/openssl/ +ln -sf $BLDTOP/libcrypto.so.$SHLIB_VERSION_NUMBER $INSTALLTOP/lib/ +ln -sf $BLDTOP/libssl.so.$SHLIB_VERSION_NUMBER $INSTALLTOP/lib/ +ln -sf libcrypto.so.$SHLIB_VERSION_NUMBER $INSTALLTOP/lib/libcrypto.so +ln -sf libssl.so.$SHLIB_VERSION_NUMBER $INSTALLTOP/lib/libssl.so +ln -sf $BLDTOP/apps/openssl $INSTALLTOP/bin/ -O_EXE="$BLDTOP/apps" -O_BINC="$BLDTOP/include" -O_SINC="$SRCTOP/include" -O_LIB="$BLDTOP" +O_EXE="$INSTALLTOP/bin" +O_INC="$INSTALLTOP/include" +O_LIB="$INSTALLTOP/lib" unset OPENSSL_CONF export PATH="$O_EXE:$PATH" export LD_LIBRARY_PATH="$O_LIB:$LD_LIBRARY_PATH" -export OPENSSL_ROOT_DIR="$O_LIB" # Check/Set openssl version OPENSSL_VERSION=`openssl version | cut -f 2 -d ' '` @@ -41,29 +47,30 @@ echo "Testing OpenSSL using oqsprovider:" echo " CWD: $PWD" echo " SRCTOP: $SRCTOP" echo " BLDTOP: $BLDTOP" -echo " OPENSSL_ROOT_DIR: $OPENSSL_ROOT_DIR" +echo " INSTALLTOP: $INSTALLTOP" echo " OpenSSL version: $OPENSSL_VERSION" echo "------------------------------------------------------------------" -if [ ! -d $SRCTOP/oqs-provider/.local ]; then +if [ ! -f $INSTALLTOP/lib/liboqs.a ]; then # this version of oqsprovider dependent on v0.11.0 of liboqs, so set this; # also be sure to use this openssl for liboqs-internal OpenSSL use; # see all libops config options listed at # https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs ( - cd $SRCTOP/oqs-provider \ + cd $SRCTOP/oqs-provider \ + && rm -rf liboqs \ && git clone --depth 1 --branch 0.11.0 https://github.com/open-quantum-safe/liboqs.git \ && cd liboqs \ && mkdir build \ && cd build \ - && cmake -DOPENSSL_ROOT_DIR=$OPENSSL_ROOT_DIR -DCMAKE_INSTALL_PREFIX=$SRCTOP/oqs-provider/.local .. \ + && cmake -DOPENSSL_ROOT_DIR=$INSTALLTOP -DCMAKE_INSTALL_PREFIX=$INSTALLTOP .. \ && make \ && make install ) fi echo " CWD: $PWD" -liboqs_DIR=$SRCTOP/oqs-provider/.local cmake $SRCTOP/oqs-provider -DOPENSSL_ROOT_DIR="$OPENSSL_ROOT_DIR" -B _build && cmake --build _build +liboqs_DIR=$INSTALLTOP cmake $SRCTOP/oqs-provider -DOPENSSL_ROOT_DIR="$INSTALLTOP" -B _build && cmake --build _build export CTEST_OUTPUT_ON_FAILURE=1 export OPENSSL_APP="$O_EXE/openssl" export OPENSSL_MODULES=$PWD/_build/lib diff --git a/test/run_tests.pl b/test/run_tests.pl index 89d7fafb72..7b1c8deecb 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -31,7 +31,41 @@ my $srctop = $ENV{SRCTOP} || $ENV{TOP}; my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; my $recipesdir = catdir($srctop, "test", "recipes"); my $libdir = rel2abs(catdir($srctop, "util", "perl")); -my $jobs = $ENV{HARNESS_JOBS} // 1; + +my $jobs = $ENV{HARNESS_JOBS}; +if (!defined($jobs)) { + my $cpus = $ENV{"NUMBER_OF_PROCESSORS"}; # Windows sets this. + if (!defined($cpus) && $^O =~ /linux/) { + # Perl was built on Linux, so try nproc, which is apparently + # the less worse way if you are restricted in a + # container/cgroup + my $tmp = qx(nproc 2>/dev/null); + if ($? == 0 && $tmp > 0) { + $cpus = $tmp; + } + } + if (!defined($cpus) && -r "/proc/cpuinfo") { + # Smells like Linux or something else attempting bug for bug + # compatibilty with the /proc paradigm. + my $tmp = qx(grep -c ^processor /proc/cpuinfo 2>/dev/null); + if ($? == 0 && $tmp > 0) { + $cpus = $tmp; + } + } + if (!defined($cpus)) { + # OpenBSD, FreeBSD, MacOS + my $tmp = qx(sysctl -n hw.ncpu 2>/dev/null); + if ($? == 0 && $tmp > 0) { + $cpus = $tmp; + } + } + + if (defined($cpus) && $cpus > 0) { + $jobs = $cpus; + } else { + $jobs = 1; + } +} $ENV{OPENSSL_CONF} = rel2abs(catfile($srctop, "apps", "openssl.cnf")); $ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "test")); diff --git a/test/sslapitest.c b/test/sslapitest.c index 673e7969aa..02c78ece8e 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -105,6 +105,7 @@ static char *privkey8192 = NULL; static char *srpvfile = NULL; static char *tmpfilename = NULL; static char *dhfile = NULL; +static char *datadir = NULL; static int is_fips = 0; static int fips_ems_check = 0; @@ -128,6 +129,15 @@ static X509 *ocspcert = NULL; #define CLIENT_VERSION_LEN 2 +/* The ssltrace test assumes some options are switched on/off */ +#if !defined(OPENSSL_NO_SSL_TRACE) \ + && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \ + && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH) \ + && !defined(OPENSSL_NO_ML_DSA) && !defined(OPENSSL_NO_ML_KEM) \ + && !defined(OPENSSL_NO_TLS1_3) +# define DO_SSL_TRACE_TEST +#endif + /* * This structure is used to validate that the correct number of log messages * of various types are emitted when emitting secret logs. @@ -13730,6 +13740,77 @@ static int test_no_renegotiation(int idx) return testresult; } +#if defined(DO_SSL_TRACE_TEST) +/* + * Tests that the SSL_trace() msg_callback works as expected with a PQ Groups. + */ +static int test_ssl_trace(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + BIO *bio = NULL; + char *reffile = NULL; + char *grouplist = "MLKEM512:MLKEM768:MLKEM1024:X25519MLKEM768:SecP256r1MLKEM768" + ":SecP384r1MLKEM1024:secp521r1:secp384r1:secp256r1"; + + if (!fips_provider_version_ge(libctx, 3, 5, 0)) + return TEST_skip("FIPS provider does not support MLKEM algorithms"); + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, TLS1_3_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_ptr(bio = BIO_new(BIO_s_mem())) + || !TEST_true(SSL_CTX_set1_groups_list(sctx, grouplist)) + || !TEST_true(SSL_CTX_set1_groups_list(cctx, grouplist)) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_GCM_SHA256")) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_128_GCM_SHA256")) +# ifdef SSL_OP_LEGACY_EC_POINT_FORMATS + || !TEST_true(SSL_CTX_set_options(cctx, SSL_OP_LEGACY_EC_POINT_FORMATS)) + || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_LEGACY_EC_POINT_FORMATS)) +# endif + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto err; + + SSL_set_msg_callback(clientssl, SSL_trace); + SSL_set_msg_callback_arg(clientssl, bio); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto err; + + /* Skip the comparison of the trace when the fips provider is used. */ + if (is_fips) { + /* Check whether there was something written. */ + if (!TEST_int_gt(BIO_pending(bio), 0)) + goto err; + } else { + +# ifdef OPENSSL_NO_ZLIB + reffile = test_mk_file_path(datadir, "ssltraceref.txt"); +# else + reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); +# endif + if (!TEST_true(compare_with_reference_file(bio, reffile))) + goto err; + } + + testresult = 1; + err: + BIO_free(bio); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + OPENSSL_free(reffile); + + return testresult; +} +#endif + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") int setup_tests(void) @@ -13764,6 +13845,8 @@ int setup_tests(void) || !TEST_ptr(dhfile = test_get_argument(5))) return 0; + datadir = test_get_argument(6); + if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile))) return 0; @@ -14065,6 +14148,10 @@ int setup_tests(void) ADD_TEST(test_quic_tls_early_data); #endif ADD_ALL_TESTS(test_no_renegotiation, 2); +#if defined(DO_SSL_TRACE_TEST) + if (datadir != NULL) + ADD_TEST(test_ssl_trace); +#endif return 1; err: diff --git a/test/stack_test.c b/test/stack_test.c index 5a75d142be..287b099416 100644 --- a/test/stack_test.c +++ b/test/stack_test.c @@ -179,6 +179,30 @@ static int test_int_stack(int reserve) goto end; } + if (!TEST_true(sk_sint_is_sorted(s))) + goto end; + + for (i = 0; i < n_exfinds; i++) { + int loc = sk_sint_find_ex(s, &exfinds[i].value); + int value = *sk_sint_value(s, loc); + + /* inserting in the correct location should preserve is_sorted */ + if (value < exfinds[i].value) + loc++; + sk_sint_insert(s, &exfinds[i].value, loc); + if (!TEST_true(sk_sint_is_sorted(s))) + goto end; + } + + if (!TEST_true(sk_sint_is_sorted(s))) + goto end; + + /* inserting out of order should make the array unsorted again */ + sk_sint_insert(s, v + 6, 0); + + if (!TEST_false(sk_sint_is_sorted(s))) + goto end; + /* shift */ if (!TEST_ptr_eq(sk_sint_shift(s), v + 6)) goto end; @@ -297,6 +321,7 @@ static int test_uchar_stack(int reserve) end: sk_uchar_free(r); sk_uchar_free(s); + sk_uchar_free(q); return testresult; } diff --git a/test/testutil.h b/test/testutil.h index f02dcdfba6..a262d93719 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -652,4 +652,6 @@ X509 *load_cert_der(const unsigned char *bytes, int len); STACK_OF(X509) *load_certs_pem(const char *file); X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx); time_t test_asn1_string_to_time_t(const char *asn1_string); + +int compare_with_reference_file(BIO *membio, const char *reffile); #endif /* OSSL_TESTUTIL_H */ diff --git a/test/testutil/compare.c b/test/testutil/compare.c new file mode 100644 index 0000000000..067fb878b5 --- /dev/null +++ b/test/testutil/compare.c @@ -0,0 +1,88 @@ +/* + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" + +static void strip_line_ends(char *str) +{ + size_t i; + + for (i = strlen(str); + i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r'); + i--); + + str[i] = '\0'; +} + +int compare_with_reference_file(BIO *membio, const char *reffile) +{ + BIO *file = NULL, *newfile = NULL; + char buf1[8192], buf2[8192]; + int ret = 0; + size_t i; + + if (!TEST_ptr(reffile)) + goto err; + + file = BIO_new_file(reffile, "rb"); + if (!TEST_ptr(file)) + goto err; + + newfile = BIO_new_file("ssltraceref-new.txt", "wb"); + if (!TEST_ptr(newfile)) + goto err; + + while (BIO_gets(membio, buf2, sizeof(buf2)) > 0) + if (BIO_puts(newfile, buf2) <= 0) { + TEST_error("Failed writing new file data"); + goto err; + } + + if (!TEST_int_ge(BIO_seek(membio, 0), 0)) + goto err; + + while (BIO_gets(file, buf1, sizeof(buf1)) > 0) { + size_t line_len; + + if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) { + TEST_error("Failed reading mem data"); + goto err; + } + strip_line_ends(buf1); + strip_line_ends(buf2); + line_len = strlen(buf1); + if (line_len > 0 && buf1[line_len - 1] == '?') { + /* Wildcard at the EOL means ignore anything after it */ + if (strlen(buf2) > line_len) + buf2[line_len] = '\0'; + } + if (line_len != strlen(buf2)) { + TEST_error("Actual and ref line data length mismatch"); + TEST_info("%s", buf1); + TEST_info("%s", buf2); + goto err; + } + for (i = 0; i < line_len; i++) { + /* '?' is a wild card character in the reference text */ + if (buf1[i] == '?') + buf2[i] = '?'; + } + if (!TEST_str_eq(buf1, buf2)) + goto err; + } + if (!TEST_true(BIO_eof(file)) + || !TEST_true(BIO_eof(membio))) + goto err; + + ret = 1; + err: + BIO_free(file); + BIO_free(newfile); + return ret; +} diff --git a/test/threadstest.c b/test/threadstest.c index f8969032fe..e85bb8c8ee 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -183,13 +183,16 @@ static void rwreader_fn(int *iterations) CRYPTO_atomic_add(&rwwriter2_done, 0, &lw2, atomiclock); count++; - if (rwwriter_ptr != NULL && old > *rwwriter_ptr) { - TEST_info("rwwriter pointer went backwards\n"); - rw_torture_result = 0; + if (rwwriter_ptr != NULL) { + if (old > *rwwriter_ptr) { + TEST_info("rwwriter pointer went backwards! %d : %d\n", + old, *rwwriter_ptr); + rw_torture_result = 0; + } + old = *rwwriter_ptr; } if (CRYPTO_THREAD_unlock(rwtorturelock) == 0) abort(); - *iterations = count; if (rw_torture_result == 0) { *iterations = count; return; @@ -1361,6 +1364,42 @@ static int test_x509_store(void) return ret; } +/* Test using OBJ_create in multiple threads */ +static void test_obj_create_worker(void) +{ + int i, nid, nid2; + time_t now; + char name[40]; + + for (i = 0; i < 4; i++) { + now = time(NULL); + sprintf(name, "Time in Seconds = %ld", (long) now); + while (now == time(NULL)) + /* no-op */; + nid = OBJ_create(NULL, NULL, name); + nid2 = OBJ_ln2nid(name); + if (nid != NID_undef) { + if (nid2 != nid) { + TEST_info("oops: name='%s' nid=%d nid2=%d", name, nid, nid2); + multi_set_success(0); + break; + } + } else { + if (nid2 == NID_undef) { + TEST_info("oops: name='%s' nid=%d nid2=%d", name, nid, nid2); + multi_set_success(0); + break; + } + } + } +} + +static int test_obj_stress(void) +{ + return thread_run_test(&test_obj_create_worker, MAXIMUM_THREADS, + &test_obj_create_worker, 0, NULL); +} + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, @@ -1450,6 +1489,7 @@ int setup_tests(void) #endif ADD_TEST(test_pem_read); ADD_TEST(test_x509_store); + ADD_TEST(test_obj_stress); return 1; } diff --git a/util/codespell-check.sh b/util/codespell-check.sh new file mode 100755 index 0000000000..657bf8db0d --- /dev/null +++ b/util/codespell-check.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# Run codespell on the OpenSSL tree. +# If you get a false positive here, the usual fix is to +# add it to the end of the -L list of ignored words, below. +# +# Any arguments provided (such as -w) are added to the +# codespell invocation. +# +# You can add this check to your git pre-commit hooks +# with something akin to the following: +# --------8<---------- +#check_codespell_diff() { +# spelling_mistakes="" +# while read -r -d '' path; do +# spelling_mistakes="`util/codespell-check.sh $path`" +# done +# if [ -n "$spelling_mistakes" ]; then +# cat >&2 < "block_padding", 'OSSL_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING' => "hs_padding", -# Symmetric Key parametes +# Symmetric Key parameters 'OSSL_SKEY_PARAM_RAW_BYTES' => "raw-bytes", 'OSSL_SKEY_PARAM_KEY_LENGTH' => "key-length", ); diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index 226a7d44b4..0c2880a7d8 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -124,10 +124,10 @@ sub init my $test_client_port; # Sometimes, our random selection of client ports gets unlucky - # And we randomly select a port thats already in use. This causes + # And we randomly select a port that's already in use. This causes # this test to fail, so lets harden ourselves against that by doing # a test bind to the randomly selected port, and only continue once we - # find a port thats available. + # find a port that's available. my $test_client_addr = $have_IPv6 ? "[::1]" : "127.0.0.1"; my $found_port = 0; for (my $i = 0; $i <= 10; $i++) { @@ -275,6 +275,16 @@ sub start my ($self) = shift; my $pid; + # + # s390x is a somewhat special case here. It uses hw acceleration under + # the covers when computing MACs, and in so doing avoids the use of the + # needed ossltest provider when computing the underlying digest. Since + # TLSProxy needs the ossltest provider to compute reliable known data in + # the digest, we disable MAC hw accleration here to ensure that the provider + # gets used, just as it does with other architectures. + # + $ENV{OPENSSL_s390xcap} = "kmac:~0:~f000"; + # Create the Proxy socket my $proxaddr = $self->{proxy_addr}; $proxaddr =~ s/[\[\]]//g; # Remove [ and ]