Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)
This required the LMS keymanager to have an export function.
The self test will be provided by HSS, which covers the LMS case.
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)
Created an internal digest table that contains sha256_192.
Also moved the KECCAK_KMAC_128/256 entries to this internal table
since it is only used by KMAC.
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)
This uses OSSL_DECODER_CTX_new_for_pkey().
"XDR" can be specified for the input type, and the key type is "LMS"
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)
This loads a XDR encoded LMS public key.
It adds a simple LMS keymanager to import this key.
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)
This option will be used by the base code for enabling
Leighton-Micali Signatures (LMS)
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)
Fixes#26459
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26464)
- add testcase for central keygen
- add documentation
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25132)
The amplificationlimit interop test is failing currently with our
server.
However, based on the global nightly runs here:
https://github.com/openssl/openssl/actions/runs/12860128783/job/35851614148
it appears to be failing in all test cases.
Some analysis indicates that the client appears to abort operations
early during frame loss in this test.
As such just exclude the combination of this test and client. Re-add it
later if it ever becomes functional
Fixesopenssl/project#1062
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26538)
Fixes#26476
In the file crypto/pem/pem_lib.c the function had a +20 to account for
padding in the data size, however this was recognized to not be up to
standard quality. Instead it has now been updated to use the static
maximum block size and uses that for the calculation as opposed to a +20.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26526)
Fixes#26521
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26523)
This applies to the base, default and FIPS providers, could be added in
principle also to the legacy provider, but there's no compelling reason
to do that at the moment.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26530)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26520)
Variables tntmp and tnst are declared in the same declaration and thus
share storage class specifiers (static). This is unfortunate as tntmp is
used during iteration through tnst array and shouldn't be static.
In particular this leads to two problems that may arise when multiple
threads are executing asn1_str2tag() concurrently:
1. asn1_str2tag() might return value that doesn't correspond to tagstr
parameter. This can happen if other thread modifies tntmp to point to
a different tnst element right after a successful name check in the
if statement.
2. asn1_str2tag() might perform an out-of-bounds read of tnst array.
This can happen when multiple threads all first execute tntmp = tnst;
line and then start executing the loop. If that case those threads
can end up incrementing tntmp past the end of tnst array.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26504)
Use mac_gen_cleanup() instead of just freeing the gctx.
Fixes Coverity 1638702
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26500)
Otherwise doublefree happens with further usage.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26488)
It took a parameter 'evp_type', which isn't used. The comment describing
it mentions a future refactoring, but it appears that this has already
happened.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26360)
Increase the timeout for DTLS tests to 10 seconds.
But do that only for DTLS as this would waste time
for other tests, most of the TLS tests do not need
this at all.
Fixes#26491
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26502)
ppc64le occasionally still fails the threadstest on __rcu_torture
From several days of debugging, I think I've landed on the problem.
Occasionally, under high load I observe the following pattern
CPU0 CPU1
update_qp get_hold_current_qp
atomic_and_fetch(qp->users, ID_MASK, RELEASE)
atomic_add_fetch(qp->users, 1, RELEASE
atomic_or_fetch(qp->users, ID_VAL++, RELEASE)
When this pattern occurs, the atomic or operation fails to see the published
value of CPU1 and when the or-ed value is written back to ram, the incremented
value in get_hold_current_qp is overwritten, meaning the hold that the reader
placed on the rcu lock is lost, allowing the writer to complete early, freeing
memory before a reader is done reading any held memory.
Why this is only observed on ppc64le I'm not sure, but it seems like a pretty
clear problem.
fix it by implementing ATOMIC_COMPARE_EXCHANGE_N, so that, on the write side in
update_qp, we can ensure that updates are only done if the read side hasn't
changed anything. If it has, retry the operation.
With this fix, I'm able to run the threads test overnight (4000 iterations and
counting) without failure.
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26478)
This adds missing GMT indication when printing the local time as
it is converted to the UTC timezone before printing.
Also fixing the fractional seconds printing on EBCDIC platforms.
Fixes#26313
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26344)
Currently direct call to ossl_ec_check_security_strength is used,
instead of ossl_fips_ind_ec_key_check() like in all other places.
Make keymgmt do the same check as ecdh_exch and ecdsa_sig do.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25748)
When `-naccept` is passed (i.e with `s_server`), the listening socket remains open while handling
client, even after `naccept` is supposed to reach `0`.
This is caused to to the decrementation of `naccept` and closing of the socket
happening a little too late in the `do_server` function.
Signed-off-by: Nadav Tasher <tashernadav@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26228)
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26455)
Commit 1d1ca79fe3 introduced
save and restore for the registers, saving them as
stp d8,d9,[sp, #16]
stp d10,d11,[sp, #32]
stp d12,d13,[sp, #48]
stp d14,d15,[sp, #64]
But the restore code was inadvertently typoed:
ldp d8,d9,[sp, #16]
ldp d10,d11,[sp, #32]
ldp d12,d13,[sp, #48]
ldp d15,d16,[sp, #64]
Restoring [sp, #64] into d15,d16 instead of d14,d15.
Fixes: #26466
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26469)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26462)
When a requested parameter has a non-NULL result pointer,
and the error isn't simply that the result buffer is too
small, don't return a non-zero result size.
Returning a non-zero result size that isn't larger than the
user's provided space is an indication that a result of
that size was actually written, inviting trouble if the
error indication was inadvertenly lost.
Also, in such cases (wrong type, data can't be converted to the
requested type when otherwise supported, ...) there is nothing useful to
be done with the return size value, it can't help to address the
problem.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26436)
Pauli
slontis
Michael Baentsch
Dmitry Belyavskiy
Rajeev Ranjan
Frederik Wedel-Heinen
Viktor Dukhovni
Neil Horman
Sean Kannanaikal
Mae
Tomas Mraz
Dmitry Misharov
Stas Cymbalov
Alexander Heinlein
Richard Levitte
Bernd Edlinger
Alex Prabhat Bara
Kelvin Lee
Jiasheng Jiang
Dimitri John Ledkov
Nadav Tasher
Alexey Moksyakov
Julian Andres Klode