291 Commits

Author	SHA1	Message	Date
Pauli	d73d40af37	evp_test: add a new global "Test-Entropy" line to allow deterministic `random` input. ... When specified, this directive replaces the public and private DRBGs with a generator that returns the specified bytes. If more bytes are requested than are specified, the generator loops around the supplied bytes to satisfy the request. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27997)	2025-07-23 18:22:53 +10:00
slontis	e6c8110483	Add LMS evp_test using NIST ACVP test data. ... This covers all LMS algorithm parameter sets. The following changes were done to handle the tests: (1) Changed LMS to use OSSL_PKEY_PARAM_PUB_KEY instead of OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for import/export. (There is no reason to have the encoded form for verify operations). (2) Fixed a bug for W=1 with truncated digests. The checksum was using a value of 8-w, which was off by 1 for this case. A value was added to the ots parameters that represents this value. (3) A check in evp_test for a NID was removed since LMS does not have OIDS (HSS does). (4) the unused PROPERTIES param was removed from the LMS keymanager. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27885)	2025-07-10 19:04:37 +10:00
Tomas Mraz	a3af1c036c	test: Silence warnings on Win64 builds ... Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27806)	2025-07-02 17:26:26 +02:00
JiashengJiang	e8deb32af4	test/evp_test.c: Free fetched_digest on error to avoid memory leak ... Call EVP_MD_free() to release fetched_digest if OPENSSL_zalloc() fails, preventing a memory leak. Fixes: 2208ba56eb ("evp_test: Add the missing check after calling OPENSSL_malloc") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27648)	2025-05-29 16:41:37 +02:00
Pauli	c3215ac573	evp_test: support security-category for public key operations ... Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27571)	2025-05-27 18:01:43 +10:00
cjf7669	67ad6a0898	Fixed chacha20 get updated IV ... Fixes #26998 Addresses an issue where the EVP_CIPHER_CTX_get_updated_iv() function does not properly return the updated IV for the ChaCha20 cipher. chacha20_get_ctx_params was updated to be sensitive to the OSSL_CIPHER_PARAM_UPDATED_IV parameter. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27484)	2025-05-07 11:19:50 +10:00
Tobias Brick	81e8b5a503	Fix use after free bugs for public_keys and private_keys in evp_test ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27421)	2025-05-05 16:03:09 +02:00
Tomas Mraz	6f26301c83	Fix fips provider compatibility regression ... Fixes CI regression from 418609e115. Older versions place an error code to the error queue when retrieving updated IV. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27417)	2025-04-17 15:32:42 +02:00
Nicolas Blais-Miko	418609e115	Test that there is no silent error in EVP_CIPHER_CTX_get_updated_iv in evp_test ... Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27120)	2025-04-16 08:44:12 +01:00
fangming.fang	24f32f14e9	Implement AES-CBC-HMAC-SHA512 on aarch64 ... This is to implement #19932, it adds enc-then-mac aes-cbc-hmac-sha512 on aarch64, aes-cbc and hmac-sha512 are interleaved to achieve better performance.It only supports non-padding mode that means the length of input data should be multiple of 16 bytes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22949)	2025-04-14 14:53:30 +01:00
fangming.fang	86408fa8de	Implement interleaving aes-cbc-hmac-sha on aarch64 ... This is to implement #19932, it adds enc-then-mac aes-cbc-hmac-sha1/256, aes-cbc and hmac-sha1/256 are interleaved to achieve better performance. It only supports non-padding mode that means the length of input data should be multiple of 16 bytes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22949)	2025-04-14 14:53:30 +01:00
openssl-machine	0c679f5566	Copyright year updates ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes	2025-03-12 13:35:59 +00:00
Pauli	8e874d09d8	evp_test: fix untested errant code paths ... Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26946)	2025-03-04 18:53:44 +11:00
Valerii Krygin	f86acc9434	EVP_DecodeUpdate() should not produce padding zeros to the decoded output (Fixes #26677) ... EVP_DecodeUpdate() should not produce zeros for input padding `=` signs to avoid writing to non-allocated memory regions. To achieve this: - Add `eof` parameter to `evp_decodeblock_int` function in `openssl/crypto/evp`. The parameter should either contain the number of the input padding characters to ignore or `-1` if the function has to count them. - Use precalculated `eof` in `EVP_DecodeUpdate` to fix its behaviour. - Use `eof = -1` in `EVP_DecodeFinal` to count it in `evp_decodeblock_int`. - Do not ignore padding in `EVP_DecodeBlock` (`eof = 0`) because it should write padding zeros according to the documentation. - Add the HISTORY section to EVP_EncodeInit documentation to describe the fix. Other changes: - Update AUTHORS.md - Update the copyright date in the documentation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26678)	2025-02-27 17:38:57 +00:00
slontis	20599e480f	ML-DSA Add Wycheproof test vectors. ... Added a python script to convert the json files into evp_test data. Added a EVP_TEST_METHOD "KeyFromData" that can test failures when loading raw keys. (The existing "PrivateKeyRaw" and "PublicKeyRaw" were not fit for this purpose). Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26885)	2025-02-26 12:14:58 +01:00
Pauli	f0417c6ebc	evp_test: add a Verify-Message-Public test type ... This is like Verify-Message but accepts a public key instead of a private one. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/26750)	2025-02-20 11:17:39 +11:00
Pauli	740e43f074	evp_test: add concept of extended tests to evp_test ... These tests are not run by default, instead they run when the EVP_TEST_EXTENDED environment variable has an integer value other than zero. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/26750)	2025-02-20 11:17:39 +11:00
slontis	1f5ac721e3	ML-KEM: Modify existing ML-KEM keygen tests to not use custom data. ... There are general input and output controls that are used instead. Also fix a memory leak in keygen. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26791)	2025-02-19 11:50:56 +01:00
Viktor Dukhovni	869903c07c	Improved import and export ... - On import, if a seed is provided, the keys are regenerated. - The seed is exported as a separate "seed" parameter, when available. The "ml-kem.retain_seed" parameter is also exported, when false. - The seed is optionally dropped after key generation. * When the "ml-kem.retain_seed" keygen parameter is set to zero. * When the "ml-kem.retain_seed" keygen parameter is not set to 1, and the "ml-kem.retain_seed" provider config property is set explictly false. - The exported private key parameter "priv" is always the FIPS 203 |dk|. - Private key decoding from PKCS#8 produces a transient "seed-only" form of the key, in which "retain_seed" is set to false when the "ml-kem.retain_seed" provider config property is set explictly false. The full key is generated during "load" and the seed is retained or not as specified. - Import honours the "ml-kem.retain_seed" parameter when specified, or otherwise honours the provider's "ml-kem.retain_seed" property. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26512)	2025-02-14 10:50:58 +01:00
Viktor Dukhovni	b818a99839	Encoders and Decoders for ML-KEM ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26341)	2025-02-14 10:50:58 +01:00
Pauli	5510d96f82	Clear param array to ensure it's initialised properly ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26339)	2025-02-14 10:50:58 +01:00
Viktor Dukhovni	d2136d9e73	Multi-variant ML-KEM ... This introduces support for ML-KEM-512 and ML-KEM-1024 using the same underlying implementation parameterised by a few macros for the associated types and constants. KAT tests are added for ML-KEM 512 and 1024, to complement the previous tests for ML-KEM-768. MLKEM{512,768,1024} TLS "group" codepoints are updated to match the final IANA assigments and to make the additional KEMs known to the TLS layer. The pure-QC MLKEMs are not in the default list of supported groups, and need to be explicitly enabled by the application. Future work will introduce support for hybrids, and for more fine-grained policy of which keyshares a client should send by default, and when a server should request (HRR) a new mutually-supported group that was not sent. Tests for ML-KEM key exchange added to sslapitest to make sure that our TLS client MLKEM{512,768,1024} implementations interoperate with our TLS server, and that MLKEM* are not negotiated in TLS 1.2. Tests also added to excercise non-derandomised ML-KEM APIs, both directly (bypassing the provider layer), and through the generic EVP KEM API (exercising the provider). These make sure that RNG input is used correctly (KAT tests bypass the RNG by specifying seeds). The API interface to the provider takes an "const ML_KEM_VINFO" pointer, (obtained from ossl_ml_kem_get_vinfo()). This checks input and output buffer sizes before passing control to internal code that assumes correctly sized (for each variant) buffers. The original BoringSSL API was refactored to eliminate the opaque public/private key structure wrappers, since these structures are an internal detail between libcrypto and the provider, they are not part of the public (EVP) API. New "clangover" counter-measures added, refined with much appreciated input from David Benjamin (Chromium). The internal steps of "encrypt_cpa" were reordered to reduce the working-set size of the algorithm, now needs space for just two temporary "vectors" rather than three. The "decap" function now process the decrypted message in one call, rather than three separate calls to scalar_decode_1, scalar_decompress and scalar_add. Some loops were unrolled, improving performance of en/decapsulate (pre-expanded vectors and matrix) by around 5%. To handle, however unlikely, the SHA3 primitives not behaving like "pure" functions and failing, the implementation of `decap` was modifed: - To use the KDF to compute the Fujisaki-Okamoto (FO) failure secret first thing, and if that fails, bail out returning an error, a shared secret is still returned at random from the RNG, but it is OK for the caller to not use it. - If any of the subsequently used hash primitives fail, use the computed FO failure secret (OK, despite no longer constant-time) and return success (otherwise the RNG would replace the result). - We quite reasonably assume that chosen-ciphertext attacks (of the correct length) cannot cause hash functions to fail in a manner the depends on the private key content. Support for ML-KEM-512 required adding a centered binomial distribution helper function to deal with η_1 == 3 in just that variant. Some additional comments were added to highlight how the code relates to the ML-KEM specification in FIPS 203. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26172)	2025-02-14 10:50:57 +01:00
Andrew Dinh	42436eb53e	Add ML-KEM-768 KATs from BoringSSL ... Add KATs for ML-KEM-768 under CCLA from https://boringssl.googlesource.com/boringssl/ These KATs test key generation, encapsulation, and decapsulation for the ML-KEM-768 algorithm. Relevant notes: - Added functionality to the ML-KEM key management to export/import. These may not be fully implemented yet (see openssl/openssl#25885) - Exposed some more low-level ML-KEM API's to the provider implementation to allow for deterministic encapsulation/key generation - Actually run 'mlkem_internal_test' with `make test` Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25938)	2025-02-14 10:50:57 +01:00
slontis	f92855441f	ML-DSA: Add evp_test support for ML-DSA ACVP test vectors. ... The evp_test line buffer was increased to 32K to deal with the large lines required for PQ messages and signatures. The test data files were generated by parsing AVCP test files using a python script. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26451)	2025-02-14 10:46:03 +01:00
Frederik Wedel-Heinen	2457fc4816	Free data if sk_OPENSSL_STRING_push fails. ... Fixes #26203 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26227)	2025-01-08 11:25:30 +01:00
Richard Levitte	bb2be4f066	Refactor OpenSSL 'DSA' EVP_SIGNATURE to also include DSA+hash composites ... (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24992)	2024-08-30 11:54:13 +02:00
slontis	976dd3581a	Update code to use EVP_MD_xof() ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285)	2024-08-29 10:29:53 +02:00
slontis	c37e21763b	Add FIPS indicators to X25519 and X448. ... X25519 and X448 are unapproved in FIPS 140-3 So always trigger the indicator callback if these Keys are used, and add "fips-indicator" getters that return 0. This has been added to keygen and key exchange. (KEM will also require it if ever becomes a FIPS algorithm). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25246)	2024-08-25 10:50:05 +10:00
slontis	f2a5c80ca4	Revert evp_test change that made "FIPSversion" skip the default provider. ... Fixes #25199 This should be done using "Availablein" if required. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25267)	2024-08-23 21:25:41 +02:00
slontis	390f00a1e9	Add HMAC FIPS keysize check. ... HMAC has been changed to use a FIPS indicator for its key check. HKDF and Single Step use a salt rather than a key when using HMAC, so we need a mechanism to bypass this check in HMAC. A seperate 'internal' query table has been added to the FIPS provider for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore the key check. If a KDF requires the key check then it must do the check itself. The normal MAC dipatch table is used if the user fetches HMAC directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049)	2024-08-21 15:34:40 +02:00
Richard Levitte	523187df47	Enable RSA-SM3 in the default provider ... It turns out that we didn't allow the combination RSA + SM3 anywhere. This is perfectly reasonable in the FIPS module, but less so in the default provider. This change enables it in the default provider, and adds a simple evp_test stanza for the RSA-SM3 signature scheme. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)	2024-08-21 08:21:06 +02:00
Richard Levitte	b02cf2fc8f	Add new test types in test/evp_test.c, and a test for RSA sigalgs ... With these tests, we get to test: - EVP_PKEY_sign_init_ex() - EVP_PKEY_verify_init_ex2() - EVP_PKEY_verify_recover_init_ex2() - EVP_PKEY_sign_message_init() and friends - EVP_PKEY_verify_message_init() and friends A few test cases for RSA-{hash} are added, in test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)	2024-08-21 08:21:06 +02:00
slontis	a595d624c8	Change existing evp_test KeyGen Ctrls to use provider algorithm ... parameter names. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25008)	2024-08-15 15:21:14 -04:00
slontis	2a53830958	Update evp_test KeyGen ... The EVP_PKEY_CTX is now created in keygen_test_run(). keygen_test_parse() inserts all values into KEYGEN_TEST_DATA. The 'Ctrl' parameters have been changed to just be settables, rather than using legacy controls. Added EC keygen tests Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25008)	2024-08-15 15:21:14 -04:00
slontis	05681e0e3e	Add FIPS Indicator for ECDH cofactor. ... FIPS KAS requires use of ECC CDH. The EC 'B' and 'K' curves have a cofactor that is not 1, and this MUST be multiplied by the private key when deriving the shared secret. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25139)	2024-08-15 19:48:15 +02:00
pohsingwu	f3c03be3ad	Restrict salt length for RSA-PSS in the FIPS provider ... Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25115)	2024-08-13 09:55:36 +10:00
slontis	f98e49b326	Add FIPS DSA Keygen tests ... Adjust the existing tests to disable DSA keygen in FIPS mode. Allow evp_test to load DSA 'KeyParams' that can then be used to perform a DSA KeyGen. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24978)	2024-08-06 11:01:13 +02:00
slontis	7f8ff7ab14	Fix evp_test HKDF failure in crosstest 3.1.2 FIPS provider with master ... Fixes #25089 The test to check if the FIPS indicator was correct failed in 3.1.2 since EVP_PKEY_CTX_get_params() returns 0 if there is no gettable/getter. The code has been modified to return 1 if there is no gettable. Manually reproduced and tested by copying the 3.1.2 FIPS provider to master. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25093)	2024-08-06 10:17:50 +02:00
pohsingwu	ba977226cf	Add FIPS indicator tests for KDFs ... Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23900)	2024-08-01 16:47:12 +10:00
slontis	07e4d7f474	Add RSA Signature restrictions for X9.31 padding in the FIPS provider. ... In FIPS 140-3, RSA Signing with X9.31 padding is not approved, but verification is allowed for legacy purposes. An indicator has been added for RSA signing with X9.31 padding. A strict restriction on the size of the RSA modulus has been added i.e. It must be 1024 + 256 * s (which is part of the ANSI X9.31 spec). Added implementation comments to the X9.31 padding code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24021)	2024-07-29 10:16:30 +10:00
slontis	bc43158797	Add FIPS indicator support for Triple-DES encryption. ... This leaves 3DES with the FIPS query "FIPS=yes", which allows Triple-DES to be used for Decryption by default. Disallow CMAC using Triple-DES in FIPS. This does not use a FIPS indicator. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24960)	2024-07-26 14:26:49 +10:00
Pauli	4a002f51f0	evp_test: check MAC FIPS approved flag ... Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24917)	2024-07-26 10:08:43 +10:00
slontis	85caa417e0	Disable DSA signing in the FIPS provider. ... This is a FIPS 140-3 requirement. This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0, OR OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK is set to 0 in the dsa signing context. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24799)	2024-07-26 09:24:04 +10:00
Neil Horman	9884568569	Fix coverity-1510058 ... coverity noted a recent change made a call to OSSL_PARAM_get_size_t without checking the return code, as is practice in all other call sites. Just add the check. Fixes openssl/private#551 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24860)	2024-07-15 10:10:00 +10:00
slontis	06da147373	Add FIPS indicators to evp_test ... evp_test code needed to be modified to defer setting algorithm contexts until the run phase. The parse functions also defer setting into the context until the run phase, which allows the context to initialize in a controlled order. This allows params to be passed into the algorithm init function. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)	2024-07-11 08:29:54 +10:00
Rajeev Ranjan	b6a5e80167	Add support for integrity-only cipher suites for TLS v1.3 ... - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC only to tls 1.3 - tls13_enc.c: extend function to add MAC only - ssl_local.h: add ssl_cipher_get_evp_md_mac() - s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS - ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it - tls13secretstest.c: add dummy test function - Configure: add integrity-only-ciphers option - document the new ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22903)	2024-05-14 15:39:15 +02:00
Tomas Mraz	deaa83af70	Fix Coverity issues 1596850, 1596851 and 1596852 ... These are newly introduced memory leaks and UAF in evp_test.c Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24339)	2024-05-08 09:13:56 +10:00
Veronika Hanulíková	fedbfff42d	Add processing by chunks to mac tests ... Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21727)	2024-05-06 08:57:51 +10:00
Veronika Hanulíková	5f4983f99b	Add processing by chunks to encoding tests ... Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21727)	2024-05-06 08:57:51 +10:00
Veronika Hanulíková	1208d526d3	Add processing by chunks to digest, sign, verify tests ... Input value is parsed into chunks, which are separately stored in the buffer stack. When chunk size is set, "Count" and "Copy" parameters are skipped. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21727)	2024-05-06 08:57:51 +10:00