In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states
that an iter value less than 1 is treated as a single iteration. Upon further
investigation in providers/implementations/kdfs/pbkdf2.c, it appears that
invalid iter values will result in failure and raise the
PROV_R_INVALID_ITERATION_COUNT error. This commit corrects the documentation
to accurately reflect the behavior in OpenSSL 3.x.
Closes openssl#22168
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22252)
With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD
function "priv_print", effectively asking the backend to print whatever it
regards as private key components.
In all backends that were built into libcrypto, this function printed what
was included in the private key structure, which usually includes the
public key components as well.
With OpenSSL 3.0, some of the corresponding key2text encoders got a
slightly different behavior, where the presence of the selector
OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector
OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be
regarded as private key components printed. This isn't entirely consistent,
though, as the RSA key2text encoder will still print the public key
components regardless.
To compensate for the changed backend behavior, EVP_PKEY_print_private()
was made to ask the encoder to print the keypair rather than just the
private key, thereby moving the backend semantics to the application API.
Unfortunately, this causes confusion for providers where the key2text
encoder really should print the private key only.
This change restores the built-in 1.1.1 backend behavior in the encoders
that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its
documented behavior, leaving it to the backend to decide what it regards as
"private key components".
Fixes#22233
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22237)
Rename `DSA_generate_prime[_ex]` to `DSA_generate_parameters[_ex]`,
fixing a copy&paste error from the `BN_generate_prime[_ex]` paragraph
in commit b3696a55a5.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22242)
If either endpoint issues a PING frame while we are introducing noise
into the communication then there is a danger that the connection itself
will fail. We detect the PING and then back off on generating noise for a
short while. It should be sufficient to just ensure that the next datagram
does not get dropped for each endpoint.
Fixes#22199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22243)
Include the necessary header file openssl/pem.h in the
documentation to ensure that all functions related to
d2i_PKCS8PrivateKey are correctly defined.
Closes openssl#22188
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22253)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22238)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22247)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22247)
To improve Coverage mapping in Coveralls make it
possible to run test_ssl_trace() with enable-zlib
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22222)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22232)
Script 13 is a stress test which can timeout on some low powered platforms
or with some options that significantly slow performance.
We increase the timeout.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22214)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22212)
The info callback is not prototyped correctly, and the code
example fails to compile because of const-incorrectness.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22224)
Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22147)
Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22147)
Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22147)
The body of the "md-nits" Makefile target assumed an in source build tree.
This change ensures that it works correctly when called from an out-of-source
build tree as well.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22240)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22240)
Remove the call to rand() and replace with an xor-shift RNG.
There are no security implications to worry about here. This RNG is
used during testing only.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22211)
Ensure we use OPENSSL_NO_SSL_TRACE guards where appropriate.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22193)
Fixes: #22178
Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22179)
We were neglecting to register the main thread to receive thread stop
notifications. This is important if the thread that starts the FIPS
provider is not the same one that is used when OPENSSL_cleanup() is
called.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Until the cipher dupctx is properly implemented in 3.1 and 3.0 the check is
wrong. This should be reverted once the implemenation has been done.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Rather than instantiate the private and primary DRBGs during the
selftest, instead use a test RNG. This leaves the DRBG setup
pristine and permits later replacement of the seed source despite
the very early running power up self tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Add a warning note to the provider cross version checks indicating that a
pull request branch will not be used if execution is set to on pull request.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21342)
We also add a test for BIO_ADDR_dup() which was also added in 3.2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22164)
We now have a public function for BIO_ADDR_copy() which can be used in
preference to the test code's private implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22164)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22164)
Sumitra Sharma
Richard Levitte
Dmitry Belyavskiy
Frederik Wedel-Heinen
Matthias St. Pierre
Matt Caswell
Tomas Mraz
Dmitry Misharov
dependabot[bot]
Danny Tsen
Mathieu Tortuyaux
Pauli
Randall S. Becker
Jonathan M. Wilbur