3943 Commits

Author	SHA1	Message	Date
openssl-machine	b426d08003	Copyright year updates ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes	2025-07-01 11:55:48 +00:00
Richard Levitte	d334c8053e	Nit: macro parameters should always be parenthesised in expressions ... Affected macros: ossl_likely and ossl_unlikely Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27862) (cherry picked from commit cdd01b5e07)	2025-06-21 18:24:58 -04:00
Neil Horman	a4acf026ec	Remove _strlen31 ... This function is old and fairly broken. Code archeology in our git tree hasn't revealed why it was creted (though it may have possibly been to support older win32 systems that couldn't do 64 bit integers properly, like windows 95/98). There seems to be no good reason to keep it around, and given that it has potentially serious side effects, lets just remove it. Fixes #27761 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27763) (cherry picked from commit b0d363a2cb)	2025-06-06 10:08:13 +02:00
Jai S	f42a2f251d	Use value barrier for constant_time_cond_swap_* ... Resolves #27497 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27581) (cherry picked from commit 8a9e0d0f49)	2025-06-03 14:25:30 +02:00
Dr. David von Oheimb	0080dd66e0	Fix SSL_{set1,add1}_host() handling of host name/IP address and related documentation ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27457) (cherry picked from commit 1eee02d3e7)	2025-05-06 15:11:56 +02:00
sashan	eb341e46c6	ossl_json_f64() seems to be unused, remove it to avoid libm dependency ... Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27434) (cherry picked from commit 0e41862899)	2025-04-29 19:40:06 +02:00
openssl-machine	5f8049f2c5	Copyright year updates ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes	2025-02-11 14:27:50 +00:00
Tomas Mraz	77c608f4c8	Fix timing side-channel in ECDSA signature computation ... There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. Attacks on ECDSA nonce are also known as Minerva attack. Fixes CVE-2024-13176 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26429) (cherry picked from commit 63c40a66c5)	2025-01-20 09:31:10 +01:00
Jakub Zelenka	1eeae7f197	Fix CMS encryption with key agreement when originator set ... OpenSSL currently does not support encryption with originator flag so it should fail nicely instead of segfaulting. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26014) (cherry picked from commit 894e69e747)	2025-01-06 11:45:35 +01:00
Kalavakolanu, Hema Anmisha	49bb611d2d	safe_math.h: Check if __GNUC__ is defined ... REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4880 Facing the below issue after openssl is upgraded Edk2\CryptoPkg\Library\OpensslLib\openssl\include\internal/safe_math.h(19): warning C4668: '__GNUC__' is not defined as a preprocessor macro, replacing with '0' for '#if/#elif' CLA: trivial Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Kalavakolanu Hema Anmisha <hema.anmisha.kalavakolanu@intel.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26204) (cherry picked from commit 53b34561b5)	2024-12-19 17:46:55 +01:00
Neil Horman	7b07bc4c99	Fix potential use-after-free in REF_PRINT_COUNT ... We use REF_PRINT_COUNT to dump out the value of various reference counters in our code However, we commonly use this macro after an increment or decrement. On increment its fine, but on decrement its not, because the macro dereferences the object holding the counter value, which may be freed by another thread, as we've given up our ref count to it prior to using the macro. The rule is that we can't reference memory for an object once we've released our reference, so lets fix this by altering REF_PRINT_COUNT to accept the value returned by CRYPTO_[UP|DOWN]_REF instead. The eliminates the need to dereference the memory the object points to an allows us to use the call after we release our reference count Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25664) (cherry picked from commit dc10ffc283)	2024-12-10 14:58:51 +01:00
Tomas Mraz	4824e049c7	Fix memory ordering guarantees and TSAN errors ... If we had refcounted object allowing lockless writes the relaxed semantics on DOWN_REF would allow scheduling these writes after simultaneous release of the object by another thread. We do not have any such objects yet, but better to make the refcount correct just in case we will have them in future. TSAN doesn't properly understand this so we use even stronger acq_rel semantics if building with TSAN. Fixes #25660 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25664) (cherry picked from commit 3bf273b21b)	2024-12-10 14:58:50 +01:00
Dr. David von Oheimb	3730c949aa	Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0 ... Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25631) (cherry picked from commit 577ec498bd)	2024-11-13 17:20:26 +01:00
Matt Caswell	8619ad1a1b	Fix builds on riscv64 using musl ... Some environments using musl are reported to have the hwprobe.h include file but not have the __NR_riscv_hwprobe define. Fixes #25772 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/25787) (cherry picked from commit 27fa9d33e1)	2024-10-28 15:47:00 -04:00
Richard Levitte	5b1909d1d0	Add 'openssl info' item for the Windows install context ... This information is already present as an 'openssl version' item. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25694) (cherry picked from commit 5f3fefe2f3)	2024-10-16 19:30:09 +02:00
Dmitry Belyavskiy	e9d5ed8f3d	Increase limit for CRL download ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25608) (cherry picked from commit cdbe47bf3c)	2024-10-08 16:00:03 +02:00
Tomas Mraz	544e561969	Copyright year updates ... Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes	2024-10-07 15:13:27 +02:00
Pauli	ec4a2fffa5	fips: continuous random bit generator tests ... For FIPS 140-3 the continuous tests specified in SP 800-90B need to be included on the output of any entropy source. They are implemented here as a replacement for the primary DRBG in the FIPS provider. This results in a setup that looks like this: +-------------+ | | | Seed Source | | | +------+------+ | | v +-------------+ | | | CRNG Test | | | ++----------+-+ | | | | v v +--------------+ +--------------+ | | | | | Public DRBG | | Private DRBG | | | | | +--------------+ +--------------+ An additional benefit, that of avoiding DRBG chains, is also gained. The current standards do not permit the output of one DRBG to be used as the input for a second (i.e. a chain). This also leaves open the future possibility of incorporating a seed source inside the FIPS boundary. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25526)	2024-09-30 10:43:04 +02:00
Pauli	4f27f1a54a	Add failed entropy continuous test error ... Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25526)	2024-09-30 10:43:04 +02:00
Neil Horman	009b2e2a4c	Rename list macros ... The quic implementation defined a set of LIST_* macros for list manipulation, which conflicts with the generally support BSD api found in the queue.h system header. While this isn't normally a problem, A report arrived indicating that MacOSX appears to implicitly include queue.h from another system header which causes definition conflicts. As the openssl macros are internal only, it seems the most sensible thing to do is place them in a well known namespace for our library to avoid the conflict, so add an OSSL_ prefix to all our macros Fixes #25516 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/25519) (cherry picked from commit c4ec708bd5)	2024-09-26 10:02:48 +02:00
Tomas Mraz	7ed6de997f	Copyright year updates ... Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes	2024-09-05 09:35:49 +02:00
Richard Levitte	6696682774	Add ED25519 and ED448 support for EVP_PKEY_{sign,verify}_init_ex2() ... In this mode, only the ph instances are supported, and must be set explicitly through a parameter. The caller is assumed to pass a prehash to EVP_PKEY_{sign,verify}(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24975)	2024-08-29 19:13:07 +02:00
Richard Levitte	1751334f59	Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions ... Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448 implementations, including ph and ctx variants. Tests are added with test_evp stanzas. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24975)	2024-08-29 19:13:06 +02:00
slontis	c48e56874c	XOF / EVP_MD_size() changes. ... Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and does a ctx get rather than just returning EVP_MD_size(). SHAKE did not have a get_ctx_params() so that had to be added to return the xoflen. Added a helper function EVP_MD_xof() EVP_MD_CTX_size() was just an aliased macro for EVP_MD_size(), so to keep it the same I added an extra function. EVP_MD_size() always returns 0 for SHAKE now, since it caches the value of md_size at the time of an EVP_MD_fetch(). This is probably better than returning the incorrect initial value it was before e.g (16 for SHAKE128) and returning tht always instead of the set xoflen. Note BLAKE2B uses "size" instead of "xoflen" to do a similar thing. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285)	2024-08-29 10:29:53 +02:00
sashan	6dacee485f	RSA decoder should check also sanity of p, q, e, d ... with respect to n ... This issue has been discovered by osss-fuzzer [1]. The test function decodes RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long exceeding timeout (45secs). The idea is to fix OSSL_DECODER_from_data() code path so invalid RSA keys will be refused. [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134 Test case generated by the fuzzer is added. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25190)	2024-08-28 16:50:46 +02:00
slontis	f6a296c386	Cleanups for FIPS options.. ... The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related headers have moved to providers/fips/include so that they can use fips_indicator_params.inc. securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes fipscommon.h. fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used. fips_names.h just uses aliases now for existing public names. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25162)	2024-08-28 14:46:16 +02:00
Richard Levitte	033dcce2ba	feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor() ... This should be sufficient to cover the intent with the following legacy ctrls: - EVP_PKEY_CTRL_PKCS7_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_SIGN (through EVP_SIGNATURE implementations) - EVP_PKEY_CTRL_CMS_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_SIGN (through EVP_SIGNATURE implementations) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000)	2024-08-27 13:56:28 +02:00
Richard Levitte	258aaa97b8	feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor() ... EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can be used instead of EVP_CIPHER_asn1_to_param() and EVP_CIPHER_param_to_asn1(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000)	2024-08-27 13:56:28 +02:00
Jonathan M. Wilbur	91432b9ea0	fix: alias auditEntity OID ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24754)	2024-08-26 10:38:44 +01:00
Jonathan M. Wilbur	9216859f7b	feat: support auditIdentity X.509v3 extension ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24754)	2024-08-26 10:38:44 +01:00
Jonathan M. Wilbur	bce3a8d57e	fix: wrong name for OID -> auditIdentity ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24754)	2024-08-26 10:25:23 +01:00
slontis	bb1aab38a6	FIPS: Add EDDSA public key validation. ... EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to determine if the public key is a valid point on the curve. The FIPS ACVP tests require public key validation tests. See https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/EDDSA-KeyVer-1.0/internalProjection.json Note that this is NOT required to be called before EDDSA signature verification since it is done internally. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25265)	2024-08-23 21:23:53 +02:00
Joachim Vandersmissen	6c39d21a48	Replace PKCS#1 v1.5 padding in RSA PCT ... After December 31, 2023, SP 800-131Ar2 [0] no longer allows PKCS#1 v1.5 padding for RSA "key-transport" (aka encryption and decryption). There's a few good options to replace this usage in the RSA PCT, but the simplest is verifying m = (m^e)^d mod n, (where 1 < m < (n − 1)). This is specified in SP 800-56Br2 (Section 6.4.1.1) [1] and allowed by FIPS 140-3 IG 10.3.A. In OpenSSL, this corresponds to RSA_NO_PADDING. [0]: https://doi.org/10.6028/NIST.SP.800-131Ar2 [1]: https://doi.org/10.6028/NIST.SP.800-56Br2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23832)	2024-08-22 07:24:29 +10:00
slontis	ea396c7024	Add FIPS KMAC key check ... This adds a FIPS indicator for KMAC key size. Note that 112 bits keys are still smaller than the sizes required to reach 128 bits for KMAC128 and 256 bits for KMAC256 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049)	2024-08-21 15:34:58 +02:00
slontis	390f00a1e9	Add HMAC FIPS keysize check. ... HMAC has been changed to use a FIPS indicator for its key check. HKDF and Single Step use a salt rather than a key when using HMAC, so we need a mechanism to bypass this check in HMAC. A seperate 'internal' query table has been added to the FIPS provider for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore the key check. If a KDF requires the key check then it must do the check itself. The normal MAC dipatch table is used if the user fetches HMAC directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049)	2024-08-21 15:34:40 +02:00
Tomas Mraz	4cad608509	Use the new hashtable for core_namemap ... This replaces LHASH in core_namemap with the new hashtable and adds a reverse mapping in form of stack of stacks instead of iterating the existing hash table members. The new hashtable is used in lockless-read mode. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24504)	2024-08-21 15:21:26 +02:00
Tomas Mraz	71fe7f0983	hashtable: Support lockless reads ... Also build it in the FIPS provider too and properly report error on insert when hashtable cannot be grown. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24504)	2024-08-21 15:21:25 +02:00
Neil Horman	435531ec24	alternate collision checking support ... Add full key matching to hashtable the idea is that on a hash value match we do a full memory comparison of the unhashed key to validate that its actually the key we're looking for Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24504)	2024-08-21 15:21:25 +02:00
Richard Levitte	572a8371ab	Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites ... (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)	2024-08-21 08:21:06 +02:00
Richard Levitte	e675aabb87	Implement functionality for direct use of composite signature algorithms ... The following API groups are extended with a new init function, as well as an update and final function, to allow the use of explicitly fetched signature implementations for any composite signature algorithm, like "sha1WithRSAEncryption": - EVP_PKEY_sign - EVP_PKEY_verify - EVP_PKEY_verify_recover To support this, providers are required to add a few new functions, not the least one that declares what key types an signature implementation supports. While at this, the validity check in evp_signature_from_algorithm() is also refactored; the SIGNATURE provider functionality is too complex for counters. It's better, or at least more readable, to check function combinations. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)	2024-08-21 08:21:06 +02:00
Pauli	c14003578a	Revert "fipsinstall: add ed_no_verify_digested option" ... This reverts commit 70b6d57fd9. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25192)	2024-08-16 11:34:24 +10:00
slontis	05681e0e3e	Add FIPS Indicator for ECDH cofactor. ... FIPS KAS requires use of ECC CDH. The EC 'B' and 'K' curves have a cofactor that is not 1, and this MUST be multiplied by the private key when deriving the shared secret. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25139)	2024-08-15 19:48:15 +02:00
Dimitri John Ledkov	8945f406a7	fips: allow to customize provider vendor name ... FIPS providers need to specify identifiable names and versions. Allow to customize the fips provider name prefix, via VERSION.dat which already allows to customize version & buildinfo. With this patch in-place it removes the need of patching code to set customized provider name. E.g. echo FIPS_VENDOR=ACME >> VERSION.dat, results in ``` $ OPENSSL_CONF=fips-and-base.cnf ../util/wrap.pl ../apps/openssl list -providers --verbose Providers: base name: OpenSSL Base Provider version: 3.4.0 status: active build info: 3.4.0-dev gettable provider parameters: name: pointer to a UTF8 encoded string (arbitrary size) version: pointer to a UTF8 encoded string (arbitrary size) buildinfo: pointer to a UTF8 encoded string (arbitrary size) status: integer (arbitrary size) fips name: ACME FIPS Provider for OpenSSL version: 3.4.0 status: active build info: 3.4.0-dev gettable provider parameters: name: pointer to a UTF8 encoded string (arbitrary size) version: pointer to a UTF8 encoded string (arbitrary size) buildinfo: pointer to a UTF8 encoded string (arbitrary size) status: integer (arbitrary size) security-checks: integer (arbitrary size) tls1-prf-ems-check: integer (arbitrary size) drbg-no-trunc-md: integer (arbitrary size) ``` Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24368)	2024-08-15 08:33:48 +10:00
slontis	5f04124aab	Add EDDSA FIPS self tests. ... See FIPS 140-3 IG Section 10.3.A Part 11 Indicates ECDSA requires a sign and verify test. Note 11 states that HashEdDSA is not required to be tested if PureEdDSA is tested. Note 12 indicates that both ED25519 and X448 need to be tested. Since ED uses the oneshot interface, additional API's needed to be exposed to the FIPS provider using #ifdef FIPS_MODULE. Changed ED25518 and ED448 to use fips=true in the FIPS provider. Updated documentation for provider lists for EDDSA. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22112)	2024-08-14 16:17:47 +02:00
Michael Baentsch	38a7183102	adds TLS signature algorithms list feature ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24821)	2024-08-13 11:48:54 +10:00
pohsingwu	f3c03be3ad	Restrict salt length for RSA-PSS in the FIPS provider ... Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25115)	2024-08-13 09:55:36 +10:00
Pauli	c613f080ca	Add signature digest check option to fipsinstall ... Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25020)	2024-08-12 09:30:43 +10:00
Pauli	090247b2e2	fipsinstall: add kbkdf key check option ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)	2024-08-08 08:42:59 +10:00
Mathis Marion	387491d537	Add OIDs id-kp-wisun-fan-device and id-on-hardwareModule ... Sub-OIDs for {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 45605} are recorded in the document "Wi-SUN Assigned Value Registry" (WAVR). OID id-on-hardwareModule is defined in RFC 4108. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23428)	2024-08-07 19:53:19 +02:00
Matt Caswell	c0c4e6ba0a	Remove the event queue code ... PR #18345 added some code for an event queue. It also added a test for it. Unfortunately this event queue code has never been used for anything. Additionally the test was never integrated into a test recipe, so it never actually gets invoked via "make test". This makes the code entirely dead, unnecessarily bloats the size of libssl and causes a decrease in our testing code coverage value. We remove the dead code. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25100)	2024-08-07 19:48:26 +02:00