Fix EVP_PKEY_print_private() so that it works with non default providers.

At some point in time it was decided that the EC keymanagers ec_export()
function would only allow the selection

Fix EVP_PKEY_print_private() so that it works with non default providers.

At some point in time it was decided that the EC keymanagers ec_export()
function would only allow the selection to be both the public + private
parts. If just the private element is selected it returns an error.
Many openssl commandline apps use EVP_PKEY_print_private() which passes
EVP_PKEY_PRIVATE_KEY to the encoder. This selection propagates to
encoder_construct_pkey(). For external providers (such as the fips
provider this will call the keymanagers export() with the selection set
to just the private part.

So we either need to
1) change the selection in EVP_PKEY_print_private() or
2) modify the selection used in the export used in
encoder_construct_pkey
3) Change the ec_export to allow this.

I have chosen 2) but I am not sure if this is the correct thing to do
or whether it should conditionally do this when the output_type ==
'text'.

Issue was reported by Ilia Okomin (Oracle).

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26004)

show more ...

die() in .tmpl file should not be silently ignored.

call to die() in perl templates is currently ignored.
any error printed by die() commad appears in template
output.

In or

die() in .tmpl file should not be silently ignored.

call to die() in perl templates is currently ignored.
any error printed by die() commad appears in template
output.

In order to make sure die() terminates processing we
must ensure we emite `undef` value. This is ensured
by adding a `BROKEN` callback to `fill_in()` Template
method. The callback must return undef to stop processing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26064)

show more ...

apps/passwd.c: Convert a redundant check to assert

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@open

apps/passwd.c: Convert a redundant check to assert

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26053)

show more ...

Fix solaris build in CRYPTO_atomic_store api

Misnamed variable, just correct it to dst

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org

Fix solaris build in CRYPTO_atomic_store api

Misnamed variable, just correct it to dst

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26075)

show more ...

Use static array (length 256) for copy of OPENSSL_MALLOC_FAILURES

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi

Use static array (length 256) for copy of OPENSSL_MALLOC_FAILURES

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26039)

show more ...

Deprecate all BIO_meth_get_*() functions

Their use by applications is inherently unsafe.
Fixes #26047

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <to

Deprecate all BIO_meth_get_*() functions

Their use by applications is inherently unsafe.
Fixes #26047

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26056)

show more ...

Use sk_X509_ATTRIBUTE_deep_copy() to copy attribute stacks in pk7_doit.c

Clean up the code by using the dedicated stack copy function.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>

Use sk_X509_ATTRIBUTE_deep_copy() to copy attribute stacks in pk7_doit.c

Clean up the code by using the dedicated stack copy function.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25713)

show more ...

ci: add daily runcheckers to exercise the -DOPENSSL_PEDANTIC_ZEROIZATION option

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged f

ci: add daily runcheckers to exercise the -DOPENSSL_PEDANTIC_ZEROIZATION option

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)

show more ...

fips: change integrity check zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(

fips: change integrity check zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)

show more ...

pbkdf2: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged fr

pbkdf2: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)

show more ...

hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from

hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)

show more ...

rsa: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from

rsa: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)

show more ...

ffc: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from

ffc: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)

show more ...

ec: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from h

ec: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)

show more ...

A typo fix in a comment

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

A typo fix in a comment

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26069)

show more ...

Document expected BIO operations for libssl

If your custom BIO does not implement BIO_CTRL_FLUSH, it won't work, but
this is not document anywhere.

Reviewed-by: Matt Caswell <ma

Document expected BIO operations for libssl

If your custom BIO does not implement BIO_CTRL_FLUSH, it won't work, but
this is not document anywhere.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26060)

show more ...

Upgrade action/{upload,download}-artifact to v4

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/o

Upgrade action/{upload,download}-artifact to v4

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25920)

show more ...

fips-jitter: set provider into error state upon CRNG permanent failures

With fips-jitter build time option, jitter can be inside FIPS
boundary.

Calls to jent_read_entropy() can

fips-jitter: set provider into error state upon CRNG permanent failures

With fips-jitter build time option, jitter can be inside FIPS
boundary.

Calls to jent_read_entropy() can return permanent failures for
Repetitive Count Test (RTC), Adaptive Proportion Test (APT), LAG
prediction test.

Ensure the module enters error state upon permanent jitter failures.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25957)

show more ...

Fix potential memory leak on failure of ecx_gen_init()

When ecx_gen_set_params() returns 0, it could have duplicated the memory
for the parameter OSSL_KDF_PARAM_PROPERTIES already in gct

Fix potential memory leak on failure of ecx_gen_init()

When ecx_gen_set_params() returns 0, it could have duplicated the memory
for the parameter OSSL_KDF_PARAM_PROPERTIES already in gctx->propq,
leading to a memory leak.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26015)

show more ...

Fix potential memory leak on failure of dsa_gen_init()

When dsa_gen_set_params() returns 0, it could have duplicated the memory for the parameter
OSSL_PKEY_PARAM_FFC_DIGEST already in g

Fix potential memory leak on failure of dsa_gen_init()

When dsa_gen_set_params() returns 0, it could have duplicated the memory for the parameter
OSSL_PKEY_PARAM_FFC_DIGEST already in gctx->mdname, leading to a memory leak.

Allocated here: https://github.com/openssl/openssl/blob/47a80fd2034cd4314d3b4958539dcd3106087109/providers/implementations/keymgmt/dsa_kmgmt.c#L524
Can return 0 here: https://github.com/openssl/openssl/blob/47a80fd2034cd4314d3b4958539dcd3106087109/providers/implementations/keymgmt/dsa_kmgmt.c#L529-L536

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26016)

show more ...

Enable AES and SHA3 optimisations on Apple Silicon M4-based macOS systems

AES gets a performance enhancement of 7-33%.

Tested on an M4 Pro, but the CPU cores are the same on M4 and

Enable AES and SHA3 optimisations on Apple Silicon M4-based macOS systems

AES gets a performance enhancement of 7-33%.

Tested on an M4 Pro, but the CPU cores are the same on M4 and M4 Max.

Change-Id: I634c03f1d2b50fa5f8ca97dd65975e49d970c72b

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/25940)

show more ...

fips: remove redundant RSA encrypt/decrypt KAT

FIPS 140-2 IG D.9 has become FIPS 140-3 D.G (see "Mapping FIPS 140-2
IGs to FIPS 140-3" in the FIPS 140-3 IG).

The requirements w.

fips: remove redundant RSA encrypt/decrypt KAT

FIPS 140-2 IG D.9 has become FIPS 140-3 D.G (see "Mapping FIPS 140-2
IGs to FIPS 140-3" in the FIPS 140-3 IG).

The requirements w.r.t. RSA KATs have now been relaxed, meaning that
existing full-message RSA signature verification (which is performed
separately) is sufficient to meet KAT requirements for all RSA
usecases (KEM/Encrypt/Decrypt/Sign/Verify).

Dropping this KAT is very useful, because it is large/expensive on
module startup, but also because it enables in the future to block RSA
Encrypt/Decrypt operations with paddings other than OAEP, which are
legacy or deprecated by either current or draft algorithm transition
SP.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25988)

show more ...

fips: zeroize temporary self-check out MD variable

At least this is done on module startup only.

To satisfy ISO/IEC 19790:2012/Cor.1:2015(E) Section 7.5 [05.10]
requirement.

fips: zeroize temporary self-check out MD variable

At least this is done on module startup only.

To satisfy ISO/IEC 19790:2012/Cor.1:2015(E) Section 7.5 [05.10]
requirement.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25945)

show more ...

.gitignore: Ignoring demo executables

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged

.gitignore: Ignoring demo executables

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26009)

show more ...

Remove the negative return values of EVP_KDF_* functions in documents

None of the EVP_KDF_* functions will ever return a negative value.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>

Remove the negative return values of EVP_KDF_* functions in documents

None of the EVP_KDF_* functions will ever return a negative value.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)

show more ...