err: remove the derivation function is mandatory for FIPS error message since it's no longer used and newly introduced

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from ht

err: remove the derivation function is mandatory for FIPS error message since it's no longer used and newly introduced

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)

ERR: Rebuild all generated error headers and source files

This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from htt

ERR: Rebuild all generated error headers and source files

This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)

show more ...

ERR: Rebuild all generated error headers and source files

This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from ht

ERR: Rebuild all generated error headers and source files

This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13390)

show more ...

prov: move the entropy source out of the FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https

prov: move the entropy source out of the FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13226)

show more ...

rand: move the entropy source out of the FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https

rand: move the entropy source out of the FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13226)

show more ...

rand_drbg: remove RAND_DRBG.

The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API i

rand_drbg: remove RAND_DRBG.

The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG
type changing mechanism (RAND_DRBG_set()).

Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.

Other related changes:

Use RNG instead of DRBG in EVP_RAND documentation. The documentation was
using DRBG in places where it should have been RNG or CSRNG.

Move the RAND_DRBG(7) documentation to EVP_RAND(7).

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12509)

show more ...

rand: core APIs for provider friendly random.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)

mkerr: remove legacy guards from generated error headers

In pull request #9333, legacy guards were added to the generated
error headers, but the mkerr.pl script was not adjusted accordin

mkerr: remove legacy guards from generated error headers

In pull request #9333, legacy guards were added to the generated
error headers, but the mkerr.pl script was not adjusted accordingly.
So the legacy guards were removed by subsequent `make update` calls.

Fixing the mkerr.pl script properly was disproportionately complicated
by the fact that adding legacy guards only made sense for files which
already existed in version 1.1.1. To keep things simple, it was decided
to drop the legacy guards from the generated headers entirely.

Fixes #10569

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11541)

show more ...

DRBG: delay initialization of DRBG method until instantiation

Previously, the initialization was done immediately in RAND_DRBG_set(),
which is also called in RAND_DRBG_uninstantiate().

DRBG: delay initialization of DRBG method until instantiation

Previously, the initialization was done immediately in RAND_DRBG_set(),
which is also called in RAND_DRBG_uninstantiate().

This made it difficult for the FIPS DRBG self test to verify that the
internal state had been zeroized, because it had the side effect that
the drbg->data structure was reinitialized immediately.

To solve the problem, RAND_DRBG_set() has been split in two parts

static int rand_drbg_set(RAND_DRBG *drbg, int type, unsigned int flags);
static int rand_drbg_init_method(RAND_DRBG *drbg);

and only the first part is called from RAND_DRBG_uninstantiate().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)

show more ...

rand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure

RAND_get_rand_method() can return a NULL method pointer in the case of a
malloc failure, so don't dereferen

rand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure

RAND_get_rand_method() can return a NULL method pointer in the case of a
malloc failure, so don't dereference it without a check.

Reported-by: Zu-Ming Jiang (detected by FIFUZZ)

Fixes #10480

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10483)

show more ...

Update source files for deprecation at 3.0

Previous macros suggested that from 3.0, we're only allowed to
deprecate things at a major version. However, there's no policy
stating thi

Update source files for deprecation at 3.0

Previous macros suggested that from 3.0, we're only allowed to
deprecate things at a major version. However, there's no policy
stating this, but there is for removal, saying that to remove
something, it must have been deprecated for 5 years, and that removal
can only happen at a major version.

Meanwhile, the semantic versioning rule is that deprecation should
trigger a MINOR version update, which is reflected in the macro names
as of this change.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)

show more ...

Add legacy include guards to public header files

For every public header file, the old include guard definition needs
to be added in addition to the new one

include/openssl/file

Add legacy include guards to public header files

For every public header file, the old include guard definition needs
to be added in addition to the new one

include/openssl/file.h:

#ifndef OPENSSL_FILE_H
# define OPENSSL_FILE_H
# pragma once

# include <openssl/macros.h>
# if !OPENSSL_API_3
# define HEADER_FILE_H
# endif
...

This is going to ensure that applications which use the old include guards
externally, for example like this

#ifndef HEADER_FILE_H
# include <openssl/file.h>
#endif

will not fail to compile.

In addition to the legacy guard, the public header files also receive a
'# pragma once' directive.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)

show more ...

Fix header file include guard names

Make the include guards consistent by renaming them systematically according
to the naming conventions below

For the public header files (in

Fix header file include guard names

Make the include guards consistent by renaming them systematically according
to the naming conventions below

For the public header files (in the 'include/openssl' directory), the guard
names try to match the path specified in the include directives, with
all letters converted to upper case and '/' and '.' replaced by '_'. For the
private header files files, an extra 'OSSL_' is added as prefix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)

show more ...

Make rand_pool buffers more dynamic in their sizing.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9428)

Regenerate mkerr files

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9058)

Provide rand_bytes_ex and rand_priv_bytes_ex

We provider internal versions of RAND_bytes() and RAND_priv_bytes() which
have the addition of taking an OPENSSL_CTX as a parameter.

Provide rand_bytes_ex and rand_priv_bytes_ex

We provider internal versions of RAND_bytes() and RAND_priv_bytes() which
have the addition of taking an OPENSSL_CTX as a parameter.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)

show more ...

Reseeding without derivation function is not supported in FIPS mode.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/

Reseeding without derivation function is not supported in FIPS mode.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8648)

show more ...

Add regenerated header files

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/83

Add regenerated header files

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8397)

show more ...

Following the license change, modify the boilerplates in include/ and crypto/include/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/77

Following the license change, modify the boilerplates in include/ and crypto/include/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7770)

show more ...

DRBG: fix reseeding via RAND_add()/RAND_seed() with large input

In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
was implemented by buffering the data in a random

DRBG: fix reseeding via RAND_add()/RAND_seed() with large input

In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
was implemented by buffering the data in a random pool where it is
picked up later by the rand_drbg_get_entropy() callback. This buffer
was limited to the size of 4096 bytes.

When a larger input was added via RAND_add() or RAND_seed() to the DRBG,
the reseeding failed, but the error returned by the DRBG was ignored
by the two calling functions, which both don't return an error code.
As a consequence, the data provided by the application was effectively
ignored.

This commit fixes the problem by a more efficient implementation which
does not copy the data in memory and by raising the buffer the size limit
to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits
but it was chosen intentionally to avoid platform dependent problems
like integer sizes and/or signed/unsigned conversion.

Additionally, the DRBG is now less permissive on errors: In addition to
pushing a message to the openssl error stack, it enters the error state,
which forces a reinstantiation on next call.

Thanks go to Dr. Falko Strenzke for reporting this issue to the
openssl-security mailing list. After internal discussion the issue
has been categorized as not being security relevant, because the DRBG
reseeds automatically and is fully functional even without additional
randomness provided by the application.

Fixes #7381

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7382)

show more ...

make update

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5948)

VMS: stricter acquisition of entropy for the pool

Fail harshly (in debug builds) when rand_pool_acquire_entropy isn't
delivering the required amount of entropy. In release builds, this

VMS: stricter acquisition of entropy for the pool

Fail harshly (in debug builds) when rand_pool_acquire_entropy isn't
delivering the required amount of entropy. In release builds, this
produces an error with details.

We also take the opportunity to modernise the types used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5857)

show more ...

Return error when trying to use prediction resistance

There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need predicti

Return error when trying to use prediction resistance

There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need prediction
resistance you need to set up your own callbacks that follow the
requirements of NIST SP 800-90C.

Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402

show more ...

RAND_DRBG: add a function for setting the default DRBG type and flags

This commit adds a new api RAND_DRBG_set_defaults() which sets the
default type and flags for new DRBG instances. Se

RAND_DRBG: add a function for setting the default DRBG type and flags

This commit adds a new api RAND_DRBG_set_defaults() which sets the
default type and flags for new DRBG instances. See also #5576.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5632)

show more ...