Drop the aid field of the signature prov ctx

Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.or

Drop the aid field of the signature prov ctx

Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23094)

show more ...

Update test/quic-openssl-docker/run_endpoint.sh

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas M

Update test/quic-openssl-docker/run_endpoint.sh

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)

show more ...

quic-interop: exlude multiplexing

The multiplexing test works on local runs, but
appears to be failing in CI, possibly due to some environmental
limitation (the test generates a larg

quic-interop: exlude multiplexing

The multiplexing test works on local runs, but
appears to be failing in CI, possibly due to some environmental
limitation (the test generates a large list of requests in an
environment variable), leading to not sending all the requests needed.
Disable the test for now, and look to re-enable it after release when we
can appropriately diagnose the problem

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)

show more ...

Update quic interop docker container for chacha20

Need to update the docker interop container to use the quic-hq-interop
client so that the right alpn is negotiated for chacha20 testing

Update quic interop docker container for chacha20

Need to update the docker interop container to use the quic-hq-interop
client so that the right alpn is negotiated for chacha20 testing

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)

show more ...

Add SSL_CIPHER_SUITES env variable to quic-hq-interop

To run the chacha20 test in interop we need to:
1) negotiate an hq-interop alpn
2) only use chacha 20

Item 1 requires t

Add SSL_CIPHER_SUITES env variable to quic-hq-interop

To run the chacha20 test in interop we need to:
1) negotiate an hq-interop alpn
2) only use chacha 20

Item 1 requires the use of quic-hq-interop, the latter requires this
change

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)

show more ...

Exclude EVP_DigestSign and EVP_DigestVerify related APIs from the FIPS
provider.

Revert changes to m_sigver.c related to #ifdef FIPS_MODULE and exclude
the file using build.info inst

Exclude EVP_DigestSign and EVP_DigestVerify related APIs from the FIPS
provider.

Revert changes to m_sigver.c related to #ifdef FIPS_MODULE and exclude
the file using build.info instead.

Also exclude these calls inside EVP_DigestUpdate() within the FIPS
provider since this API should only be used for self testing digests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25570)

show more ...

Fix rsa_sigalg_set_ctx_params() to return 1 for unknown parameters.

This keeps the code consistent with the changes done for other
algorithms that support sigalg_set_ctx_params().

Fix rsa_sigalg_set_ctx_params() to return 1 for unknown parameters.

This keeps the code consistent with the changes done for other
algorithms that support sigalg_set_ctx_params().

set_ctx_params() should always return 1 if the parameter is unknown.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25570)

show more ...

Change FIPS self tests to use EVP_PKEY_sign/verify API.

Self tests no longer use the EVP_DigestSign/Verify API's.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas

Change FIPS self tests to use EVP_PKEY_sign/verify API.

Self tests no longer use the EVP_DigestSign/Verify API's.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25570)

show more ...

v3_ncons: Fix difference args names in nc_match_single function

The arguments of the `nc_match_single` function have different names
in the declaration and definition or are mixed up in

v3_ncons: Fix difference args names in nc_match_single function

The arguments of the `nc_match_single` function have different names
in the declaration and definition or are mixed up in places.

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25592)

show more ...

add test/recipes/15-test_pkey.t

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/255

add test/recipes/15-test_pkey.t

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)

show more ...

APPS/pkey: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.co

APPS/pkey: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)

show more ...

APPS/pkcs8: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.c

APPS/pkcs8: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)

show more ...

APPS/ocsp: fix case where reqin and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com

APPS/ocsp: fix case where reqin and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)

show more ...

APPS/{ecparam,pkeyparam}: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from ht

APPS/{ecparam,pkeyparam}: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)

show more ...

APPS/dsaparam: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://githu

APPS/dsaparam: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)

show more ...

APPS/dhparam: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github

APPS/dhparam: fix case where infile and outfile are the same

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)

show more ...

os-zoo.yml: Disable stringop-overflow warning on alpine edge

fortify-headers are broken due to this warning.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard

os-zoo.yml: Disable stringop-overflow warning on alpine edge

fortify-headers are broken due to this warning.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25599)

show more ...

Update fips-label.yml to make 'Cleanup artifact' conditional

If it's not conditional in the same manner as the other steps, it fails
because the artifacts aren't present => job failure.

Update fips-label.yml to make 'Cleanup artifact' conditional

If it's not conditional in the same manner as the other steps, it fails
because the artifacts aren't present => job failure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25584)

show more ...

fips: add lots of potentially missing ossl_prov_is_running checks

After rudimentary analysis, it appears the below functions can
potentially produce output, whilst the provider is in err

fips: add lots of potentially missing ossl_prov_is_running checks

After rudimentary analysis, it appears the below functions can
potentially produce output, whilst the provider is in error state.

These functions were detected using this method:

```
CFLAGS='-save-temps' ./Configure enable-fips --debug
make -j10
find . -name '*.i' | xargs git add -f
git grep --cached -p ossl_prov_is_running | grep libfips-lib > ossl_prov_is_running.txt
git grep --cached -p 'return' | grep libfips-lib > return.txt
grep '\.i=' return.txt > func-with_return.txt
grep '\.i=' ossl_prov_is_running.txt > func-with-ossl_prov_is_running.txt
grep --fixed-strings --line-regexp --file=func-with-ossl_prov_is_running.txt return.txt > func-without-ossl_prov_is_running.txt
grep -e newctx -e initctx -e dupctx func-without-ossl_prov_is_running.txt | grep -v ossl_prov_is_running
```

And from there doing manual inspection, as the list was short at that
point.

As in compile with keeping pre-processed source code; and use `git
grep --cached -p` to find these preprocessed files, and scan for calls
to return or opssl_prov_is_running, with function name printed. And
then exclude one from the other, to hopefully get a list of all the
functions that do not check for ossl_prov_is_running.

As number of functions without "func-without-ossl_prov_is_running"
check is large, I do wonder which other functions are "interesting" to
check for. I think I'm not scanning for _update functions
correctly. Any tips on improving above analysis will help with
maintaining such checks going forward.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25580)

show more ...

Use the correct length value for input salt

In this function the salt can be either a zero buffer of exactly mdlen
length, or an arbitrary salt of prevsecretlen length.
Although in p

Use the correct length value for input salt

In this function the salt can be either a zero buffer of exactly mdlen
length, or an arbitrary salt of prevsecretlen length.
Although in practice OpenSSL will always pass in a salt of mdlen size
bytes in the current TLS 1.3 code, the openssl kdf command can pass in
arbitrary values (I did it for testing), and a future change in the
higher layer code could also result in unmatched lengths.

If prevsecretlen is > mdlen this will cause incorrect salt expansion, if
prevsecretlen < mdlen this could cause a crash or reading random
information. Inboth case the generated output would be incorrect.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25579)

show more ...

ci: add 3.4 to prov-compat-label tests

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.or

ci: add 3.4 to prov-compat-label tests

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25583)

show more ...

ci: add 3.4 to the provider compatibility test

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@op

ci: add 3.4 to the provider compatibility test

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25583)

show more ...

test: add FIPS version check for EC cofactor derive tests

These were added in #25548 but didn't include a FIPS version check which
causes failures testing older FIPS providers against la

test: add FIPS version check for EC cofactor derive tests

These were added in #25548 but didn't include a FIPS version check which
causes failures testing older FIPS providers against later versions.

Also change some skips to use TEST_skip.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25582)

show more ...

Fix bugs in ECDH cofactor FIPS indicator.

The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FI

Fix bugs in ECDH cofactor FIPS indicator.

The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FIPS indicator error being triggered.

Added a test for all possible combinations of a EVP_PKEY setting
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH and the derive context setting
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE.

This only affects the B & K curves (which have a cofactor that is not 1).

Bug reported by @abkarcher

Testing this properly, also detected a memory leak of privk when the
FIPS indicator error was triggered (in the case where mode = 0 and
use_cofactor was 1).

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25548)

show more ...

kdfs: implement key length check in X9.42

Similar to other KDFs, the input key should be 112 bits long.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dal

kdfs: implement key length check in X9.42

Similar to other KDFs, the input key should be 112 bits long.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25529)

show more ...