Revert "Put EdDSA back as approved algorithms."

This reverts commit 09627a8ceb69e19d2855b36228f44a3660af177a.

NIST isn't allowing EdDSA at this stage after all, so flag it as not

Revert "Put EdDSA back as approved algorithms."

This reverts commit 09627a8ceb69e19d2855b36228f44a3660af177a.

NIST isn't allowing EdDSA at this stage after all, so flag it as not
FIPS approved in the FIPS provider. Guidance for FIPS 140-3 is expected
later this month:

The use of EdDSA still remains non-approved.

Before the FIPS 186-5 and SP 800-186 algorithms / curves can be
used in the approved mode, the CMVP will need to do (at least)
the following:

* Incorporate FIPS 186-5 and SP 800-186 into SP 800-140C/D;

* Update IG 10.3.A to incorporate self-test requirements for the
new algorithms/curves.

* Write a new IG on this transition to clarify the issues raised in
this thread and elsewhere and provide a clear transition schedule.

The CMVP is working on all three of these items and hope to have
drafts public by the end of March.

Since security relevant changes are not permitted for new 140-2
submissions, and under the assumption that this transition away
from FIPS 186-4 algorithms will be 'soft' and not move modules to
the historical list, we do not plan on writing 140-2 guidance for
this transition.

It seems unlikely that all of these requirements will be completed before
we submit.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20343)

show more ...

Add a test for no initialisation of the default config file

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.

Add a test for no initialisation of the default config file

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20341)

show more ...

Only call OPENSSL_init_crypto on fetch if using the default libctx

There is no point in calling OPENSSL_init_crypto() unless we are actually
going to be using the default libctx.

Only call OPENSSL_init_crypto on fetch if using the default libctx

There is no point in calling OPENSSL_init_crypto() unless we are actually
going to be using the default libctx.

Fixes #20315

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20341)

show more ...

Document return value of OSSL_DECODER_from_data

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <p

Document return value of OSSL_DECODER_from_data

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20327)

show more ...

Fix incorrect error branch in ossl_bn_rsa_fips186_4_derive_prime()

BN_priv_rand_range_ex() and BN_add() both return a 0 on failure and a 1
on success. In case of failure, the algorithm s

Fix incorrect error branch in ossl_bn_rsa_fips186_4_derive_prime()

BN_priv_rand_range_ex() and BN_add() both return a 0 on failure and a 1
on success. In case of failure, the algorithm should fail. However, the
branch that it goes through on failure is "goto end", not "goto err".
Therefore, the algorithm will return 1 which indicates success instead
of 0 for failure, leading to potential problems for the callers.
Fix it by changing the goto to "goto err" instead of "goto end".

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20279)

show more ...

fuzz: fix coverity warnings

introduced by 2b9e2afc382490592078cdb69d06f54f0fefd4c6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Rev

fuzz: fix coverity warnings

introduced by 2b9e2afc382490592078cdb69d06f54f0fefd4c6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20253)

show more ...

openssl#20299: Fixed use after free bug

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com

openssl#20299: Fixed use after free bug

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20300)

show more ...

Fix possible memory leak on error

The two places that call `ossl_ssl_init()` assume that no additional
memory has been allocated when this fails; they subsequently free
the QUIC_CONN

Fix possible memory leak on error

The two places that call `ossl_ssl_init()` assume that no additional
memory has been allocated when this fails; they subsequently free
the QUIC_CONNECTION/SSL_CONNECTION via OPENSSL_free() without freeing
any other resources.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20316)

show more ...

Fix failing cms test when no-des is used

The test tries to use DES but that may not be available.
But for the purpose of regression testing CVE-2023-0215
the cipher is not relevant,

Fix failing cms test when no-des is used

The test tries to use DES but that may not be available.
But for the purpose of regression testing CVE-2023-0215
the cipher is not relevant, so we use AES-128 instead.

Fixes #20249

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20276)

show more ...

openssl-3.0#20290: Fixed typo in "config" man page

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: P

openssl-3.0#20290: Fixed typo in "config" man page

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20311)

(cherry picked from commit 3da073c405e2d2000188571c23f3a79cf67a6e9d)

show more ...

kbkdf: Fix kbkdf_dup function pointer type

kbkdf_dup should use the appropriate type OSSL_FUNC_kdf_dupctx_fn.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: T

kbkdf: Fix kbkdf_dup function pointer type

kbkdf_dup should use the appropriate type OSSL_FUNC_kdf_dupctx_fn.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20314)

show more ...

Use of sparse_array.c only in the shared libssl

Conditioning it on $disabled{shared} isn't right, it will still end up
in the static variant of the library. It's better to use SHARED_SO

Use of sparse_array.c only in the shared libssl

Conditioning it on $disabled{shared} isn't right, it will still end up
in the static variant of the library. It's better to use SHARED_SOURCE
for these sorts of things.

Fixes #20238

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20240)

show more ...

OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled cert

Also add corresponding tests and to this end update credentials

Reviewed-by: Tomas Mraz <tomas@openssl.org>

OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled cert

Also add corresponding tests and to this end update credentials

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20160)

show more ...

Correct a copy&paste error in a link URL

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Correct a copy&paste error in a link URL

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20228)

show more ...

Sync CHANGES.md and NEWS.md with 3.0.8 release

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl

Sync CHANGES.md and NEWS.md with 3.0.8 release

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20228)

show more ...

rsa: add msvc intrinsic for non x64 platforms

_umul128() is x86_64 (x64) only, while __umulh() works everywhere, but
doesn't generate optimal code on x64

Reviewed-by: Dmitry Bel

rsa: add msvc intrinsic for non x64 platforms

_umul128() is x86_64 (x64) only, while __umulh() works everywhere, but
doesn't generate optimal code on x64

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20244)

show more ...

Fix the return values of the aarch64 unroll8_eor_aes_gcm_*_*_kernel functions

These aren't currently checked when they are called in cipher_aes_gcm_hw_armv8.inc,
but they are declared as

Fix the return values of the aarch64 unroll8_eor_aes_gcm_*_*_kernel functions

These aren't currently checked when they are called in cipher_aes_gcm_hw_armv8.inc,
but they are declared as returning as size_t the number of bytes they have processed,
and the aes_gcm_*_*_kernel (unroll by 4) versions of these do return the correct
values.

Change-Id: Ic3eaf139e36e29e8779b5bd8b867c08fde37a337

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20191)

show more ...

CMP cert_response(): add missing rejection status on client rejecting new cert

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from htt

CMP cert_response(): add missing rejection status on client rejecting new cert

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

show more ...

cmp_client_test.c: add tests for errors reported by server on subsequent requests in a transaction

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

cmp_client_test.c: add tests for errors reported by server on subsequent requests in a transaction

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

show more ...

ossl_cmp_mock_srv_new.pod: correct/update names of internal test support functions

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

ossl_cmp_mock_srv_new.pod: correct/update names of internal test support functions

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

show more ...

OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent request of a transaction

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent request of a transaction

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

show more ...

cmp_ctx.c: fix wrong comments on OSSL_CMP_CTX_set1_{recipient,issuer}

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gith

cmp_ctx.c: fix wrong comments on OSSL_CMP_CTX_set1_{recipient,issuer}

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

show more ...

CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonce

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:

CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonce

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

show more ...

ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h

ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

show more ...

test_get_libctx(): prevent crash when called with NULL provider arg

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github

test_get_libctx(): prevent crash when called with NULL provider arg

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)

show more ...