Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID

If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no
associated OID then we should report an err

Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID

If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no
associated OID then we should report an error rather than continuing on
regardless. Continuing on still ends up failing - but later on and with a
more cryptic error message.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)

show more ...

Fix BIO_f_asn1() to properly report some errors

Some things that may go wrong in asn1_bio_write() are serious errors
that should be reported as -1, rather than 0 (which just means "we wr

Fix BIO_f_asn1() to properly report some errors

Some things that may go wrong in asn1_bio_write() are serious errors
that should be reported as -1, rather than 0 (which just means "we wrote
no data").

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)

show more ...

Fix SMIME_crlf_copy() to properly report an error

If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not
correctly reporting the error. We modify it to properly propagate

Fix SMIME_crlf_copy() to properly report an error

If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not
correctly reporting the error. We modify it to properly propagate the
error condition.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)

show more ...

Fix BIO_f_cipher() flushing

If an error occurs during a flush on a BIO_f_cipher() then in some cases
we could get into an infinite loop. We add a check to make sure we are
making pro

Fix BIO_f_cipher() flushing

If an error occurs during a flush on a BIO_f_cipher() then in some cases
we could get into an infinite loop. We add a check to make sure we are
making progress during flush and exit if not.

This issue was reported by Octavio Galland who also demonstrated an
infinite loop in CMS encryption as a result of this bug.

The security team has assessed this issue as not a CVE. This occurs on
*encryption* only which is typically processing trusted data. We are not
aware of a way to trigger this with untrusted data.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)

show more ...

Fix a logic flaw in test_mod_exp_zero

Due to the logic flaw, possible test failures
in this test case might be ignored.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
R

Fix a logic flaw in test_mod_exp_zero

Due to the logic flaw, possible test failures
in this test case might be ignored.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19929)

show more ...

Add CHANGES.md entry for support for KMAC in KBKDF

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/19943)

(c

Add CHANGES.md entry for support for KMAC in KBKDF

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/19943)

(cherry picked from commit c75203021bd37571c6259317b1d0e63dc7857c45)

show more ...

19607 No need to link explicitly with libpthread on Solaris

CLA: trivial

Reviewed-by: Zdenek.Kotal@oracle.com
Reviewed-by: Ali.Bahrami@oracle.com
Reviewed-by: Todd Short <to

19607 No need to link explicitly with libpthread on Solaris

CLA: trivial

Reviewed-by: Zdenek.Kotal@oracle.com
Reviewed-by: Ali.Bahrami@oracle.com
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19611)

show more ...

Update FIPS related build instructions.

This also links back to the new location that lists the cert and
security policy.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed

Update FIPS related build instructions.

This also links back to the new location that lists the cert and
security policy.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19617)

show more ...

Refine the documents of several APIs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/198

Refine the documents of several APIs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19816)

show more ...

Address coverity issue CID 1517105

The code path for this resource leak indicates that this is a false
positive (if you look at the callers).
Rather than ignoring the warning an extr

Address coverity issue CID 1517105

The code path for this resource leak indicates that this is a false
positive (if you look at the callers).
Rather than ignoring the warning an extra check has been added, in case
future callers do the wrong thing.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19799)

show more ...

Update HMAC() documentation.

Fixes #19782

Clarify that EVP_Q_MAC() can be used as an alternative that allows
setting of the libctx.

Reviewed-by: Paul Dale <pauli@openss

Update HMAC() documentation.

Fixes #19782

Clarify that EVP_Q_MAC() can be used as an alternative that allows
setting of the libctx.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19855)

show more ...

Update pyca-cryptography submodule to fix CI

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/ope

Update pyca-cryptography submodule to fix CI

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19926)

show more ...

Add KMAC support to KBKDF.

Now that ACVP test vectors exist, support has been added for this mode.
See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf

Add KMAC support to KBKDF.

Now that ACVP test vectors exist, support has been added for this mode.
See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf

Note that the test vectors used fairly large values for the input key
and the context, so the contraints for these has been increased from
256 to 512 bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19916)

show more ...

timing_load_creds requires POSIX1.2001 due to rusage

Fixes #19838

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from

timing_load_creds requires POSIX1.2001 due to rusage

Fixes #19838

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19839)

show more ...

BIO_s_dgram: add documentation and hazard warnings

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/open

BIO_s_dgram: add documentation and hazard warnings

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19795)

show more ...

Coverity: fix 272011 resource leak

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>

Coverity: fix 272011 resource leak

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19900)

show more ...

timing_load_creds: Fix typos in the timersub macro

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope

timing_load_creds: Fix typos in the timersub macro

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19865)

(cherry picked from commit f1b104953af8e3a82f7c5ee33f0403fc067c8516)

show more ...

Do not build P10-specific AES-GCM assembler on AIX

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope

Do not build P10-specific AES-GCM assembler on AIX

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19865)

(cherry picked from commit 5c92ac52c282dbcb07e3880c2edd3a1bce452396)

show more ...

Do not build P10-specific Chacha20 assembler on AIX

Fixes #18145

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https:/

Do not build P10-specific Chacha20 assembler on AIX

Fixes #18145

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19865)

(cherry picked from commit cdcc439aa0acba8a50b5e3444fb12d6e1157b991)

show more ...

test: cmp_vfy_test: fix defined but unused

Building with

./config -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
-DPEDANTIC -Wall -Werror -pedantic

fails sin

test: cmp_vfy_test: fix defined but unused

Building with

./config -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
-DPEDANTIC -Wall -Werror -pedantic

fails since the following test cases are excluded when
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined:

- test_validate_msg_signature_srvcert_missing
- test_validate_msg_mac_alg_protection_wrong
- test_validate_msg_mac_alg_protection_missing

Guard the test cases by the corresponding preprocessor conditionals.

Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19868)

show more ...

Fix openssl storeutl to allow serial + issuer

storeutl wants to enforce the use of issuer and serial together,
however the current code prevents to use them together and returns an
e

Fix openssl storeutl to allow serial + issuer

storeutl wants to enforce the use of issuer and serial together,
however the current code prevents to use them together and returns an
error if only one of them is specified.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19856)

show more ...

rsa: fix merge CI runs with old FIPS providers

Since the fips provider version isn't frozen at 3.0.0, and the first
planned release with the fix in the fips provider is in 3.2.0,
we

rsa: fix merge CI runs with old FIPS providers

Since the fips provider version isn't frozen at 3.0.0, and the first
planned release with the fix in the fips provider is in 3.2.0,
we need to skip all the tests that expect implicit rejection
in all versions below 3.2.0

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19890)

show more ...

rsa: fix version of rsa implicit rejection introduction

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@o

rsa: fix version of rsa implicit rejection introduction

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19889)

show more ...

Allow OBJ_create() to create an OBJ and NID with a NULL OID

We already permit this in crypto/objects/objects.txt, but not programatically,
although being able to do so programatically wo

Allow OBJ_create() to create an OBJ and NID with a NULL OID

We already permit this in crypto/objects/objects.txt, but not programatically,
although being able to do so programatically would be beneficial.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19876)

show more ...

Make error reason for disallowed legacy sigalg more specific

The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.

Fixes #19

Make error reason for disallowed legacy sigalg more specific

The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.

Fixes #19867

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19875)

show more ...