Add testcases for EVP_PKEY_get1_encoded_public_key

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope

Add testcases for EVP_PKEY_get1_encoded_public_key

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18902)

show more ...

ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY

If the public key is not set on the key, return error instead of crash.

Fixes #18495

Reviewed-by: P

ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY

If the public key is not set on the key, return error instead of crash.

Fixes #18495

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18902)

show more ...

Fix ossl_x509v3_cache_extensions(): EXFLAG_NO_FINGERPRINT should not be an error

This allows reverting the recent workaround on cmp_ctx_test regarding X509_new()

Reviewed-by: Tomas

Fix ossl_x509v3_cache_extensions(): EXFLAG_NO_FINGERPRINT should not be an error

This allows reverting the recent workaround on cmp_ctx_test regarding X509_new()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16043)

show more ...

Rename "RX Frame Handler" to "RX Depacketizer" in the overview

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com

Rename "RX Frame Handler" to "RX Depacketizer" in the overview

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18610)

show more ...

RX depacketizer (QUIC)

The same-ish module as the TX packetizer, handling the opposite direction.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@open

RX depacketizer (QUIC)

The same-ish module as the TX packetizer, handling the opposite direction.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18610)

show more ...

Fix memory leak in BN_rand_range()

The patch enables BN_rand_range() to exit immediately
if BIGNUM *rnd is NULL.

CLA: trivial

Fixes: #18951

Reviewed-by: Matt C

Fix memory leak in BN_rand_range()

The patch enables BN_rand_range() to exit immediately
if BIGNUM *rnd is NULL.

CLA: trivial

Fixes: #18951

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18982)

show more ...

Ensure we build ub sanitizer builds with -DPEDANTIC

Otherwise we may get spurious results from ub sanitizer. For example we
assume we can tolerate some unaligned write without this defin

Ensure we build ub sanitizer builds with -DPEDANTIC

Otherwise we may get spurious results from ub sanitizer. For example we
assume we can tolerate some unaligned write without this define that ub
sanitizer will complain about.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18983)

show more ...

Don't incorrectly skip the multiblock test

sslapitest has a test for multiblock writes. Since multiblock writing is
only available on some platforms the multiblock test checks whether we

Don't incorrectly skip the multiblock test

sslapitest has a test for multiblock writes. Since multiblock writing is
only available on some platforms the multiblock test checks whether we are
on such a platform first, and skips the test if we are not. Unfortunately
a bug in the check meant that we always skipped the test regardless of the
platform.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18983)

show more ...

SHAKE documentation updates for default output length.

Fixes #18586

In order to not break existing applications the OpenSSL documentation
related to SHAKE has been updated.

SHAKE documentation updates for default output length.

Fixes #18586

In order to not break existing applications the OpenSSL documentation
related to SHAKE has been updated.

Background:

All digests algorithms (including XOF's) use the bitlen as the default output length.
This results in a security strength of bitlen / 2.

This means that SHAKE128 will by default have an output length of 16
bytes and a security strength of 64 bits.

For SHAKE256 the default output length is 32 bytes and has a security
strength of 128 bits.

This behaviour was present in 1.1.1 and has been duplicated in the
provider SHAKE algorithms for 3.0.

The SHAKE XOF algorithms have a security strength of
min(bitlen, output xof length in bits / 2).

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18622)

show more ...

Fix unrolled montgomery multiplication for POWER9

In the reference C implementation in bn_asm.c, tp[num + 1] contains the
carry bit for accumulations into tp[num]. tp[num + 1] is only ev

Fix unrolled montgomery multiplication for POWER9

In the reference C implementation in bn_asm.c, tp[num + 1] contains the
carry bit for accumulations into tp[num]. tp[num + 1] is only ever
assigned, never itself incremented.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18883)

show more ...

Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication""

This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e.

Reviewed-by: Hugo Landau <hlandau@

Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication""

This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18883)

show more ...

CRYPTO_mem_debug_push() and CRYPTO_mem_debug_pop() should return 0

Those 2 functions historically only ever returned 0 or 1. In OpenSSL 3.0
they were made no-ops and the documentation sa

CRYPTO_mem_debug_push() and CRYPTO_mem_debug_pop() should return 0

Those 2 functions historically only ever returned 0 or 1. In OpenSSL 3.0
they were made no-ops and the documentation says they always return 0. In
fact they were returning -1. If any application was actually using these
functions then it may appear that they were actually successful (e.g. -1
could be interpreted as "true").

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18967)

show more ...

Correct the documentation for OPENSSL_MALLOC_FD

The documentation was misleading in that it suggests that this environment
variable will record information about all allocations. While t

Correct the documentation for OPENSSL_MALLOC_FD

The documentation was misleading in that it suggests that this environment
variable will record information about all allocations. While this is true
it doesn't record the most useful information that you might expect such
as the requested size of the allocation! It is mainly for use in
conjunction with OPENSSL_MALLOC_FAILURES, and reports information about
what chance an allocation has of failing.

We also clarify that the mem_debug functions are actually no-ops in 3.0.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18967)

show more ...

APPS: genrsa: Support setting properties

The -provider and -propquery options did not work on genrsa. Fix this
and add a test that checks that operations that would usually fail with

APPS: genrsa: Support setting properties

The -provider and -propquery options did not work on genrsa. Fix this
and add a test that checks that operations that would usually fail with
the FIPS provider work when run with

| -provider default -propquery '?fips!=yes'

See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)

show more ...

APPS: dgst: Support properties when signing

The -provider and -propquery options did not work on dgst when using it
for signing or signature verification (including HMACs). Fix this and

APPS: dgst: Support properties when signing

The -provider and -propquery options did not work on dgst when using it
for signing or signature verification (including HMACs). Fix this and
add tests that check that operations that would usually fail with the
FIPS provider work when run with

| -provider default -propquery '?fips!=yes'

Additionally, modify the behavior of dgst -list to also use the current
library context and property query. This reduces the output below the
headline "Supported digests" to a list of the digest algorithms that
will actually work with the current configuration, which is closer to
what users probably expect with this headline.

See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)

show more ...

TEST: Check property query support of apps/pkey

Property query support works correctly for apps/pkey, but there does not
seem to be a test for it yet, so add one.

See also 30b2c

TEST: Check property query support of apps/pkey

Property query support works correctly for apps/pkey, but there does not
seem to be a test for it yet, so add one.

See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed a similar problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)

show more ...

APPS: pkeyparam: Support setting properties

The -provider and -propquery options did not work on pkeyparam. Fix this
and add tests that check that operations that would usually fail with

APPS: pkeyparam: Support setting properties

The -provider and -propquery options did not work on pkeyparam. Fix this
and add tests that check that operations that would usually fail with
the FIPS provider work when run with

| -provider default -propquery '?fips!=yes'

See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)

show more ...

APPS: ecparam: Support setting properties

The -provider and -propquery options did not work on ecparam. Fix this
and add tests that check that operations that would usually fail with

APPS: ecparam: Support setting properties

The -provider and -propquery options did not work on ecparam. Fix this
and add tests that check that operations that would usually fail with
the FIPS provider work when run with

| -provider default -propquery '?fips!=yes'

See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)

show more ...

APPS: dhparam: Support setting properties

The -provider and -propquery options did not work on dhparam. Fix this
and add tests that check that operations that would usually fail with

APPS: dhparam: Support setting properties

The -provider and -propquery options did not work on dhparam. Fix this
and add tests that check that operations that would usually fail with
the FIPS provider work when run with

| -provider default -propquery '?fips!=yes'

See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)

show more ...

test/timing_load_creds.c: fix coding style and other (mostly minor) issues

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by:

test/timing_load_creds.c: fix coding style and other (mostly minor) issues

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18821)

show more ...

Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>

Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18821)

show more ...

Add a stand-alone "timing" program

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@sieme

Add a stand-alone "timing" program

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18821)

show more ...

Add ROTATE inline RISC-V zbb/zbkb asm for DES

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openss

Add ROTATE inline RISC-V zbb/zbkb asm for DES

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18290)

show more ...

Fix asan finding in bio_tfo_test

Running bio_tfo_test under asan yields
==172342==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 380 byte(s) in 5 object(s) allocated from

Fix asan finding in bio_tfo_test

Running bio_tfo_test under asan yields
==172342==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 380 byte(s) in 5 object(s) allocated from:
#0 0x3ff89bba251 in malloc (/lib64/libasan.so.8+0xba251)
#1 0x3ff88cf9fd5 in gaih_inet.constprop.0 (/lib64/libc.so.6+0xf9fd5)
#2 0x3ff88cfaf6f in getaddrinfo (/lib64/libc.so.6+0xfaf6f)
#3 0x3ff89ba52a9 in __interceptor_getaddrinfo.part.0 (/lib64/libasan.so.8+0xa52a9)
#4 0x1004909 in test_fd_tfo test/bio_tfo_test.c:241
[...]

and fails the test.

Fix this by freeing the return addrinfo on exit.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18979)

show more ...

Fix asan finding in bio_addr

Running test_tfo_cli under asan yields
==166214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000d57c at pc 0x03ffa004ed86 bp 0x03ffe2977e

Fix asan finding in bio_addr

Running test_tfo_cli under asan yields
==166214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000d57c at pc 0x03ffa004ed86 bp 0x03ffe2977e80 sp 0x03ffe2977668
READ of size 112 at 0x60700000d57c thread T0
#0 0x3ffa004ed85 in memcpy (/lib64/libasan.so.8+0x4ed85)
#1 0x3ff9f3615b7 in BIO_ADDR_dup crypto/bio/bio_addr.c:77
[...]
and fails the test.

Fix this by copying the right structure of the union.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18979)

show more ...