bn: procduce correct sign for result of BN_mod()

There is a problem that appears when calling BN_div(a, c, a, b) with negative b.
In this case, the sign of the remainder c is incorrect.

bn: procduce correct sign for result of BN_mod()

There is a problem that appears when calling BN_div(a, c, a, b) with negative b.
In this case, the sign of the remainder c is incorrect. The problem only
occurs if the dividend and the quotient are the same BIGNUM.

Fixes #15982

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15991)

show more ...

changes: add entry noting the removal of ERR_GET_FUNC()

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16004)

doc: update documentation to note removal of ERR_GET_FUNC()

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16004)

err: remove ERR_GET_FUNC()

This is problematic in 3.0 because the function codes are all defined as zero.
This leads to either every error matching or no error ever matching. Both
a

err: remove ERR_GET_FUNC()

This is problematic in 3.0 because the function codes are all defined as zero.
This leads to either every error matching or no error ever matching. Both
are problematic for users. The OTC vote resolved to remove this function
completely.

Fixes #15946

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16004)

show more ...

test: add some integral type size sanity checks

With the recent problem on VMS of maxint_t being defined as a 32 bit integer
despite OpenSSL mandating 64 bit integers being available, it

test: add some integral type size sanity checks

With the recent problem on VMS of maxint_t being defined as a 32 bit integer
despite OpenSSL mandating 64 bit integers being available, it seems prudent
to add some sanity checks for out integral types.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15830)

show more ...

util: add -fips option to wrap.pl to make using the FIPS provider easier

Without this option, I find I need to figure out which environment variables
point where which wastes effort.

util: add -fips option to wrap.pl to make using the FIPS provider easier

Without this option, I find I need to figure out which environment variables
point where which wastes effort.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15966)

show more ...

Add HKDF negative tests

Fix memory leak if legacy test is skipped.
Using EVP_KDF_CTX_get_params() to get OSSL_KDF_PARAM_SIZE will now
return 0 if the returned size is 0.

Rev

Add HKDF negative tests

Fix memory leak if legacy test is skipped.
Using EVP_KDF_CTX_get_params() to get OSSL_KDF_PARAM_SIZE will now
return 0 if the returned size is 0.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15977)

show more ...

Add test for provider gettables

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15970)

Avoid "excessive message size" for session tickets

We received a report of an "excessive message size" for a received
session ticket. Our maximum size was significantly less than the the

Avoid "excessive message size" for session tickets

We received a report of an "excessive message size" for a received
session ticket. Our maximum size was significantly less than the theoretical
maximum. The server may put any data it likes in the session ticket
including (for example) the full certificate chain so we should be able to
handle longer tickets. Update the value to the maximum allowed by the spec.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15877)

show more ...

update fips checksums

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul

update fips checksums

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)

show more ...

fips module header inclusion fine-tunning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

fips module header inclusion fine-tunning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)

show more ...

bn: Make fixed-length Montgomery Multiplication conditional on PPC64

This code is currently unconditional even though build.info has:

$BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s

bn: Make fixed-length Montgomery Multiplication conditional on PPC64

This code is currently unconditional even though build.info has:

$BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s

This causes a build failure on 32-bit systems.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

show more ...

bn: Fix .size directive

This requires the text address.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>

bn: Fix .size directive

This requires the text address.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

show more ...

bn: Use a basic branch-if-not-zero

Ancient toolchains fail the build because they don't like the hints,
newer ISAs recommend not using the hints and relying on dynamic branch
predict

bn: Use a basic branch-if-not-zero

Ancient toolchains fail the build because they don't like the hints,
newer ISAs recommend not using the hints and relying on dynamic branch
prediction.

Signed-off-by: Martin Schwenke <martin@meltin.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

show more ...

rsa_cms_verify: Avoid negative return with missing pss parameters

Fixes #15984

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15

rsa_cms_verify: Avoid negative return with missing pss parameters

Fixes #15984

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15985)

show more ...

Coverity #1486687: fix potential dereference of NULL keymgmt

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15986)

doc: include PBKDF1 documentation in build.info

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

doc: add PBKDF1 provider documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

provider: use #define for PBKDF1 algorithm name

This seems to be standard practice so bringing PBKDF1 into line.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

provider: use #define for PBKDF1 algorithm name

This seems to be standard practice so bringing PBKDF1 into line.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

show more ...

PROV & STORE: Make the 'file:' store loader understand more binary formats

The 'file:' store loader only understood DER natively. With all the
whatever to key decoders gone, direct supp

PROV & STORE: Make the 'file:' store loader understand more binary formats

The 'file:' store loader only understood DER natively. With all the
whatever to key decoders gone, direct support for other binary file
formats are gone, and we need to recreate them for this store loader.

With these changes, it now also understands MSBLOB and PVK files.

As a consequence, any store loader that handles some form of open file
data (such as a PEM object) can now simply pass that data back via
OSSL_FUNC_store_load()'s object callback. As long as libcrypto has
access to a decoder that can understand the data, the appropriate
OpenSSL object will be generated for it, even if the store loader sits
in a different provider than any decoder or keymgmt.
For example, an LDAP store loader, which typically finds diverse PEM
formatted blobs in the database, can simply pass those back via the
object callback, and let libcrypto do the rest of the work.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)

show more ...

PROV & STORE: Don't decode keys in the 'file:' store loader

This makes the 'file:' store loader only read the file, and only decode
down to a base level binary format, and simply pass th

PROV & STORE: Don't decode keys in the 'file:' store loader

This makes the 'file:' store loader only read the file, and only decode
down to a base level binary format, and simply pass that blob of data
back to the OSSL_FUNC_store_load() object callback.

This offloads the decoding into specific OpenSSL types to libcrypto,
which takes away the issue of origins, which provider is it that holds
the key (or other future types of objects).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)

show more ...

TEST: Add testing of PVK and MSBLOB files to test_store

The PVK and MSBLOB files were generated using openssl 1.1.1, using
test/testrsa.pem as source:

openssl rsa -in test/t

TEST: Add testing of PVK and MSBLOB files to test_store

The PVK and MSBLOB files were generated using openssl 1.1.1, using
test/testrsa.pem as source:

openssl rsa -in test/testrsa.pem \
-out test/recipes/90-test_store_data/testrsa.msb \
-outform msb
openssl rsa -in test/testrsa.pem \
-out test/recipes/90-test_store_data/testrsa.pvk \
-outform pvk \
-passout pass:password

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15980)

show more ...

Work around a 32-bit mingw failure

Passing the return value from gmtime() directly to mktime() was producing
incorrect results under windows (but not under wine) when built with mingw

Work around a 32-bit mingw failure

Passing the return value from gmtime() directly to mktime() was producing
incorrect results under windows (but not under wine) when built with mingw
32-bit (but not VC-WIN32). We implement a workaround for this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)

show more ...

Use TEST_time_t_* functions in cmp_hrd_test.c

This gives better diagnostic output

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Mer

Use TEST_time_t_* functions in cmp_hrd_test.c

This gives better diagnostic output

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)

show more ...

Avoid some MinGW test failures

There were 4 classes of failure:

- line ending problems;
- unicode problems;
- file path munging problems; and
- a "hang" in test_cmp_http

Avoid some MinGW test failures

There were 4 classes of failure:

- line ending problems;
- unicode problems;
- file path munging problems; and
- a "hang" in test_cmp_http.

The unicode problems appear to be somewhere between wine or msys - they
don't actually appear to be a problem with the built binaries. We just skip
those tests for now.

Fixes #13558

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)

show more ...