Slightly abstract ktls_start() to reduce OS-specific #ifdefs.

Instead of passing the length in from the caller, compute the length
to pass to setsockopt() inside of ktls_start(). This i

Slightly abstract ktls_start() to reduce OS-specific #ifdefs.

Instead of passing the length in from the caller, compute the length
to pass to setsockopt() inside of ktls_start(). This isolates the
OS-specific behavior to ktls.h and removes it from the socket BIO
implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)

show more ...

Remove unused dummy functions from ktls.h.

The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so
the dummy functions were never used.

Reviewed-by: Matt Caswell <m

Remove unused dummy functions from ktls.h.

The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so
the dummy functions were never used.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)

show more ...

Fix the socket BIO control methods to use ktls_crypto_info_t.

This is mostly a cosmetic cleanup I missed when adding the
ktls_crypto_info_t type. However, while fixing this I noticed th

Fix the socket BIO control methods to use ktls_crypto_info_t.

This is mostly a cosmetic cleanup I missed when adding the
ktls_crypto_info_t type. However, while fixing this I noticed that
the changes to extract the size from crypto_info from the wrapper
structure for Linux KTLS had not been propagated from bss_sock.c to
bss_conn.c, so I've fixed that to use the correct length.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)

show more ...

X509_STORE_CTX_print_verify_cb(): add AKID and SKID output for (non-)trusted certs

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12787)

OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12

OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)

show more ...

Strengthen chain building for CMP

* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Exten

Strengthen chain building for CMP

* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Extend the tests in cmp_protect_test.c and the documentation accordingly

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12791)

show more ...

Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout

Also simplify certificate saving in apps/cmp.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https:

Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout

Also simplify certificate saving in apps/cmp.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790)

show more ...

test/drbgtest: improve the reseed after fork test

Issue #12377 demonstrated that it is not sufficient to verify that
after a fork a reseeding is triggered in the child. This commit
e

test/drbgtest: improve the reseed after fork test

Issue #12377 demonstrated that it is not sufficient to verify that
after a fork a reseeding is triggered in the child. This commit
enhances the test by collecting the output of the public and private
drbg for the parent and all children and checking for duplicates.
In case of duplicates, it prints an error message and displays a
sorted output.

The analysis of #12377 (see [1]) showed that due to an error in the
resetting of the AES-CTR (issue #12405, fixed by #12413), it could
happen that only the first n bytes (n=1,...15) of the children's
random output were identical.

This test is optimized to detect this issue by only comparing the first
byte of the sampled data (i.e., the first 'column' of the output).
The number of samples is chosen high enough to keep the chance of false
positives low. The test is executed sixteen times, each time advancing
the internal counter by requesting a single extra byte of random data.

Another, more general test splits the entire sampled random data into
two-byte chunks and counts their collisions. If a certain threshold
is exceeded, it reports an error.

[1] https://github.com/openssl/openssl/issues/12377#issuecomment-656207334

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12407)

show more ...

Fix coverity CID #1454815 - NULL ptr dereference in initthread.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/1270

Fix coverity CID #1454815 - NULL ptr dereference in initthread.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)

show more ...

Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://gi

Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)

show more ...

Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.

Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)

show more ...

Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/

Fix coverity CID #1465967 & #1465968 - fix NULL dereference in dh_ameth.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)

show more ...

Fix coverity CID #1466371 - fix dereference before NULL check.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)

Fix coverity CID #1466375 - Remove dead code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)

Fix coverity CID #1466377 - resource leak due to early return in ec_get_params().

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/

Fix coverity CID #1466377 - resource leak due to early return in ec_get_params().

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)

show more ...

Fix coverity CID #1466378 - Incorrect expression in ec_backend.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/1270

Fix coverity CID #1466378 - Incorrect expression in ec_backend.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)

show more ...

ASN1: Make ASN1_item_verify_ctx() work with provider-native keys

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

EC: Remove one error record that shadows another

In EC_GROUP_new_from_params(), ERR_R_EC_LIB was reported if
group_new_from_name() returned NULL. However, this shadows a possible
EC

EC: Remove one error record that shadows another

In EC_GROUP_new_from_params(), ERR_R_EC_LIB was reported if
group_new_from_name() returned NULL. However, this shadows a possible
EC_R_INVALID_CURVE, making that harder to detect, which happens to be
important to do in test/evp_test.c.

This also extends key_unsupported() in test/evp_test.c to check for
this error alongside the check for EC_R_UNKNOWN_GROUP.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

TEST: Ensure that the base provider i activated when needed

The fips providers can't be activated alone if encoding, decoding or
STORE are going to be used.

To enable this, we s

TEST: Ensure that the base provider i activated when needed

The fips providers can't be activated alone if encoding, decoding or
STORE are going to be used.

To enable this, we selectively use test/fips-and-base.cnf instead of
test/fips.cnf in our test recipes.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

Revert "TEST: separate out NIST ECC tests from non-NIST"

This file split turned out to be a mistake as soon as the fetching
error reporting got properly sorted.

This reverts com

Revert "TEST: separate out NIST ECC tests from non-NIST"

This file split turned out to be a mistake as soon as the fetching
error reporting got properly sorted.

This reverts commit e6ed04a9dcc2ead94e35c4a7400b9c998b5ad9ac.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

EVP: Don't report malloc failure in new_raw_key_int()

On failure by EVP_PKEY_CTX_new_from_name(), this function reported
ERR_R_MALLOC_FAILURE. However, that's not necessarily true, as i

EVP: Don't report malloc failure in new_raw_key_int()

On failure by EVP_PKEY_CTX_new_from_name(), this function reported
ERR_R_MALLOC_FAILURE. However, that's not necessarily true, as it can
fail because the algorithm isn't present.

Either way, EVP_PKEY_CTX_new_from_name() records more accurate errors
on its own, and one of them - EVP_R_FETCH_FAILED - is significant for
test/evp_test.c.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

TEST: have key_unsupported() in evp_test.c look at the last error

key_unsupported() looked at the first error in the queue to see if a
key algorithm is supported or not. However, there

TEST: have key_unsupported() in evp_test.c look at the last error

key_unsupported() looked at the first error in the queue to see if a
key algorithm is supported or not. However, there are situations
where the errors it looks for is preceded by others. It's much safer
to look at the last recorded error.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

STORE: Stop the flood of errors

The old 'file:' loader was recently changed to stop the flood of
repeated nested ASN.1 errors when trying to decode a DER blob in
diverse ways.

STORE: Stop the flood of errors

The old 'file:' loader was recently changed to stop the flood of
repeated nested ASN.1 errors when trying to decode a DER blob in
diverse ways.

That is now reproduced in ossl_store_handle_load_result()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

CORE: Fix small bug in passphrase caching

Passphrase caching didn't allocate memory when it got to cache an
empty string, leading to a crash.

Reviewed-by: Matt Caswell <matt@ope

CORE: Fix small bug in passphrase caching

Passphrase caching didn't allocate memory when it got to cache an
empty string, leading to a crash.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

STORE: Fix potential memory leak

When closing an OSSL_STORE_CTX, also clear the passphrase data.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope

STORE: Fix potential memory leak

When closing an OSSL_STORE_CTX, also clear the passphrase data.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...