diff options
66 files changed, 1597 insertions, 286 deletions
diff --git a/.ctags.d/add-dir.ctags b/.ctags.d/add-dir.ctags new file mode 100644 index 000000000000..ec20b51bd4ca --- /dev/null +++ b/.ctags.d/add-dir.ctags @@ -0,0 +1,11 @@ +# +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# + +# Allow ctags to load configuration file under the sub directories. +--optlib-dir=+./.ctags.d diff --git a/.ctags.d/exclude.ctags b/.ctags.d/exclude.ctags new file mode 100644 index 000000000000..c932464e6dbd --- /dev/null +++ b/.ctags.d/exclude.ctags @@ -0,0 +1,13 @@ +# +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# + +# List file names or patterns you want ctags to ignore. +--exclude=.ctags.d +--exclude=test +--exclude=check-format-test-positives.c diff --git a/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags b/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags new file mode 100644 index 000000000000..ddd4fd54bd04 --- /dev/null +++ b/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags @@ -0,0 +1,18 @@ +# +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# + +# This file is only for extracting macro definitions. +--langmap=C:+.h +-o - +--sort=no +--languages=C +-R + +--fields-C=+{macrodef} +--fields=+{signature} diff --git a/.ctags.d/openssl-stage2/10expand-macros.ctags b/.ctags.d/openssl-stage2/10expand-macros.ctags new file mode 100644 index 000000000000..5cf5000df3af --- /dev/null +++ b/.ctags.d/openssl-stage2/10expand-macros.ctags @@ -0,0 +1,9 @@ +# +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +--param-CPreProcessor._expand=1 diff --git a/CHANGES.md b/CHANGES.md index 2978ebfa2d10..c9682a863ff6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -28,6 +28,13 @@ OpenSSL Releases OpenSSL 3.5 ----------- +### Changes between 3.5.1 and 3.5.2 [5 Aug 2025] + + * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. + This is mandated by FIPS 140-3 IG 10.3.A additional comment 1. + + *Dr Paul Dale* + ### Changes between 3.5.0 and 3.5.1 [1 Jul 2025] * Fix x509 application adds trusted use instead of rejected use. @@ -23,6 +23,10 @@ OpenSSL Releases OpenSSL 3.5 ----------- +### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025] + + * none + ### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025] OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this diff --git a/VERSION.dat b/VERSION.dat index f931934a1972..a5925c8d5338 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=5 -PATCH=1 +PATCH=2 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="1 Jul 2025" +RELEASE_DATE="5 Aug 2025" SHLIB_VERSION=3 diff --git a/apps/asn1parse.c b/apps/asn1parse.c index 4f882396d03d..4540d5f5fb6e 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -40,8 +40,8 @@ const OPTIONS asn1parse_options[] = { {"length", OPT_LENGTH, 'p', "length of section in file"}, {"strparse", OPT_STRPARSE, 'p', "offset; a series of these can be used to 'dig'"}, - {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, + {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"}, {"strictpem", OPT_STRICTPEM, 0, "equivalent to '-inform pem' (obsolete)"}, diff --git a/apps/rand.c b/apps/rand.c index b123a151ea74..da747c1783e4 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,7 +199,7 @@ int rand_main(int argc, char **argv) int chunk; chunk = scaled_num > buflen ? (int)buflen : (int)scaled_num; - r = RAND_bytes(buf, chunk); + r = RAND_bytes_ex(app_get0_libctx(), buf, chunk, 0); if (r <= 0) goto end; if (format != FORMAT_TEXT) { diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index ae23f61839ea..2d899dc96f67 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> +#include <openssl/self_test.h> #include "dh_local.h" #include "crypto/dh.h" @@ -329,17 +330,27 @@ end: * FFC pairwise check from SP800-56A R3. * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency */ -int ossl_dh_check_pairwise(const DH *dh) +int ossl_dh_check_pairwise(const DH *dh, int return_on_null_numbers) { int ret = 0; BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL; + OSSL_SELF_TEST *st = NULL; + OSSL_CALLBACK *stcb = NULL; + void *stcbarg = NULL; if (dh->params.p == NULL || dh->params.g == NULL || dh->priv_key == NULL || dh->pub_key == NULL) - return 0; + return return_on_null_numbers; + + OSSL_SELF_TEST_get_callback(dh->libctx, &stcb, &stcbarg); + st = OSSL_SELF_TEST_new(stcb, stcbarg); + if (st == NULL) + goto err; + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, + OSSL_SELF_TEST_DESC_PCT_DH); ctx = BN_CTX_new_ex(dh->libctx); if (ctx == NULL) @@ -351,10 +362,27 @@ int ossl_dh_check_pairwise(const DH *dh) /* recalculate the public key = (g ^ priv) mod p */ if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key)) goto err; + +#ifdef FIPS_MODULE + { + int len; + unsigned char bytes[1024] = {0}; /* Max key size of 8192 bits */ + + if (BN_num_bytes(pub_key) > (int)sizeof(bytes)) + goto err; + len = BN_bn2bin(pub_key, bytes); + OSSL_SELF_TEST_oncorrupt_byte(st, bytes); + if (BN_bin2bn(bytes, len, pub_key) == NULL) + goto err; + } +#endif /* check it matches the existing public_key */ ret = BN_cmp(pub_key, dh->pub_key) == 0; -err: + err: BN_free(pub_key); BN_CTX_free(ctx); + + OSSL_SELF_TEST_onend(st, ret); + OSSL_SELF_TEST_free(st); return ret; } diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index ffcf3cde1155..dedfb24e569e 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -537,6 +537,14 @@ static void collect_extra_decoder(OSSL_DECODER *decoder, void *arg) } } +static int decoder_sk_cmp(const OSSL_DECODER_INSTANCE *const *a, + const OSSL_DECODER_INSTANCE *const *b) +{ + if ((*a)->score == (*b)->score) + return (*a)->order - (*b)->order; + return (*a)->score - (*b)->score; +} + int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, OSSL_LIB_CTX *libctx, const char *propq) { @@ -595,6 +603,26 @@ int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, OSSL_DECODER_do_all_provided(libctx, collect_all_decoders, skdecoders); numdecoders = sk_OSSL_DECODER_num(skdecoders); + /* + * If there are provided or default properties, sort the initial decoder list + * by property matching score so that the highest scored provider is selected + * first. + */ + if (propq != NULL || ossl_ctx_global_properties(libctx, 0) != NULL) { + int num_decoder_insts = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts); + int i; + OSSL_DECODER_INSTANCE *di; + sk_OSSL_DECODER_INSTANCE_compfunc old_cmp = + sk_OSSL_DECODER_INSTANCE_set_cmp_func(ctx->decoder_insts, decoder_sk_cmp); + + for (i = 0; i < num_decoder_insts; i++) { + di = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); + di->order = i; + } + sk_OSSL_DECODER_INSTANCE_sort(ctx->decoder_insts); + sk_OSSL_DECODER_INSTANCE_set_cmp_func(ctx->decoder_insts, old_cmp); + } + memset(&data, 0, sizeof(data)); data.ctx = ctx; data.w_prev_start = 0; diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index f99566bde744..9fc4e2312331 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -222,15 +222,21 @@ struct collect_data_st { int total; /* number of matching results */ char error_occurred; char keytype_resolved; + OSSL_PROPERTY_LIST *pq; STACK_OF(EVP_KEYMGMT) *keymgmts; }; -static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, - void *provctx, struct collect_data_st *data) +/* + * Add decoder instance to the decoder context if it is compatible. Returns 1 + * if a decoder was added, 0 otherwise. + */ +static int collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, + void *provctx, struct collect_data_st *data) { void *decoderctx = NULL; OSSL_DECODER_INSTANCE *di = NULL; + const OSSL_PROPERTY_LIST *props; /* * We already checked the EVP_KEYMGMT is applicable in check_keymgmt so we @@ -239,17 +245,17 @@ static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, if (keymgmt->name_id != decoder->base.id) /* Mismatch is not an error, continue. */ - return; + return 0; if ((decoderctx = decoder->newctx(provctx)) == NULL) { data->error_occurred = 1; - return; + return 0; } if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) { decoder->freectx(decoderctx); data->error_occurred = 1; - return; + return 0; } /* @@ -263,7 +269,7 @@ static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, || OPENSSL_strcasecmp(data->ctx->start_input_type, "PEM") != 0)) { /* Mismatch is not an error, continue. */ ossl_decoder_instance_free(di); - return; + return 0; } OSSL_TRACE_BEGIN(DECODER) { @@ -275,13 +281,30 @@ static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, OSSL_DECODER_get0_properties(decoder)); } OSSL_TRACE_END(DECODER); + /* + * Get the property match score so the decoders can be prioritized later. + */ + props = ossl_decoder_parsed_properties(decoder); + if (data->pq != NULL && props != NULL) { + di->score = ossl_property_match_count(data->pq, props); + /* + * Mismatch of mandatory properties is not an error, the decoder is just + * ignored, continue. + */ + if (di->score < 0) { + ossl_decoder_instance_free(di); + return 0; + } + } + if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) { ossl_decoder_instance_free(di); data->error_occurred = 1; - return; + return 0; } ++data->total; + return 1; } static void collect_decoder(OSSL_DECODER *decoder, void *arg) @@ -321,7 +344,9 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg) for (i = 0; i < end_i; ++i) { keymgmt = sk_EVP_KEYMGMT_value(keymgmts, i); - collect_decoder_keymgmt(keymgmt, decoder, provctx, data); + /* Only add this decoder once */ + if (collect_decoder_keymgmt(keymgmt, decoder, provctx, data)) + break; if (data->error_occurred) return; } @@ -407,6 +432,8 @@ static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, struct decoder_pkey_data_st *process_data = NULL; struct collect_data_st collect_data = { NULL }; STACK_OF(EVP_KEYMGMT) *keymgmts = NULL; + OSSL_PROPERTY_LIST **plp; + OSSL_PROPERTY_LIST *pq = NULL, *p2 = NULL; OSSL_TRACE_BEGIN(DECODER) { const char *input_type = ctx->start_input_type; @@ -443,6 +470,25 @@ static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, process_data->keymgmts = keymgmts; /* + * Collect passed and default properties to prioritize the decoders. + */ + if (propquery != NULL) + p2 = pq = ossl_parse_query(libctx, propquery, 1); + + plp = ossl_ctx_global_properties(libctx, 0); + if (plp != NULL && *plp != NULL) { + if (pq == NULL) { + pq = *plp; + } else { + p2 = ossl_property_merge(pq, *plp); + ossl_property_free(pq); + if (p2 == NULL) + goto err; + pq = p2; + } + } + + /* * Enumerate all keymgmts into a stack. * * We could nest EVP_KEYMGMT_do_all_provided inside @@ -457,10 +503,11 @@ static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, * upfront, as this ensures that the names for all loaded providers have * been registered by the time we try to resolve the keytype string. */ - collect_data.ctx = ctx; - collect_data.libctx = libctx; - collect_data.keymgmts = keymgmts; - collect_data.keytype = keytype; + collect_data.ctx = ctx; + collect_data.libctx = libctx; + collect_data.keymgmts = keymgmts; + collect_data.keytype = keytype; + collect_data.pq = pq; EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, &collect_data); if (collect_data.error_occurred) @@ -496,6 +543,7 @@ static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, ok = 1; err: decoder_clean_pkey_construct_arg(process_data); + ossl_property_free(p2); return ok; } diff --git a/crypto/encode_decode/encoder_local.h b/crypto/encode_decode/encoder_local.h index a2846d309ea8..11e52cfeec75 100644 --- a/crypto/encode_decode/encoder_local.h +++ b/crypto/encode_decode/encoder_local.h @@ -109,6 +109,8 @@ struct ossl_decoder_instance_st { const char *input_type; /* Never NULL */ const char *input_structure; /* May be NULL */ int input_type_id; + int order; /* For stable ordering of decoders wrt proqs */ + int score; /* For ordering decoders wrt proqs */ unsigned int flag_input_structure_was_set : 1; }; diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index 975170c0aa09..c97ce338fdf8 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -261,10 +261,12 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, cipher = ctx->op.ciph.cipher; desc = cipher->description != NULL ? cipher->description : ""; + ERR_set_mark(); ret = cipher->encrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE, "%s encrypt:%s", cipher->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -309,10 +311,12 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, cipher = ctx->op.ciph.cipher; desc = cipher->description != NULL ? cipher->description : ""; + ERR_set_mark(); ret = cipher->decrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE, "%s decrypt:%s", cipher->type_name, desc); + ERR_clear_last_mark(); return ret; diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index f54684852b7c..f57153b2c1a1 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -460,10 +460,12 @@ void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, return NULL; } + ERR_set_mark(); ret = keymgmt->gen(genctx, cb, cbarg); - if (ret == NULL) + if (ret == NULL && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE, "%s key generation:%s", keymgmt->type_name, desc); + ERR_clear_last_mark(); return ret; } diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index d5df497da770..c27ed6dbe9b2 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -426,10 +426,12 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) return 0; } + ERR_set_mark(); ret = signature->digest_sign_update(pctx->op.sig.algctx, data, dsize); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign_update:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -470,10 +472,12 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) return 0; } + ERR_set_mark(); ret = signature->digest_verify_update(pctx->op.sig.algctx, data, dsize); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify_update:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -523,11 +527,13 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, pctx = dctx; } + ERR_set_mark(); r = signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, sigret == NULL ? 0 : *siglen); - if (!r) + if (!r && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign_final:%s", signature->type_name, desc); + ERR_clear_last_mark(); if (dctx == NULL && sigret != NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; else @@ -634,11 +640,13 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, if (sigret != NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + ERR_set_mark(); ret = signature->digest_sign(pctx->op.sig.algctx, sigret, siglen, sigret == NULL ? 0 : *siglen, tbs, tbslen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; } } else { @@ -689,10 +697,12 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, pctx = dctx; } + ERR_set_mark(); r = signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen); - if (!r) + if (!r && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify_final:%s", signature->type_name, desc); + ERR_clear_last_mark(); if (dctx == NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; else @@ -765,10 +775,12 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, int ret; ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + ERR_set_mark(); ret = signature->digest_verify(pctx->op.sig.algctx, sigret, siglen, tbs, tbslen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; } } else { diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 0b675946485c..ce5cf36eef9d 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -2419,6 +2419,11 @@ static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle) return ERR_pop_to_mark(); } +static int core_count_to_mark(const OSSL_CORE_HANDLE *handle) +{ + return ERR_count_to_mark(); +} + static void core_indicator_get_callback(OPENSSL_CORE_CTX *libctx, OSSL_INDICATOR_CALLBACK **cb) { @@ -2600,6 +2605,7 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, (void (*)(void))core_clear_last_error_mark }, { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark }, + { OSSL_FUNC_CORE_COUNT_TO_MARK, (void (*)(void))core_count_to_mark }, { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file }, { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf }, { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex }, diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index f76bb7748369..32084a822cac 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -734,3 +734,18 @@ err: return ret; } + +#ifdef FIPS_MODULE +int ossl_rsa_key_pairwise_test(RSA *rsa) +{ + OSSL_CALLBACK *stcb; + void *stcbarg; + int res; + + OSSL_SELF_TEST_get_callback(rsa->libctx, &stcb, &stcbarg); + res = rsa_keygen_pairwise_test(rsa, stcb, stcbarg); + if (res <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + return res; +} +#endif /* FIPS_MODULE */ diff --git a/crypto/slh_dsa/slh_hash.c b/crypto/slh_dsa/slh_hash.c index 6a8d6bab03c1..8eb8ab4e8604 100644 --- a/crypto/slh_dsa/slh_hash.c +++ b/crypto/slh_dsa/slh_hash.c @@ -158,6 +158,9 @@ slh_hmsg_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *r, const uint8_t *pk_seed, int sz = EVP_MD_get_size(hctx->key->md_big); size_t seed_len = (size_t)sz + 2 * n; + if (sz <= 0) + return 0; + memcpy(seed, r, n); memcpy(seed + n, pk_seed, n); return digest_4(hctx->md_big_ctx, r, n, pk_seed, n, pk_root, n, msg, msg_len, diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 28cf95cc48c9..7c49128b47db 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -220,6 +220,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) BIGNUM *tmp = NULL; OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); + if (dA == NULL) { + ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY); + goto done; + } kG = EC_POINT_new(group); if (kG == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 505d606f4a9b..ebf170c3e8f1 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -428,12 +428,6 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) if (ctx->loader != NULL) OSSL_TRACE(STORE, "Loading next object\n"); - if (ctx->cached_info != NULL - && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { - sk_OSSL_STORE_INFO_free(ctx->cached_info); - ctx->cached_info = NULL; - } - if (ctx->cached_info != NULL) { v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); } else { @@ -556,14 +550,23 @@ int OSSL_STORE_error(OSSL_STORE_CTX *ctx) int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) { - int ret = 1; + int ret = 0; - if (ctx->fetched_loader != NULL) - ret = ctx->loader->p_eof(ctx->loader_ctx); + if (ctx->cached_info != NULL + && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { + sk_OSSL_STORE_INFO_free(ctx->cached_info); + ctx->cached_info = NULL; + } + + if (ctx->cached_info == NULL) { + ret = 1; + if (ctx->fetched_loader != NULL) + ret = ctx->loader->p_eof(ctx->loader_ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - ret = ctx->loader->eof(ctx->loader_ctx); + if (ctx->fetched_loader == NULL) + ret = ctx->loader->eof(ctx->loader_ctx); #endif + } return ret != 0; } diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 2601a019f87e..7af3e9a7e7f2 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -289,6 +289,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) { int idp_only = 0; + int ret = 0; /* Set various flags according to IDP */ crl->idp_flags |= IDP_PRESENT; @@ -320,7 +321,17 @@ static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) crl->idp_reasons &= CRLDP_ALL_REASONS; } - return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + ret = DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + + /* + * RFC5280 specifies that if onlyContainsUserCerts, onlyContainsCACerts, + * indirectCRL, and OnlyContainsAttributeCerts are all FALSE, there must + * be either a distributionPoint field or an onlySomeReasons field present. + */ + if (crl->idp_flags == IDP_PRESENT && idp->distpoint == NULL) + crl->idp_flags |= IDP_INVALID; + + return ret; } ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c index d119e9722226..dd8ef90b6e3f 100644 --- a/demos/cms/cms_ddec.c +++ b/demos/cms/cms_ddec.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -58,7 +58,7 @@ int main(int argc, char **argv) /* Open file containing detached content */ dcont = BIO_new_file("smencr.out", "rb"); - if (!in) + if (dcont == NULL) goto err; out = BIO_new_file("encrout.txt", "w"); diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c index 53b680f67484..e451a108fd46 100644 --- a/demos/cms/cms_denc.c +++ b/demos/cms/cms_denc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,7 +57,7 @@ int main(int argc, char **argv) dout = BIO_new_file("smencr.out", "wb"); - if (!in) + if (in == NULL || dout == NULL) goto err; /* encrypt content */ diff --git a/doc/internal/man3/ossl_namemap_new.pod b/doc/internal/man3/ossl_namemap_new.pod index 7f4940fc9341..8879c592106b 100644 --- a/doc/internal/man3/ossl_namemap_new.pod +++ b/doc/internal/man3/ossl_namemap_new.pod @@ -4,7 +4,7 @@ ossl_namemap_new, ossl_namemap_free, ossl_namemap_stored, ossl_namemap_empty, ossl_namemap_add_name, ossl_namemap_add_names, -ossl_namemap_name2num, ossl_namemap_name2num_n, +ossl_namemap_name2num, ossl_namemap_name2num_n, ossl_namemap_num2name, ossl_namemap_doall_names - internal number E<lt>-E<gt> name map @@ -23,6 +23,8 @@ ossl_namemap_doall_names int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, const char *name, size_t name_len); + const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, + int idx); int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, void (*fn)(const char *name, void *data), void *data); @@ -64,6 +66,9 @@ ossl_namemap_name2num_n() does the same thing as ossl_namemap_name2num(), but takes a string length I<name_len> as well, allowing the caller to use a fragment of a string as a name. +ossl_namemap_num2name() finds the I<idx>th name associated with the +id I<number>. + ossl_namemap_doall_names() walks through all names associated with I<number> in the given I<namemap> and calls the function I<fn> for each of them. @@ -88,9 +93,9 @@ to lock). ossl_namemap_add_name() returns the number associated with the added string, or zero on error. -ossl_namemap_num2names() returns a pointer to a NULL-terminated list of -pointers to the names corresponding to the given number, or NULL if -it's undefined in the given B<OSSL_NAMEMAP>. +ossl_namemap_num2name() returns a pointer to I<idx>th name associated +with id I<number>, or NULL if it's undefined in the given +B<OSSL_NAMEMAP>. ossl_namemap_name2num() and ossl_namemap_name2num_n() return the number corresponding to the given name, or 0 if it's undefined in the given @@ -116,7 +121,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 9dd4f5a49ffe..d44b4a7dac85 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -237,9 +237,7 @@ explicitly permitted by the various standards. =item B<-hkdf_digest_check> -Configure the module to enable a run-time digest check when deriving a key by -HKDF. -See NIST SP 800-56Cr2 for details. +This option is deprecated. =item B<-tls13_kdf_digest_check> @@ -261,9 +259,7 @@ See NIST SP 800-135r1 for details. =item B<-sskdf_digest_check> -Configure the module to enable a run-time digest check when deriving a key by -SSKDF. -See NIST SP 800-56Cr2 for details. +This option is deprecated. =item B<-x963kdf_digest_check> @@ -493,7 +489,7 @@ B<-ecdh_cofactor_check> =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index 72d129deff24..0a56600c2b60 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -219,7 +219,19 @@ general private key without reference to any particular algorithm. The structure returned by EVP_PKEY_new() is empty. To add a private or public key to this empty structure use the appropriate functions described in L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_DSA(3)>, L<EVP_PKEY_set1_DH(3)> or -L<EVP_PKEY_set1_EC_KEY(3)>. +L<EVP_PKEY_set1_EC_KEY(3)> for legacy key types implemented in internal +OpenSSL providers. + +For fully provider-managed key types (see L<provider-keymgmt(7)>), +possibly implemented in external providers, use functions such as +L<EVP_PKEY_set1_encoded_public_key(3)> or L<EVP_PKEY_fromdata(3)> +to populate key data. + +Generally caution is advised for using an B<EVP_PKEY> structure across +different library contexts: In order for an B<EVP_PKEY> to be shared by +multiple library contexts the providers associated with the library contexts +must have key managers that support the key type and implement the +OSSL_FUNC_keymgmt_import() and OSSL_FUNC_keymgmt_export() functions. =head1 RETURN VALUES diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index 1bddd7737069..dbc7073aac18 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -45,7 +45,12 @@ the program's dynamic memory area, where keys and other sensitive information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your -threat model and concerns. +threat model and concerns. It should be noted that the secure heap +uses a single read/write lock, and therefore any operations +that involve allocation or freeing of secure heap memory are serialised, +blocking other threads. With that in mind, highly concurrent applications +should enable the secure heap with caution and be aware of the performance +implications for multi-threaded code. If a secure heap is used, then private key B<BIGNUM> values are stored there. This protects long-term storage of private keys, but will not necessarily @@ -135,7 +140,7 @@ a B<size_t> in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PEM_read_CMS.pod b/doc/man3/PEM_read_CMS.pod index dbccf26cd893..880e31481029 100644 --- a/doc/man3/PEM_read_CMS.pod +++ b/doc/man3/PEM_read_CMS.pod @@ -84,9 +84,9 @@ see L<openssl_user_macros(7)>: =head1 DESCRIPTION -All of the functions described on this page are deprecated. -Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio() -instead. +To replace the deprecated functions listed above, applications should use the +B<EVP_PKEY> type and OSSL_DECODER_from_bio() and OSSL_ENCODER_to_bio() to +read and write PEM data containing key parameters or private and public keys. In the description below, B<I<TYPE>> is used as a placeholder for any of the OpenSSL datatypes, such as B<X509>. @@ -142,7 +142,7 @@ were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod index a25ced338393..c3f7b8f3ab6b 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod @@ -62,17 +62,11 @@ A version number for the fips install process. Should be 1. =item B<install-status> -An indicator that the self-tests were successfully run. -This should only be written after the module has -successfully passed its self tests during installation. -If this field is not present, then the self tests will run when the module -loads. +This field is deprecated and is no longer used. =item B<install-mac> -A MAC of the value of the B<install-status> option, to prevent accidental -changes to that value. -It is written-to at the same time as B<install-status> is updated. +This field is deprecated and is no longer used. =back @@ -112,7 +106,7 @@ See L<openssl-fipsinstall(1)/OPTIONS> B<-signature_digest_check> =item B<hkdf-digest-check> -See L<openssl-fipsinstall(1)/OPTIONS> B<-hkdf_digest_check> +This option is deprecated. =item B<tls13-kdf-digest-check> @@ -128,7 +122,7 @@ See L<openssl-fipsinstall(1)/OPTIONS> B<-sshkdf_digest_check> =item B<sskdf-digest-check> -See L<openssl-fipsinstall(1)/OPTIONS> B<-sskdf_digest_check> +This option is deprecated. =item B<x963kdf-digest-check> @@ -233,7 +227,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_ASYM_CIPHER-RSA.pod b/doc/man7/EVP_ASYM_CIPHER-RSA.pod index 171a3d130ec0..2b8cf1c12fb8 100644 --- a/doc/man7/EVP_ASYM_CIPHER-RSA.pod +++ b/doc/man7/EVP_ASYM_CIPHER-RSA.pod @@ -27,7 +27,8 @@ The default provider understands these RSA padding modes in string form: This padding mode is no longer supported by the FIPS provider for key agreement and key transport. -(This is a FIPS 140-3 requirement) +(This is a FIPS 140-3 requirement). +See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pkcs15_pad_disabled>. =item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>) @@ -109,7 +110,7 @@ L<OSSL_PROVIDER-FIPS(7)> =head1 COPYRIGHT -Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 571a1e99e089..b338d1c35f1b 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -14,7 +14,7 @@ accredited testing laboratory. =head2 Properties The implementations in this provider specifically have these properties -defined: +defined for approved algorithms: =over 4 @@ -41,20 +41,17 @@ query. Including C<provider=fips> in your property query guarantees that the OpenSSL FIPS provider is used for cryptographic operations rather than other FIPS capable providers. -=head2 Provider parameters - -See L<provider-base(7)/Provider parameters> for a list of base parameters. -Additionally the OpenSSL FIPS provider also supports the following gettable -parameters: - -=over 4 +=head2 Approved algorithms -=item "security-checks" (B<OSSL_OSSL_PROV_PARAM_SECURITY_CHECKS>) <unsigned integer> +Algorithms that are fetched using "fips=yes" may still be unapproved if certain +conditions are not met. See L<fips_module(7)/FIPS indicators> for additional +information. -For further information refer to the L<openssl-fipsinstall(1)> option -B<-no_security_checks>. +=head2 Provider parameters -=back +See L<provider-base(7)/Provider parameters> for a list of base parameters. +The OpenSSL FIPS provider also handles FIPS indicator related parameters as +specified by L<fips_config(5)/FIPS indicator options>. =head1 OPERATIONS AND ALGORITHMS @@ -84,8 +81,6 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item 3DES, see L<EVP_CIPHER-DES(7)> -This is an unapproved algorithm. - =back =head2 Message Authentication Code (MAC) @@ -212,21 +207,21 @@ for signature generation, but may be used for verification for legacy use cases. =item EC, see L<EVP_KEYMGMT-EC(7)> -=item X25519, see L<EVP_KEYMGMT-X25519(7)> - -This is an unapproved algorithm. - -=item X448, see L<EVP_KEYMGMT-X448(7)> +=item ED25519, see L<EVP_KEYMGMT-ED25519(7)> -This is an unapproved algorithm. +=item ED448, see L<EVP_KEYMGMT-ED448(7)> -=item ED25519, see L<EVP_KEYMGMT-ED25519(7)> +=item X25519, see L<EVP_KEYMGMT-X25519(7)> This is an unapproved algorithm. +The FIPS 140-3 IG states that "Curves that are included in SP 800-186 but not +included in SP 800-56Arev3 are not approved for key agreement". -=item ED448, see L<EVP_KEYMGMT-ED448(7)> +=item X448, see L<EVP_KEYMGMT-X448(7)> This is an unapproved algorithm. +The FIPS 140-3 IG states that "Curves that are included in SP 800-186 but not" +included in SP 800-56Arev3 are not approved for key agreement". =item TLS1-PRF @@ -288,8 +283,11 @@ TEST-RAND is an unapproved algorithm. =head1 SELF TESTING -One of the requirements for the FIPS module is self testing. An optional callback -mechanism is available to return information to the user using +A requirement of FIPS modules is to run cryptographic algorithm self tests. +FIPS 140-3 requires known answer tests to be run on startup as well as +conditional tests that run during cryptographic operations. + +An optional callback mechanism is available to return information to the user using L<OSSL_SELF_TEST_set_callback(3)>. The parameters passed to the callback are described in L<OSSL_SELF_TEST_new(3)> @@ -311,12 +309,10 @@ Uses HMAC SHA256 on the module file to validate that the module has not been modified. The integrity value is compared to a value written to a configuration file during installation. -=item "Install_Integrity" (B<OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY>) +=item "KAT_Integrity" (B<OSSL_SELF_TEST_TYPE_KAT_INTEGRITY>) -Uses HMAC SHA256 on a fixed string to validate that the installation process -has already been performed and the self test KATS have already been tested, -The integrity value is compared to a value written to a configuration -file after successfully running the self tests during installation. +Used during the Module Integrity test to perform a known answer test on +HMAC SHA256 prior to using it. =item "KAT_Cipher" (B<OSSL_SELF_TEST_TYPE_KAT_CIPHER>) @@ -362,22 +358,22 @@ Known answer test for a Deterministic Random Bit Generator. Conditional test that is run during the generation or importing of key pairs. +=item "Conditional_KAT" (B<OSSL_SELF_TEST_TYPE_PCT_KAT>) + +Conditional test run during generation that derive the public key from the +private key and checks that the public key matches. This is a SP 800-56A requirement. + =item "Continuous_RNG_Test" (B<OSSL_SELF_TEST_TYPE_CRNG>) Continuous random number generator test. -=back - -The "Module_Integrity" self test is always run at startup. -The "Install_Integrity" self test is used to check if the self tests have -already been run at installation time. If they have already run then the -self tests are not run on subsequent startups. -All other self test categories are run once at installation time, except for the -"Pairwise_Consistency_Test". +=item "Install_Integrity" (B<OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY>) -There is only one instance of the "Module_Integrity" and "Install_Integrity" -self tests. All other self tests may have multiple instances. +This is deprecated. The option is no longer used since FIPS 140-3 requires +self tests to always run on startup. Previous FIPS 140-2 validations allowed +the self tests to be run just once. +=back The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin(). @@ -385,7 +381,7 @@ The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin() =item "HMAC" (B<OSSL_SELF_TEST_DESC_INTEGRITY_HMAC>) -"Module_Integrity" and "Install_Integrity" use this. +"Module_Integrity" uses this. =item "RSA" (B<OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1>) @@ -559,20 +555,6 @@ validated versions alongside F<libcrypto> and F<libssl> compiled from any release within the same major release series. This flexibility enables you to address bug fixes and CVEs that fall outside the FIPS boundary. -The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms, -consequently the property query C<fips=yes> is mandatory for applications that -want to operate in a FIPS approved manner. The algorithms are: - -=over 4 - -=item Triple DES ECB - -=item Triple DES CBC - -=item EdDSA - -=back - You can load the FIPS provider into multiple library contexts as any other provider. However the following restriction applies. The FIPS provider cannot be used by multiple copies of OpenSSL libcrypto in a single process. diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 0302900a7314..511195770581 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -154,6 +154,10 @@ provider): core_new_error OSSL_FUNC_CORE_NEW_ERROR core_set_error_debug OSSL_FUNC_CORE_SET_ERROR_DEBUG core_vset_error OSSL_FUNC_CORE_VSET_ERROR + core_set_error_mark OSSL_FUNC_CORE_SET_ERROR_MARK + core_clear_last_error_mark OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK + core_pop_error_to_mark OSSL_FUNC_CORE_POP_ERROR_TO_MARK + core_count_to_mark OSSL_FUNC_CORE_COUNT_TO_MARK core_obj_add_sigid OSSL_FUNC_CORE_OBJ_ADD_SIGID core_obj_create OSSL_FUNC_CORE_OBJ_CREATE CRYPTO_malloc OSSL_FUNC_CRYPTO_MALLOC @@ -270,6 +274,33 @@ error occurred or was reported. This corresponds to the OpenSSL function L<ERR_vset_error(3)>. +=item core_set_error_mark() + +sets a mark on the current topmost error record if there is one. + +This corresponds to the OpenSSL function L<ERR_set_mark(3)>. + +=item core_clear_last_error_mark() + +removes the last mark added if there is one. + +This corresponds to the OpenSSL function L<ERR_clear_last_mark(3)>. + +=item core_pop_error_to_mark() + +pops the top of the error stack until a mark is found. The mark is then removed. +If there is no mark, the whole stack is removed. + +This corresponds to the OpenSSL function L<ERR_pop_to_mark(3)>. + +=item core_count_to_mark() + +returns the number of entries on the error stack above the most recently +marked entry, not including that entry. If there is no mark in the error stack, +the number of entries in the error stack is returned. + +This corresponds to the OpenSSL function L<ERR_count_to_mark(3)>. + =back The core_obj_create() function registers a new OID and associated short name diff --git a/fuzz/dtlsserver.c b/fuzz/dtlsserver.c index 68ddb1e6e683..7ea57ea05336 100644 --- a/fuzz/dtlsserver.c +++ b/fuzz/dtlsserver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -590,10 +590,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) SSL *server; BIO *in; BIO *out; -#if !defined(OPENSSL_NO_EC) \ - || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) BIO *bio_buf; -#endif SSL_CTX *ctx; int ret; #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 51232d18c244..b4a4a3c1fae8 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,7 +42,7 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret); int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret); -int ossl_dh_check_pairwise(const DH *dh); +int ossl_dh_check_pairwise(const DH *dh, int return_on_null_numbers); const DH_METHOD *ossl_dh_get_method(const DH *dh); diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index dcb465cbcae0..ffbc95a77888 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -124,6 +124,10 @@ ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx); int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, const X509_ALGOR *sigalg, EVP_PKEY *pkey); +# ifdef FIPS_MODULE +int ossl_rsa_key_pairwise_test(RSA *rsa); +# endif /* FIPS_MODULE */ + # if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]); void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst); diff --git a/include/internal/quic_ackm.h b/include/internal/quic_ackm.h index c271dfca2e1d..949d91903bb1 100644 --- a/include/internal/quic_ackm.h +++ b/include/internal/quic_ackm.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), void *now_arg, OSSL_STATM *statm, const OSSL_CC_METHOD *cc_method, - OSSL_CC_DATA *cc_data); + OSSL_CC_DATA *cc_data, int is_server); void ossl_ackm_free(OSSL_ACKM *ackm); void ossl_ackm_set_loss_detection_deadline_callback(OSSL_ACKM *ackm, diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index 690a38206a35..13de04e2622c 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -253,6 +253,10 @@ OSSL_CORE_MAKE_FUNC(int, provider_up_ref, OSSL_CORE_MAKE_FUNC(int, provider_free, (const OSSL_CORE_HANDLE *prov, int deactivate)) +/* Additional error functions provided by the core */ +# define OSSL_FUNC_CORE_COUNT_TO_MARK 120 +OSSL_CORE_MAKE_FUNC(int, core_count_to_mark, (const OSSL_CORE_HANDLE *prov)) + /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx)) diff --git a/include/openssl/pem.h b/include/openssl/pem.h index 94424e6c209e..de1b6581f28f 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -57,6 +57,7 @@ extern "C" { # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" +# define PEM_STRING_SM2PRIVATEKEY "SM2 PRIVATE KEY" # define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" # define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE" diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h index 2d39e096eeab..c4439cb28715 100644 --- a/include/openssl/self_test.h +++ b/include/openssl/self_test.h @@ -50,6 +50,7 @@ extern "C" { # define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" # define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" # define OSSL_SELF_TEST_DESC_PCT_EDDSA "EDDSA" +# define OSSL_SELF_TEST_DESC_PCT_DH "DH" # define OSSL_SELF_TEST_DESC_PCT_DSA "DSA" # define OSSL_SELF_TEST_DESC_PCT_ML_DSA "ML-DSA" # define OSSL_SELF_TEST_DESC_PCT_ML_KEM "ML-KEM" diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 9f25bac77f3e..04b820f1f1ec 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -136,7 +136,7 @@ eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb 9549901d6f0f96cd17bd76c2b6cb33fb25641707bfdb8ed34aab250c34f7f4f6 crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h a54b1b60cf48ca89dfb3f71d299794dd6c2e462c576b0fe583d1448f819c80ea crypto/dh/dh_backend.c -24cf9462da6632c52b726041271f8a43dfb3f74414abe460d9cc9c7fd2fd2d7d crypto/dh/dh_check.c +9db32c052fb3cf7c36ab8e642f4852c2fa68a7b6bae0e3b1746522f826827068 crypto/dh/dh_check.c c117ac4fd24369c7813ac9dc9685640700a82bb32b0f7e038e85afd6c8db75c7 crypto/dh/dh_gen.c 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a539a8930035fee3b723d74a1d13e931ff69a2b523c83d4a2d0d9db6c78ba902 crypto/dh/dh_kdf.c @@ -204,7 +204,7 @@ a47d8541bb2cc180f4c7d3ac0f888657e17621b318ea8a2eacdefb1926efb500 crypto/ec/ecp_ 43f81968983e9a466b7dc9cffe64302418703f7a66adcbac4b7c4d8cb19c9af5 crypto/ec/ecx_backend.c 5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h 2be4ca60082891bdc99f8c6ebc5392c1f0a7a53f0bcf18dcf5497a7aee0b9c84 crypto/ec/ecx_key.c -73c956c97fd558b0fd267934657fb829fd8d9ab12dda2d96d3ca1521f0416ca8 crypto/evp/asymcipher.c +c1f04d877f96f2d0852290e34b1994dd48222650ac1121903cee9c259fe3ebf2 crypto/evp/asymcipher.c 80da494704c8fc54fea36e5de7100a6c2fdcc5f8c50f43ac477df5f56fa57e58 crypto/evp/dh_support.c bc9f3b827e3d29ac485fff9fb1c8f71d7e2bcd883ccc44c776de2f620081df58 crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c @@ -219,7 +219,7 @@ baccbd623a94ba350c07e0811033ad66a2c892ef51ccb051b4a65bf2ba625a85 crypto/evp/evp 90742590db894920ffdb737a450ee591488aa455802e777400b1bf887618fd7a crypto/evp/kdf_meth.c 948f7904e81008588288a1ba7969b9de83546c687230ffe2a3fd0be1651bce8f crypto/evp/kem.c 55d141a74405415ad21789abcace9557f1d1ef54cf207e99993bf0a801f4b81e crypto/evp/keymgmt_lib.c -5cb9ddc6a7434bd7e063bf85455c2025fb34e4eb846d7d113dbcedc25eeac7a3 crypto/evp/keymgmt_meth.c +d57908a9473d2af324f32549649016f7a3c196b5ac8b54d6ca3c82f84cab5d48 crypto/evp/keymgmt_meth.c 9e44d1ffb52fee194b12c50962907c8637e7d92f08339345ec9fd3bd4a248e69 crypto/evp/mac_lib.c cd611921dc773b47207c036b9108ec820ab39d67780ba4adc9ccb9dc8da58627 crypto/evp/mac_meth.c 4f0a9a7baa72c6984edb53c46101b6ff774543603bec1e1d3a6123adf27e41db crypto/evp/p_lib.c @@ -322,7 +322,7 @@ f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa 1b828f428f0e78b591378f7b780164c4574620c68f9097de041cbd576f811bf6 crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e762c599b17d5c89f4b1c9eb7d0ca1f04a95d815c86a3e72c30b231ce57fb199 crypto/rsa/rsa_crpt.c -a3d20f27ae3cb41af5b62febd0bb19025e59d401b136306d570cdba103b15542 crypto/rsa/rsa_gen.c +026645569b11cf7c1247e4537cc004eea4469ed661391aef4fbc13e96c4952ca crypto/rsa/rsa_gen.c f22bc4e2c3acab83e67820c906c1caf048ec1f0d4fcb7472c1bec753c75f8e93 crypto/rsa/rsa_lib.c 5ae8edaf654645996385fbd420ef73030762fc146bf41deb5294d6d83e257a16 crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c @@ -397,7 +397,7 @@ c26498960895d435af4ef5f592d98a0c011c00609bbba8bbd0078d4a4f081609 crypto/slh_dsa 4c7981f7db69025f52495c549fb3b3a76be62b9e13072c3f3b7f1dedeaf8cc91 crypto/slh_dsa/slh_dsa_key.h 5dcb631891eb6afcd27a6b19d2de4d493c71dab159e53620d86d9b96642e97e8 crypto/slh_dsa/slh_dsa_local.h adb3f4dea52396935b8442df7b36ed99324d3f3e8ce3fdf714d6dfd683e1f9f0 crypto/slh_dsa/slh_fors.c -ff320d5fc65580eb85e4e0530f332af515124a5ec8915b5a7ec04acad524c11d crypto/slh_dsa/slh_hash.c +3891252acdefc4eff77d7a65cc35d77bdca8083c9dd0d44ff91889ceafcccb45 crypto/slh_dsa/slh_hash.c a146cdf01b4b6e20127f0e48b30ed5e8820bec0fca2d9423c7b63eddf0f19af3 crypto/slh_dsa/slh_hash.h 6402664fbb259808a6f7b5a5d6be2b4a3cc8a905399d97b160cdb3e4a97c02c4 crypto/slh_dsa/slh_hypertree.c 98ba100862bb45d13bcddff79bc55e44eadd95f528dd49accb4da3ca85fcc52d crypto/slh_dsa/slh_params.c @@ -433,7 +433,7 @@ e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto 6c72cfa9e59d276c1debcfd36a0aff277539b43d2272267147fad4165d72747c include/crypto/ctype.h f69643f16687c5a290b2ce6b846c6d1dddabfaf7e4d26fde8b1181955de32833 include/crypto/decoder.h 89693e0a7528a9574e1d2f80644b29e3b895d3684111dd07c18cc5bed28b45b7 include/crypto/des_platform.h -daf508bb7ed5783f1c8c622f0c230e179244dd3f584e1223a19ab95930fbcb4f include/crypto/dh.h +48d133a1eb8c3b3198cfe1cafda47f9abe8050d53004f3874f258a78f29b9e48 include/crypto/dh.h 679f6e52d9becdf51fde1649478083d18fa4f5a6ece21eeb1decf70f739f49d5 include/crypto/dsa.h c7aafee54cc3ace0c563f15aa5af2cdce13e2cfc4f9a9a133952825fb7c8faf5 include/crypto/ec.h adf369f3c9392e9f2dec5a87f61ac9e48160f4a763dae51d4ad5306c4ca4e226 include/crypto/ecx.h @@ -445,7 +445,7 @@ bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto 6e7762e7fb63f56d25b24f70209f4dc834c59a87f74467531ec81646f565dbe3 include/crypto/modes.h 920bc48a4dad3712bdcef188c0ce8e8a8304e0ce332b54843bab366fc5eab472 include/crypto/rand.h 71f23915ea74e93971fb0205901031be3abea7ffef2c52e4cc4848515079f68d include/crypto/rand_pool.h -6f16685ffbc97dc2ac1240bfddf4bbac2dd1ad83fff6da91aee6f3f64c6ee8ff include/crypto/rsa.h +b1df067691f9741ef9c42b2e5f12461bcd87b745514fc5701b9c9402fb10b224 include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h 80338f3865b7c74aab343879432a6399507b834e2f55dd0e9ee7a5eeba11242a include/crypto/sha.h 0814571bff328719cc1e5a73a4daf6f5810b17f9e50fe63287f91f445f053213 include/crypto/slh_dsa.h @@ -511,7 +511,7 @@ bb45de4eafdd89c14096e9af9b0aee12b09adcee43b9313a3a373294dec99142 include/openss 69d98c5230b1c2a1b70c3e6b244fcfd8460a80ebf548542ea43bb1a57fe6cf57 include/openssl/configuration.h.in 6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h 28c6f0ede39c821dcf4abeeb4e41972038ebb3e3c9d0a43ffdf28edb559470e1 include/openssl/core.h -940f6276e5bab8a7c59eedba56150902e619823c10dc5e50cf63575be6be9ba0 include/openssl/core_dispatch.h +b59255ddb1ead5531c3f0acf72fa6627d5c7192f3d23e9536eed00f32258c43b include/openssl/core_dispatch.h d37532e62315d733862d0bff8d8de9fe40292a75deacae606f4776e544844316 include/openssl/core_names.h.in 57898905771752f6303e2b1cca1c9a41ea5e9c7bf08ee06531213a65e960e424 include/openssl/crypto.h.in 628e2a9e67412e2903ecb75efb27b262db1f266b805c07ece6b85bf7ffa19dac include/openssl/cryptoerr.h @@ -559,7 +559,7 @@ ed785c451189aa5f7299f9f32a841e7f25b67c4ee937c8de8491a39240f5bd9d include/openss 2f4f0106e9b2db6636491dbe3ef81b80dbf01aefe6f73d19663423b7fcd54466 include/openssl/rsa.h 2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in -b0c9ed3ce37034524623c579e8a2ea0feb6aab39e7489ce66e2b6bf28ec81840 include/openssl/self_test.h +cad320f140eade8a90b4d068e03d2fc0448204656f8c1270f69be82bc3272806 include/openssl/self_test.h a435cb5d87a37c05921afb2d68f581018ec9f62fd9b3194ab651139b24f616d2 include/openssl/sha.h c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h @@ -611,14 +611,14 @@ bde6107744cf6840a4c350a48265ed000c49b0524fa60b0d68d6d7b33df5fce6 providers/comm 8ea192553b423e881d85118c70bcb26a40fbdee4e110f230c966939c76f4aa7e providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c d8cb05784ae8533a7d9569d4fbaaea4175b63a7c9f4fb0f254215224069dea6b providers/fips/fipsindicator.c -e9383013a79a8223784a69a66bb610d16d54e61ea978f67a3d31de9f48cd4627 providers/fips/fipsprov.c +485441c31b5ff7916a12d0b8438d131a58cbc1ff6267cd266ae2dd6128c825cc providers/fips/fipsprov.c 7be8349d3b557b6d9d5f87d318253a73d21123628a08f50726502abf0e3d8a44 providers/fips/include/fips/fipsindicator.h ef204adc49776214dbb299265bc4f2c40b48848cbea4c25b8029f2b46a5c9797 providers/fips/include/fips_indicator_params.inc f2581d7b4e105f2bb6d30908f3c2d9959313be08cec6dbeb49030c125a7676d3 providers/fips/include/fips_selftest_params.inc 669f76f742bcaaf28846b057bfab97da7c162d69da244de71b7c743bf16e430f providers/fips/include/fipscommon.h 1af975061d9ea273fd337c74ccaab7b9331ab781d887c4e7164c5ac35e2c2e94 providers/fips/self_test.c 5c2c6c2f69e2eb01b88fa35630f27948e00dd2c2fd351735c74f34ccb2005cbe providers/fips/self_test.h -9c5c8131ee9a5b2d1056b5548db3269c00445294134cb30b631707f69f8904f1 providers/fips/self_test_data.inc +826d559ea7019c5db557679c3fe1ff5022be0132789c847d61da3c293fc02227 providers/fips/self_test_data.inc 2e568e2b161131240e97bd77a730c2299f961c2f1409ea8466422fc07f9be23f providers/fips/self_test_kats.c 7a368f6c6a5636593018bf10faecc3be1005e7cb3f0647f25c62b6f0fb7ac974 providers/implementations/asymciphers/rsa_enc.c c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879 providers/implementations/ciphers/cipher_aes.c @@ -692,20 +692,20 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/impl e18ef50cd62647a2cc784c45169d75054dccd58fc106bf623d921de995bb3c34 providers/implementations/kdfs/sskdf.c 6d9767a99a5b46d44ac9e0898ee18d219c04dfb34fda42e71d54adccbed7d57c providers/implementations/kdfs/tls1_prf.c 88d04ff4c93648a4fbfd9ce137cfc64f2c85e1850593c1ab35334b8b3de8ad99 providers/implementations/kdfs/x942kdf.c -3e199221ff78d80a3678e917dbbd232c5cd15f35b7c41bac92b60f766f656af7 providers/implementations/kem/ml_kem_kem.c +b04249bcc64d6f7ec16f494afef252356b2f56424a034ab53def90463de0cb6f providers/implementations/kem/ml_kem_kem.c a2e2b44064ef44b880b89ab6adc83686936acaa906313a37e5ec69d632912034 providers/implementations/kem/mlx_kem.c c764555b9dc9b273c280514a5d2d44156f82f3e99155a77c627f2c773209bcd7 providers/implementations/kem/rsa_kem.c -b9f7fc5c19f637cee55b0a435b838f5de3a5573ca376ba602e90f70855a78852 providers/implementations/keymgmt/dh_kmgmt.c +a780a73b02f97d42a621fe096adf57a362b458cd5e5cfe1e3e619e88a407c7d7 providers/implementations/keymgmt/dh_kmgmt.c 24cc3cc8e8681c77b7f96c83293bd66045fd8ad69f756e673ca7f8ca9e82b0af providers/implementations/keymgmt/dsa_kmgmt.c -e10086c31aafae0562054e3b07f12409e39b87b5e96ee7668c231c37861aa447 providers/implementations/keymgmt/ec_kmgmt.c +967ab174fa4fadb4d4b1d226a1870028a3945d6e85c04d08f215686fe8fd2a07 providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -d042d687da861d2a39658c6b857a6507a70fa78cecdf883bd1dcdafcf102e084 providers/implementations/keymgmt/ecx_kmgmt.c +b335f1aca68f0b0b3f31e73473de264c812a932517d5a2c2339754d3e3f72a8a providers/implementations/keymgmt/ecx_kmgmt.c daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d providers/implementations/keymgmt/kdf_legacy_kmgmt.c d97d7c8d3410b3e560ef2becaea2a47948e22205be5162f964c5e51a7eef08cb providers/implementations/keymgmt/mac_legacy_kmgmt.c 24384616fcba4eb5594ccb2ebc199bcee8494ce1b3f4ac7824f17743e39c0279 providers/implementations/keymgmt/ml_dsa_kmgmt.c 830c339dfc7f301ce5267ef9b0dc173b84d9597509c1a61ae038f3c01af78f45 providers/implementations/keymgmt/ml_kem_kmgmt.c e15b780a1489bbe4c7d40d6aaa3bccfbf973e3946578f460eeb8373c657eee91 providers/implementations/keymgmt/mlx_kmgmt.c -9376a19735fcc79893cb3c6b0cff17a2cae61db9e9165d9a30f8def7f8e8e7c7 providers/implementations/keymgmt/rsa_kmgmt.c +d63d47e8705772c4269dbdb110400ec9a6dc49ea2217f3d2aecc8ce733d9e47f providers/implementations/keymgmt/rsa_kmgmt.c 6f0a786170ba9af860e36411d158ac0bd74bcb4d75c818a0cebadbc764759283 providers/implementations/keymgmt/slh_dsa_kmgmt.c 9d02d481b9c7c0c9e0932267d1a3e1fef00830aaa03093f000b88aa042972b9f providers/implementations/macs/cmac_prov.c 3c558b57fff3588b6832475e0b1c5be590229ad50d95a6ebb089b62bf5fe382d providers/implementations/macs/gmac_prov.c diff --git a/providers/fips.checksum b/providers/fips.checksum index f9e822a7f9f1..0f8f0c2ec6ca 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -cffe76b0bc6464c7c864d5e2eaaf528439cb6c9908dc75666d530aa8a65e152e providers/fips-sources.checksums +ef8128a08964171aaf5852362d97486b641fe521ad648e0c1108fd6d7f5a78ba providers/fips-sources.checksums diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 4b9a0574625d..e260b5b6652e 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -65,6 +65,7 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error; static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; +static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark; static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc; static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free; @@ -797,6 +798,9 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in)); break; + case OSSL_FUNC_CORE_COUNT_TO_MARK: + set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in)); + break; case OSSL_FUNC_CRYPTO_MALLOC: set_func(c_CRYPTO_malloc, OSSL_FUNC_CRYPTO_malloc(in)); break; @@ -1035,6 +1039,11 @@ int ERR_pop_to_mark(void) return c_pop_error_to_mark(NULL); } +int ERR_count_to_mark(void) +{ + return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0; +} + /* * This must take a library context, since it's called from the depths * of crypto/initthread.c code, where it's (correctly) assumed that the diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 5cbb5352a596..a8d0469900c1 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -208,28 +208,6 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = /*- CIPHER TEST DATA */ -/* DES3 test data */ -static const unsigned char des_ede3_cbc_pt[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, - 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, - 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 -}; -static const unsigned char des_ede3_cbc_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, - 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, - 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 -}; -static const unsigned char des_ede3_cbc_iv[] = { - 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17 -}; -static const unsigned char des_ede3_cbc_ct[] = { - 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, - 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62, - 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, - 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 -}; - /* AES-256 GCM test data */ static const unsigned char aes_256_gcm_key[] = { 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, @@ -907,38 +885,39 @@ static const unsigned char dh_priv[] = { 0x40, 0xb8, 0xfc, 0xe6 }; static const unsigned char dh_pub[] = { - 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, - 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, - 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, - 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, - 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, - 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, - 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, - 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, - 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, - 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, - 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, - 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, - 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, - 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, - 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, - 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, - 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, - 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, - 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, - 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, - 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, - 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, - 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, - 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, - 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, - 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, - 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, - 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, - 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, - 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, - 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, - 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 + 0x00, 0x8f, 0x81, 0x67, 0x68, 0xce, 0x97, 0x99, + 0x7e, 0x11, 0x5c, 0xad, 0x5b, 0xe1, 0x0c, 0xd4, + 0x15, 0x44, 0xdf, 0xc2, 0x47, 0xe7, 0x06, 0x27, + 0x5e, 0xf3, 0x9d, 0x5c, 0x4b, 0x2e, 0x35, 0x05, + 0xfd, 0x3c, 0x8f, 0x35, 0x85, 0x1b, 0x82, 0xdd, + 0x49, 0xc9, 0xa8, 0x7e, 0x3a, 0x5f, 0x33, 0xdc, + 0x8f, 0x5e, 0x32, 0x76, 0xe1, 0x52, 0x1b, 0x88, + 0x85, 0xda, 0xa9, 0x1d, 0x5f, 0x1c, 0x05, 0x3a, + 0xd4, 0x8d, 0xbb, 0xe7, 0x46, 0x46, 0x1e, 0x29, + 0x4b, 0x5a, 0x02, 0x88, 0x46, 0x94, 0xd0, 0x68, + 0x7d, 0xb2, 0x9f, 0x3a, 0x3d, 0x82, 0x05, 0xe5, + 0xa7, 0xbe, 0x6c, 0x7e, 0x24, 0x35, 0x25, 0x14, + 0xf3, 0x45, 0x08, 0x90, 0xfc, 0x55, 0x2e, 0xa8, + 0xb8, 0xb1, 0x89, 0x15, 0x94, 0x51, 0x44, 0xa9, + 0x9f, 0x68, 0xcb, 0x90, 0xbc, 0xd3, 0xae, 0x02, + 0x37, 0x26, 0xe4, 0xe9, 0x1a, 0x90, 0x95, 0x7e, + 0x1d, 0xac, 0x0c, 0x91, 0x97, 0x83, 0x24, 0x83, + 0xb9, 0xa1, 0x40, 0x72, 0xac, 0xf0, 0x55, 0x32, + 0x18, 0xab, 0xb8, 0x90, 0xda, 0x13, 0x4a, 0xc8, + 0x4b, 0x7c, 0x18, 0xbc, 0x33, 0xbf, 0x99, 0x85, + 0x39, 0x3e, 0xc6, 0x95, 0x9b, 0x48, 0x8e, 0xbe, + 0x46, 0x59, 0x48, 0x41, 0x0d, 0x37, 0x25, 0x94, + 0xbe, 0x8d, 0xf5, 0x81, 0x52, 0xf6, 0xdc, 0xeb, + 0x98, 0xd7, 0x3b, 0x44, 0x61, 0x6f, 0xa3, 0xef, + 0x7b, 0xfe, 0xbb, 0xc2, 0x8e, 0x46, 0x63, 0xbc, + 0x52, 0x65, 0xf9, 0xf8, 0x85, 0x41, 0xdf, 0x82, + 0x4a, 0x10, 0x2a, 0xe3, 0x0c, 0xb7, 0xad, 0x84, + 0xa6, 0x6f, 0x4e, 0x8e, 0x96, 0x1e, 0x04, 0xf7, + 0x57, 0x39, 0xca, 0x58, 0xd4, 0xef, 0x5a, 0xf1, + 0xf5, 0x69, 0xc2, 0xb1, 0x5c, 0x0a, 0xce, 0xbe, + 0x38, 0x01, 0xb5, 0x3f, 0x07, 0x8a, 0x72, 0x90, + 0x10, 0xac, 0x51, 0x3a, 0x96, 0x43, 0xdf, 0x6f, + 0xea }; static const unsigned char dh_peer_pub[] = { 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c index abea679fe19a..a38c71883dd1 100644 --- a/providers/implementations/encode_decode/decode_pem2der.c +++ b/providers/implementations/encode_decode/decode_pem2der.c @@ -151,6 +151,7 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" }, { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" }, { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" }, + { PEM_STRING_SM2PRIVATEKEY, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, diff --git a/providers/implementations/kem/ml_kem_kem.c b/providers/implementations/kem/ml_kem_kem.c index ac798cb4b6ba..27aa3b819836 100644 --- a/providers/implementations/kem/ml_kem_kem.c +++ b/providers/implementations/kem/ml_kem_kem.c @@ -171,7 +171,7 @@ static int ml_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, return 1; } if (shsec == NULL) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL, + ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_OUTPUT_BUFFER, "NULL shared-secret buffer"); goto end; } diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index c2ee8593557a..98a8a45cf15a 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,10 +19,12 @@ #include <openssl/core_names.h> #include <openssl/bn.h> #include <openssl/err.h> +#include <openssl/self_test.h> #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "crypto/dh.h" +#include "internal/fips.h" #include "internal/sizes.h" static OSSL_FUNC_keymgmt_new_fn dh_newdata; @@ -207,6 +209,18 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[]) selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_dh_key_fromdata(dh, params, include_private); +#ifdef FIPS_MODULE + /* + * FIPS 140-3 IG 10.3.A additional comment 1 mandates that a pairwise + * consistency check be undertaken on key import. The required test + * is described in SP 800-56Ar3 5.6.2.1.4. + */ + if (ok > 0 && !ossl_fips_self_testing()) { + ok = ossl_dh_check_pairwise(dh, 1); + if (ok <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + } +#endif /* FIPS_MODULE */ } return ok; @@ -440,7 +454,7 @@ static int dh_validate(const void *keydata, int selection, int checktype) if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR) - ok = ok && ossl_dh_check_pairwise(dh); + ok = ok && ossl_dh_check_pairwise(dh, 0); return ok; } diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 9421aabb1455..7d3c22316975 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -20,12 +20,14 @@ #include <openssl/err.h> #include <openssl/objects.h> #include <openssl/proverr.h> +#include <openssl/self_test.h> #include "crypto/bn.h" #include "crypto/ec.h" #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "prov/securitycheck.h" +#include "internal/fips.h" #include "internal/param_build_set.h" #ifndef FIPS_MODULE @@ -429,6 +431,21 @@ int common_import(void *keydata, int selection, const OSSL_PARAM params[], if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) ok = ok && ossl_ec_key_otherparams_fromdata(ec, params); +#ifdef FIPS_MODULE + if (ok > 0 + && !ossl_fips_self_testing() + && EC_KEY_get0_public_key(ec) != NULL + && EC_KEY_get0_private_key(ec) != NULL + && EC_KEY_get0_group(ec) != NULL) { + BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); + + ok = bnctx != NULL && ossl_ec_key_pairwise_check(ec, bnctx); + BN_CTX_free(bnctx); + if (ok <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + } +#endif /* FIPS_MODULE */ + return ok; } diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index c2ac805ad1f6..faf25606e33a 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -17,6 +17,7 @@ #include <openssl/evp.h> #include <openssl/rand.h> #include <openssl/self_test.h> +#include "internal/fips.h" #include "internal/param_build_set.h" #include <openssl/param_build.h> #include "crypto/ecx.h" @@ -92,6 +93,15 @@ static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx); static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx); #endif +#ifdef FIPS_MODULE +static int ecd_fips140_pairwise_test(const ECX_KEY *ecx, int type, int self_test); +#endif /* FIPS_MODULE */ + +static ossl_inline int ecx_key_type_is_ed(ECX_KEY_TYPE type) +{ + return type == ECX_KEY_TYPE_ED25519 || type == ECX_KEY_TYPE_ED448; +} + static void *x25519_new_key(void *provctx) { if (!ossl_prov_is_running()) @@ -208,6 +218,14 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[]) include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_ecx_key_fromdata(key, params, include_private); +#ifdef FIPS_MODULE + if (ok > 0 && ecx_key_type_is_ed(key->type) && !ossl_fips_self_testing()) + if (key->haspubkey && key->privkey != NULL) { + ok = ecd_fips140_pairwise_test(key, key->type, 1); + if (ok <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + } +#endif /* FIPS_MODULE */ return ok; } @@ -703,8 +721,7 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx) } #ifndef FIPS_MODULE if (gctx->dhkem_ikm != NULL && gctx->dhkem_ikmlen != 0) { - if (gctx->type == ECX_KEY_TYPE_ED25519 - || gctx->type == ECX_KEY_TYPE_ED448) + if (ecx_key_type_is_ed(gctx->type)) goto err; if (!ossl_ecx_dhkem_derive_private(key, privkey, gctx->dhkem_ikm, gctx->dhkem_ikmlen)) @@ -968,7 +985,7 @@ static int ecx_validate(const void *keydata, int selection, int type, if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != OSSL_KEYMGMT_SELECT_KEYPAIR) return ok; - if (type == ECX_KEY_TYPE_ED25519 || type == ECX_KEY_TYPE_ED448) + if (ecx_key_type_is_ed(type)) ok = ok && ecd_key_pairwise_check(ecx, type); else ok = ok && ecx_key_pairwise_check(ecx, type); diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 77d095009421..380c1c087b4c 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -25,6 +25,7 @@ #include "prov/provider_ctx.h" #include "crypto/rsa.h" #include "crypto/cryptlib.h" +#include "internal/fips.h" #include "internal/param_build_set.h" static OSSL_FUNC_keymgmt_new_fn rsa_newdata; @@ -196,6 +197,23 @@ static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) ok = ok && ossl_rsa_fromdata(rsa, params, include_private); } +#ifdef FIPS_MODULE + if (ok > 0 && !ossl_fips_self_testing()) { + const BIGNUM *n, *e, *d, *dp, *dq, *iq, *p, *q; + + RSA_get0_key(rsa, &n, &e, &d); + RSA_get0_crt_params(rsa, &dp, &dq, &iq); + p = RSA_get0_p(rsa); + q = RSA_get0_q(rsa); + + /* Check for the public key */ + if (n != NULL && e != NULL) + /* Check for private key in straightforward or CRT form */ + if (d != NULL || (p != NULL && q != NULL && dp != NULL + && dq != NULL && iq != NULL)) + ok = ossl_rsa_key_pairwise_test(rsa); + } +#endif /* FIPS_MODULE */ return ok; } diff --git a/providers/legacyprov.c b/providers/legacyprov.c index 16e3639e76f1..6dbe3a8505d0 100644 --- a/providers/legacyprov.c +++ b/providers/legacyprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,6 +48,7 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error; static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; +static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark; #endif /* Parameters we provide to the core */ @@ -234,6 +235,9 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(tmp)); break; + case OSSL_FUNC_CORE_COUNT_TO_MARK: + set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in)); + break; } } #endif @@ -301,4 +305,9 @@ int ERR_pop_to_mark(void) { return c_pop_error_to_mark(NULL); } + +int ERR_count_to_mark(void) +{ + return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0; +} #endif diff --git a/ssl/quic/quic_ackm.c b/ssl/quic/quic_ackm.c index 75a1e5741a03..93c83a36d8fe 100644 --- a/ssl/quic/quic_ackm.c +++ b/ssl/quic/quic_ackm.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -536,6 +536,9 @@ struct ossl_ackm_st { /* Set to 1 when the handshake is confirmed. */ char handshake_confirmed; + /* Set to 1 when attached to server channel */ + char is_server; + /* Set to 1 when the peer has completed address validation. */ char peer_completed_addr_validation; @@ -855,7 +858,13 @@ static OSSL_TIME ackm_get_pto_time_and_space(OSSL_ACKM *ackm, int *space) } for (i = QUIC_PN_SPACE_INITIAL; i < QUIC_PN_SPACE_NUM; ++i) { - if (ackm->ack_eliciting_bytes_in_flight[i] == 0) + /* + * RFC 9002 section 6.2.2.1 keep probe timeout armed until + * handshake is confirmed (client sees HANDSHAKE_DONE message + * from server). + */ + if (ackm->ack_eliciting_bytes_in_flight[i] == 0 && + (ackm->handshake_confirmed == 1 || ackm->is_server == 1)) continue; if (i == QUIC_PN_SPACE_APP) { @@ -875,10 +884,18 @@ static OSSL_TIME ackm_get_pto_time_and_space(OSSL_ACKM *ackm, int *space) } } - t = ossl_time_add(ackm->time_of_last_ack_eliciting_pkt[i], duration); - if (ossl_time_compare(t, pto_timeout) < 0) { - pto_timeout = t; - pto_space = i; + /* + * Only re-arm timer if stack has sent at least one ACK eliciting frame. + * If stack has sent no ACK eliciting frame at given encryption level then + * particular timer is zero and we must not attempt to set it. Timer keeps + * time since epoch (Jan 1 1970) and we must not set timer to past. + */ + if (!ossl_time_is_zero(ackm->time_of_last_ack_eliciting_pkt[i])) { + t = ossl_time_add(ackm->time_of_last_ack_eliciting_pkt[i], duration); + if (ossl_time_compare(t, pto_timeout) < 0) { + pto_timeout = t; + pto_space = i; + } } } @@ -1021,7 +1038,8 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), void *now_arg, OSSL_STATM *statm, const OSSL_CC_METHOD *cc_method, - OSSL_CC_DATA *cc_data) + OSSL_CC_DATA *cc_data, + int is_server) { OSSL_ACKM *ackm; int i; @@ -1045,6 +1063,7 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), ackm->statm = statm; ackm->cc_method = cc_method; ackm->cc_data = cc_data; + ackm->is_server = (char)is_server; ackm->rx_max_ack_delay = ossl_ms2time(QUIC_DEFAULT_MAX_ACK_DELAY); ackm->tx_max_ack_delay = DEFAULT_TX_MAX_ACK_DELAY; diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 8fb651d9ceb6..f8e4252ba48f 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -242,7 +242,8 @@ static int ch_init(QUIC_CHANNEL *ch) goto err; if ((ch->ackm = ossl_ackm_new(get_time, ch, &ch->statm, - ch->cc_method, ch->cc_data)) == NULL) + ch->cc_method, ch->cc_data, + ch->is_server)) == NULL) goto err; if (!ossl_quic_stream_map_init(&ch->qsm, get_stream_limit, ch, diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c index a36b02d5dcb4..f800d8984193 100644 --- a/ssl/quic/quic_rx_depack.c +++ b/ssl/quic/quic_rx_depack.c @@ -1429,16 +1429,8 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket) uint32_t enc_level; size_t dgram_len = qpacket->datagram_len; - /* - * ok has three states: - * -1 error with ackm_data uninitialized - * 0 error with ackm_data initialized - * 1 success (ackm_data initialized) - */ - int ok = -1; /* Assume the worst */ - if (ch == NULL) - goto end; + return 0; ch->did_crypto_frame = 0; @@ -1456,9 +1448,8 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket) * Retry and Version Negotiation packets should not be passed to this * function. */ - goto end; + return 0; - ok = 0; /* Still assume the worst */ ackm_data.pkt_space = ossl_quic_enc_level_to_pn_space(enc_level); /* @@ -1480,18 +1471,9 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket) enc_level, qpacket->time, &ackm_data)) - goto end; + return 0; - ok = 1; - end: - /* - * ASSUMPTION: If this function is called at all, |qpacket| is - * a legitimate packet, even if its contents aren't. - * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as - * |ackm_data| has at least been initialized. - */ - if (ok >= 0) - ossl_ackm_on_rx_packet(ch->ackm, &ackm_data); + ossl_ackm_on_rx_packet(ch->ackm, &ackm_data); - return ok > 0; + return 1; } diff --git a/test/crltest.c b/test/crltest.c index c18448122024..9cea5b2f072f 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -9,6 +9,7 @@ #include "internal/nelem.h" #include <string.h> +#include <time.h> #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/err.h> @@ -17,7 +18,16 @@ #include "testutil.h" +/* + * We cannot use old certificates for new tests because the private key + * associated with them is no longer available. Therefore, we add kCRLTestLeaf, + * kCRLTestLeaf2 and PARAM_TIME2, as well as pass the verification time to the + * verify function as a parameter. Certificates and CRL from + * https://github.com/openssl/openssl/issues/27506 are used. + */ + #define PARAM_TIME 1474934400 /* Sep 27th, 2016 */ +#define PARAM_TIME2 1753284700 /* July 23th, 2025 */ static const char *kCRLTestRoot[] = { "-----BEGIN CERTIFICATE-----\n", @@ -70,6 +80,61 @@ static const char *kCRLTestLeaf[] = { NULL }; +static const char *kCRLTestRoot2[] = { + "-----BEGIN CERTIFICATE-----\n", + "MIID4zCCAsugAwIBAgIUGTcyNat9hTOo8nnGdzF7MTzL9WAwDQYJKoZIhvcNAQEL\n", + "BQAweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM\n", + "DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxEzARBgNVBAMMCk15\n", + "IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJvb3QgQ0EwHhcNMjUwMzAzMDcxNDA0WhcN\n", + "MzUwMzAxMDcxNDA0WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p\n", + "YTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwKTXkgQ29tcGFueTET\n", + "MBEGA1UEAwwKTXkgUm9vdCBDQTETMBEGA1UECwwKTXkgUm9vdCBDQTCCASIwDQYJ\n", + "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6jjwkmV+pse430MQfyaWv+JtAd2r6K\n", + "qzEquBcoofzuf/yvdEhQPjK3bcotgfEcFq3QMo1MJ7vqRHEIu0hJ+5ZnEQtIRcrg\n", + "Vm7/EoVCBpDc9BDtW40TDp69z9kaKyyKYy6rxmSKgJydGBeGGMwBxgTK/o0xAriC\n", + "C3lLXHT8G8YMamKUpToPL5iCRX+GJPnnizB2ODvpQGMWkbp9+1xEc4dD7Db2wfUb\n", + "gatDYUoGndQKWD49UhURavQZeLpDxlz93YutRRkZTWc4IB7WebiEb39BDjSP3QYm\n", + "2h+rZYyjp3Gxy8pBNTPzE9Dk4yjiqS7o3WGvi/S6zKTLDvWl9t6pMOMCAwEAAaNj\n", + "MGEwHQYDVR0OBBYEFNdhiR+Tlot2VBbp5XfcfLdlG4AkMA4GA1UdDwEB/wQEAwIB\n", + "hjAfBgNVHSMEGDAWgBTXYYkfk5aLdlQW6eV33Hy3ZRuAJDAPBgNVHRMBAf8EBTAD\n", + "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvwutY0WMcKoqulifnYfhxGLtXSSvD2GET\n", + "uNRv+S1KI5JKcAdfvnbNDpUwlujMDIpe3ewmv9i6kcitpHwZXdVAw6KWagJ0kDSt\n", + "jbArJxuuuFmSFDS7kj8x7FZok5quAWDSSg+ubV2tCVxmDuTs1WXJXD3l9g+3J9GU\n", + "kyeFMKqwRp8w22vm9ilgXrzeesAmmAg/pEb56ljTPeaONQxVe7KJhv2q8J17sML8\n", + "BE7TdVx7UFQbO/t9XqdT5O9eF8JUx4Vn4QSr+jdjJ/ns4T3/IC9dJq9k7tjD48iA\n", + "TNc+7x+uj8P39VA96HpjujVakj8/qn5SQMPJgDds+MSXrX+6JBWm\n", + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *kCRLTestLeaf2[] = { + "-----BEGIN CERTIFICATE-----\n", + "MIIECjCCAvKgAwIBAgIUPxuMqMtuN1j3XZVRVrNmaTCIP04wDQYJKoZIhvcNAQEL\n", + "BQAweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM\n", + "DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxEzARBgNVBAMMCk15\n", + "IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJvb3QgQ0EwHhcNMjUwNDE3MTAxNjQ5WhcN\n", + "MjYwNDE3MTAxNjQ5WjBoMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQ\n", + "MA4GA1UEBwwHQmVpamluZzEYMBYGA1UECgwPTXkgT3JnYW5pemF0aW9uMRswGQYD\n", + "VQQDDBJNeSBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n", + "ggEKAoIBAQDIxRxZQokflDaLYoD21HT2U4EshqtKpSf9zPS5unBMCfnQkU4IJjBF\n", + "3qQmfgz5ZOpZv3x0w48fDjiysk0eOVCFAo+uixEjMeuln6Wj3taetch2Sk0YNm5J\n", + "SJCNF2olHZXn5R8ngEmho2j1wbwNnpcccZyRNzUSjR9oAgObkP3O7fyQKJRxwNU0\n", + "sN7mfoyEOczKtUaYbqi2gPx6OOqNLjXlLmfZ8PJagKCN/oYkGU5PoRNXp65Znhu6\n", + "s8FuSmvTodu8Qhs9Uizo+SycaBXn5Fbqt32S+9vPfhH9FfELDfQIaBp+iQAxcKPX\n", + "tUglXEjiEVrbNf722PuWIWN9EIBolULVAgMBAAGjgZowgZcwEgYDVR0TAQH/BAgw\n", + "BgEB/wIBATAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vbG9jYWxob3N0OjgwMDAv\n", + "Y2FfY3JsLmRlcjAdBgNVHQ4EFgQUh40vFgoopz5GUggPEEk2+bKgbwQwHwYDVR0j\n", + "BBgwFoAU12GJH5OWi3ZUFunld9x8t2UbgCQwDgYDVR0PAQH/BAQDAgGGMA0GCSqG\n", + "SIb3DQEBCwUAA4IBAQDANfJuTgo0vRaMPYqOeW8R4jLHdVazdGLeQQ/85vXr/Gl1\n", + "aL40tLp4yZbThxuxTzPzfY1OGkG69YQ/8Vo0gCEi5KjBMYPKmZISKy1MwROQ1Jfp\n", + "HkmyZk1TfuzG/4fN/bun2gjpDYcihf4xA4NhSVzQyvqm1N6VkTgK+bEWTOGzqw66\n", + "6IYPN6oVDmLbwU1EvV3rggB7HUJCJP4qW9DbAQRAijUurPUGoU2vEbrSyYkfQXCf\n", + "p4ouOTMl6O7bJ110SKzxbCfWqom+iAwHlU2tOPVmOp1CLDCClMRNHIFMDGAoBomH\n", + "s01wD+IcIi9OkQEbqVb/XDKes8fqzQgTtSM9C9Ot\n", + "-----END CERTIFICATE-----\n", + NULL +}; + static const char *kBasicCRL[] = { "-----BEGIN X509 CRL-----\n", "MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n", @@ -124,6 +189,24 @@ static const char *kBadIssuerCRL[] = { NULL }; +static const char *kEmptyIdpCRL[] = { + "-----BEGIN X509 CRL-----\n", + "MIICOTCCASECAQEwDQYJKoZIhvcNAQELBQAweTELMAkGA1UEBhMCVVMxEzARBgNV\n", + "BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoM\n", + "Ck15IENvbXBhbnkxEzARBgNVBAMMCk15IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJv\n", + "b3QgQ0EXDTI1MDEwMTAwMDAwMFoXDTI1MTIwMTAwMDAwMFowJzAlAhQcgAIu+B8k\n", + "Be6WphLcth/grHAeXhcNMjUwNDE3MTAxNjUxWqBLMEkwGAYDVR0UBBECDxnP/97a\n", + "dO3y9qRGDM7hQDAfBgNVHSMEGDAWgBTXYYkfk5aLdlQW6eV33Hy3ZRuAJDAMBgNV\n", + "HRwBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAf+mtlDi9IftsYwTcxYYKxE203\n", + "+prttFB00om29jjtkGYRxcs3vZQRTvera21YFn3mrS/lxvhBq6GMx0I61AQ48Pr4\n", + "63bDvZgf+/P6T2+MLgLds23o3TOfy2SBSdnFEcN0bFUgF5U0bFpQqlQWx+FYhrAf\n", + "ZX3RAhURiKKfGKGeVOVKS0u+x666FoDQ7pbhbHM3+jnuzdtv8RQMkj1AZMw0FMl8\n", + "m2dFQhZqT9WdJqZAc8ldc6V3a0rUeOV8BUPACf1k4B0CKhn4draIqltZkWgl3cmU\n", + "SX2V/a51lS12orfNYSEx+vtJ9gpx4LDxyOnai18vueVyljrXuQSrcYuxS2Cd\n", + "-----END X509 CRL-----\n", + NULL +}; + /* * This is kBasicCRL but with a critical issuing distribution point * extension. @@ -189,6 +272,8 @@ static const char **unknown_critical_crls[] = { static X509 *test_root = NULL; static X509 *test_leaf = NULL; +static X509 *test_root2 = NULL; +static X509 *test_leaf2 = NULL; /* * Glue an array of strings together. Return a BIO and put the string @@ -251,7 +336,7 @@ static X509 *X509_from_strings(const char **pem) * Returns a value from X509_V_ERR_xxx or X509_V_OK. */ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, - unsigned long flags) + unsigned long flags, time_t verification_time) { X509_STORE_CTX *ctx = X509_STORE_CTX_new(); X509_STORE *store = X509_STORE_new(); @@ -276,8 +361,8 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); - X509_VERIFY_PARAM_set_time(param, PARAM_TIME); - if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) + X509_VERIFY_PARAM_set_time(param, verification_time); + if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), (long)verification_time)) goto err; X509_VERIFY_PARAM_set_depth(param, 16); if (flags) @@ -341,10 +426,11 @@ static int test_basic_crl(void) && TEST_ptr(revoked_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(basic_crl, NULL), - X509_V_FLAG_CRL_CHECK), X509_V_OK) + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_OK) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(basic_crl, revoked_crl), - X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED); + X509_V_FLAG_CRL_CHECK, PARAM_TIME), + X509_V_ERR_CERT_REVOKED); X509_CRL_free(basic_crl); X509_CRL_free(revoked_crl); return r; @@ -353,7 +439,7 @@ static int test_basic_crl(void) static int test_no_crl(void) { return TEST_int_eq(verify(test_leaf, test_root, NULL, - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNABLE_TO_GET_CRL); } @@ -365,12 +451,26 @@ static int test_bad_issuer_crl(void) r = TEST_ptr(bad_issuer_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(bad_issuer_crl, NULL), - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNABLE_TO_GET_CRL); X509_CRL_free(bad_issuer_crl); return r; } +static int test_crl_empty_idp(void) +{ + X509_CRL *empty_idp_crl = CRL_from_strings(kEmptyIdpCRL); + int r; + + r = TEST_ptr(empty_idp_crl) + && TEST_int_eq(verify(test_leaf2, test_root2, + make_CRL_stack(empty_idp_crl, NULL), + X509_V_FLAG_CRL_CHECK, PARAM_TIME2), + X509_V_ERR_UNABLE_TO_GET_CRL); + X509_CRL_free(empty_idp_crl); + return r; +} + static int test_known_critical_crl(void) { X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); @@ -379,7 +479,7 @@ static int test_known_critical_crl(void) r = TEST_ptr(known_critical_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(known_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK), X509_V_OK); + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_OK); X509_CRL_free(known_critical_crl); return r; } @@ -392,7 +492,7 @@ static int test_unknown_critical_crl(int n) r = TEST_ptr(unknown_critical_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(unknown_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); X509_CRL_free(unknown_critical_crl); return r; @@ -412,7 +512,7 @@ static int test_reuse_crl(int idx) if (idx & 1) { if (!TEST_true(X509_CRL_up_ref(reused_crl))) goto err; - addref_crl = reused_crl; + addref_crl = reused_crl; } idx >>= 1; @@ -455,12 +555,15 @@ static int test_reuse_crl(int idx) int setup_tests(void) { if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) - || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf))) + || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf)) + || !TEST_ptr(test_root2 = X509_from_strings(kCRLTestRoot2)) + || !TEST_ptr(test_leaf2 = X509_from_strings(kCRLTestLeaf2))) return 0; ADD_TEST(test_no_crl); ADD_TEST(test_basic_crl); ADD_TEST(test_bad_issuer_crl); + ADD_TEST(test_crl_empty_idp); ADD_TEST(test_known_critical_crl); ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); ADD_ALL_TESTS(test_reuse_crl, 6); @@ -471,4 +574,6 @@ void cleanup_tests(void) { X509_free(test_root); X509_free(test_leaf); + X509_free(test_root2); + X509_free(test_leaf2); } diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c index c1b8e2828614..46fc9104ef95 100644 --- a/test/fake_rsaprov.c +++ b/test/fake_rsaprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -9,12 +9,15 @@ */ #include <string.h> +#include <openssl/asn1.h> +#include <openssl/asn1t.h> #include <openssl/core_names.h> #include <openssl/core_object.h> #include <openssl/rand.h> #include <openssl/provider.h> #include "testutil.h" #include "fake_rsaprov.h" +#include "internal/asn1.h" static OSSL_FUNC_keymgmt_new_fn fake_rsa_keymgmt_new; static OSSL_FUNC_keymgmt_free_fn fake_rsa_keymgmt_free; @@ -32,6 +35,16 @@ static int exptypes_selection; static int query_id; static int key_deleted; +typedef struct { + OSSL_LIB_CTX *libctx; +} PROV_FAKE_RSA_CTX; + +#define PROV_FAKE_RSA_LIBCTX_OF(provctx) (((PROV_FAKE_RSA_CTX *)provctx)->libctx) + +#define FAKE_RSA_STATUS_IMPORTED 1 +#define FAKE_RSA_STATUS_GENERATED 2 +#define FAKE_RSA_STATUS_DECODED 3 + struct fake_rsa_keydata { int selection; int status; @@ -86,7 +99,7 @@ static int fake_rsa_keymgmt_import(void *keydata, int selection, struct fake_rsa_keydata *fake_rsa_key = keydata; /* key was imported */ - fake_rsa_key->status = 1; + fake_rsa_key->status = FAKE_RSA_STATUS_IMPORTED; return 1; } @@ -219,11 +232,11 @@ static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz) { struct fake_rsa_keydata *key = NULL; - if (reference_sz != sizeof(*key)) + if (reference_sz != sizeof(key)) return NULL; key = *(struct fake_rsa_keydata **)reference; - if (key->status != 1) + if (key->status != FAKE_RSA_STATUS_IMPORTED && key->status != FAKE_RSA_STATUS_DECODED) return NULL; /* detach the reference */ @@ -258,7 +271,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL))) return NULL; - keydata->status = 2; + keydata->status = FAKE_RSA_STATUS_GENERATED; return keydata; } @@ -638,7 +651,7 @@ static int fake_rsa_st_load(void *loaderctx, /* The address of the key becomes the octet string */ params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, - &key, sizeof(*key)); + &key, sizeof(key)); params[3] = OSSL_PARAM_construct_end(); rv = object_cb(params, object_cbarg); *storectx = 1; @@ -702,6 +715,502 @@ static const OSSL_ALGORITHM fake_rsa_store_algs[] = { { NULL, NULL, NULL } }; +struct der2key_ctx_st; /* Forward declaration */ +typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); +typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); +typedef void free_key_fn(void *); +typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, + struct der2key_ctx_st *); +struct keytype_desc_st { + const char *keytype_name; + const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ + + /* The input structure name */ + const char *structure_name; + + /* + * The EVP_PKEY_xxx type macro. Should be zero for type specific + * structures, non-zero when the outermost structure is PKCS#8 or + * SubjectPublicKeyInfo. This determines which of the function + * pointers below will be used. + */ + int evp_type; + + /* The selection mask for OSSL_FUNC_decoder_does_selection() */ + int selection_mask; + + /* For type specific decoders, we use the corresponding d2i */ + d2i_of_void *d2i_private_key; /* From type-specific DER */ + d2i_of_void *d2i_public_key; /* From type-specific DER */ + d2i_of_void *d2i_key_params; /* From type-specific DER */ + d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ + d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ + + /* + * For any key, we may need to check that the key meets expectations. + * This is useful when the same functions can decode several variants + * of a key. + */ + check_key_fn *check_key; + + /* + * For any key, we may need to make provider specific adjustments, such + * as ensure the key carries the correct library context. + */ + adjust_key_fn *adjust_key; + /* {type}_free() */ + free_key_fn *free_key; +}; + +/* + * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL + * as per https://github.com/openssl/openssl/issues/16697 (TBD) + * Code from openssl/crypto/x509/x_pubkey.c as + * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public + */ +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + + EVP_PKEY *pkey; + + /* extra data for the callback, used by d2i_PUBKEY_ex */ + OSSL_LIB_CTX *libctx; + char *propq; +}; + +ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = { + ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), + ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) +} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) + +static X509_PUBKEY *fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, + long len, OSSL_LIB_CTX *libctx) +{ + X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); + + if (xpub == NULL) + return NULL; + return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len, + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), + libctx, NULL); +} +/* end steal https://github.com/openssl/openssl/issues/16697 */ + +/* + * Context used for DER to key decoding. + */ +struct der2key_ctx_st { + PROV_FAKE_RSA_CTX *provctx; + struct keytype_desc_st *desc; + /* The selection that is passed to fake_rsa_der2key_decode() */ + int selection; + /* Flag used to signal that a failure is fatal */ + unsigned int flag_fatal : 1; +}; + +static int fake_rsa_read_der(PROV_FAKE_RSA_CTX *provctx, OSSL_CORE_BIO *cin, + unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + BIO *in = BIO_new_from_core_bio(provctx->libctx, cin); + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + if (ok) { + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + } + BIO_free(in); + return ok; +} + +typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); +static void *fake_rsa_der2key_decode_p8(const unsigned char **input_der, + long input_der_len, struct der2key_ctx_st *ctx, + key_from_pkcs8_t *key_from_pkcs8) +{ + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + const X509_ALGOR *alg = NULL; + void *key = NULL; + + if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL + && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) + && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) + key = key_from_pkcs8(p8inf, PROV_FAKE_RSA_LIBCTX_OF(ctx->provctx), NULL); + PKCS8_PRIV_KEY_INFO_free(p8inf); + + return key; +} + +static struct fake_rsa_keydata *fake_rsa_d2i_PUBKEY(struct fake_rsa_keydata **a, + const unsigned char **pp, long length) +{ + struct fake_rsa_keydata *key = NULL; + X509_PUBKEY *xpk; + + xpk = fake_rsa_d2i_X509_PUBKEY_INTERNAL(pp, length, NULL); + if (xpk == NULL) + goto err_exit; + + key = fake_rsa_keymgmt_new(NULL); + if (key == NULL) + goto err_exit; + + key->status = FAKE_RSA_STATUS_DECODED; + + if (a != NULL) { + fake_rsa_keymgmt_free(*a); + *a = key; + } + +err_exit: + X509_PUBKEY_free(xpk); + return key; +} + +/* ---------------------------------------------------------------------- */ + +static OSSL_FUNC_decoder_freectx_fn der2key_freectx; +static OSSL_FUNC_decoder_decode_fn fake_rsa_der2key_decode; +static OSSL_FUNC_decoder_export_object_fn der2key_export_object; + +static struct der2key_ctx_st * +der2key_newctx(void *provctx, struct keytype_desc_st *desc, const char *tls_name) +{ + struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) { + ctx->provctx = provctx; + ctx->desc = desc; + if (desc->evp_type == 0) + ctx->desc->evp_type = OBJ_sn2nid(tls_name); + } + return ctx; +} + +static void der2key_freectx(void *vctx) +{ + struct der2key_ctx_st *ctx = vctx; + + OPENSSL_free(ctx); +} + +static int der2key_check_selection(int selection, + const struct keytype_desc_st *desc) +{ + /* + * The selections are kinda sorta "levels", i.e. each selection given + * here is assumed to include those following. + */ + int checks[] = { + OSSL_KEYMGMT_SELECT_PRIVATE_KEY, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY, + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS + }; + size_t i; + + /* The decoder implementations made here support guessing */ + if (selection == 0) + return 1; + + for (i = 0; i < OSSL_NELEM(checks); i++) { + int check1 = (selection & checks[i]) != 0; + int check2 = (desc->selection_mask & checks[i]) != 0; + + /* + * If the caller asked for the currently checked bit(s), return + * whether the decoder description says it's supported. + */ + if (check1) + return check2; + } + + /* This should be dead code, but just to be safe... */ + return 0; +} + +static int fake_rsa_der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct der2key_ctx_st *ctx = vctx; + unsigned char *der = NULL; + const unsigned char *derp; + long der_len = 0; + void *key = NULL; + int ok = 0; + + ctx->selection = selection; + /* + * The caller is allowed to specify 0 as a selection mark, to have the + * structure and key type guessed. For type-specific structures, this + * is not recommended, as some structures are very similar. + * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter + * signifies a private key structure, where everything else is assumed + * to be present as well. + */ + if (selection == 0) + selection = ctx->desc->selection_mask; + if ((selection & ctx->desc->selection_mask) == 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + + ok = fake_rsa_read_der(ctx->provctx, cin, &der, &der_len); + if (!ok) + goto next; + + ok = 0; /* Assume that we fail */ + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + derp = der; + if (ctx->desc->d2i_PKCS8 != NULL) { + key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); + if (ctx->flag_fatal) + goto end; + } else if (ctx->desc->d2i_private_key != NULL) { + key = ctx->desc->d2i_private_key(NULL, &derp, der_len); + } + if (key == NULL && ctx->selection != 0) + goto next; + } + if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + derp = der; + if (ctx->desc->d2i_PUBKEY != NULL) + key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); + else + key = ctx->desc->d2i_public_key(NULL, &derp, der_len); + if (key == NULL && ctx->selection != 0) + goto next; + } + if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { + derp = der; + if (ctx->desc->d2i_key_params != NULL) + key = ctx->desc->d2i_key_params(NULL, &derp, der_len); + if (key == NULL && ctx->selection != 0) + goto next; + } + + /* + * Last minute check to see if this was the correct type of key. This + * should never lead to a fatal error, i.e. the decoding itself was + * correct, it was just an unexpected key type. This is generally for + * classes of key types that have subtle variants, like RSA-PSS keys as + * opposed to plain RSA keys. + */ + if (key != NULL + && ctx->desc->check_key != NULL + && !ctx->desc->check_key(key, ctx)) { + ctx->desc->free_key(key); + key = NULL; + } + + if (key != NULL && ctx->desc->adjust_key != NULL) + ctx->desc->adjust_key(key, ctx); + + next: + /* + * Indicated that we successfully decoded something, or not at all. + * Ending up "empty handed" is not an error. + */ + ok = 1; + + /* + * We free memory here so it's not held up during the callback, because + * we know the process is recursive and the allocated chunks of memory + * add up. + */ + OPENSSL_free(der); + der = NULL; + + if (key != NULL) { + OSSL_PARAM params[4]; + int object_type = OSSL_OBJECT_PKEY; + + params[0] = + OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)ctx->desc->keytype_name, + 0); + /* The address of the key becomes the octet string */ + params[2] = + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, + &key, sizeof(key)); + params[3] = OSSL_PARAM_construct_end(); + + ok = data_cb(params, data_cbarg); + } + + end: + ctx->desc->free_key(key); + OPENSSL_free(der); + + return ok; +} + +static OSSL_FUNC_keymgmt_export_fn * +fake_rsa_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) + return OSSL_FUNC_keymgmt_export(fns); + + return NULL; +} + +static int der2key_export_object(void *vctx, + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) +{ + struct der2key_ctx_st *ctx = vctx; + OSSL_FUNC_keymgmt_export_fn *export = fake_rsa_prov_get_keymgmt_export(ctx->desc->fns); + void *keydata; + + if (reference_sz == sizeof(keydata) && export != NULL) { + /* The contents of the reference is the address to our object */ + keydata = *(void **)reference; + + return export(keydata, ctx->selection, export_cb, export_cbarg); + } + return 0; +} + +/* ---------------------------------------------------------------------- */ + +static struct fake_rsa_keydata *fake_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq) +{ + struct fake_rsa_keydata *key = fake_rsa_keymgmt_new(NULL); + + if (key) + key->status = FAKE_RSA_STATUS_DECODED; + return key; +} + +#define rsa_evp_type EVP_PKEY_RSA + +static void *fake_rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, + struct der2key_ctx_st *ctx) +{ + return fake_rsa_der2key_decode_p8(der, der_len, ctx, + (key_from_pkcs8_t *)fake_rsa_key_from_pkcs8); +} + +static void fake_rsa_key_adjust(void *key, struct der2key_ctx_st *ctx) +{ +} + +/* ---------------------------------------------------------------------- */ + +#define DO_PrivateKeyInfo(keytype) \ + "PrivateKeyInfo", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PRIVATE_KEY), \ + NULL, \ + NULL, \ + NULL, \ + fake_rsa_d2i_PKCS8, \ + NULL, \ + NULL, \ + fake_rsa_key_adjust, \ + (free_key_fn *)fake_rsa_keymgmt_free + +#define DO_SubjectPublicKeyInfo(keytype) \ + "SubjectPublicKeyInfo", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PUBLIC_KEY), \ + NULL, \ + NULL, \ + NULL, \ + NULL, \ + (d2i_of_void *)fake_rsa_d2i_PUBKEY, \ + NULL, \ + fake_rsa_key_adjust, \ + (free_key_fn *)fake_rsa_keymgmt_free + +/* + * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. + * It takes the following arguments: + * + * keytype_name The implementation key type as a string. + * keytype The implementation key type. This must correspond exactly + * to our existing keymgmt keytype names... in other words, + * there must exist an ossl_##keytype##_keymgmt_functions. + * type The type name for the set of functions that implement the + * decoder for the key type. This isn't necessarily the same + * as keytype. For example, the key types ed25519, ed448, + * x25519 and x448 are all handled by the same functions with + * the common type name ecx. + * kind The kind of support to implement. This translates into + * the DO_##kind macros above, to populate the keytype_desc_st + * structure. + */ +#define MAKE_DECODER(keytype_name, keytype, type, kind) \ + static struct keytype_desc_st kind##_##keytype##_desc = \ + { keytype_name, fake_rsa_keymgmt_funcs, \ + DO_##kind(keytype) }; \ + \ + static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ + \ + static void *kind##_der2##keytype##_newctx(void *provctx) \ + { \ + return der2key_newctx(provctx, &kind##_##keytype##_desc, keytype_name);\ + } \ + static int kind##_der2##keytype##_does_selection(void *provctx, \ + int selection) \ + { \ + return der2key_check_selection(selection, \ + &kind##_##keytype##_desc); \ + } \ + static const OSSL_DISPATCH \ + fake_rsa_##kind##_der_to_##keytype##_decoder_functions[] = { \ + { OSSL_FUNC_DECODER_NEWCTX, \ + (void (*)(void))kind##_der2##keytype##_newctx }, \ + { OSSL_FUNC_DECODER_FREECTX, \ + (void (*)(void))der2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))kind##_der2##keytype##_does_selection }, \ + { OSSL_FUNC_DECODER_DECODE, \ + (void (*)(void))fake_rsa_der2key_decode }, \ + { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ + (void (*)(void))der2key_export_object }, \ + OSSL_DISPATCH_END \ + } + +MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); +MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); + +static const OSSL_ALGORITHM fake_rsa_decoder_algs[] = { +#define DECODER_PROVIDER "fake-rsa" +#define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" +#define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" + +/* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ +/* + * Obviously this is not FIPS approved, but in order to test in conjunction + * with the FIPS provider we pretend that it is. + */ + +#define DECODER(_name, _input, _output) \ + { _name, \ + "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input, \ + (fake_rsa_##_input##_to_##_output##_decoder_functions) \ + } +#define DECODER_w_structure(_name, _input, _structure, _output) \ + { _name, \ + "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input \ + ",structure=" DECODER_STRUCTURE_##_structure, \ + (fake_rsa_##_structure##_##_input##_to_##_output##_decoder_functions) \ + } + +DECODER_w_structure("RSA:rsaEncryption", der, PrivateKeyInfo, rsa), +DECODER_w_structure("RSA:rsaEncryption", der, SubjectPublicKeyInfo, rsa), +#undef DECODER_PROVIDER + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *fake_rsa_query(void *provctx, int operation_id, int *no_cache) @@ -716,13 +1225,24 @@ static const OSSL_ALGORITHM *fake_rsa_query(void *provctx, case OSSL_OP_STORE: return fake_rsa_store_algs; + + case OSSL_OP_DECODER: + return fake_rsa_decoder_algs; } return NULL; } +static void fake_rsa_prov_teardown(void *provctx) +{ + PROV_FAKE_RSA_CTX *pctx = (PROV_FAKE_RSA_CTX *)provctx; + + OSSL_LIB_CTX_free(pctx->libctx); + OPENSSL_free(pctx); +} + /* Functions we provide to the core */ static const OSSL_DISPATCH fake_rsa_method[] = { - { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fake_rsa_prov_teardown }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fake_rsa_query }, OSSL_DISPATCH_END }; @@ -731,8 +1251,20 @@ static int fake_rsa_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) { - if (!TEST_ptr(*provctx = OSSL_LIB_CTX_new())) + OSSL_LIB_CTX *libctx; + PROV_FAKE_RSA_CTX *prov_ctx; + + if (!TEST_ptr(libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in))) + return 0; + + if (!TEST_ptr(prov_ctx = OPENSSL_malloc(sizeof(*prov_ctx)))) { + OSSL_LIB_CTX_free(libctx); return 0; + } + + prov_ctx->libctx = libctx; + + *provctx = prov_ctx; *out = fake_rsa_method; return 1; } diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c index 4abbdd33ec4d..cb656a62a650 100644 --- a/test/provider_pkey_test.c +++ b/test/provider_pkey_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -424,6 +424,292 @@ end: return ret; } +#define DEFAULT_PROVIDER_IDX 0 +#define FAKE_RSA_PROVIDER_IDX 1 + +static int reset_ctx_providers(OSSL_LIB_CTX **ctx, OSSL_PROVIDER *providers[2], const char *prop) +{ + OSSL_PROVIDER_unload(providers[DEFAULT_PROVIDER_IDX]); + providers[DEFAULT_PROVIDER_IDX] = NULL; + fake_rsa_finish(providers[FAKE_RSA_PROVIDER_IDX]); + providers[FAKE_RSA_PROVIDER_IDX] = NULL; + OSSL_LIB_CTX_free(*ctx); + *ctx = NULL; + + if (!TEST_ptr(*ctx = OSSL_LIB_CTX_new()) + || !TEST_ptr(providers[DEFAULT_PROVIDER_IDX] = OSSL_PROVIDER_load(*ctx, "default")) + || !TEST_ptr(providers[FAKE_RSA_PROVIDER_IDX] = fake_rsa_start(*ctx)) + || !TEST_true(EVP_set_default_properties(*ctx, prop))) + return 0; + return 1; +} + +struct test_pkey_decoder_properties_t { + const char *provider_props; + const char *explicit_props; + int curr_provider_idx; +}; + +static int test_pkey_provider_decoder_props(void) +{ + OSSL_LIB_CTX *my_libctx = NULL; + OSSL_PROVIDER *providers[2] = { NULL }; + struct test_pkey_decoder_properties_t properties_test[] = { + { "?provider=fake-rsa", NULL, FAKE_RSA_PROVIDER_IDX }, + { "?provider=default", NULL, DEFAULT_PROVIDER_IDX }, + { NULL, "?provider=fake-rsa", FAKE_RSA_PROVIDER_IDX }, + { NULL, "?provider=default", DEFAULT_PROVIDER_IDX }, + { NULL, "provider=fake-rsa", FAKE_RSA_PROVIDER_IDX }, + { NULL, "provider=default", DEFAULT_PROVIDER_IDX }, + }; + EVP_PKEY *pkey = NULL; + BIO *bio_priv = NULL; + unsigned char *encoded_pub = NULL; + int len_pub; + const unsigned char *p; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + size_t i; + int ret = 0; + const char pem_rsa_priv_key[] = { + 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x50, + 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, + 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49, 0x49, 0x45, 0x76, 0x51, 0x49, 0x42, + 0x41, 0x44, 0x41, 0x4E, 0x42, 0x67, 0x6B, 0x71, 0x68, 0x6B, 0x69, 0x47, + 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43, + 0x42, 0x4B, 0x63, 0x77, 0x67, 0x67, 0x53, 0x6A, 0x41, 0x67, 0x45, 0x41, + 0x41, 0x6F, 0x49, 0x42, 0x41, 0x51, 0x44, 0x45, 0x6B, 0x43, 0x34, 0x5A, + 0x57, 0x76, 0x33, 0x75, 0x63, 0x46, 0x62, 0x55, 0x0A, 0x46, 0x38, 0x59, + 0x77, 0x6C, 0x55, 0x72, 0x6D, 0x51, 0x6C, 0x4C, 0x43, 0x5A, 0x77, 0x41, + 0x67, 0x72, 0x34, 0x44, 0x50, 0x55, 0x41, 0x46, 0x56, 0x48, 0x6C, 0x2B, + 0x77, 0x46, 0x63, 0x58, 0x79, 0x70, 0x56, 0x67, 0x53, 0x63, 0x56, 0x59, + 0x34, 0x4B, 0x37, 0x51, 0x6D, 0x64, 0x57, 0x4B, 0x73, 0x59, 0x71, 0x62, + 0x38, 0x74, 0x70, 0x4F, 0x78, 0x71, 0x77, 0x30, 0x4E, 0x77, 0x5A, 0x57, + 0x58, 0x0A, 0x4F, 0x2B, 0x74, 0x61, 0x34, 0x2B, 0x79, 0x32, 0x37, 0x43, + 0x4F, 0x75, 0x66, 0x6F, 0x4F, 0x68, 0x52, 0x54, 0x4D, 0x77, 0x4E, 0x79, + 0x4E, 0x32, 0x4C, 0x77, 0x53, 0x4E, 0x54, 0x50, 0x4E, 0x33, 0x65, 0x45, + 0x6B, 0x34, 0x65, 0x65, 0x35, 0x51, 0x6E, 0x70, 0x70, 0x45, 0x79, 0x44, + 0x72, 0x71, 0x6F, 0x43, 0x67, 0x76, 0x54, 0x6C, 0x41, 0x41, 0x64, 0x54, + 0x6F, 0x46, 0x61, 0x58, 0x76, 0x6A, 0x0A, 0x78, 0x31, 0x33, 0x59, 0x62, + 0x6A, 0x37, 0x6A, 0x66, 0x68, 0x77, 0x4E, 0x37, 0x34, 0x71, 0x4B, 0x64, + 0x71, 0x73, 0x53, 0x45, 0x74, 0x50, 0x57, 0x79, 0x67, 0x67, 0x65, 0x6F, + 0x74, 0x69, 0x51, 0x53, 0x50, 0x79, 0x36, 0x4B, 0x79, 0x42, 0x49, 0x75, + 0x57, 0x74, 0x49, 0x78, 0x50, 0x41, 0x41, 0x38, 0x6A, 0x41, 0x76, 0x66, + 0x41, 0x6E, 0x51, 0x6A, 0x31, 0x65, 0x58, 0x68, 0x67, 0x68, 0x46, 0x0A, + 0x4E, 0x32, 0x4E, 0x78, 0x6B, 0x71, 0x67, 0x78, 0x76, 0x42, 0x59, 0x64, + 0x4E, 0x79, 0x31, 0x6D, 0x33, 0x2B, 0x6A, 0x58, 0x41, 0x43, 0x50, 0x4C, + 0x52, 0x7A, 0x63, 0x31, 0x31, 0x5A, 0x62, 0x4E, 0x48, 0x4B, 0x69, 0x77, + 0x68, 0x43, 0x59, 0x31, 0x2F, 0x48, 0x69, 0x53, 0x42, 0x6B, 0x77, 0x48, + 0x6C, 0x49, 0x4B, 0x2B, 0x2F, 0x56, 0x4C, 0x6A, 0x32, 0x73, 0x6D, 0x43, + 0x4B, 0x64, 0x55, 0x51, 0x0A, 0x67, 0x76, 0x4C, 0x58, 0x53, 0x6E, 0x6E, + 0x56, 0x67, 0x51, 0x75, 0x6C, 0x48, 0x69, 0x6F, 0x44, 0x36, 0x55, 0x67, + 0x59, 0x38, 0x78, 0x41, 0x32, 0x61, 0x34, 0x4D, 0x31, 0x72, 0x68, 0x59, + 0x75, 0x54, 0x56, 0x38, 0x42, 0x72, 0x50, 0x52, 0x5A, 0x34, 0x42, 0x46, + 0x78, 0x32, 0x6F, 0x30, 0x6A, 0x59, 0x57, 0x76, 0x47, 0x62, 0x41, 0x2F, + 0x48, 0x6C, 0x70, 0x37, 0x66, 0x54, 0x4F, 0x79, 0x2B, 0x0A, 0x46, 0x35, + 0x4F, 0x6B, 0x69, 0x48, 0x53, 0x37, 0x41, 0x67, 0x4D, 0x42, 0x41, 0x41, + 0x45, 0x43, 0x67, 0x67, 0x45, 0x41, 0x59, 0x67, 0x43, 0x75, 0x38, 0x31, + 0x5A, 0x69, 0x51, 0x42, 0x56, 0x44, 0x76, 0x57, 0x69, 0x44, 0x47, 0x4B, + 0x72, 0x2B, 0x31, 0x70, 0x49, 0x66, 0x32, 0x43, 0x78, 0x70, 0x72, 0x47, + 0x4A, 0x45, 0x6D, 0x31, 0x68, 0x38, 0x36, 0x5A, 0x63, 0x45, 0x78, 0x33, + 0x4C, 0x37, 0x0A, 0x71, 0x46, 0x44, 0x57, 0x2B, 0x67, 0x38, 0x48, 0x47, + 0x57, 0x64, 0x30, 0x34, 0x53, 0x33, 0x71, 0x76, 0x68, 0x39, 0x4C, 0x75, + 0x62, 0x6C, 0x41, 0x4A, 0x7A, 0x65, 0x74, 0x41, 0x50, 0x78, 0x52, 0x58, + 0x4C, 0x39, 0x7A, 0x78, 0x33, 0x50, 0x58, 0x6A, 0x4A, 0x5A, 0x73, 0x37, + 0x65, 0x33, 0x48, 0x4C, 0x45, 0x75, 0x6E, 0x79, 0x33, 0x54, 0x61, 0x57, + 0x65, 0x7A, 0x30, 0x58, 0x49, 0x30, 0x4F, 0x0A, 0x34, 0x4C, 0x53, 0x59, + 0x38, 0x53, 0x38, 0x64, 0x36, 0x70, 0x56, 0x42, 0x50, 0x6D, 0x55, 0x45, + 0x74, 0x77, 0x47, 0x57, 0x4E, 0x34, 0x76, 0x59, 0x71, 0x48, 0x6E, 0x4B, + 0x4C, 0x58, 0x4F, 0x62, 0x34, 0x51, 0x51, 0x41, 0x58, 0x73, 0x34, 0x4D, + 0x7A, 0x66, 0x6B, 0x4D, 0x2F, 0x4D, 0x65, 0x2F, 0x62, 0x2B, 0x7A, 0x64, + 0x75, 0x31, 0x75, 0x6D, 0x77, 0x6A, 0x4D, 0x6C, 0x33, 0x44, 0x75, 0x64, + 0x0A, 0x35, 0x72, 0x56, 0x68, 0x6B, 0x67, 0x76, 0x74, 0x38, 0x75, 0x68, + 0x44, 0x55, 0x47, 0x33, 0x58, 0x53, 0x48, 0x65, 0x6F, 0x4A, 0x59, 0x42, + 0x4D, 0x62, 0x54, 0x39, 0x69, 0x6B, 0x4A, 0x44, 0x56, 0x4D, 0x4A, 0x35, + 0x31, 0x72, 0x72, 0x65, 0x2F, 0x31, 0x52, 0x69, 0x64, 0x64, 0x67, 0x78, + 0x70, 0x38, 0x53, 0x6B, 0x74, 0x56, 0x6B, 0x76, 0x47, 0x6D, 0x4D, 0x6C, + 0x39, 0x6B, 0x51, 0x52, 0x38, 0x0A, 0x38, 0x64, 0x76, 0x33, 0x50, 0x78, + 0x2F, 0x6B, 0x54, 0x4E, 0x39, 0x34, 0x45, 0x75, 0x52, 0x67, 0x30, 0x43, + 0x6B, 0x58, 0x42, 0x68, 0x48, 0x70, 0x6F, 0x47, 0x6F, 0x34, 0x71, 0x6E, + 0x4D, 0x33, 0x51, 0x33, 0x42, 0x35, 0x50, 0x6C, 0x6D, 0x53, 0x4B, 0x35, + 0x67, 0x6B, 0x75, 0x50, 0x76, 0x57, 0x79, 0x39, 0x6C, 0x38, 0x4C, 0x2F, + 0x54, 0x56, 0x74, 0x38, 0x4C, 0x62, 0x36, 0x2F, 0x7A, 0x4C, 0x0A, 0x42, + 0x79, 0x51, 0x57, 0x2B, 0x67, 0x30, 0x32, 0x77, 0x78, 0x65, 0x4E, 0x47, + 0x68, 0x77, 0x31, 0x66, 0x6B, 0x44, 0x2B, 0x58, 0x46, 0x48, 0x37, 0x4B, + 0x6B, 0x53, 0x65, 0x57, 0x6C, 0x2B, 0x51, 0x6E, 0x72, 0x4C, 0x63, 0x65, + 0x50, 0x4D, 0x30, 0x68, 0x51, 0x4B, 0x42, 0x67, 0x51, 0x44, 0x78, 0x6F, + 0x71, 0x55, 0x6B, 0x30, 0x50, 0x4C, 0x4F, 0x59, 0x35, 0x57, 0x67, 0x4F, + 0x6B, 0x67, 0x72, 0x0A, 0x75, 0x6D, 0x67, 0x69, 0x65, 0x2F, 0x4B, 0x31, + 0x57, 0x4B, 0x73, 0x2B, 0x69, 0x7A, 0x54, 0x74, 0x41, 0x70, 0x6A, 0x7A, + 0x63, 0x4D, 0x37, 0x36, 0x73, 0x7A, 0x61, 0x36, 0x33, 0x62, 0x35, 0x52, + 0x39, 0x77, 0x2B, 0x50, 0x2B, 0x4E, 0x73, 0x73, 0x4D, 0x56, 0x34, 0x61, + 0x65, 0x56, 0x39, 0x65, 0x70, 0x45, 0x47, 0x5A, 0x4F, 0x36, 0x38, 0x49, + 0x55, 0x6D, 0x69, 0x30, 0x51, 0x6A, 0x76, 0x51, 0x0A, 0x6E, 0x70, 0x6C, + 0x75, 0x51, 0x6F, 0x61, 0x64, 0x46, 0x59, 0x77, 0x65, 0x46, 0x77, 0x53, + 0x51, 0x31, 0x31, 0x42, 0x58, 0x48, 0x6F, 0x65, 0x51, 0x42, 0x41, 0x34, + 0x6E, 0x4E, 0x70, 0x6B, 0x72, 0x56, 0x35, 0x38, 0x68, 0x67, 0x7A, 0x5A, + 0x4E, 0x33, 0x6D, 0x39, 0x4A, 0x4C, 0x52, 0x37, 0x4A, 0x78, 0x79, 0x72, + 0x49, 0x71, 0x58, 0x73, 0x52, 0x6E, 0x55, 0x7A, 0x6C, 0x31, 0x33, 0x4B, + 0x6A, 0x0A, 0x47, 0x7A, 0x5A, 0x42, 0x43, 0x4A, 0x78, 0x43, 0x70, 0x4A, + 0x6A, 0x66, 0x54, 0x7A, 0x65, 0x2F, 0x79, 0x6D, 0x65, 0x38, 0x64, 0x33, + 0x70, 0x61, 0x35, 0x51, 0x4B, 0x42, 0x67, 0x51, 0x44, 0x51, 0x50, 0x35, + 0x6D, 0x42, 0x34, 0x6A, 0x49, 0x2B, 0x67, 0x33, 0x58, 0x48, 0x33, 0x4D, + 0x75, 0x4C, 0x79, 0x42, 0x6A, 0x4D, 0x6F, 0x54, 0x49, 0x76, 0x6F, 0x79, + 0x37, 0x43, 0x59, 0x4D, 0x68, 0x5A, 0x0A, 0x36, 0x2F, 0x2B, 0x4B, 0x6B, + 0x70, 0x77, 0x31, 0x33, 0x32, 0x4A, 0x31, 0x36, 0x6D, 0x71, 0x6B, 0x4C, + 0x72, 0x77, 0x55, 0x4F, 0x5A, 0x66, 0x54, 0x30, 0x65, 0x31, 0x72, 0x4A, + 0x42, 0x73, 0x43, 0x55, 0x6B, 0x45, 0x6F, 0x42, 0x6D, 0x67, 0x4B, 0x4E, + 0x74, 0x52, 0x6B, 0x48, 0x6F, 0x33, 0x2F, 0x53, 0x6A, 0x55, 0x49, 0x2F, + 0x39, 0x66, 0x48, 0x6A, 0x33, 0x75, 0x53, 0x74, 0x50, 0x48, 0x56, 0x0A, + 0x6F, 0x50, 0x63, 0x66, 0x58, 0x6A, 0x2F, 0x67, 0x46, 0x52, 0x55, 0x6B, + 0x44, 0x44, 0x7A, 0x59, 0x2B, 0x61, 0x75, 0x42, 0x33, 0x64, 0x48, 0x4F, + 0x4E, 0x46, 0x31, 0x55, 0x31, 0x7A, 0x30, 0x36, 0x45, 0x41, 0x4E, 0x6B, + 0x6B, 0x50, 0x43, 0x43, 0x33, 0x61, 0x35, 0x33, 0x38, 0x55, 0x41, 0x4E, + 0x42, 0x49, 0x61, 0x50, 0x6A, 0x77, 0x70, 0x52, 0x64, 0x42, 0x7A, 0x4E, + 0x77, 0x31, 0x78, 0x6C, 0x0A, 0x62, 0x76, 0x6E, 0x35, 0x61, 0x43, 0x74, + 0x33, 0x48, 0x77, 0x4B, 0x42, 0x67, 0x42, 0x66, 0x4F, 0x6C, 0x34, 0x6A, + 0x47, 0x45, 0x58, 0x59, 0x6D, 0x4E, 0x36, 0x4B, 0x2B, 0x75, 0x30, 0x65, + 0x62, 0x71, 0x52, 0x44, 0x6B, 0x74, 0x32, 0x67, 0x49, 0x6F, 0x57, 0x36, + 0x62, 0x46, 0x6F, 0x37, 0x58, 0x64, 0x36, 0x78, 0x63, 0x69, 0x2F, 0x67, + 0x46, 0x57, 0x6A, 0x6F, 0x56, 0x43, 0x4F, 0x42, 0x59, 0x0A, 0x67, 0x43, + 0x38, 0x47, 0x4C, 0x4D, 0x6E, 0x77, 0x33, 0x7A, 0x32, 0x71, 0x67, 0x61, + 0x76, 0x34, 0x63, 0x51, 0x49, 0x67, 0x38, 0x45, 0x44, 0x59, 0x70, 0x62, + 0x70, 0x45, 0x34, 0x46, 0x48, 0x51, 0x6E, 0x6E, 0x74, 0x50, 0x6B, 0x4B, + 0x57, 0x2F, 0x62, 0x72, 0x75, 0x30, 0x4E, 0x74, 0x33, 0x79, 0x61, 0x4E, + 0x62, 0x38, 0x69, 0x67, 0x79, 0x31, 0x61, 0x5A, 0x4F, 0x52, 0x66, 0x49, + 0x76, 0x5A, 0x0A, 0x71, 0x54, 0x4D, 0x4C, 0x45, 0x33, 0x6D, 0x65, 0x6C, + 0x63, 0x5A, 0x57, 0x37, 0x4C, 0x61, 0x69, 0x71, 0x65, 0x4E, 0x31, 0x56, + 0x30, 0x76, 0x48, 0x2F, 0x4D, 0x43, 0x55, 0x64, 0x70, 0x58, 0x39, 0x59, + 0x31, 0x34, 0x4B, 0x39, 0x43, 0x4A, 0x59, 0x78, 0x7A, 0x73, 0x52, 0x4F, + 0x67, 0x50, 0x71, 0x64, 0x45, 0x67, 0x4D, 0x57, 0x59, 0x44, 0x46, 0x41, + 0x6F, 0x47, 0x41, 0x41, 0x65, 0x39, 0x6C, 0x0A, 0x58, 0x4D, 0x69, 0x65, + 0x55, 0x4F, 0x68, 0x6C, 0x30, 0x73, 0x71, 0x68, 0x64, 0x5A, 0x59, 0x52, + 0x62, 0x4F, 0x31, 0x65, 0x69, 0x77, 0x54, 0x49, 0x4C, 0x58, 0x51, 0x36, + 0x79, 0x47, 0x4D, 0x69, 0x42, 0x38, 0x61, 0x65, 0x2F, 0x76, 0x30, 0x70, + 0x62, 0x42, 0x45, 0x57, 0x6C, 0x70, 0x6E, 0x38, 0x6B, 0x32, 0x2B, 0x4A, + 0x6B, 0x71, 0x56, 0x54, 0x77, 0x48, 0x67, 0x67, 0x62, 0x43, 0x41, 0x5A, + 0x0A, 0x6A, 0x4F, 0x61, 0x71, 0x56, 0x74, 0x58, 0x31, 0x6D, 0x55, 0x79, + 0x54, 0x59, 0x7A, 0x6A, 0x73, 0x54, 0x7A, 0x34, 0x5A, 0x59, 0x6A, 0x68, + 0x61, 0x48, 0x4A, 0x33, 0x6A, 0x31, 0x57, 0x6C, 0x65, 0x67, 0x6F, 0x4D, + 0x63, 0x73, 0x74, 0x64, 0x66, 0x54, 0x2B, 0x74, 0x78, 0x4D, 0x55, 0x37, + 0x34, 0x6F, 0x67, 0x64, 0x4F, 0x71, 0x4D, 0x7A, 0x68, 0x78, 0x53, 0x55, + 0x4F, 0x34, 0x35, 0x67, 0x38, 0x0A, 0x66, 0x39, 0x57, 0x38, 0x39, 0x6D, + 0x70, 0x61, 0x38, 0x62, 0x42, 0x6A, 0x4F, 0x50, 0x75, 0x2B, 0x79, 0x46, + 0x79, 0x36, 0x36, 0x74, 0x44, 0x61, 0x5A, 0x36, 0x73, 0x57, 0x45, 0x37, + 0x63, 0x35, 0x53, 0x58, 0x45, 0x48, 0x58, 0x6C, 0x38, 0x43, 0x67, 0x59, + 0x45, 0x41, 0x74, 0x41, 0x57, 0x77, 0x46, 0x50, 0x6F, 0x44, 0x53, 0x54, + 0x64, 0x7A, 0x6F, 0x58, 0x41, 0x77, 0x52, 0x6F, 0x66, 0x30, 0x0A, 0x51, + 0x4D, 0x4F, 0x30, 0x38, 0x2B, 0x50, 0x6E, 0x51, 0x47, 0x6F, 0x50, 0x62, + 0x4D, 0x4A, 0x54, 0x71, 0x72, 0x67, 0x78, 0x72, 0x48, 0x59, 0x43, 0x53, + 0x38, 0x75, 0x34, 0x63, 0x59, 0x53, 0x48, 0x64, 0x44, 0x4D, 0x4A, 0x44, + 0x43, 0x4F, 0x4D, 0x6F, 0x35, 0x67, 0x46, 0x58, 0x79, 0x43, 0x2B, 0x35, + 0x46, 0x66, 0x54, 0x69, 0x47, 0x77, 0x42, 0x68, 0x79, 0x35, 0x38, 0x7A, + 0x35, 0x62, 0x37, 0x0A, 0x67, 0x42, 0x77, 0x46, 0x4B, 0x49, 0x39, 0x52, + 0x67, 0x52, 0x66, 0x56, 0x31, 0x44, 0x2F, 0x4E, 0x69, 0x6D, 0x78, 0x50, + 0x72, 0x6C, 0x6A, 0x33, 0x57, 0x48, 0x79, 0x65, 0x63, 0x31, 0x2F, 0x43, + 0x73, 0x2B, 0x42, 0x72, 0x2B, 0x2F, 0x76, 0x65, 0x6B, 0x4D, 0x56, 0x46, + 0x67, 0x35, 0x67, 0x65, 0x6B, 0x65, 0x48, 0x72, 0x34, 0x61, 0x47, 0x53, + 0x46, 0x34, 0x62, 0x6B, 0x30, 0x41, 0x6A, 0x56, 0x0A, 0x54, 0x76, 0x2F, + 0x70, 0x51, 0x6A, 0x79, 0x52, 0x75, 0x5A, 0x41, 0x74, 0x36, 0x36, 0x49, + 0x62, 0x52, 0x5A, 0x64, 0x6C, 0x32, 0x49, 0x49, 0x3D, 0x0A, 0x2D, 0x2D, + 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D + }; + /* + * PEM of pem_rsa_priv_key: + * -----BEGIN PRIVATE KEY----- + * MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEkC4ZWv3ucFbU + * F8YwlUrmQlLCZwAgr4DPUAFVHl+wFcXypVgScVY4K7QmdWKsYqb8tpOxqw0NwZWX + * O+ta4+y27COufoOhRTMwNyN2LwSNTPN3eEk4ee5QnppEyDrqoCgvTlAAdToFaXvj + * x13Ybj7jfhwN74qKdqsSEtPWyggeotiQSPy6KyBIuWtIxPAA8jAvfAnQj1eXhghF + * N2NxkqgxvBYdNy1m3+jXACPLRzc11ZbNHKiwhCY1/HiSBkwHlIK+/VLj2smCKdUQ + * gvLXSnnVgQulHioD6UgY8xA2a4M1rhYuTV8BrPRZ4BFx2o0jYWvGbA/Hlp7fTOy+ + * F5OkiHS7AgMBAAECggEAYgCu81ZiQBVDvWiDGKr+1pIf2CxprGJEm1h86ZcEx3L7 + * qFDW+g8HGWd04S3qvh9LublAJzetAPxRXL9zx3PXjJZs7e3HLEuny3TaWez0XI0O + * 4LSY8S8d6pVBPmUEtwGWN4vYqHnKLXOb4QQAXs4MzfkM/Me/b+zdu1umwjMl3Dud + * 5rVhkgvt8uhDUG3XSHeoJYBMbT9ikJDVMJ51rre/1Riddgxp8SktVkvGmMl9kQR8 + * 8dv3Px/kTN94EuRg0CkXBhHpoGo4qnM3Q3B5PlmSK5gkuPvWy9l8L/TVt8Lb6/zL + * ByQW+g02wxeNGhw1fkD+XFH7KkSeWl+QnrLcePM0hQKBgQDxoqUk0PLOY5WgOkgr + * umgie/K1WKs+izTtApjzcM76sza63b5R9w+P+NssMV4aeV9epEGZO68IUmi0QjvQ + * npluQoadFYweFwSQ11BXHoeQBA4nNpkrV58hgzZN3m9JLR7JxyrIqXsRnUzl13Kj + * GzZBCJxCpJjfTze/yme8d3pa5QKBgQDQP5mB4jI+g3XH3MuLyBjMoTIvoy7CYMhZ + * 6/+Kkpw132J16mqkLrwUOZfT0e1rJBsCUkEoBmgKNtRkHo3/SjUI/9fHj3uStPHV + * oPcfXj/gFRUkDDzY+auB3dHONF1U1z06EANkkPCC3a538UANBIaPjwpRdBzNw1xl + * bvn5aCt3HwKBgBfOl4jGEXYmN6K+u0ebqRDkt2gIoW6bFo7Xd6xci/gFWjoVCOBY + * gC8GLMnw3z2qgav4cQIg8EDYpbpE4FHQnntPkKW/bru0Nt3yaNb8igy1aZORfIvZ + * qTMLE3melcZW7LaiqeN1V0vH/MCUdpX9Y14K9CJYxzsROgPqdEgMWYDFAoGAAe9l + * XMieUOhl0sqhdZYRbO1eiwTILXQ6yGMiB8ae/v0pbBEWlpn8k2+JkqVTwHggbCAZ + * jOaqVtX1mUyTYzjsTz4ZYjhaHJ3j1WlegoMcstdfT+txMU74ogdOqMzhxSUO45g8 + * f9W89mpa8bBjOPu+yFy66tDaZ6sWE7c5SXEHXl8CgYEAtAWwFPoDSTdzoXAwRof0 + * QMO08+PnQGoPbMJTqrgxrHYCS8u4cYSHdDMJDCOMo5gFXyC+5FfTiGwBhy58z5b7 + * gBwFKI9RgRfV1D/NimxPrlj3WHyec1/Cs+Br+/vekMVFg5gekeHr4aGSF4bk0AjV + * Tv/pQjyRuZAt66IbRZdl2II= + * -----END PRIVATE KEY----- + */ + + /* Load private key BIO, DER-encoded public key and PKCS#8 private key for testing */ + if (!TEST_ptr(bio_priv = BIO_new(BIO_s_mem())) + || !TEST_int_gt(BIO_write(bio_priv, pem_rsa_priv_key, sizeof(pem_rsa_priv_key)), 0) + || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(bio_priv, NULL, NULL, NULL, NULL, NULL)) + || !TEST_int_ge(BIO_seek(bio_priv, 0), 0) + || !TEST_int_gt((len_pub = i2d_PUBKEY(pkey, &encoded_pub)), 0) + || !TEST_ptr(p8 = EVP_PKEY2PKCS8(pkey))) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + for (i = 0; i < OSSL_NELEM(properties_test); i++) { + const char *libctx_prop = properties_test[i].provider_props; + const char *explicit_prop = properties_test[i].explicit_props; + /* *curr_provider will be updated in reset_ctx_providers */ + OSSL_PROVIDER **curr_provider = &providers[properties_test[i].curr_provider_idx]; + + /* + * Decoding a PEM-encoded key uses the properties to select the right provider. + * Using a PEM-encoding adds an extra decoder before the key is created. + */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + if (!TEST_int_ge(BIO_seek(bio_priv, 0), 0) + || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(bio_priv, NULL, NULL, NULL, my_libctx, + explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Decoding a DER-encoded X509_PUBKEY uses the properties to select the right provider */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + p = encoded_pub; + if (!TEST_ptr(pkey = d2i_PUBKEY_ex(NULL, &p, len_pub, my_libctx, explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Decoding a PKCS8_PRIV_KEY_INFO uses the properties to select the right provider */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + if (!TEST_ptr(pkey = EVP_PKCS82PKEY_ex(p8, my_libctx, explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + } + + ret = 1; + +end: + PKCS8_PRIV_KEY_INFO_free(p8); + BIO_free(bio_priv); + OPENSSL_free(encoded_pub); + EVP_PKEY_free(pkey); + OSSL_PROVIDER_unload(providers[DEFAULT_PROVIDER_IDX]); + fake_rsa_finish(providers[FAKE_RSA_PROVIDER_IDX]); + OSSL_LIB_CTX_free(my_libctx); + return ret; +} + int setup_tests(void) { libctx = OSSL_LIB_CTX_new(); @@ -436,6 +722,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_pkey_store, 2); ADD_TEST(test_pkey_delete); ADD_TEST(test_pkey_store_open_ex); + ADD_TEST(test_pkey_provider_decoder_props); return 1; } diff --git a/test/quic-openssl-docker/hq-interop/quic-hq-interop.c b/test/quic-openssl-docker/hq-interop/quic-hq-interop.c index 14375d178a77..80b93c68c91e 100644 --- a/test/quic-openssl-docker/hq-interop/quic-hq-interop.c +++ b/test/quic-openssl-docker/hq-interop/quic-hq-interop.c @@ -906,8 +906,6 @@ int main(int argc, char *argv[]) goto end; } } - BIO_free(req_bio); - req_bio = NULL; reqnames[read_offset + 1] = '\0'; if (!setup_connection(hostname, port, &ctx, &ssl)) { @@ -1037,6 +1035,7 @@ int main(int argc, char *argv[]) */ BIO_ADDR_free(peer_addr); OPENSSL_free(reqnames); + BIO_free(req_bio); BIO_free(session_bio); for (poll_idx = 0; poll_idx < poll_count; poll_idx++) { BIO_free(outbiolist[poll_idx]); diff --git a/test/quic_ackm_test.c b/test/quic_ackm_test.c index 0f26e9d38a0e..7b42fa5410fa 100644 --- a/test/quic_ackm_test.c +++ b/test/quic_ackm_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -104,7 +104,8 @@ static int helper_init(struct helper *h, size_t num_pkts) /* Initialise ACK manager. */ h->ackm = ossl_ackm_new(fake_now, NULL, &h->statm, - &ossl_cc_dummy_method, h->ccdata); + &ossl_cc_dummy_method, h->ccdata, + /* is_server */0); if (!TEST_ptr(h->ackm)) goto err; diff --git a/test/quic_fifd_test.c b/test/quic_fifd_test.c index cfa5a77745b7..7f93ca40d924 100644 --- a/test/quic_fifd_test.c +++ b/test/quic_fifd_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -329,7 +329,8 @@ static int test_fifd(int idx) || !TEST_ptr(info.ackm = ossl_ackm_new(fake_now, NULL, &info.statm, &ossl_cc_dummy_method, - info.ccdata)) + info.ccdata, + /* is_server */0)) || !TEST_true(ossl_ackm_on_handshake_confirmed(info.ackm)) || !TEST_ptr(info.cfq = ossl_quic_cfq_new()) || !TEST_ptr(info.txpim = ossl_quic_txpim_new()) diff --git a/test/quic_txp_test.c b/test/quic_txp_test.c index 329953a3bd75..bf576c31f2d5 100644 --- a/test/quic_txp_test.c +++ b/test/quic_txp_test.c @@ -182,7 +182,8 @@ static int helper_init(struct helper *h) if (!TEST_ptr(h->args.ackm = ossl_ackm_new(fake_now, NULL, &h->statm, h->cc_method, - h->cc_data))) + h->cc_data, + /* is_server */0))) goto err; if (!TEST_true(ossl_quic_stream_map_init(&h->qsm, NULL, NULL, diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t index c953fad9f1ec..9bf946e81b4b 100644 --- a/test/recipes/15-test_ec.t +++ b/test/recipes/15-test_ec.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ setup("test_ec"); plan skip_all => 'EC is not supported in this build' if disabled('ec'); -plan tests => 15; +plan tests => 16; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -33,6 +33,16 @@ subtest 'EC conversions -- private key' => sub { tconversion( -type => 'ec', -prefix => 'ec-priv', -in => srctop_file("test","testec-p256.pem") ); }; + +SKIP: { + skip "SM2 is not supported by this OpenSSL build", 1 + if disabled("sm2"); + subtest 'EC conversions -- private key' => sub { + tconversion( -type => 'ec', -prefix => 'sm2-priv', + -in => srctop_file("test","testec-sm2.pem") ); + }; +} + subtest 'EC conversions -- private key PKCS#8' => sub { tconversion( -type => 'ec', -prefix => 'ec-pkcs8', -in => srctop_file("test","testec-p256.pem"), diff --git a/test/recipes/90-test_store_cases.t b/test/recipes/90-test_store_cases.t index 05b00e6b4eb1..5915a1b76a53 100644 --- a/test/recipes/90-test_store_cases.t +++ b/test/recipes/90-test_store_cases.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,9 +18,10 @@ use OpenSSL::Test::Utils; my $test_name = "test_store_cases"; setup($test_name); -plan tests => 2; +plan tests => 3; my $stderr; +my @stdout; # The case of the garbage PKCS#12 DER file where a passphrase was # prompted for. That should not have happened. @@ -34,3 +35,24 @@ open DATA, $stderr; close DATA; ok(scalar @match > 0 ? 0 : 1, "checking that storeutl didn't ask for a passphrase"); + + SKIP: { + skip "The objects in test-BER.p12 contain EC keys, which is disabled in this build", 1 + if disabled("ec"); + skip "test-BER.p12 has contents encrypted with DES-EDE3-CBC, which is disabled in this build", 1 + if disabled("des"); + + # The case with a BER-encoded PKCS#12 file, using infinite + EOC + # constructs. There was a bug with those in OpenSSL 3.0 and newer, + # where OSSL_STORE_load() (and by consequence, 'openssl storeutl') + # only extracted the first available object from that file and + # ignored the rest. + # Our test file has a total of four objects, and this should be + # reflected in the total that 'openssl storeutl' outputs + @stdout = run(app(['openssl', 'storeutl', '-passin', 'pass:12345', + data_file('test-BER.p12')]), + capture => 1); + @stdout = map { my $x = $_; $x =~ s/\R$//; $x } @stdout; # Better chomp + ok((grep { $_ eq 'Total found: 4' } @stdout), + "Checking that 'openssl storeutl' with test-BER.p12 returns 4 objects"); +} diff --git a/test/recipes/90-test_store_cases_data/test-BER.p12 b/test/recipes/90-test_store_cases_data/test-BER.p12 Binary files differnew file mode 100644 index 000000000000..256e697bac1a --- /dev/null +++ b/test/recipes/90-test_store_cases_data/test-BER.p12 diff --git a/test/testec-sm2.pem b/test/testec-sm2.pem new file mode 100644 index 000000000000..30e25613b38e --- /dev/null +++ b/test/testec-sm2.pem @@ -0,0 +1,5 @@ +-----BEGIN SM2 PRIVATE KEY----- +MHcCAQEEIKPB7gEYKGAwAkz0MfGwQm0BXclgzvSTxQG9bm4RCAxXoAoGCCqBHM9V +AYItoUQDQgAE+FuibOpfjVfj716O3LglhK4HzjUR82mgn8kTZinQsEafw3FFZzZJ +vwHIGHUsSKxVTRIEs+BICQDBg99OA3VU/Q== +-----END SM2 PRIVATE KEY----- diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index b76f9e931ec0..ccc4814f6fd2 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -97,7 +97,23 @@ sub new_dtls { sub init { - require IO::Socket::IP; + my $useSockInet = 0; + eval { + require IO::Socket::IP; + my $s = IO::Socket::IP->new( + LocalAddr => "::1", + LocalPort => 0, + Listen=>1, + ); + $s or die "\n"; + $s->close(); + }; + if ($@ eq "") { + require IO::Socket::IP; + } else { + $useSockInet = 1; + } + my $class = shift; my ($filter, $execute, @@ -118,8 +134,13 @@ sub init $test_client_port = 49152 + int(rand(65535 - 49152)); my $test_sock; if ($useINET6 == 0) { - $test_sock = IO::Socket::IP->new(LocalPort => $test_client_port, - LocalAddr => $test_client_addr); + if ($useSockInet == 0) { + $test_sock = IO::Socket::IP->new(LocalPort => $test_client_port, + LocalAddr => $test_client_addr); + } else { + $test_sock = IO::Socket::INET->new(LocalAddr => $test_client_addr, + LocalPort => $test_client_port); + } } else { $test_sock = IO::Socket::INET6->new(LocalAddr => $test_client_addr, LocalPort => $test_client_port, |