aboutsummaryrefslogtreecommitdiff
path: root/providers
diff options
context:
space:
mode:
Diffstat (limited to 'providers')
-rw-r--r--providers/common/securitycheck.c24
-rw-r--r--providers/fips-sources.checksums18
-rw-r--r--providers/fips.checksum2
-rw-r--r--providers/fips/self_test.c52
-rw-r--r--providers/implementations/ciphers/cipher_aes_siv.c20
-rw-r--r--providers/implementations/ciphers/cipher_rc4_hmac_md5.h5
-rw-r--r--providers/implementations/storemgmt/file_store.c8
7 files changed, 61 insertions, 68 deletions
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index 699ada7c529f..0d3acdbe56e2 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -167,17 +167,25 @@ int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign)
/*
* For Digital signature verification DSA keys with < 112 bits of
- * security strength (i.e L < 2048 bits), are still allowed for legacy
- * use. The bounds given in SP800 131Ar2 - Table 2 are
- * (512 <= L < 2048 and 160 <= N < 224)
+ * security strength, are still allowed for legacy
+ * use. The bounds given in SP 800-131Ar2 - Table 2 are
+ * (512 <= L < 2048 or 160 <= N < 224).
+ *
+ * We are a little stricter and insist that both minimums are met.
+ * For example a L = 256, N = 160 key *would* be allowed by SP 800-131Ar2
+ * but we don't.
*/
- if (!sign && L < 2048)
- return (L >= 512 && N >= 160 && N < 224);
+ if (!sign) {
+ if (L < 512 || N < 160)
+ return 0;
+ if (L < 2048 || N < 224)
+ return 1;
+ }
/* Valid sizes for both sign and verify */
- if (L == 2048 && (N == 224 || N == 256))
+ if (L == 2048 && (N == 224 || N == 256)) /* 112 bits */
return 1;
- return (L == 3072 && N == 256);
+ return (L == 3072 && N == 256); /* 128 bits */
}
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
return 1;
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index dea6ef04e23d..42785c33a0d2 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -93,7 +93,7 @@ f60f3d49b183b04bcdf9b82f7c961b8c1bcb00e68a2c1166fe9edd95a783356e crypto/bn/bn_m
c6760a724d696b7209f0a71f8483fabcf4f081f7e93e2628284c32ef78f69365 crypto/bn/bn_prime.c
c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h
628419eabdb88b265823e43a7a1c88fdfecef79771180836f6089050dc9eadb1 crypto/bn/bn_rand.c
-1f6e13da1d9965b341f81bc0842a987a7db9b7de0fa7f7040d49be01b92d282b crypto/bn/bn_recp.c
+4df8f204c8a06de2b4395be613ca0b9943613c523586e2005876d5c7bb891c75 crypto/bn/bn_recp.c
a5c5c9f99961a5a7f22a3dcdce964c8a330f822be17f08652223a20fed747d0a crypto/bn/bn_rsa_fips186_4.c
704b0b4723e5c9e9bae5f3e35f9ae8ae8dca3383929e954de9e5169845abfdb2 crypto/bn/bn_shift.c
622e90766b29e0d25f46474429aebda8eba2246835b9e85dc26da7cdbd49334f crypto/bn/bn_sqr.c
@@ -109,7 +109,7 @@ c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/
ff9be205d6d7ff00b0e64508f0eb8d9ec0415fbabc0948d26e308212b3f7b2d8 crypto/context.c
c309d81ea991ddf5be4337afad2fd132169f7443c76f863349d3f3c82f3374e4 crypto/core_algorithm.c
f0fd9eb38bf7f196bbb4d26ce8fdf86d0a4f9db219157e66b2c0ffefb4f42005 crypto/core_fetch.c
-02670d631bf0f34cca1e3477079d7fe5de4e03c391cf3992986f44f55319597c crypto/core_namemap.c
+799c84d224639c6760c5c28e0e287500a973ca6d0c3d7c1bdcd61b0da4018b3c crypto/core_namemap.c
469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c
71f0fff881eb4c5505fb17662f0ea4bbff24c6858c045a013ad8f786b07da5c4 crypto/cryptlib.c
66dbfc58916709d5a6913777346083247942a8d9458ee9b2bf443f0ea4988d64 crypto/ctype.c
@@ -253,7 +253,7 @@ e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/w
8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c
a20bfd927d69737c86ca95d3cf636afa8cefd8fe23412d1a3897644a0da21211 crypto/param_build.c
c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c
-06e67fdd2a308bf355c8dae2e0acd9af94f6e53d428a7d31966311eb5c0aebc1 crypto/params.c
+0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c
4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c
a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c
97cb7414dc2f165d5849ee3b46cdfff0afb067729435d9c01a747e0ca41e230c crypto/ppccap.c
@@ -292,9 +292,9 @@ f01af62704dbf9457e2669c3e7c1d4d740f0388faa49df93611b987a8aa2bf11 crypto/rsa/rsa
5fa59240ca885cbc0c1cd026934b226d44fc9c3fdf0c2e7e3a7bd7f4963ca2e5 crypto/self_test_core.c
05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31 crypto/sha/asm/keccak1600-armv4.pl
ca3b2b654f9a8c4bc2fa2538c1f19d17acd4a6b9e0df6a4b81df04efa697e67e crypto/sha/asm/keccak1600-armv8.pl
-ef575a7fb4956cc3be4ef10a6aeaa10702eadfc92c86167880690320ce942b26 crypto/sha/asm/keccak1600-avx2.pl
-f1dcf75789dfb0c5d7cd35988cb8046f60097bbaf1fbdab32a9269fa5492214c crypto/sha/asm/keccak1600-avx512.pl
-63e547b100562d1142512d5b54e16efc276ecb6c743c27873dbcdd7cb917c828 crypto/sha/asm/keccak1600-avx512vl.pl
+12b7acce2fba0bc0e1ca07842ec84be6a022f141c86e077abb42c864af1d8d9c crypto/sha/asm/keccak1600-avx2.pl
+faf0cccb685d5abc807e08db194f847c67b940da2fc3c235c210dc31d73a5334 crypto/sha/asm/keccak1600-avx512.pl
+be1e7dd9998e3f31cfa6e1b17bc198aeec584a8b76820e38f71d51b05f8a9f2a crypto/sha/asm/keccak1600-avx512vl.pl
33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034 crypto/sha/asm/keccak1600-c64x.pl
09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a crypto/sha/asm/keccak1600-mmx.pl
ce4a58129e5ee3ac4c9dfec5ecc010440570ebf7bf869e3e9977f2121a64b27a crypto/sha/asm/keccak1600-ppc64.pl
@@ -419,7 +419,7 @@ cbd9d7855ca3ba4240207fc025c22bbfef7411116446ff63511e336a0559bed0 include/openss
1d1697bd3e35920ff9eaec23c29472d727a7fc4d108150957f41f6f5ecf80f1a include/openssl/cryptoerr.h
bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h
fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h
-3a57eceec58ab781d79cb0458c2251a233f45ba0ef8f414d148c55ac2dff1bc8 include/openssl/dh.h
+75fba45d6fc66e3aaef216959327157613f08070935aae4a5260e740184f031f include/openssl/dh.h
836130f5a32bbdce51b97b34758ed1b03a9d06065c187418eaf323dca6adfc6d include/openssl/dherr.h
92ae2c907fd56859e3ae28a085071611be5c9245879305cdf8bad027219e64b6 include/openssl/dsa.h
276d1f6e111ba933bc708e6a0670047cbe0d0b67aabe31807abbbc231de4d8cf include/openssl/dsaerr.h
@@ -492,11 +492,11 @@ e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc providers/comm
a8b73b10ab0100942dd2bc45f2fc9c9238b70bec0e49708ba113bc7479c8b92a providers/common/provider_err.c
9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c
eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c
-ba345b0d71f74c9e3d752579e16d11cc70b4b00faa329cc674bc43dd2620e044 providers/common/securitycheck.c
+5b94312727ca33e4f5c038f4caaae8417bf584cfde22df83d91f3c55c30c81ee providers/common/securitycheck.c
527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c
abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c
0f761a26c8fa6ad8d5a15c817afe1741352b21769b2164a2eb7dd50e1f6fe04f providers/fips/fipsprov.c
-52b48aece6aa3592593c94b53326410c75efb95ac480697ce414679446b49943 providers/fips/self_test.c
+5d24ba30f9cc7ca48546fb85dc285bd68590f3a604a0bd471bcb0c2a61169591 providers/fips/self_test.c
f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h
d3c95c9c6cc4e3b1a5e4b2bfb2ae735a4109d763bcda7b1e9b8f9eb253f79820 providers/fips/self_test_data.inc
629f619ad055723e42624230c08430a3ef53e17ab405dc0fd35499e9ca4e389c providers/fips/self_test_kats.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 077e225c6d93..ec1978c7fede 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-d4b8aaf04173ffd7bdd7d64e823002a988146d85c193a4bb8217dc8225583169 providers/fips-sources.checksums
+f07990ec634ec6ea3c8c42a664768debcf92a1b0c39bde7041c24df33dd7f052 providers/fips-sources.checksums
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 80d048a847b0..ca5b3b585bd3 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -16,6 +16,7 @@
#include <openssl/err.h>
#include <openssl/proverr.h>
#include "e_os.h"
+#include "internal/tsan_assist.h"
#include "prov/providercommon.h"
/*
@@ -47,7 +48,6 @@
static int FIPS_conditional_error_check = 1;
static CRYPTO_RWLOCK *self_test_lock = NULL;
-static CRYPTO_RWLOCK *fips_state_lock = NULL;
static unsigned char fixed_key[32] = { FIPS_KEY_ELEMENTS };
static CRYPTO_ONCE fips_self_test_init = CRYPTO_ONCE_STATIC_INIT;
@@ -59,7 +59,6 @@ DEFINE_RUN_ONCE_STATIC(do_fips_self_test_init)
* platform then we just leak it deliberately.
*/
self_test_lock = CRYPTO_THREAD_lock_new();
- fips_state_lock = CRYPTO_THREAD_lock_new();
return self_test_lock != NULL;
}
@@ -155,12 +154,12 @@ void __TERM__cleanup(void) {
# define DEP_INITIAL_STATE FIPS_STATE_SELFTEST
#endif
-static int FIPS_state = DEP_INITIAL_STATE;
+static TSAN_QUALIFIER int FIPS_state = DEP_INITIAL_STATE;
#if defined(DEP_INIT_ATTRIBUTE)
DEP_INIT_ATTRIBUTE void init(void)
{
- FIPS_state = FIPS_STATE_SELFTEST;
+ tsan_store(&FIPS_state, FIPS_STATE_SELFTEST);
}
#endif
@@ -168,7 +167,6 @@ DEP_INIT_ATTRIBUTE void init(void)
DEP_FINI_ATTRIBUTE void cleanup(void)
{
CRYPTO_THREAD_lock_free(self_test_lock);
- CRYPTO_THREAD_lock_free(fips_state_lock);
}
#endif
@@ -229,10 +227,7 @@ err:
static void set_fips_state(int state)
{
- if (ossl_assert(CRYPTO_THREAD_write_lock(fips_state_lock) != 0)) {
- FIPS_state = state;
- CRYPTO_THREAD_unlock(fips_state_lock);
- }
+ tsan_store(&FIPS_state, state);
}
/* This API is triggered either on loading of the FIPS module or on demand */
@@ -250,10 +245,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (!RUN_ONCE(&fips_self_test_init, do_fips_self_test_init))
return 0;
- if (!CRYPTO_THREAD_read_lock(fips_state_lock))
- return 0;
- loclstate = FIPS_state;
- CRYPTO_THREAD_unlock(fips_state_lock);
+ loclstate = tsan_load(&FIPS_state);
if (loclstate == FIPS_STATE_RUNNING) {
if (!on_demand_test)
@@ -265,24 +257,17 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
if (!CRYPTO_THREAD_write_lock(self_test_lock))
return 0;
- if (!CRYPTO_THREAD_read_lock(fips_state_lock)) {
- CRYPTO_THREAD_unlock(self_test_lock);
- return 0;
- }
- if (FIPS_state == FIPS_STATE_RUNNING) {
- CRYPTO_THREAD_unlock(fips_state_lock);
+ loclstate = tsan_load(&FIPS_state);
+ if (loclstate == FIPS_STATE_RUNNING) {
if (!on_demand_test) {
CRYPTO_THREAD_unlock(self_test_lock);
return 1;
}
set_fips_state(FIPS_STATE_SELFTEST);
- } else if (FIPS_state != FIPS_STATE_SELFTEST) {
- CRYPTO_THREAD_unlock(fips_state_lock);
+ } else if (loclstate != FIPS_STATE_SELFTEST) {
CRYPTO_THREAD_unlock(self_test_lock);
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_STATE);
return 0;
- } else {
- CRYPTO_THREAD_unlock(fips_state_lock);
}
if (st == NULL
@@ -393,20 +378,13 @@ void ossl_set_error_state(const char *type)
int ossl_prov_is_running(void)
{
- int res;
- static unsigned int rate_limit = 0;
+ int res, loclstate;
+ static TSAN_QUALIFIER unsigned int rate_limit = 0;
- if (!CRYPTO_THREAD_read_lock(fips_state_lock))
- return 0;
- res = FIPS_state == FIPS_STATE_RUNNING
- || FIPS_state == FIPS_STATE_SELFTEST;
- if (FIPS_state == FIPS_STATE_ERROR) {
- CRYPTO_THREAD_unlock(fips_state_lock);
- if (!CRYPTO_THREAD_write_lock(fips_state_lock))
- return 0;
- if (rate_limit++ < FIPS_ERROR_REPORTING_RATE_LIMIT)
+ loclstate = tsan_load(&FIPS_state);
+ res = loclstate == FIPS_STATE_RUNNING || loclstate == FIPS_STATE_SELFTEST;
+ if (loclstate == FIPS_STATE_ERROR)
+ if (tsan_counter(&rate_limit) < FIPS_ERROR_REPORTING_RATE_LIMIT)
ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_IN_ERROR_STATE);
- }
- CRYPTO_THREAD_unlock(fips_state_lock);
return res;
}
diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c
index 45010b90db2a..bdc896e8f7e4 100644
--- a/providers/implementations/ciphers/cipher_aes_siv.c
+++ b/providers/implementations/ciphers/cipher_aes_siv.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
if (!ossl_prov_is_running())
return 0;
- if (inl == 0) {
- *outl = 0;
- return 1;
- }
+ /* Ignore just empty encryption/decryption call and not AAD. */
+ if (out != NULL) {
+ if (inl == 0) {
+ if (outl != NULL)
+ *outl = 0;
+ return 1;
+ }
- if (outsize < inl) {
- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
- return 0;
+ if (outsize < inl) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
}
if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.h b/providers/implementations/ciphers/cipher_rc4_hmac_md5.h
index 1697aabbf39b..4a1d154a7ceb 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.h
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -31,3 +31,6 @@ typedef struct prov_cipher_hw_rc4_hmac_md5_st {
} PROV_CIPHER_HW_RC4_HMAC_MD5;
const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc4_hmac_md5(size_t keybits);
+
+void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out,
+ MD5_CTX *ctx, const void *inp, size_t blocks);
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 6d6312659bea..bb8b2ab8625a 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -612,9 +612,9 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name)
* Last, check that the rest of the extension is a decimal number, at
* least one digit long.
*/
- if (!isdigit(*p))
+ if (!isdigit((unsigned char)*p))
return 0;
- while (isdigit(*p))
+ while (isdigit((unsigned char)*p))
p++;
#ifdef __VMS
@@ -623,7 +623,7 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name)
*/
if (*p == ';')
for (p++; *p != '\0'; p++)
- if (!ossl_isdigit(*p))
+ if (!ossl_isdigit((unsigned char)*p))
break;
#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 01:06:50 +0000