Browse Source

Merge branch 'master' of https://github.com/openssl/openssl

master
David Lanzendörfer 4 weeks ago
parent
commit
ca675cf79a
35 changed files with 528 additions and 186 deletions
  1. +76
    -54
      CHANGES.md
  2. +11
    -1
      Configurations/50-nonstop.conf
  3. +2
    -1
      Configurations/descrip.mms.tmpl
  4. +1
    -1
      Configurations/shared-info.pl
  5. +1
    -0
      NEWS.md
  6. +7
    -1
      NOTES-NONSTOP.md
  7. +1
    -0
      apps/ciphers.c
  8. +1
    -1
      apps/cms.c
  9. +1
    -1
      apps/include/apps.h
  10. +3
    -5
      apps/lib/apps.c
  11. +2
    -1
      apps/lib/s_cb.c
  12. +23
    -28
      apps/req.c
  13. +13
    -8
      apps/x509.c
  14. +6
    -2
      crypto/asn1/evp_asn1.c
  15. +1
    -0
      crypto/cms/cms_env.c
  16. +1
    -0
      crypto/err/openssl.txt
  17. +27
    -8
      crypto/evp/m_sigver.c
  18. +72
    -34
      crypto/provider_conf.c
  19. +1
    -1
      crypto/sm2/sm2_crypt.c
  20. +1
    -0
      crypto/ts/ts_verify_ctx.c
  21. +10
    -0
      doc/man1/openssl-pkeyutl.pod.in
  22. +17
    -14
      doc/man1/openssl-req.pod.in
  23. +12
    -0
      doc/man7/migration_guide.pod
  24. +10
    -0
      include/crypto/rand.h
  25. +4
    -3
      include/crypto/x509.h
  26. +1
    -0
      include/openssl/proverr.h
  27. +2
    -0
      providers/common/provider_err.c
  28. +21
    -7
      providers/implementations/ciphers/cipher_aes_wrp.c
  29. +1
    -5
      providers/implementations/rands/seeding/rand_unix.c
  30. +1
    -1
      ssl/record/ssl3_record.c
  31. +5
    -1
      test/build.info
  32. +75
    -0
      test/destest.c
  33. +25
    -8
      test/evp_extra_test.c
  34. +61
    -0
      test/prov_config_test.c
  35. +32
    -0
      test/recipes/30-test_prov_config.t

+ 76
- 54
CHANGES.md View File

@ -30,6 +30,17 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
* Due to move of the implementation of cryptographic operations
to the providers, validation of various operation parameters can
be postponed until the actual operation is executed where previously
it happened immediately when an operation parameter was set.
For example when setting an unsupported curve with
EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not
fail but later keygen operations with the EVP_PKEY_CTX will fail.
*OpenSSL team members and many third party contributors*
* On build targets where the multilib postfix is set in the build
configuration the libdir directory was changing based on whether
the lib directory with the multilib postfix exists on the system
@ -40,6 +51,11 @@ breaking changes, and mappings for the large list of deprecated functions.
*Jan Lána*
* The triple DES key wrap functionality now conforms to RFC 3217 but is
no longer interoperable with OpenSSL 1.1.1.
*Paul Dale*
* The ERR_GET_FUNC() function was removed. With the loss of meaningful
function codes, this function can only cause problems for calling
applications.
@ -1362,66 +1378,72 @@ OpenSSL 1.1.1
* Fixed an SM2 Decryption Buffer Overflow.
In order to decrypt SM2 encrypted data an application is expected to call the
API function EVP_PKEY_decrypt(). Typically an application will call this
function twice. The first time, on entry, the "out" parameter can be NULL and,
on exit, the "outlen" parameter is populated with the buffer size required to
hold the decrypted plaintext. The application can then allocate a sufficiently
sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
value for the "out" parameter.
In order to decrypt SM2 encrypted data an application is expected to
call the API function EVP_PKEY_decrypt(). Typically an application will
call this function twice. The first time, on entry, the "out" parameter
can be NULL and, on exit, the "outlen" parameter is populated with the
buffer size required to hold the decrypted plaintext. The application
can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt()
again, but this time passing a non-NULL value for the "out" parameter.
A bug in the implementation of the SM2 decryption code means that the
calculation of the buffer size required to hold the plaintext returned by the
first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
called by the application a second time with a buffer that is too small.
A malicious attacker who is able present SM2 content for decryption to an
application could cause attacker chosen data to overflow the buffer by up to a
maximum of 62 bytes altering the contents of other data held after the
buffer, possibly changing application behaviour or causing the application to
crash. The location of the buffer is application dependent but is typically
heap allocated.
calculation of the buffer size required to hold the plaintext returned
by the first call to EVP_PKEY_decrypt() can be smaller than the actual
size required by the second call. This can lead to a buffer overflow
when EVP_PKEY_decrypt() is called by the application a second time with
a buffer that is too small.
A malicious attacker who is able present SM2 content for decryption to
an application could cause attacker chosen data to overflow the buffer
by up to a maximum of 62 bytes altering the contents of other data held
after the buffer, possibly changing application behaviour or causing
the application to crash. The location of the buffer is application
dependent but is typically heap allocated.
([CVE-2021-3711])
*Matt Caswell*
* Fixed various read buffer overruns processing ASN.1 strings
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
structure which contains a buffer holding the string data and a field holding
the buffer length. This contrasts with normal C strings which are repesented as
a buffer for the string data which is terminated with a NUL (0) byte.
Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
own "d2i" functions (and other similar parsing functions) as well as any string
whose value has been set with the ASN1_STRING_set() function will additionally
NUL terminate the byte array in the ASN1_STRING structure.
However, it is possible for applications to directly construct valid ASN1_STRING
structures which do not NUL terminate the byte array by directly setting the
"data" and "length" fields in the ASN1_STRING array. This can also happen by
using the ASN1_STRING_set0() function.
Numerous OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur.
The same thing can also occur during name constraints processing of certificates
(for example if a certificate has been directly constructed by the application
instead of loading it via the OpenSSL parsing functions, and the certificate
contains non NUL terminated ASN1_STRING structures). It can also occur in the
X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
If a malicious actor can cause an application to directly construct an
ASN1_STRING and then process it through one of the affected OpenSSL functions
then this issue could be hit. This might result in a crash (causing a Denial of
Service attack). It could also result in the disclosure of private memory
contents (such as private keys, or sensitive plaintext).
([CVE-2021-3712])
* Fixed various read buffer overruns processing ASN.1 strings
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
structure which contains a buffer holding the string data and a field
holding the buffer length. This contrasts with normal C strings which
are repesented as a buffer for the string data which is terminated
with a NUL (0) byte.
Although not a strict requirement, ASN.1 strings that are parsed using
OpenSSL's own "d2i" functions (and other similar parsing functions) as
well as any string whose value has been set with the ASN1_STRING_set()
function will additionally NUL terminate the byte array in the
ASN1_STRING structure.
However, it is possible for applications to directly construct valid
ASN1_STRING structures which do not NUL terminate the byte array by
directly setting the "data" and "length" fields in the ASN1_STRING
array. This can also happen by using the ASN1_STRING_set0() function.
Numerous OpenSSL functions that print ASN.1 data have been found to
assume that the ASN1_STRING byte array will be NUL terminated, even
though this is not guaranteed for strings that have been directly
constructed. Where an application requests an ASN.1 structure to be
printed, and where that ASN.1 structure contains ASN1_STRINGs that have
been directly constructed by the application without NUL terminating
the "data" field, then a read buffer overrun can occur.
The same thing can also occur during name constraints processing
of certificates (for example if a certificate has been directly
constructed by the application instead of loading it via the OpenSSL
parsing functions, and the certificate contains non NUL terminated
ASN1_STRING structures). It can also occur in the X509_get1_email(),
X509_REQ_get1_email() and X509_get1_ocsp() functions.
If a malicious actor can cause an application to directly construct an
ASN1_STRING and then process it through one of the affected OpenSSL
functions then this issue could be hit. This might result in a crash
(causing a Denial of Service attack). It could also result in the
disclosure of private memory contents (such as private keys, or
sensitive plaintext).
([CVE-2021-3712])
*Matt Caswell*


+ 11
- 1
Configurations/50-nonstop.conf View File

@ -203,12 +203,14 @@
'nonstop-ilp32',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '-put',
},
'nonstop-nsx_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64' ],
multilib => '64',
disable => ['threads'],
},
'nonstop-nsx_64_put' => {
@ -217,13 +219,15 @@
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '64-put',
},
'nonstop-nsx_spt' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64',
'nonstop-model-spt' ],
multilib => '-spt',
},
'nonstop-nsx_spt_floss' => {
inherit_from => [ 'nonstop-common',
@ -232,6 +236,7 @@
'nonstop-efloat-x86_64',
'nonstop-model-floss',
'nonstop-model-spt'],
multilib => '-spt',
},
'nonstop-nsx_g' => {
inherit_from => [ 'nonstop-common',
@ -261,12 +266,14 @@
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '-put',
},
'nonstop-nse_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium' ],
multilib => '64',
disable => ['threads'],
},
'nonstop-nse_64_put' => {
@ -275,6 +282,7 @@
'nonstop-lp64-itanium',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '64-put',
},
'nonstop-nse_spt' => {
inherit_from => [ 'nonstop-common',
@ -282,6 +290,7 @@
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-spt' ],
multilib => '-spt',
},
'nonstop-nse_spt_floss' => {
inherit_from => [ 'nonstop-common',
@ -289,6 +298,7 @@
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-floss', 'nonstop-model-spt' ],
multilib => '-spt',
},
'nonstop-nse_g' => {
inherit_from => [ 'nonstop-common',


+ 2
- 1
Configurations/descrip.mms.tmpl View File

@ -886,9 +886,10 @@ EOF
my $title = basename($args{src}, ".html");
my $pod = $gen0;
my $mkpod2html = sourcefile('util', 'mkpod2html.pl');
my $srcdoc = sourcedir('doc');
return <<"EOF";
$args{src} : $pod
\$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "\$(SRCDIR)/doc"
\$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "$srcdoc"
EOF
} elsif ($args{src} =~ /\.(\d)$/) {
#


+ 1
- 1
Configurations/shared-info.pl View File

@ -46,7 +46,7 @@ my %shared_info;
'darwin-shared' => {
module_ldflags => '-bundle',
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
shared_sonameflag => '-install_name $(INSTALLTOP)/$(LIBDIR)/',
shared_sonameflag => '-install_name $(libdir)/',
},
'cygwin-shared' => {
shared_ldflag => '-shared -Wl,--enable-auto-image-base',


+ 1
- 0
NEWS.md View File

@ -90,6 +90,7 @@ OpenSSL 1.1.1
-------------
### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
* Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711])
* Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712])


+ 7
- 1
NOTES-NONSTOP.md View File

@ -56,8 +56,14 @@ options, and keeping your memory and float options consistent, for example:
* For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl`
* For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl`
As of 3.0, the NonStop configurations use the multilib attribute to distinguish
between different models:
* For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl`
* For 3.0 PUT `--prefix=/usr/local-ssl3.0_put --openssldir=/usr/local-ssl3.0_put/ssl`
The PUT model is placed in `${prefix}/lib-put` for 32-bit models and
`${prefix}/lib64-put` for 64-bit models.
Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate
directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the


+ 1
- 0
apps/ciphers.c View File

@ -183,6 +183,7 @@ int ciphers_main(int argc, char **argv)
if (convert != NULL) {
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
OPENSSL_cipher_name(convert));
ret = 0;
goto end;
}


+ 1
- 1
apps/cms.c View File

@ -680,7 +680,7 @@ int cms_main(int argc, char **argv)
goto end;
break;
case OPT_WRAP:
wrapname = opt_unknown();
wrapname = opt_arg();
break;
case OPT_AES128_WRAP:
case OPT_AES192_WRAP:


+ 1
- 1
apps/include/apps.h View File

@ -94,7 +94,7 @@ typedef struct args_st {
int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data);
int chopup_args(ARGS *arg, char *buf);
int dump_cert_text(BIO *out, X509 *x);
void dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, const X509_NAME *nm);
void print_bignum_var(BIO *, const BIGNUM *, const char*,
int, unsigned char *);


+ 3
- 5
apps/lib/apps.c View File

@ -200,14 +200,10 @@ unsigned long get_nameopt(void)
return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
}
int dump_cert_text(BIO *out, X509 *x)
void dump_cert_text(BIO *out, X509 *x)
{
print_name(out, "subject=", X509_get_subject_name(x));
BIO_puts(out, "\n");
print_name(out, "issuer=", X509_get_issuer_name(x));
BIO_puts(out, "\n");
return 0;
}
int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata)
@ -1289,6 +1285,8 @@ void print_name(BIO *out, const char *title, const X509_NAME *nm)
int indent = 0;
unsigned long lflags = get_nameopt();
if (out == NULL)
return;
if (title != NULL)
BIO_puts(out, title);
if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {


+ 2
- 1
apps/lib/s_cb.c View File

@ -823,7 +823,8 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
size_t temp = 0;
int res = generate_stateless_cookie_callback(ssl, cookie, &temp);
*cookie_len = (unsigned int)temp;
if (res != 0)
*cookie_len = (unsigned int)temp;
return res;
}


+ 23
- 28
apps/req.c View File

@ -116,10 +116,10 @@ const OPTIONS req_options[] = {
{"reqopt", OPT_REQOPT, 's', "Various request text options"},
{"text", OPT_TEXT, '-', "Text form of request"},
{"x509", OPT_X509, '-',
"Output an x509 structure instead of a cert request"},
{"CA", OPT_CA, '<', "Issuer certificate to use with -x509"},
"Output an X.509 certificate structure instead of a cert request"},
{"CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509"},
{"CAkey", OPT_CAKEY, 's',
"Issuer private key to use with -x509; default is -CA arg"},
"Issuer private key to use with -CA; default is -CA arg"},
{OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
{"subj", OPT_SUBJ, 's', "Set or modify subject of request or cert"},
{"subject", OPT_SUBJECT, '-',
@ -139,7 +139,7 @@ const OPTIONS req_options[] = {
{"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"},
OPT_SECTION("Keys and Signing"),
{"key", OPT_KEY, 's', "Private key to use"},
{"key", OPT_KEY, 's', "Key to include and to use for self-signature"},
{"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
{"pubkey", OPT_PUBKEY, '-', "Output public key"},
{"keyout", OPT_KEYOUT, '>', "File to write private key to"},
@ -406,6 +406,7 @@ int req_main(int argc, char **argv)
break;
case OPT_CA:
CAfile = opt_arg();
gen_x509 = 1;
break;
case OPT_CAKEY:
CAkeyfile = opt_arg();
@ -630,7 +631,6 @@ int req_main(int argc, char **argv)
goto end;
app_RAND_load_conf(req_conf, section);
}
if (newreq && pkey == NULL) {
app_RAND_load_conf(req_conf, section);
@ -755,28 +755,21 @@ int req_main(int argc, char **argv)
"Ignoring -CAkey option since no -CA option is given\n");
} else {
if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF,
0, passin, e, "issuer private key")) == NULL)
0, passin, e,
CAkeyfile != CAfile
? "issuer private key from -CAkey arg"
: "issuer private key from -CA arg")) == NULL)
goto end;
}
}
if (CAfile != NULL) {
if (!gen_x509) {
if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
"issuer cert from -CA arg")) == NULL)
goto end;
if (!X509_check_private_key(CAcert, CAkey)) {
BIO_printf(bio_err,
"Warning: Ignoring -CA option without -x509\n");
} else {
if (CAkeyfile == NULL) {
BIO_printf(bio_err,
"Need to give the -CAkey option if using -CA\n");
goto end;
}
if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
"issuer certificate")) == NULL)
goto end;
if (!X509_check_private_key(CAcert, CAkey)) {
BIO_printf(bio_err,
"Issuer certificate and key do not match\n");
goto end;
}
"Issuer CA certificate and key do not match\n");
goto end;
}
}
if (newreq || gen_x509) {
@ -798,6 +791,7 @@ int req_main(int argc, char **argv)
}
if (gen_x509) {
EVP_PKEY *pub_key = X509_REQ_get0_pubkey(req);
EVP_PKEY *issuer_key = CAcert != NULL ? CAkey : pkey;
X509V3_CTX ext_ctx;
X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) :
X509_REQ_get_subject_name(req);
@ -828,7 +822,8 @@ int req_main(int argc, char **argv)
if (!pub_key || !X509_set_pubkey(new_x509, pub_key))
goto end;
if (ext_copy == EXT_COPY_UNSET) {
BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n");
if (infile != NULL)
BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n");
} else if (!copy_extensions(new_x509, req, ext_copy)) {
BIO_printf(bio_err, "Error copying extensions from request\n");
goto end;
@ -837,11 +832,12 @@ int req_main(int argc, char **argv)
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509,
new_x509, NULL, NULL, X509V3_CTX_REPLACE);
if (CAcert == NULL) { /* self-issued, possibly self-signed */
if (!X509V3_set_issuer_pkey(&ext_ctx, pkey)) /* prepare right AKID */
/* prepare fallback for AKID, but only if issuer cert == new_x509 */
if (CAcert == NULL) {
if (!X509V3_set_issuer_pkey(&ext_ctx, issuer_key))
goto end;
ERR_set_mark();
if (!X509_check_private_key(new_x509, pkey))
if (!X509_check_private_key(new_x509, issuer_key))
BIO_printf(bio_err,
"Warning: Signature key and public key of cert do not match\n");
ERR_pop_to_mark();
@ -872,8 +868,7 @@ int req_main(int argc, char **argv)
}
}
i = do_X509_sign(new_x509, CAcert != NULL ? CAkey : pkey,
digest, sigopts, &ext_ctx);
i = do_X509_sign(new_x509, issuer_key, digest, sigopts, &ext_ctx);
if (!i)
goto end;
} else {


+ 13
- 8
apps/x509.c View File

@ -190,9 +190,7 @@ static void warn_copying(ASN1_OBJECT *excluded, const char *names)
sn);
}
static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest,
STACK_OF(OPENSSL_STRING) *sigopts,
int ext_copy, const char *names)
static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names)
{
const STACK_OF(X509_EXTENSION) *cert_exts = X509_get0_extensions(cert);
int i, n = sk_X509_EXTENSION_num(cert_exts /* may be NULL */);
@ -228,8 +226,6 @@ static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest,
goto err;
}
}
if (!do_X509_REQ_sign(req, pkey, digest, sigopts))
goto err;
sk_X509_EXTENSION_free(exts);
return req;
@ -804,7 +800,7 @@ int x509_main(int argc, char **argv)
}
X509V3_set_ctx(&ext_ctx, issuer_cert, x, req, NULL, X509V3_CTX_REPLACE);
if (extconf != NULL) {
if (extconf != NULL && !x509toreq) {
X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) {
BIO_printf(bio_err,
@ -830,8 +826,17 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Must not use -clrext together with -copy_extensions\n");
goto end;
}
if ((rq = x509_to_req(x, privkey, digest, sigopts,
ext_copy, ext_names)) == NULL)
if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
goto end;
if (extconf != NULL) {
X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
BIO_printf(bio_err,
"Error adding request extensions from section %s\n", extsect);
goto end;
}
}
if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
goto end;
if (!noout) {
if (outformat == FORMAT_ASN1) {


+ 6
- 2
crypto/asn1/evp_asn1.c View File

@ -27,7 +27,10 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
return 1;
}
/* int max_len: for returned value */
/* int max_len: for returned value
* if passing NULL in data, nothing is copied but the necessary length
* for it is returned.
*/
int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
{
int ret, num;
@ -43,7 +46,8 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l
num = ret;
else
num = max_len;
memcpy(data, p, num);
if (num > 0 && data != NULL)
memcpy(data, p, num);
return ret;
}


+ 1
- 0
crypto/cms/cms_env.c View File

@ -951,6 +951,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
}
ukeylen += outlen;
OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = ukey;
ec->keylen = ukeylen;


+ 1
- 0
crypto/err/openssl.txt View File

@ -992,6 +992,7 @@ PROV_R_INVALID_DATA:115:invalid data
PROV_R_INVALID_DIGEST:122:invalid digest
PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length
PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size
PROV_R_INVALID_INPUT_LENGTH:230:invalid input length
PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count
PROV_R_INVALID_IV_LENGTH:109:invalid iv length
PROV_R_INVALID_KEY:158:invalid key


+ 27
- 8
crypto/evp/m_sigver.c View File

@ -400,7 +400,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
int sctx = 0, r = 0;
EVP_PKEY_CTX *pctx = ctx->pctx;
EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
@ -408,8 +408,19 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|| pctx->op.sig.signature == NULL)
goto legacy;
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen, SIZE_MAX);
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen,
SIZE_MAX);
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
sigret, siglen,
SIZE_MAX);
EVP_PKEY_CTX_free(dctx);
return r;
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
@ -429,8 +440,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
else {
EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(pctx);
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
@ -516,7 +526,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
int r = 0;
unsigned int mdlen = 0;
int vctx = 0;
EVP_PKEY_CTX *pctx = ctx->pctx;
EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
@ -524,8 +534,17 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|| pctx->op.sig.signature == NULL)
goto legacy;
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
sig, siglen);
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
sig, siglen);
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
sig, siglen);
EVP_PKEY_CTX_free(dctx);
return r;
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {


+ 72
- 34
crypto/provider_conf.c View File

@ -12,6 +12,7 @@
#include <openssl/err.h>
#include <openssl/conf.h>
#include <openssl/safestack.h>
#include <openssl/provider.h>
#include "internal/provider.h"
#include "internal/cryptlib.h"
#include "provider_local.h"
@ -21,6 +22,7 @@ DEFINE_STACK_OF(OSSL_PROVIDER)
/* PROVIDER config module */
typedef struct {
CRYPTO_RWLOCK *lock;
STACK_OF(OSSL_PROVIDER) *activated_providers;
} PROVIDER_CONF_GLOBAL;
@ -31,6 +33,12 @@ static void *prov_conf_ossl_ctx_new(OSSL_LIB_CTX *libctx)
if (pcgbl == NULL)
return NULL;
pcgbl->lock = CRYPTO_THREAD_lock_new();
if (pcgbl->lock == NULL) {
OPENSSL_free(pcgbl);
return NULL;
}
return pcgbl;
}
@ -42,6 +50,7 @@ static void prov_conf_ossl_ctx_free(void *vpcgbl)
ossl_provider_free);
OSSL_TRACE(CONF, "Cleaned up providers\n");
CRYPTO_THREAD_lock_free(pcgbl->lock);
OPENSSL_free(pcgbl);
}
@ -107,6 +116,26 @@ static int provider_conf_params(OSSL_PROVIDER *prov,
return ok;
}
static int prov_already_activated(const char *name,
STACK_OF(OSSL_PROVIDER) *activated)
{
int i, max;
if (activated == NULL)
return 0;
max = sk_OSSL_PROVIDER_num(activated);
for (i = 0; i < max; i++) {
OSSL_PROVIDER *tstprov = sk_OSSL_PROVIDER_value(activated, i);
if (strcmp(OSSL_PROVIDER_get0_name(tstprov), name) == 0) {
return 1;
}
}
return 0;
}
static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
const char *value, const CONF *cnf)
{
@ -156,46 +185,55 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
}
if (activate) {
/*
* There is an attempt to activate a provider, so we should disable
* loading of fallbacks. Otherwise a misconfiguration could mean the
* intended provider does not get loaded. Subsequent fetches could then
* fallback to the default provider - which may be the wrong thing.
*/
if (!ossl_provider_disable_fallback_loading(libctx)) {
if (!CRYPTO_THREAD_write_lock(pcgbl->lock)) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
return 0;
}
prov = ossl_provider_find(libctx, name, 1);
if (prov == NULL)
prov = ossl_provider_new(libctx, name, NULL, 1);
if (prov == NULL) {
if (soft)
ERR_clear_error();
return 0;
}
if (path != NULL)
ossl_provider_set_module_path(prov, path);
ok = provider_conf_params(prov, NULL, NULL, value, cnf);
if (!prov_already_activated(name, pcgbl->activated_providers)) {
/*
* There is an attempt to activate a provider, so we should disable
* loading of fallbacks. Otherwise a misconfiguration could mean the
* intended provider does not get loaded. Subsequent fetches could
* then fallback to the default provider - which may be the wrong
* thing.
*/
if (!ossl_provider_disable_fallback_loading(libctx)) {
CRYPTO_THREAD_unlock(pcgbl->lock);
ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
return 0;
}
prov = ossl_provider_find(libctx, name, 1);
if (prov == NULL)
prov = ossl_provider_new(libctx, name, NULL, 1);
if (prov == NULL) {
CRYPTO_THREAD_unlock(pcgbl->lock);
if (soft)
ERR_clear_error();
return 0;
}
if (ok) {
if (!ossl_provider_activate(prov, 1, 0)) {
ok = 0;
} else if (!ossl_provider_add_to_store(prov, &actual, 0)) {
ossl_provider_deactivate(prov);
ok = 0;
} else {
if (pcgbl->activated_providers == NULL)
pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null();
sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual);
ok = 1;
if (path != NULL)
ossl_provider_set_module_path(prov, path);
ok = provider_conf_params(prov, NULL, NULL, value, cnf);
if (ok) {
if (!ossl_provider_activate(prov, 1, 0)) {
ok = 0;
} else if (!ossl_provider_add_to_store(prov, &actual, 0)) {
ossl_provider_deactivate(prov);
ok = 0;
} else {
if (pcgbl->activated_providers == NULL)
pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null();
sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual);
ok = 1;
}
}
if (!ok)
ossl_provider_free(prov);
}
if (!ok)
ossl_provider_free(prov);
CRYPTO_THREAD_unlock(pcgbl->lock);
} else {
OSSL_PROVIDER_INFO entry;


+ 1
- 1
crypto/sm2/sm2_crypt.c View File

@ -313,7 +313,7 @@ int ossl_sm2_decrypt(const EC_KEY *key,
C3 = sm2_ctext->C3->data;
msg_len = sm2_ctext->C2->length;
if (*ptext_len < (size_t)msg_len) {
SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
ERR_raise(ERR_LIB_SM2, SM2_R_BUFFER_TOO_SMALL);
goto done;
}


+ 1
- 0
crypto/ts/ts_verify_ctx.c View File

@ -70,6 +70,7 @@ STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
unsigned char *hexstr, long len)
{
OPENSSL_free(ctx->imprint);
ctx->imprint = hexstr;
ctx->imprint_len = len;
return ctx->imprint;


+ 10
- 0
doc/man1/openssl-pkeyutl.pod.in View File

@ -262,6 +262,11 @@ B<PSS> block structure.
For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
explicitly set in PSS mode then the signing digest is used.
=item B<rsa_oaep_md:>I<digest>
Sets the digest used for the OAEP hash function. If not explicitly set then
SHA1 is used.
=back
=head1 RSA-PSS ALGORITHM
@ -391,6 +396,11 @@ Verify some data using an L<SM2(7)> certificate and a specific ID:
openssl pkeyutl -verify -certin -in file -inkey sm2.cert -sigfile sig \
-rawin -digest sm3 -pkeyopt distid:someid
Decrypt some data using a private key with OAEP padding using SHA256:
openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \
-pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
=head1 SEE ALSO
L<openssl(1)>,


+ 17
- 14
doc/man1/openssl-req.pod.in View File

@ -103,7 +103,7 @@ which supports both options for good reasons.
=item B<-passin> I<arg>
The password source for the request input file and the certificate input.
The password source for private key and certificate input.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
@ -124,7 +124,7 @@ Prints out the certificate request in text form.
=item B<-subject>
Prints out the certificate request subject
(or certificate subject if B<-x509> is specified).
(or certificate subject if B<-x509> is in use).
=item B<-pubkey>
@ -193,8 +193,8 @@ See L<openssl-genpkey(1)/KEY GENERATION OPTIONS> for more details.
=item B<-key> I<filename>|I<uri>
This specifies the private key to use for request self-signature
and signing certificates produced using the B<-x509> option.
This specifies the key to include and to use for request self-signature
and for self-signing certificates produced with the B<-x509> option.
It also accepts PKCS#8 format private keys for PEM format files.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
@ -266,6 +266,7 @@ This option has been deprecated and has no effect.
This option outputs a certificate instead of a certificate request.
This is typically used to generate test certificates.
It is implied by the B<-CA> option.
If an existing request is specified with the B<-in> option, it is converted
to the a certificate; otherwise a request is created from scratch.
@ -281,7 +282,8 @@ or using the B<-addext> option.
=item B<-CA> I<filename>|I<uri>
Specifies the "CA" certificate to be used for signing with the B<-x509> option.
Specifies the "CA" certificate to be used for signing a new certificate
and implies use of B<-x509>.
When present, this behaves like a "micro CA" as follows:
The subject name of the "CA" certificate is placed as issuer name in the new
certificate, which is then signed using the "CA" key given as specified below.
@ -294,7 +296,7 @@ If this option is not provided then the key must be present in the B<-CA> input.
=item B<-days> I<n>
When the B<-x509> option is being used this specifies the number of
When B<-x509> is in use this specifies the number of
days to certify the certificate for, otherwise it is ignored. I<n> should
be a positive integer. The default is 30 days.
@ -307,7 +309,7 @@ If not given, a large random number will be used.
=item B<-copy_extensions> I<arg>
Determines how X.509 extensions in certificate requests should be handled
when B<-x509> is given.
when B<-x509> is in use.
If I<arg> is B<none> or this option is not present then extensions are ignored.
If I<arg> is B<copy> or B<copyall> then
all extensions in the request are copied to the certificate.
@ -317,8 +319,8 @@ values for certain extensions such as subjectAltName.
=item B<-addext> I<ext>
Add a specific extension to the certificate (if the B<-x509> option is
present) or certificate request. The argument must have the form of
Add a specific extension to the certificate (if B<-x509> is in use)
or certificate request. The argument must have the form of
a key=value pair as it would appear in a config file.
This option can be given multiple times.
@ -328,8 +330,8 @@ This option can be given multiple times.
=item B<-reqexts> I<section>
These options specify alternative sections to include certificate
extensions (if the B<-x509> option is present) or certificate
request extensions. This allows several different sections to
extensions (if B<-x509> is in use) or certificate request extensions.
This allows several different sections to
be used in the same configuration file to specify requests for
a variety of purposes.
@ -399,7 +401,8 @@ The options available are described in detail below.
=over 4
=item B<input_password output_password>
=item B<input_password>
=item B<output_password>
The passwords for the input private key file (if present) and
the output private key file (if one will be created). The
@ -479,8 +482,8 @@ extension section format.
=item B<x509_extensions>
This specifies the configuration file section containing a list of
extensions to add to certificate generated when the B<-x509> switch
is used. It can be overridden by the B<-extensions> command line switch.
extensions to add to certificate generated when B<-x509> is in use.
It can be overridden by the B<-extensions> command line switch.
=item B<prompt>


+ 12
- 0
doc/man7/migration_guide.pod View File

@ -440,6 +440,18 @@ If using a cipher from a provider the B<EVP_CIPH_FLAG_LENGTH_BITS> flag can only
be set B<after> the cipher has been assigned to the cipher context.
See L<EVP_EncryptInit(3)/FLAGS> for more information.
=head4 Validation of operation context parameters
Due to move of the implementation of cryptographic operations to the
providers, validation of various operation parameters can be postponed until
the actual operation is executed where previously it happened immediately
when an operation parameter was set.
For example when setting an unsupported curve with
EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail
but later keygen operations with the EVP_PKEY_CTX will fail.
=head2 Installation and Compilation
Please refer to the INSTALL.md file in the top of the distribution for


+ 10
- 0
include/crypto/rand.h View File

@ -22,6 +22,16 @@
# include <openssl/rand.h>
# include "crypto/rand_pool.h"
# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
# include <Availability.h>
# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \
(defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
# define OPENSSL_APPLE_CRYPTO_RANDOM 1
# include <CommonCrypto/CommonCryptoError.h>
# include <CommonCrypto/CommonRandom.h>
# endif
# endif
/*
* Defines related to seed sources
*/


+ 4
- 3
include/crypto/x509.h View File

@ -14,6 +14,7 @@
# include "internal/refcount.h"
# include <openssl/asn1.h>
# include <openssl/x509.h>
# include <openssl/conf.h>
# include "crypto/types.h"
/* Internal X509 structures and functions: not for application use */
@ -343,7 +344,7 @@ DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length);
int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp);
DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length);
int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp);
# endif
# endif /* OPENSSL_NO_DH */
# ifndef OPENSSL_NO_EC
ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a,
const unsigned char **pp, long length);
@ -357,10 +358,10 @@ int ossl_i2d_X25519_PUBKEY(const ECX_KEY *a, unsigned char **pp);
ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a,
const unsigned char **pp, long length);
int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp);
# endif
# endif /* OPENSSL_NO_EC */
EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp,
long length);
#endif
int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
size_t vallen, STACK_OF(CONF_VALUE) **extlist);
#endif /* OSSL_CRYPTO_X509_H */

+ 1
- 0
include/openssl/proverr.h View File

@ -59,6 +59,7 @@
# define PROV_R_INVALID_DIGEST 122
# define PROV_R_INVALID_DIGEST_LENGTH 166
# define PROV_R_INVALID_DIGEST_SIZE 218
# define PROV_R_INVALID_INPUT_LENGTH 230
# define PROV_R_INVALID_ITERATION_COUNT 123
# define PROV_R_INVALID_IV_LENGTH 109
# define PROV_R_INVALID_KEY 158


+ 2
- 0
providers/common/provider_err.c View File

@ -80,6 +80,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"invalid digest length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_SIZE),
"invalid digest size"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH),
"invalid input length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT),
"invalid iteration count"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"},


+ 21
- 7
providers/implementations/ciphers/cipher_aes_wrp.c View File

@ -152,16 +152,22 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
return 0;
/* Input length must always be non-zero */
if (inlen == 0)
if (inlen == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
return -1;
}
/* If decrypting need at least 16 bytes and multiple of 8 */
if (!ctx->enc && (inlen < 16 || inlen & 0x7))
if (!ctx->enc && (inlen < 16 || inlen & 0x7)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
return -1;
}
/* If not padding input must be multiple of 8 */
if (!pad && inlen & 0x7)
if (!pad && inlen & 0x7) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
return -1;
}
if (out == NULL) {
if (ctx->enc) {
@ -182,7 +188,15 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in,
inlen, ctx->block);
return rv ? (int)rv : -1;
if (!rv) {
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
return -1;
}
if (rv > INT_MAX) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
return -1;
}
return (int)rv;
}
static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl,
@ -212,12 +226,12 @@ static int aes_wrap_cipher(void *vctx,
if (outsize < inl) {
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return -1;
return 0;
}
len = aes_wrap_cipher_internal(ctx, out, in, inl);
if (len == 0)
return -1;
if (len <= 0)
return 0;
*outl = len;
return 1;


+ 1
- 5
providers/implementations/rands/seeding/rand_unix.c View File

@ -40,10 +40,6 @@
# include <sys/param.h>
# include <sys/random.h>
#endif
#if defined(__APPLE__)
# include <CommonCrypto/CommonCryptoError.h>
# include <CommonCrypto/CommonRandom.h>
#endif
#if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \
|| defined(__DJGPP__)
@ -370,7 +366,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
if (errno != ENOSYS)
return -1;
}
# elif defined(__APPLE__)
# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
return (ssize_t)buflen;


+ 1
- 1
ssl/record/ssl3_record.c View File

@ -1047,7 +1047,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
if (SSL_IS_DTLS(s)) {
/* DTLS does not support pipelining */
unsigned char dtlsseq[9], *p = dtlsseq;
unsigned char dtlsseq[8], *p = dtlsseq;
s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);


+ 5
- 1
test/build.info View File

@ -57,7 +57,7 @@ IF[{- !$disabled{tests} -}]
context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
bio_readbuffer_test user_property_test pkcs7_test upcallstest \
provfetchtest
provfetchtest prov_config_test
IF[{- !$disabled{'deprecated-3.0'} -}]
PROGRAMS{noinst}=enginetest
@ -176,6 +176,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[provfetchtest]=../include ../apps/include
DEPEND[provfetchtest]=../libcrypto.a libtestutil.a
SOURCE[prov_config_test]=prov_config_test.c
INCLUDE[prov_config_test]=../include ../apps/include
DEPEND[prov_config_test]=../libcrypto.a libtestutil.a
SOURCE[evp_pkey_provided_test]=evp_pkey_provided_test.c
INCLUDE[evp_pkey_provided_test]=../include ../apps/include
DEPEND[evp_pkey_provided_test]=../libcrypto.a libtestutil.a


+ 75
- 0
test/destest.c View File

@ -17,6 +17,7 @@
#include <string.h>
#include "testutil.h"
#include "internal/nelem.h"
#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
@ -697,6 +698,79 @@ static int test_des_quad_cksum(void)
return 0;
return 1;
}
/*
* Test TDES based key wrapping.
* The wrapping process uses a randomly generated IV so it is difficult to
* undertake KATs. End to end testing is performed instead.
*/
static const int test_des_key_wrap_sizes[] = {
8, 16, 24, 32, 64, 80
};
static int test_des_key_wrap(int idx)
{
int in_bytes = test_des_key_wrap_sizes[idx];
unsigned char in[100], c_txt[200], p_txt[200], key[24];
int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i;
EVP_CIPHER *cipher = NULL;
EVP_CIPHER_CTX *ctx = NULL;
int res = 0;
/* Some sanity checks and cipher loading */
if (!TEST_size_t_le(in_bytes, sizeof(in))
|| !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL))
|| !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8)
|| !TEST_size_t_eq(bs * 3u, sizeof(key))
|| !TEST_true(in_bytes % bs == 0)
|| !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
goto err;
/* Create random data to end to end test */
for (i = 0; i < in_bytes; i++)
in[i] = test_random();
/* Build the key */
memcpy(key, cbc_key, sizeof(cbc_key));
memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key));
memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key));
/* Wrap / encrypt the key */
clen_upd = sizeof(c_txt);
if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL))
|| !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd,
in, in_bytes)))
goto err;
expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs;
if (!TEST_int_eq(clen_upd, expect))
goto err;
clen_fin = sizeof(c_txt) - clen_upd;
if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin))
|| !TEST_int_eq(clen_fin, 0))
goto err;
clen = clen_upd + clen_fin;
/* Decrypt the wrapped key */
plen_upd = sizeof(p_txt);
if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL))
|| !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd,
c_txt, clen)))
goto err;
plen_fin = sizeof(p_txt) - plen_upd;
if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin)))
goto err;
plen = plen_upd + plen_fin;
if (!TEST_mem_eq(in, in_bytes, p_txt, plen))
goto err;
res = 1;
err:
EVP_CIPHER_free(cipher);
EVP_CIPHER_CTX_free(ctx);
return res;
}
#endif
int setup_tests(void)
@ -722,6 +796,7 @@ int setup_tests(void)
ADD_TEST(test_des_crypt);
ADD_ALL_TESTS(test_input_align, 4);
ADD_ALL_TESTS(test_output_align, 4);
ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes));
#endif
return 1;
}

+ 25
- 8
test/evp_extra_test.c View File

@ -1051,8 +1051,8 @@ static int test_EVP_DigestSignInit(int tst)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
unsigned char *sig = NULL;
size_t sig_len = 0;
unsigned char *sig = NULL, *sig2 = NULL;
size_t sig_len = 0, sig2_len = 0;
EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
BIO *mdbio = NULL, *membio = NULL;
@ -1115,17 +1115,17 @@ static int test_EVP_DigestSignInit(int tst)
|| !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
goto out;
if (tst >= 6) {
if (!TEST_int_gt(BIO_reset(mdbio), 0)
|| !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
goto out;
}
/*
* Ensure that the signature round-trips (Verification isn't supported for
* HMAC via EVP_DigestVerify*)
*/
if (tst != 2 && tst != 5 && tst != 8) {
if (tst >= 6) {
if (!TEST_int_gt(BIO_reset(mdbio), 0)
|| !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
goto out;
}
if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
NULL, pkey)))
goto out;
@ -1140,6 +1140,22 @@ static int test_EVP_DigestSignInit(int tst)
}
if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
goto out;
/* Multiple calls to EVP_DigestVerifyFinal should work */
if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
goto out;
} else {
/*
* For HMAC a doubled call to DigestSignFinal should produce the same
* value as finalization should not happen.
*/
if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
|| !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
|| !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
goto out;
if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
goto out;
}
ret = 1;
@ -1151,6 +1167,7 @@ static int test_EVP_DigestSignInit(int tst)
EVP_MD_CTX_free(a_md_ctx_verify);
EVP_PKEY_free(pkey);
OPENSSL_free(sig);
OPENSSL_free(sig2);
EVP_MD_free(mdexp);
return ret;


+ 61
- 0
test/prov_config_test.c View File

@ -0,0 +1,61 @@
/*
* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/evp.h>
#include "testutil.h"
static char *configfile = NULL;
/*
* Test to make sure there are no leaks or failures from loading the config
* file twice.
*/
static int test_double_config(void)
{
OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
int testresult = 0;
EVP_MD *sha256 = NULL;
if (!TEST_ptr(configfile))
return 0;
if (!TEST_ptr(ctx))
return 0;
if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile)))
return 0;
if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile)))
return 0;
/* Check we can actually fetch something */
sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
if (!TEST_ptr(sha256))
goto err;
testresult = 1;
err:
EVP_MD_free(sha256);
OSSL_LIB_CTX_free(ctx);
return testresult;
}
OPT_TEST_DECLARE_USAGE("configfile\n")
int setup_tests(void)
{
if (!test_skip_common_options()) {
TEST_error("Error parsing test options\n");
return 0;
}
if (!TEST_ptr(configfile = test_get_argument(0)))
return 0;
ADD_TEST(test_double_config);
return 1;
}

+ 32
- 0
test/recipes/30-test_prov_config.t View File

@ -0,0 +1,32 @@
#! /usr/bin/env perl
# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html