diff options
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/common/digest_to_nid.c | 1 | ||||
| -rw-r--r-- | providers/fips/fipsprov.c | 2 | ||||
| -rw-r--r-- | providers/fips/self_test_data.inc | 50 | ||||
| -rw-r--r-- | providers/implementations/ciphers/cipher_null.c | 2 | ||||
| -rw-r--r-- | providers/implementations/digests/sha3_prov.c | 19 | ||||
| -rw-r--r-- | providers/implementations/kdfs/hkdf.c | 6 | ||||
| -rw-r--r-- | providers/implementations/kdfs/pbkdf2.c | 4 | ||||
| -rw-r--r-- | providers/implementations/rands/seeding/rand_unix.c | 11 |
8 files changed, 52 insertions, 43 deletions
diff --git a/providers/common/digest_to_nid.c b/providers/common/digest_to_nid.c index 49af04ad2a..ff347bacd5 100644 --- a/providers/common/digest_to_nid.c +++ b/providers/common/digest_to_nid.c @@ -39,6 +39,7 @@ int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len) */ int ossl_digest_get_approved_nid(const EVP_MD *md) { + /* TODO: FIPS 180-5 RFC 8692 RFC 8702 allow SHAKE */ static const OSSL_ITEM name_to_nid[] = { { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 1f36ce6393..0174c6b33b 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -695,6 +695,8 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, } } + OPENSSL_cpuid_setup(); + /* Create a context. */ if ((*provctx = ossl_prov_ctx_new()) == NULL || (libctx = OSSL_LIB_CTX_new()) == NULL) diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index a637efe616..9a61246804 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -1451,14 +1451,14 @@ static const unsigned char ecd_prime_pub[] = { 0x82 }; static const unsigned char ecdsa_prime_expected_sig[] = { - 0x30, 0x3d, 0x02, 0x1d, 0x00, 0xd2, 0x4a, 0xc9, - 0x4f, 0xaf, 0xdb, 0x62, 0xfc, 0x41, 0x4a, 0x81, - 0x2a, 0x9f, 0xcf, 0xa3, 0xda, 0xfe, 0xa3, 0x49, - 0xbd, 0xea, 0xbf, 0x2a, 0x51, 0xb4, 0x0b, 0xc3, - 0xbc, 0x02, 0x1c, 0x7f, 0x30, 0xb7, 0xad, 0xab, - 0x09, 0x6e, 0x3c, 0xad, 0x7f, 0xf9, 0x5e, 0xaa, - 0xe2, 0x38, 0xe5, 0x29, 0x16, 0xc4, 0xc8, 0x77, - 0xa1, 0xf8, 0x60, 0x77, 0x39, 0x7a, 0xec + 0x30, 0x3d, 0x02, 0x1c, 0x48, 0x4f, 0x3c, 0x97, + 0x5b, 0xfa, 0x40, 0x6c, 0xdb, 0xd6, 0x70, 0xb5, + 0xbd, 0x2d, 0xd0, 0xc6, 0x22, 0x93, 0x5a, 0x88, + 0x56, 0xd0, 0xaf, 0x0a, 0x94, 0x92, 0x20, 0x01, + 0x02, 0x1d, 0x00, 0xa4, 0x80, 0xe0, 0x47, 0x88, + 0x8a, 0xef, 0x2a, 0x47, 0x9d, 0x81, 0x9a, 0xbf, + 0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f, + 0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2 }; static const ST_KAT_PARAM ecdsa_prime_key[] = { ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name), @@ -1486,15 +1486,15 @@ static const unsigned char ecd_bin_pub[] = { 0x99, 0xb6, 0x8f, 0x80, 0x46 }; static const unsigned char ecdsa_bin_expected_sig[] = { - 0x30, 0x3f, 0x02, 0x1d, 0x08, 0x11, 0x7c, 0xcd, - 0xf4, 0xa1, 0x31, 0x9a, 0xc1, 0xfd, 0x50, 0x0e, - 0x5d, 0xa9, 0xb6, 0x0e, 0x95, 0x49, 0xe1, 0xbd, - 0x44, 0xe3, 0x5b, 0xa9, 0x35, 0x94, 0xa5, 0x2f, - 0xae, 0x02, 0x1e, 0x00, 0xe3, 0xba, 0xb8, 0x8f, - 0x4b, 0x05, 0x76, 0x88, 0x1e, 0x49, 0xd6, 0x62, - 0x76, 0xd3, 0x22, 0x4d, 0xa3, 0x7b, 0x04, 0xcc, - 0xfa, 0x7b, 0x41, 0x9b, 0x8c, 0xaf, 0x1b, 0x6d, - 0xbd + 0x30, 0x3f, 0x02, 0x1d, 0x58, 0xe9, 0xd0, 0x84, + 0x5c, 0xad, 0x29, 0x03, 0xf6, 0xa6, 0xbc, 0xe0, + 0x24, 0x6d, 0x9e, 0x79, 0x5d, 0x1e, 0xe8, 0x5a, + 0xc3, 0x31, 0x0a, 0xa9, 0xfb, 0xe3, 0x99, 0x54, + 0x11, 0x02, 0x1e, 0x00, 0xa3, 0x44, 0x28, 0xa3, + 0x70, 0x97, 0x98, 0x17, 0xd7, 0xa6, 0xad, 0x91, + 0xaf, 0x41, 0x69, 0xb6, 0x06, 0x99, 0x39, 0xc7, + 0x63, 0xa4, 0x6a, 0x81, 0xe4, 0x9a, 0x9d, 0x15, + 0x8b }; static const ST_KAT_PARAM ecdsa_bin_key[] = { ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_bin_curve_name), @@ -1622,14 +1622,14 @@ static const unsigned char dsa_priv[] = { 0x40, 0x7e, 0x5c, 0xb7 }; static const unsigned char dsa_expected_sig[] = { - 0x30, 0x3c, 0x02, 0x1c, 0x70, 0xa4, 0x77, 0xb6, - 0x02, 0xb5, 0xd3, 0x07, 0x21, 0x22, 0x2d, 0xe3, - 0x4f, 0x7d, 0xfd, 0xfd, 0x6b, 0x4f, 0x03, 0x27, - 0x4c, 0xd3, 0xb2, 0x8c, 0x7c, 0xc5, 0xc4, 0xdf, - 0x02, 0x1c, 0x11, 0x52, 0x65, 0x16, 0x9f, 0xbd, - 0x4c, 0xe5, 0xab, 0xb2, 0x01, 0xd0, 0x7a, 0x30, - 0x5c, 0xc5, 0xba, 0x22, 0xc6, 0x62, 0x7e, 0xa6, - 0x7d, 0x98, 0x96, 0xc9, 0x77, 0x00 + 0x30, 0x3c, 0x02, 0x1c, 0x69, 0xc6, 0xd6, 0x9e, + 0x2b, 0x91, 0xea, 0x72, 0xb3, 0x8b, 0x7c, 0x57, + 0x48, 0x75, 0xb7, 0x65, 0xc0, 0xb4, 0xf7, 0xbb, + 0x08, 0xa4, 0x95, 0x77, 0xfc, 0xa7, 0xed, 0x31, + 0x02, 0x1c, 0x4c, 0x2c, 0xff, 0xc6, 0x55, 0xeb, + 0x8f, 0xa7, 0x4f, 0x27, 0xd8, 0xec, 0xfd, 0x62, + 0x73, 0xf2, 0xd1, 0x55, 0xa5, 0xf0, 0x41, 0x68, + 0x34, 0x8d, 0x9e, 0x88, 0x08, 0x06 }; static const ST_KAT_PARAM dsa_key[] = { diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c index c911049e2d..81f9fa10be 100644 --- a/providers/implementations/ciphers/cipher_null.c +++ b/providers/implementations/ciphers/cipher_null.c @@ -82,7 +82,7 @@ static int null_cipher(void *vctx, unsigned char *out, size_t *outl, } if (outsize < inl) return 0; - if (in != out) + if (out != NULL && in != out) memcpy(out, in, inl); *outl = inl; return 1; diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c index 2fd0f928e7..dce2461a9d 100644 --- a/providers/implementations/digests/sha3_prov.c +++ b/providers/implementations/digests/sha3_prov.c @@ -14,6 +14,7 @@ #include <openssl/params.h> #include <openssl/err.h> #include <openssl/proverr.h> +#include "internal/numbers.h" #include "internal/sha3.h" #include "prov/digestcommon.h" #include "prov/implementations.h" @@ -112,6 +113,10 @@ static int keccak_final(void *vctx, unsigned char *out, size_t *outl, if (!ossl_prov_is_running()) return 0; + if (ctx->md_size == SIZE_MAX) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); + return 0; + } if (outlen > 0) ret = ctx->meth.final(ctx, out, ctx->md_size); @@ -474,7 +479,7 @@ static void *name##_newctx(void *provctx) \ return ctx; \ } -#define SHAKE_newctx(typ, uname, name, bitlen, pad) \ +#define SHAKE_newctx(typ, uname, name, bitlen, mdlen, pad) \ static OSSL_FUNC_digest_newctx_fn name##_newctx; \ static void *name##_newctx(void *provctx) \ { \ @@ -483,7 +488,9 @@ static void *name##_newctx(void *provctx) \ \ if (ctx == NULL) \ return NULL; \ - ossl_sha3_init(ctx, pad, bitlen); \ + ossl_keccak_init(ctx, pad, bitlen, mdlen); \ + if (mdlen == 0) \ + ctx->md_size = SIZE_MAX; \ SHAKE_SET_MD(uname, typ) \ return ctx; \ } @@ -497,7 +504,7 @@ static void *uname##_newctx(void *provctx) \ \ if (ctx == NULL) \ return NULL; \ - ossl_keccak_kmac_init(ctx, pad, bitlen); \ + ossl_keccak_init(ctx, pad, bitlen, 2 * bitlen); \ KMAC_SET_MD(bitlen) \ return ctx; \ } @@ -585,10 +592,12 @@ static int shake_set_ctx_params(void *vctx, const OSSL_PARAM params[]) SHA3_FLAGS) #define IMPLEMENT_SHAKE_functions(bitlen) \ - SHAKE_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ + SHAKE_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, \ + 0 /* no default md length */, '\x1f') \ PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen, \ - SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ + SHA3_BLOCKSIZE(bitlen), 0, \ SHAKE_FLAGS) + #define IMPLEMENT_KMAC_functions(bitlen) \ KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ PROV_FUNC_SHAKE_DIGEST(keccak_kmac_##bitlen, bitlen, \ diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index a634216419..0618468075 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -117,7 +117,11 @@ static void kdf_hkdf_reset(void *vctx) void *provctx = ctx->provctx; ossl_prov_digest_reset(&ctx->digest); +#ifdef FIPS_MODULE + OPENSSL_clear_free(ctx->salt, ctx->salt_len); +#else OPENSSL_free(ctx->salt); +#endif OPENSSL_free(ctx->prefix); OPENSSL_free(ctx->label); OPENSSL_clear_free(ctx->data, ctx->data_len); @@ -631,7 +635,7 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, } if (prevsecret == NULL) { prevsecret = default_zeros; - prevsecretlen = 0; + prevsecretlen = mdlen; } else { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); unsigned char hash[EVP_MAX_MD_SIZE]; diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c index f2d190c308..bac839ebc6 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -90,7 +90,11 @@ static void *kdf_pbkdf2_new(void *provctx) static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) { ossl_prov_digest_reset(&ctx->digest); +#ifdef FIPS_MODULE + OPENSSL_clear_free(ctx->salt, ctx->salt_len); +#else OPENSSL_free(ctx->salt); +#endif OPENSSL_clear_free(ctx->pass, ctx->pass_len); memset(ctx, 0, sizeof(*ctx)); } diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index 9a936d800d..8c63a30560 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -95,7 +95,6 @@ static uint64_t get_time_stamp(void); /* none means none. this simplifies the following logic */ # undef OPENSSL_RAND_SEED_OS # undef OPENSSL_RAND_SEED_GETRANDOM -# undef OPENSSL_RAND_SEED_LIBRANDOM # undef OPENSSL_RAND_SEED_DEVRANDOM # undef OPENSSL_RAND_SEED_RDTSC # undef OPENSSL_RAND_SEED_RDCPU @@ -207,10 +206,6 @@ void ossl_rand_pool_keep_random_devices_open(int keep) # define OPENSSL_RAND_SEED_DEVRANDOM # endif -# if defined(OPENSSL_RAND_SEED_LIBRANDOM) -# error "librandom not (yet) supported" -# endif - # if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) /* * sysctl_random(): Use sysctl() to read a random number from the kernel @@ -659,12 +654,6 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool) return entropy_available; # endif -# if defined(OPENSSL_RAND_SEED_LIBRANDOM) - { - /* Not yet implemented. */ - } -# endif - # if defined(OPENSSL_RAND_SEED_DEVRANDOM) if (wait_random_seeded()) { size_t bytes_needed; |