The branch master has been updated via 81f9af3460dca0fe37d3a240cb385efbf0f0d362 (commit) via 77b03f0e8fd97a57f84294d085e7730de5b4da4c (commit) via f5c629a00aaf47fc1a90b435504662205ec0ee64 (commit) via fffb67343e6e5bdfce34f2b3e0add058c1be420a (commit) via 8d05a65256294f70a3bc34b7d13cc38e41a17402 (commit) via f378755d62e1646b36683de37408dd98549bef69 (commit) via 5e2f580d4ae51e60892adcdde6c5c25d83fe88e9 (commit) via 21b7dfa8adb67eb2abcffff529a8bda6dd92b9d9 (commit) via b3c155b83c984116ef1828664bbe77c66f53df6b (commit) from d36a5dd05ec58dec8a6175a25958f008166c421b (commit)
- Log ----------------------------------------------------------------- commit 81f9af3460dca0fe37d3a240cb385efbf0f0d362 Author: Tomas Mraz <to...@openssl.org> Date: Mon Mar 1 16:14:30 2021 +0100 Remove todos in decode_der2key.c and decode_ms2key.c Those TODOs do not really apply to 3.0 as the legacy internal keys will stay. Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) commit 77b03f0e8fd97a57f84294d085e7730de5b4da4c Author: Tomas Mraz <to...@openssl.org> Date: Mon Mar 1 16:07:15 2021 +0100 Improve error reporting in key exchange provider implementations Added some error reporting in dh_exch.c and unified error reporting with it in other key exchange methods. Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) commit f5c629a00aaf47fc1a90b435504662205ec0ee64 Author: Tomas Mraz <to...@openssl.org> Date: Mon Mar 1 15:52:34 2021 +0100 Remove unused MAX_TLS_MAC_SIZE define Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) commit fffb67343e6e5bdfce34f2b3e0add058c1be420a Author: Tomas Mraz <to...@openssl.org> Date: Mon Mar 1 15:49:50 2021 +0100 Remove todos in providers/implementations/include/prov Those TODOs are not relevant anymore as the headers are now in providers. Also make the header guard defines better reflect the header placement. Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) commit 8d05a65256294f70a3bc34b7d13cc38e41a17402 Author: Tomas Mraz <to...@openssl.org> Date: Fri Feb 26 18:28:48 2021 +0100 Resolve TODOs in signature implementations. The DER writing errors can be ignored safely. Document that the EVP_MAX_MD_SIZE is a hardcoded limit for digest sizes. Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) commit f378755d62e1646b36683de37408dd98549bef69 Author: Tomas Mraz <to...@openssl.org> Date: Fri Feb 26 15:31:23 2021 +0100 statem_lib.c: Remove TODOs that are unnecessary If the EVP_MD_CTX_ctrl is deprecated the code will generate deprecation warnings. So there is no point in marking all EVP_MD_CTX_ctrl() calls with TODOs. Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) commit 5e2f580d4ae51e60892adcdde6c5c25d83fe88e9 Author: Tomas Mraz <to...@openssl.org> Date: Fri Feb 26 14:42:57 2021 +0100 test_ssl_new: X448, X25519, and EdDSA are supported with fips Removed the related TODOs. Also adjusted the DH parameters used for the DH test to be acceptable for FIPS as that now allows only known safe prime parameters. Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) commit 21b7dfa8adb67eb2abcffff529a8bda6dd92b9d9 Author: Tomas Mraz <to...@openssl.org> Date: Fri Feb 26 13:10:00 2021 +0100 evp_extra_test2: Remove TODO 3.0 The TODO marks optional cleanup that can be done any time in future. Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) commit b3c155b83c984116ef1828664bbe77c66f53df6b Author: Tomas Mraz <to...@openssl.org> Date: Fri Feb 26 13:05:39 2021 +0100 evp_extra_test: Remove TODO comment as setting the curve is mandatory Even with the SM2 algorithm the curve is needed for the paramgen. Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367) ----------------------------------------------------------------------- Summary of changes: doc/man7/provider-digest.pod | 6 + .../implementations/encode_decode/decode_der2key.c | 2 +- .../implementations/encode_decode/decode_ms2key.c | 2 +- providers/implementations/exchange/dh_exch.c | 14 +- providers/implementations/exchange/ecdh_exch.c | 7 +- providers/implementations/exchange/ecx_exch.c | 4 +- providers/implementations/include/prov/blake2.h | 7 +- .../implementations/include/prov/ciphercommon.h | 3 - providers/implementations/include/prov/md5_sha1.h | 7 +- providers/implementations/signature/dsa.c | 6 +- providers/implementations/signature/eddsa.c | 2 +- providers/implementations/signature/sm2sig.c | 2 +- ssl/statem/statem_lib.c | 8 - test/certs/dhp2048.pem | 12 +- test/evp_extra_test.c | 1 - test/evp_extra_test2.c | 2 +- test/ssl-tests/20-cert-select.cnf | 238 ++++++++++----------- test/ssl-tests/20-cert-select.cnf.in | 129 +++++------ test/ssl-tests/28-seclevel.cnf.in | 5 +- 19 files changed, 222 insertions(+), 235 deletions(-) diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index 4f90cf8b62..a0327a85df 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -249,6 +249,12 @@ OSSL_FUNC_digest_size() should return the digest size. OSSL_FUNC_digest_block_size() should return the block size of the underlying digest algorithm. +=head1 BUGS + +The EVP_Digest() and EVP_DigestFinal_ex() libcrypto API calls do not +expect the digest size to be larger than EVP_MAX_MD_SIZE. Any algorithm which +produces larger digests is unusable with those API calls. + =head1 SEE ALSO L<provider(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)>, diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index fed30bf952..09601fc335 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -339,7 +339,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, * Tear out the low-level key pointer from the pkey, * but only if it matches the expected key type. * - * TODO: The check should be done with EVP_PKEY_is_a(), but + * The check should be done with EVP_PKEY_is_a(), but * as long as we still have #legacy internal keys, it's safer * to use the type numbers inside the provider. */ diff --git a/providers/implementations/encode_decode/decode_ms2key.c b/providers/implementations/encode_decode/decode_ms2key.c index 339b347fa0..e1741f4e53 100644 --- a/providers/implementations/encode_decode/decode_ms2key.c +++ b/providers/implementations/encode_decode/decode_ms2key.c @@ -148,7 +148,7 @@ static int ms2key_post(struct ms2key_ctx_st *ctx, EVP_PKEY *pkey, * Tear out the low-level key pointer from the pkey, * but only if it matches the expected key type. * - * TODO(3.0): The check should be done with EVP_PKEY_is_a(), but + * The check should be done with EVP_PKEY_is_a(), but * as long as we still have #legacy internal keys, it's safer to * use the type numbers in side the provider. */ diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 2638675da5..7f0fa3295e 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -19,6 +19,7 @@ #include <openssl/core_names.h> #include <openssl/dh.h> #include <openssl/err.h> +#include <openssl/proverr.h> #include <openssl/params.h> #include "prov/providercommon.h" #include "prov/implementations.h" @@ -130,17 +131,20 @@ static int dh_plain_derive(void *vpdhctx, size_t dhsize; const BIGNUM *pub_key = NULL; - /* TODO(3.0): Add errors to stack */ - if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL) + if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; + } dhsize = (size_t)DH_size(pdhctx->dh); if (secret == NULL) { *secretlen = dhsize; return 1; } - if (outlen < dhsize) + if (outlen < dhsize) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } DH_get0_key(pdhctx->dhpeer, &pub_key, NULL); if (pdhctx->pad) @@ -167,8 +171,10 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret, return 1; } - if (pdhctx->kdf_outlen > outlen) + if (pdhctx->kdf_outlen > outlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } if (!dh_plain_derive(pdhctx, NULL, &stmplen, 0)) return 0; if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index 6c24643255..a1b984769e 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -21,6 +21,7 @@ #include <openssl/ec.h> #include <openssl/params.h> #include <openssl/err.h> +#include <openssl/proverr.h> #include "prov/provider_ctx.h" #include "prov/providercommon.h" #include "prov/implementations.h" @@ -408,7 +409,7 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, int key_cofactor_mode; if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) { - ERR_raise(ERR_LIB_PROV, EC_R_KEYS_NOT_SET); + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; } @@ -486,8 +487,10 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, return 1; } - if (pecdhctx->kdf_outlen > outlen) + if (pecdhctx->kdf_outlen > outlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } if (!ecdh_plain_derive(vpecdhctx, NULL, &stmplen, 0)) return 0; if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { diff --git a/providers/implementations/exchange/ecx_exch.c b/providers/implementations/exchange/ecx_exch.c index 6d4471be3c..17861c0d75 100644 --- a/providers/implementations/exchange/ecx_exch.c +++ b/providers/implementations/exchange/ecx_exch.c @@ -123,7 +123,7 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, if (ecxctx->key == NULL || ecxctx->key->privkey == NULL || ecxctx->peerkey == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; } @@ -138,7 +138,7 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, return 1; } if (outlen < ecxctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } diff --git a/providers/implementations/include/prov/blake2.h b/providers/implementations/include/prov/blake2.h index 33b82490ef..305f7a3c53 100644 --- a/providers/implementations/include/prov/blake2.h +++ b/providers/implementations/include/prov/blake2.h @@ -7,9 +7,8 @@ * https://www.openssl.org/source/license.html */ -/* TODO(3.0) Move this header into provider when dependencies are removed */ -#ifndef OSSL_PROVIDERS_DEFAULT_INCLUDE_INTERNAL_BLAKE2_H -# define OSSL_PROVIDERS_DEFAULT_INCLUDE_INTERNAL_BLAKE2_H +#ifndef OSSL_PROV_BLAKE2_H +# define OSSL_PROV_BLAKE2_H # include <openssl/opensslconf.h> @@ -118,4 +117,4 @@ void ossl_blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, void ossl_blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t length); -#endif /* OSSL_PROVIDERS_DEFAULT_INCLUDE_INTERNAL_BLAKE2_H */ +#endif /* OSSL_PROV_BLAKE2_H */ diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index d5212c3c81..7ccc9c7047 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -31,9 +31,6 @@ typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX; typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, const unsigned char *in, size_t len); -/* TODO(3.0): VERIFY ME */ -#define MAX_TLS_MAC_SIZE 48 - /* Internal flags that can be queried */ #define PROV_CIPHER_FLAG_AEAD 0x0001 #define PROV_CIPHER_FLAG_CUSTOM_IV 0x0002 diff --git a/providers/implementations/include/prov/md5_sha1.h b/providers/implementations/include/prov/md5_sha1.h index 33bfa29b51..284ec957ba 100644 --- a/providers/implementations/include/prov/md5_sha1.h +++ b/providers/implementations/include/prov/md5_sha1.h @@ -7,9 +7,8 @@ * https://www.openssl.org/source/license.html */ -/* TODO(3.0) Move this header into provider when dependencies are removed */ -#ifndef OSSL_INTERNAL_MD5_SHA1_H -# define OSSL_INTERNAL_MD5_SHA1_H +#ifndef OSSL_PROV_MD5_SHA1_H +# define OSSL_PROV_MD5_SHA1_H # include <openssl/opensslconf.h> @@ -34,4 +33,4 @@ int ossl_md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms); # endif /* OPENSSL_NO_MD5 */ -#endif /* OSSL_INTERNAL_MD5_SHA1_H */ +#endif /* OSSL_PROV_MD5_SHA1_H */ diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index 81e435c419..eadf62361a 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -148,7 +148,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, EVP_MD_free(ctx->md); /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct @@ -313,7 +313,7 @@ int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen, */ if (sig != NULL) { /* - * TODO(3.0): There is the possibility that some externally provided + * There is the possibility that some externally provided * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - * but that problem is much larger than just in DSA. */ @@ -338,7 +338,7 @@ int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, return 0; /* - * TODO(3.0): There is the possibility that some externally provided + * There is the possibility that some externally provided * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - * but that problem is much larger than just in DSA. */ diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 71b57d70ea..93b98dbbbc 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -105,7 +105,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, } /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c index d12c7191fb..18fdf62487 100644 --- a/providers/implementations/signature/sm2sig.c +++ b/providers/implementations/signature/sm2sig.c @@ -192,7 +192,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, goto error; /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index ba1fe75070..a7ed843aa4 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -329,10 +329,6 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) * in order to add the EVP_CTRL_SSL3_MASTER_SECRET call between them. */ if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 - /* - * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated - * with a call to ssl3_digest_master_key_set_params() - */ || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, (int)s->session->master_key_length, s->session->master_key) <= 0 @@ -520,10 +516,6 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } if (s->version == SSL3_VERSION) { - /* - * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated - * with a call to ssl3_digest_master_key_set_params() - */ if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, (int)s->session->master_key_length, diff --git a/test/certs/dhp2048.pem b/test/certs/dhp2048.pem index 9ee474b820..5e32efe779 100644 --- a/test/certs/dhp2048.pem +++ b/test/certs/dhp2048.pem @@ -1,8 +1,8 @@ -----BEGIN DH PARAMETERS----- -MIIBCAKCAQEAoI0V5HKAcsG4LlAnVJhYnnl2ErOcdvz7WN4n+LoSkZVkfPcPExAF -uXnT6v16rYfxCgZDPB/tSYaRhOxpJgaAHGA9PrfwprM4xQm9HLIWtidyIGtkgynQ -rrtxaCculbPOMxc1od7V0jw8/Sj4pdKjijmdvY3VsvuQPu6Lo7qV94u3pYN+WSP9 -ESPcY0lvIV0s0eYxzU5LOU7FZRv6gpe658yxnpaQf13M3sFBqcQEnw+vIjNyaBBK -Nm4jVFeKCN3aIz+yJL8y14HEnV/tnhtIrr33MAJvsG1qFBY7iFvbvlx/gKDW7qyk -V0/iN2uElrJZIGxD2uPMZNXO+dci+EriMwIBAg== +MIIBDAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAgICB/8= -----END DH PARAMETERS----- diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 33a8af717b..62840d0d19 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1319,7 +1319,6 @@ static int test_EVP_SM2(void) if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) goto done; - /* TODO is this even needed? */ if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) goto done; diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index bb8e897536..e61f50baad 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -8,7 +8,7 @@ */ /* - * TODO(3.0): Really these tests should be in evp_extra_test - but that doesn't + * Really these tests should be in evp_extra_test - but that doesn't * yet support testing with a non-default libctx. Once it does we should move * everything into one file. Consequently some things are duplicated between * the two files. diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index b0e3b79013..267690ee35 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -17,14 +17,14 @@ test-11 = 11-RSA-PSS Signature Algorithm Selection test-12 = 12-RSA key exchange with all RSA certificate types test-13 = 13-Suite B P-256 Hash Algorithm Selection test-14 = 14-Suite B P-384 Hash Algorithm Selection -test-15 = 15-ECDSA Signature Algorithm Selection SHA1 -test-16 = 16-Ed25519 CipherString and Signature Algorithm Selection -test-17 = 17-Ed448 CipherString and Signature Algorithm Selection -test-18 = 18-ECDSA with brainpool -test-19 = 19-Ed25519 CipherString and Curves Selection -test-20 = 20-Ed448 CipherString and Curves Selection -test-21 = 21-TLS 1.2 Ed25519 Client Auth -test-22 = 22-TLS 1.2 Ed448 Client Auth +test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection +test-16 = 16-Ed448 CipherString and Signature Algorithm Selection +test-17 = 17-Ed25519 CipherString and Curves Selection +test-18 = 18-Ed448 CipherString and Curves Selection +test-19 = 19-TLS 1.2 Ed25519 Client Auth +test-20 = 20-TLS 1.2 Ed448 Client Auth +test-21 = 21-ECDSA Signature Algorithm Selection SHA1 +test-22 = 22-ECDSA with brainpool test-23 = 23-RSA-PSS Certificate CipherString Selection test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection test-25 = 25-RSA-PSS Certificate Unified Signature Algorithm Selection @@ -529,48 +529,14 @@ ExpectedServerSignType = EC # =========================================================== -[15-ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 15-ECDSA Signature Algorithm Selection SHA1-ssl +[15-Ed25519 CipherString and Signature Algorithm Selection] +ssl_conf = 15-Ed25519 CipherString and Signature Algorithm Selection-ssl -[15-ECDSA Signature Algorithm Selection SHA1-ssl] -server = 15-ECDSA Signature Algorithm Selection SHA1-server -client = 15-ECDSA Signature Algorithm Selection SHA1-client +[15-Ed25519 CipherString and Signature Algorithm Selection-ssl] +server = 15-Ed25519 CipherString and Signature Algorithm Selection-server +client = 15-Ed25519 CipherString and Signature Algorithm Selection-client -[15-ECDSA Signature Algorithm Selection SHA1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-ECDSA Signature Algorithm Selection SHA1-client] -CipherString = DEFAULT:@SECLEVEL=0 -SignatureAlgorithms = ECDSA+SHA1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA1 -ExpectedServerSignType = EC - - -# =========================================================== - -[16-Ed25519 CipherString and Signature Algorithm Selection] -ssl_conf = 16-Ed25519 CipherString and Signature Algorithm Selection-ssl - -[16-Ed25519 CipherString and Signature Algorithm Selection-ssl] -server = 16-Ed25519 CipherString and Signature Algorithm Selection-server -client = 16-Ed25519 CipherString and Signature Algorithm Selection-client - -[16-Ed25519 CipherString and Signature Algorithm Selection-server] +[15-Ed25519 CipherString and Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -582,7 +548,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-Ed25519 CipherString and Signature Algorithm Selection-client] +[15-Ed25519 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -590,7 +556,7 @@ SignatureAlgorithms = ed25519:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-15] ExpectedResult = Success ExpectedServerCANames = empty ExpectedServerCertType = Ed25519 @@ -599,14 +565,14 @@ ExpectedServerSignType = Ed25519 # =========================================================== -[17-Ed448 CipherString and Signature Algorithm Selection] -ssl_conf = 17-Ed448 CipherString and Signature Algorithm Selection-ssl +[16-Ed448 CipherString and Signature Algorithm Selection] +ssl_conf = 16-Ed448 CipherString and Signature Algorithm Selection-ssl -[17-Ed448 CipherString and Signature Algorithm Selection-ssl] -server = 17-Ed448 CipherString and Signature Algorithm Selection-server -client = 17-Ed448 CipherString and Signature Algorithm Selection-client +[16-Ed448 CipherString and Signature Algorithm Selection-ssl] +server = 16-Ed448 CipherString and Signature Algorithm Selection-server +client = 16-Ed448 CipherString and Signature Algorithm Selection-client -[17-Ed448 CipherString and Signature Algorithm Selection-server] +[16-Ed448 CipherString and Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -618,7 +584,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-Ed448 CipherString and Signature Algorithm Selection-client] +[16-Ed448 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem @@ -626,7 +592,7 @@ SignatureAlgorithms = ed448:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer -[test-17] +[test-16] ExpectedResult = Success ExpectedServerCANames = empty ExpectedServerCertType = Ed448 @@ -635,43 +601,14 @@ ExpectedServerSignType = Ed448 # =========================================================== -[18-ECDSA with brainpool] -ssl_conf = 18-ECDSA with brainpool-ssl - -[18-ECDSA with brainpool-ssl] -server = 18-ECDSA with brainpool-server -client = 18-ECDSA with brainpool-client - -[18-ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem +[17-Ed25519 CipherString and Curves Selection] +ssl_conf = 17-Ed25519 CipherString and Curves Selection-ssl -[18-ECDSA with brainpool-client] -CipherString = aECDSA -Groups = brainpoolP256r1 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +[17-Ed25519 CipherString and Curves Selection-ssl] +server = 17-Ed25519 CipherString and Curves Selection-server +client = 17-Ed25519 CipherString and Curves Selection-client -[test-18] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = brainpoolP256r1 -ExpectedServerSignType = EC - - -# =========================================================== - -[19-Ed25519 CipherString and Curves Selection] -ssl_conf = 19-Ed25519 CipherString and Curves Selection-ssl - -[19-Ed25519 CipherString and Curves Selection-ssl] -server = 19-Ed25519 CipherString and Curves Selection-server -client = 19-Ed25519 CipherString and Curves Selection-client - -[19-Ed25519 CipherString and Curves Selection-server] +[17-Ed25519 CipherString and Curves Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -683,7 +620,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-Ed25519 CipherString and Curves Selection-client] +[17-Ed25519 CipherString and Curves Selection-client] CipherString = aECDSA Curves = X25519 MaxProtocol = TLSv1.2 @@ -691,7 +628,7 @@ SignatureAlgorithms = ECDSA+SHA256:ed25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-17] ExpectedResult = Success ExpectedServerCertType = Ed25519 ExpectedServerSignType = Ed25519 @@ -699,14 +636,14 @@ ExpectedServerSignType = Ed25519 # =========================================================== -[20-Ed448 CipherString and Curves Selection] -ssl_conf = 20-Ed448 CipherString and Curves Selection-ssl +[18-Ed448 CipherString and Curves Selection] +ssl_conf = 18-Ed448 CipherString and Curves Selection-ssl -[20-Ed448 CipherString and Curves Selection-ssl] -server = 20-Ed448 CipherString and Curves Selection-server -client = 20-Ed448 CipherString and Curves Selection-client +[18-Ed448 CipherString and Curves Selection-ssl] +server = 18-Ed448 CipherString and Curves Selection-server +client = 18-Ed448 CipherString and Curves Selection-client -[20-Ed448 CipherString and Curves Selection-server] +[18-Ed448 CipherString and Curves Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -718,7 +655,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-Ed448 CipherString and Curves Selection-client] +[18-Ed448 CipherString and Curves Selection-client] CipherString = aECDSA Curves = X448 MaxProtocol = TLSv1.2 @@ -726,7 +663,7 @@ SignatureAlgorithms = ECDSA+SHA256:ed448 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer -[test-20] +[test-18] ExpectedResult = Success ExpectedServerCertType = Ed448 ExpectedServerSignType = Ed448 @@ -734,21 +671,21 @@ ExpectedServerSignType = Ed448 # =========================================================== -[21-TLS 1.2 Ed25519 Client Auth] -ssl_conf = 21-TLS 1.2 Ed25519 Client Auth-ssl +[19-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl -[21-TLS 1.2 Ed25519 Client Auth-ssl] -server = 21-TLS 1.2 Ed25519 Client Auth-server -client = 21-TLS 1.2 Ed25519 Client Auth-client +[19-TLS 1.2 Ed25519 Client Auth-ssl] +server = 19-TLS 1.2 Ed25519 Client Auth-server +client = 19-TLS 1.2 Ed25519 Client Auth-client -[21-TLS 1.2 Ed25519 Client Auth-server] +[19-TLS 1.2 Ed25519 Client Auth-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[21-TLS 1.2 Ed25519 Client Auth-client] +[19-TLS 1.2 Ed25519 Client Auth-client] CipherString = DEFAULT Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem @@ -757,7 +694,7 @@ MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-19] ExpectedClientCertType = Ed25519 ExpectedClientSignType = Ed25519 ExpectedResult = Success @@ -765,21 +702,21 @@ ExpectedResult = Success # =========================================================== -[22-TLS 1.2 Ed448 Client Auth] -ssl_conf = 22-TLS 1.2 Ed448 Client Auth-ssl +[20-TLS 1.2 Ed448 Client Auth] +ssl_conf = 20-TLS 1.2 Ed448 Client Auth-ssl -[22-TLS 1.2 Ed448 Client Auth-ssl] -server = 22-TLS 1.2 Ed448 Client Auth-server -client = 22-TLS 1.2 Ed448 Client Auth-client +[20-TLS 1.2 Ed448 Client Auth-ssl] +server = 20-TLS 1.2 Ed448 Client Auth-server +client = 20-TLS 1.2 Ed448 Client Auth-client -[22-TLS 1.2 Ed448 Client Auth-server] +[20-TLS 1.2 Ed448 Client Auth-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[22-TLS 1.2 Ed448 Client Auth-client] +[20-TLS 1.2 Ed448 Client Auth-client] CipherString = DEFAULT Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem @@ -788,12 +725,75 @@ MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-20] ExpectedClientCertType = Ed448 ExpectedClientSignType = Ed448 ExpectedResult = Success +# =========================================================== + +[21-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 21-ECDSA Signature Algorithm Selection SHA1-ssl + +[21-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 21-ECDSA Signature Algorithm Selection SHA1-server +client = 21-ECDSA Signature Algorithm Selection SHA1-client + +[21-ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT:@SECLEVEL=0 +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA1 +ExpectedServerSignType = EC + + +# =========================================================== + +[22-ECDSA with brainpool] +ssl_conf = 22-ECDSA with brainpool-ssl + +[22-ECDSA with brainpool-ssl] +server = 22-ECDSA with brainpool-server +client = 22-ECDSA with brainpool-client + +[22-ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[22-ECDSA with brainpool-client] +CipherString = aECDSA +Groups = brainpoolP256r1 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = brainpoolP256r1 +ExpectedServerSignType = EC + + # =========================================================== [23-RSA-PSS Certificate CipherString Selection] diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index ddb9ff4747..1aa3b0aeec 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -12,26 +12,15 @@ use OpenSSL::Test::Utils; our $fips_mode; our $no_deflt_libctx; -my $server; - -if ($fips_mode) { - #TODO(3.0): No EdDSA support in FIPS mode at the moment - $server = { - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "MaxProtocol" => "TLSv1.2" - }; -} else { - $server = { - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" - }; -} +my $server = { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" +}; my $server_pss = { "PSS.Certificate" => test_pem("server-pss-cert.pem"), @@ -304,33 +293,6 @@ our @tests = ( "ExpectedResult" => "Success" }, }, -); - -my @tests_non_fips = ( - { - name => "ECDSA Signature Algorithm Selection SHA1", - server => { - "CipherString" => "DEFAULT:\@SECLEVEL=0", - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" - }, - client => { - "CipherString" => "DEFAULT:\@SECLEVEL=0", - "SignatureAlgorithms" => "ECDSA+SHA1", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA1", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - # TODO(3.0) No Ed25519/Ed448 in FIPS mode at the moment { name => "Ed25519 CipherString and Signature Algorithm Selection", server => $server, @@ -366,28 +328,6 @@ my @tests_non_fips = ( "ExpectedResult" => "Success" }, }, - { - name => "ECDSA with brainpool", - server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", - }, - client => { - #We don't restrict this to TLSv1.2, although use of brainpool - #should force this anyway so that this should succeed - "CipherString" => "aECDSA", - "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", - }, - test => { - "ExpectedServerCertType" =>, "brainpoolP256r1", - "ExpectedServerSignType" =>, "EC", - # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, { name => "Ed25519 CipherString and Curves Selection", server => $server, @@ -461,6 +401,54 @@ my @tests_non_fips = ( }, ); +my @tests_non_fips = ( + { + name => "ECDSA Signature Algorithm Selection SHA1", + server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA1", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA with brainpool", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + #We don't restrict this to TLSv1.2, although use of brainpool + #should force this anyway so that this should succeed + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + }, + test => { + "ExpectedServerCertType" =>, "brainpoolP256r1", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, +); + my @tests_pss = ( { name => "RSA-PSS Certificate CipherString Selection", @@ -980,7 +968,6 @@ my @tests_dsa_tls_1_3 = ( ); if (!disabled("dsa")) { - #TODO(3.0): Temporary workaround for DH issues in FIPS. Needs investigation - push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_mode; + push @tests, @tests_dsa_tls_1_2 unless disabled("dh"); push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); } diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in index 56c23eba3a..945f4599d1 100644 --- a/test/ssl-tests/28-seclevel.cnf.in +++ b/test/ssl-tests/28-seclevel.cnf.in @@ -81,6 +81,5 @@ our @tests_tls1_2 = ( }, ); -#TODO(3.0): No Ed448 or X25519 in FIPS mode at the moment -push @tests, @tests_ec unless disabled("ec") || $fips_mode; -push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec")|| $fips_mode; +push @tests, @tests_ec unless disabled("ec"); +push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec");