Commit Graph

815 Commits

Author SHA1 Message Date
Pauli
80ba2526fa update BLAKE2 to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
ac238428ce prov: update kmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
c23f96f3f6 prov: update hmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
0a56b3c2e5 prov: update gmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
005b190297 prov: update cmac to have additional init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
91593b3784 prov: use new MAC_init arguments in signature legacy code
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
fbff75caaa fips: update to use the extra MAC init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
2524ec1ac2 prov kdf: update to use the extra MAC init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:48 +10:00
Pauli
8f5d64b102 prov: update SipHash to new init function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:48 +10:00
Pauli
ae7d90a159 siphash: Add the C and D round parameters for SipHash.
This represents a gap in functionality from the low level APIs.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:48 +10:00
Richard Levitte
c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14291)
2021-02-27 16:14:09 +01:00
Pauli
644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Pauli
eee323c339 prov: support modified gettable/settable ctx calls for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Pauli
1e8e5c6092 prov: support modified gettable/settable ctx calls for KDFs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Pauli
a3f091fddd prov: update RNGs to support modified gettable/settable CTX params
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Pauli
e772f25ca8 prov: update digests to support modified ctx params
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Shane Lontis
32ab57cbb4 Fix external symbols related to ec & sm2 keys
Partial fix for #12964

This adds ossl_ names for the following symbols:

ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-26 10:53:01 +10:00
Shane Lontis
5af02212a5 Fix external symbols related to dsa keys
Partial fix for #12964

This adds ossl_ names for the following symbols:

dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, dsa_check_pub_key, dsa_check_pub_key_partial,
dsa_do_sign_int, dsa_ffc_params_fromdata,
dsa_generate_ffc_parameters, dsa_generate_public_key,
dsa_get0_params, dsa_key_fromdata, dsa_new_with_ctx, dsa_pkey_method, dsa_sign_int

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-26 10:50:30 +10:00
Shane Lontis
19dbb742cd Fix external symbols related to dh keys
Partial fix for #12964

This adds ossl_ names for the following symbols:

dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-26 10:50:30 +10:00
Richard Levitte
a8eb71ad57 Allow the sshkdf type to be passed as a single character
This partially reverts commit 270a5ce1d9.

This also slightly modifies the way diverse parameters in are
specified in providers/fips/self_test_data.inc for better consistency.

Fixes #14027

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)
2021-02-24 19:50:10 +01:00
Richard Levitte
10315851d0 X509: Refactor X509_PUBKEY processing to include provider side keys
When a SubjectPublicKeyInfo (SPKI) is decoded into an X509_PUBKEY
structure, the corresponding EVP_PKEY is automatically added as well.
This used to only support our built-in keytypes, and only in legacy
form.

This is now refactored by making The ASN1 implementation of the
X509_PUBKEY an EXTERN_ASN1, resulting in a more manual implementation
of the basic support routines.  Specifically, the d2i routine will do
what was done in the callback before, and try to interpret the input
as an EVP_PKEY, first in legacy form, and then using OSSL_DECODER.

Fixes #13893

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14281)
2021-02-24 10:17:14 +01:00
Shane Lontis
4718326a46 Add EVP_PKEY_public_check_quick.
Adding the EVP_PKEY_param_check_quick() reminded me that there are also
partial checks for public keys as part of SP800-56A for FFC (DH named safe
prime groups) and ECC. The code was mainly already there and just needed
to be plumbed into the validate methods.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14206)
2021-02-22 13:31:31 +10:00
Shane Lontis
576892d78f Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces
non legacy keys).

Fixes #13522

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13591)
2021-02-19 19:19:28 +10:00
Matt Caswell
70793dbbb9 Pass the object type and data structure from the pem2der decoder
The pem2der decoder can infer certain information about the endoded der
data based on the PEM headers. This information should be passed to the
next decoders in the chain to ensure we end up loading the correct type of
thing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14191)
2021-02-18 16:05:22 +00:00
Richard Levitte
3262300a2c Adjust the few places where the string length was confused
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14168)
2021-02-18 16:58:17 +01:00
Matt Caswell
a28d06f3e9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
2021-02-18 15:05:17 +00:00
Shane Lontis
7b676cc8c6 Fix external symbols related to provider related security checks for
keys and digests.

Partial fix for #12964

This adds ossl_ names for the following symbols:

digest_get_approved_nid, digest_get_approved_nid_with_sha1
digest_is_allowed, digest_md_to_nid, digest_rsa_sign_get_md_nid,
securitycheck_enabled,
dh_check_key, dsa_check_key, ec_check_key,

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)
2021-02-18 21:14:32 +10:00
Shane Lontis
47c076acfc Fix external symbols in the provider digest implementations.
Partial fix for #12964

This adds ossl_ names for the following symbols:

blake2b512_init,blake2b_final,blake2b_init,blake2b_init_key,
blake2b_param_init,blake2b_param_set_digest_length,blake2b_param_set_key_length,
blake2b_param_set_personal,blake2b_param_set_salt,blake2b_update,
blake2s256_init,blake2s_final,blake2s_init,blake2s_init_key,
blake2s_param_init,blake2s_param_set_digest_length,blake2s_param_set_key_length,
blake2s_param_set_personal,blake2s_param_set_salt,blake2s_update,
digest_default_get_params,digest_default_gettable_params

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)
2021-02-18 21:14:32 +10:00
zekeevans-mf
bcb61b39b4 Add deep copy of propq field in mac_dupctx to avoid double free
mac_dupctx() should make a copy of the propq field. Currently it
does a shallow copy which can result in a double free and crash.
The double free occurs when using a provider property string.
For example, passing in "fips=no" to SSL_CTX_new_ex() causes the
propq field to get set to that value. When mac_dupctx() and
mac_freectx() is called (ie: in SSL_write()) it ends up freeing
the reference of the original object instead of a copy.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13926)
2021-02-18 12:11:53 +01:00
Tomas Mraz
ba37b82045 dsa_check: Perform simple parameter check if seed is not available
Added primality check on p and q in the ossl_ffc_params_simple_validate().
Checking for p and q sizes in the default provider is made more
lenient.
Added two testcases for invalid parameters.

Fixes #13950

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-18 11:02:26 +01:00
Shane Lontis
e36b3c2f75 Fix external symbols in the provider cipher implementations.
Partial fix for #12964

This add ossl_ names for the following symbols.

chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-18 19:32:20 +10:00
Tomas Mraz
fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY
Additional renames done in encoder and decoder implementation
to follow the style.

Fixes #13622

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14155)
2021-02-17 15:26:12 +01:00
Pauli
335e85f542 rand: update DRBGs to use the get_entropy call for seeding
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
e2730b8426 RNG test: add get_entropy hook for testing.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
9ed185a926 RNG seed: add get_entropy hook for seeding.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
381289f6c7 err: generated error files
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Matt Caswell
899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.

Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
2021-02-15 14:17:36 +10:00
Matt Caswell
aee73562d1 Run DH_check_ex() not DH_check_params_ex() when checking params
Both DH_check_ex() and DH_check_params_ex() check the parameters.
DH_check_ex() performs a more complete check, while DH_check_params_ex()
performs a lightweight check. In 1.1.1 EVP_PKEY_param_check() would call
DH_check_ex() for DH keys. For backwards compatibility we should continue
with that behaviour.

Fixes #13501

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
2021-02-15 14:17:36 +10:00
Benjamin Kaduk
93e43f4c47 RSA: avoid dereferencing possibly-NULL parameter in initializers
Fix CID 1472835: the explicit NULL check for prsactx is useless when
we have already dereferenced it in the initializers.

Move the actual initialization to the function body to get the
logic sequenced properly.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14160)
2021-02-15 14:12:31 +10:00
Tomas Mraz
9ff5bd612a ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Also correctly mark max protocol version for some curves.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
2021-02-12 19:05:17 +01:00
Richard Levitte
c5689319eb Use ERR_R_*_LIB instead of ERR_LIB_* as reason code for sub-libraries
Using ERR_LIB_* causes the error output to say 'reason(n)' instead of
the name of the sub-library in question.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14152)
2021-02-12 14:02:06 +01:00
Tomas Mraz
283df0b84b Rename internal providercommonerr.h to less mouthful proverr.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
2021-02-11 09:34:31 +01:00
Tomas Mraz
f5f29796f0 Various cleanup of PROV_R_ reason codes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
2021-02-11 09:34:31 +01:00
Tomas Mraz
2741128e9d Move the PROV_R reason codes to a public header
The PROV_R codes can be returned to applications so it is useful
to have some common set of provider reason codes for the applications
or third party providers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14086)
2021-02-11 09:34:31 +01:00
Shane Lontis
af53092c2b Replace provider digest flags with separate param fields
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
2021-02-10 12:31:31 +10:00
Shane Lontis
a054d15c22 Replace provider cipher flags with separate param fields
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
2021-02-10 12:31:31 +10:00
Shane Lontis
36978c19a9 Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields.
Fixes #12992

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
2021-02-10 12:31:31 +10:00
Shane Lontis
8a686bdb3a Change the ASN1 variant of x942kdf so that it can test acvp data.
This 'special' way of specifying the data should only be used for testing
purposes. It should not be used in production environments.
ACVP passes a blob of DER encoded data for some of the fields rather
than passing them as separate fields that need to be DER encoded.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14077)
2021-02-10 10:28:32 +10:00
Shane Lontis
2db985b7b1 Simplify the EVP_PKEY_XXX_fromdata_XX methods.
The existing names such as EVP_PKEY_param_fromdata_settable were a bit
confusing since the 'param' referred to key params not OSSL_PARAM. To simplify
the interface a 'selection' parameter will be passed instead. The
changes are:

(1) EVP_PKEY_fromdata_init() replaces both EVP_PKEY_key_fromdata_init() and EVP_PKEY_param_fromdata_init().
(2) EVP_PKEY_fromdata() has an additional selection parameter.
(3) EVP_PKEY_fromdata_settable() replaces EVP_PKEY_key_fromdata_settable() and EVP_PKEY_param_fromdata_settable().
    EVP_PKEY_fromdata_settable() also uses a selection parameter.

Fixes #12989

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14076)
2021-02-08 16:33:43 +10:00
Richard Levitte
2bb05a9668 PROV: Fix encoding of MDWithRSAEncryption signature AlgorithmID
All {MD}WithRSAEncryption signature AlgorithmID have the parameters
being NULL, according to PKCS#1.  We didn't.  Now corrected.

This bug was the topic of this thread on openssl-users@openssl.org:
https://mta.openssl.org/pipermail/openssl-users/2021-January/013416.html

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14030)
2021-02-05 16:53:30 +01:00
Matt Caswell
306b8e7e19 Add the nist group names as aliases for the normal TLS group names
By recognising the nist group names directly we can avoid having to call
EC_curve_nist2nid in libssl, which is not available in a no-ec build.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:22:42 +00:00
Richard Levitte
e337b82410 ERR: Rebuild all generated error headers and source files
This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13392)
2021-02-05 14:09:16 +01:00
Tomas Mraz
bbde856619 RSA: properly generate algorithm identifier for RSA-PSS signatures
Fixes #13969

- properly handle the mandatory RSA-PSS key parameters
- improve parameter checking when setting the parameters
- compute the algorithm id at the time it is requested so it
  reflects the actual parameters set
- when generating keys do not override previously set parameters
  with defaults
- tests added to the test_req recipe that should cover the PSS signature
  handling

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
2021-02-05 14:04:59 +01:00
Richard Levitte
8ce04db808 CORE & PROV: clean away OSSL_FUNC_mac_size()
There was a remaining function signature declaration, but no
OSSL_DISPATCH number for it nor any way it's ever used.  It did exist
once, but was replaced with an OSSL_PARAM item to retrieve.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14048)
2021-02-03 17:17:53 +01:00
Matt Caswell
4099460514 Ensure access to FIPS_state and rate_limit is appropriately locked
These variables can be accessed concurrently from multiple threads so
we ensure that we properly lock them before read or write.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:22 +00:00
Matt Caswell
b233ea8276 Avoid races by caching exported ciphers in the init function
TSAN was reporting a race of the exported ciphers cache that we create in
the default and fips providers. This was because we cached it in the query
function rather than the init function, so this would cause a race if multiple
threads queried at the same time. In practice it probably wouldn't make much
difference since different threads should come up with the same answer.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:21 +00:00
Richard Levitte
f2db0528d8 PROV: Add SM2 encoders and decoders, as well as support functionality
The EC KEYMGMT implementation handled SM2 as well, except what's
needed to support decoding: loading functions for both EC and SM2 that
checks for the presence or absence of the SM2 curve the same way as
the EC / SM2 import functions.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14028)
2021-02-01 23:02:20 +01:00
Richard Levitte
58f422f6f4 Fix some odd names in our provider source code
ecossl_dh_keyexch_functions     -> ossl_ecdh_keyexch_functions
ecossl_dsa_signature_functions  -> ossl_ecdsa_signature_functions
sm2_asym_cipher_functions       -> ossl_sm2_asym_cipher_functions
sm2_keymgmt_functions           -> ossl_sm2_keymgmt_functions
sm2_signature_functions         -> ossl_sm2_signature_functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14028)
2021-02-01 23:02:20 +01:00
Matt Caswell
ec7aef3356 Ensure EC keys with a private key but without a public key can be created
In 1.1.1 and earlier it was possible to create EC_KEYs that did not have
the public key in it. We need to ensure that this continues to work in 3.0.

Fixes #12612

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13922)
2021-02-01 08:59:27 +00:00
Tomas Mraz
a2a5506b93 rsa_kmgmt: Return OSSL_PKEY_PARAM_DEFAULT_DIGEST for unrestricted PSS keys
Add a testcase to the test_req covering the issue.

Fixes #13957

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13967)
2021-01-29 10:47:02 +01:00
Juergen Christ
270a5ce1d9 Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters.  This caused endianness problems on big-endian machines.  As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer.  While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86).  Change the
parameter to char array and fix the usages.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
2021-01-28 16:05:50 +01:00
Juergen Christ
732a4d15b0 Fix cipher reinit on s390x if no key is specified
If key==null on EVP_CipherInit_ex, the init functions for the hardware
implementation is not called.  The s390x implementation of OFB and CFB mode
used the init function to copy the IV into the hardware causing test failures
on cipher reinit.  Fix this by moving the copy operation into the cipher
operation.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13984)
2021-01-28 15:23:25 +01:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Daiki Ueno
1395a84e48 params: OSSL_PARAM_utf8_ptr: don't automatically reference address
Since the pointer can be later be modified, the caller should have the
responsibility to supply the address of that.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13951)
2021-01-26 15:57:24 +01:00
Richard Levitte
ba0a6d1deb Clean away unnecessary length related OSSL_PARAM key names
This cleans away old misunderstandings of what can be done with OSSL_PARAM.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13946)
2021-01-26 15:51:50 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Tomas Mraz
5764c3522c krb5kdf: Do not dereference NULL ctx when allocation fails
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13953)
2021-01-26 15:11:11 +01:00
Tomas Mraz
6253cdcc8e kdf_exch.c (kdf_derive): Proper handling of NULL secret
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
2021-01-21 18:08:02 +01:00
Tomas Mraz
6d9a54c6e6 Pass correct maximum output length to provider derive operation
And improve error checking in EVP_PKEY_derive* calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
2021-01-21 18:08:02 +01:00
Tomas Mraz
53d650d1f3 ec_kmgmt.c: OSSL_PKEY_PARAM_DEFAULT_DIGEST is gettable param for EC/SM2 keys
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13901)
2021-01-20 17:16:36 +01:00
Kurt Roeckx
47b784a41b Fix memory leak in mac_newctx() on error
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13702)
2021-01-18 15:26:29 +01:00
Tomas Mraz
0d83b7b903 Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity
To clarify the purpose of these two calls rename them to
EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv.

Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV
to better align with the function name.

Fixes #13411

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13870)
2021-01-18 14:27:44 +01:00
Tomas Mraz
8bc5b0a570 chacha20: Properly reinitialize the cipher context with NULL key
Same for chacha20-poly1305.

The test_cipher_reinit and test_cipher_reinit_partialupdate is modified
to test this case of cipher context reinitialization.

Fixes #13064

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13850)
2021-01-13 18:04:28 +01:00
Matt Caswell
1dccccf333 Fix enable-weak-ssl-ciphers
Commit e260bee broke the enable-weak-ssl-ciphers option. The stitched
rc4-hmac-md5 cipher implementation did not recognise the tls_version
parameter, and therefore was being incorrectly handled.

Fixes #13795

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13803)
2021-01-13 09:04:49 +00:00
Dr. David von Oheimb
bf973d0697 Add X509_NAME_hash_ex() to be able to check if it failed due to unsupported SHA1
Deprecate X509_NAME_hash()
Document X509_NAME_hash_ex(), X509_NAME_hash(), X509_{subject,issuer}_name_hash()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13762)
2021-01-13 09:09:36 +01:00
Nicola Tuveri
9e49aff2aa Add SM2 private key range validation
According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.

For this reason we cannot reuse the EC validation function as it is, and
we introduce a new internal function `sm2_key_private_check()`.

Partially fixes https://github.com/openssl/openssl/issues/8435

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
2021-01-08 23:59:02 +02:00
Matt Caswell
bd0c71298a Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13800)
2021-01-07 13:38:50 +00:00
Matt Caswell
e260bee0a9 Only perform special TLS handling if TLS has been configured
Skip over special TLS steps for stream ciphers if we haven't been
configured for TLS.

Fixes #12528

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13774)
2021-01-06 11:08:35 +00:00
Richard Levitte
3a1ee3c199 Drop OPENSSL_NO_RSA everywhere
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
2020-12-20 12:19:42 +01:00
Pauli
52c8535a73 dsa: provider and library deprecation changes
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)
2020-12-17 21:09:54 +01:00
Richard Levitte
6963979f5c DECODER: Adjust the library context of keys in our decoders
Because decoders are coupled with keymgmts from the same provider,
ours need to produce provider side keys the same way.  Since our
keymgmts create key data with the provider library context, so must
our decoders.

We solve with functions to adjust the library context of decoded keys,
and use them.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-17 12:02:08 +01:00
Richard Levitte
a2e145f8db Add necessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
When OpenSSL is configured with 'no-dh', 'no-dsa' and 'no-ec'
combined, some static functions have no use, which the compiler may
complain about.  We therefore add extra guards to silence it.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
2020-12-16 11:56:38 +01:00
Richard Levitte
c829c23b67 EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled
('no-dsa' not configured).  However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
DH.  This change solves that problem by shuffling these functions to
more appropriate places.

By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_DH.  This requires some re-arrangements of
internal tables to translate between numeric identities and names.

Partially fixes #13550

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
2020-12-16 11:55:39 +01:00
Richard Levitte
0cc0164d19 PROV: Add MSBLOB and PVK encoders
This allows 15-test_rsa.t to succeed, and provides the same OSSL_ENCODER
support for these formats as for all other formats supported in OpenSSL.

Fixes #13379

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13645)
2020-12-15 14:27:37 +01:00
Shane Lontis
3dafbd4468 Change AES-CTS modes CS2 and CS3 to also be inside the fips module.
The initial thought was that only CS1 mode (the NIST variant) was allowed.
The lab has asked if these other modes should be included.
The algorithm form indicates that these are able to be validated.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13639)
2020-12-14 13:46:49 +10:00
Richard Levitte
2e1bc08100 Remove unnecessary guards around MSBLOB and PVK readers and writers
The OPENSSL_NO_RC4 guard remain around protected PVK tests in
test/endecoder_test.c.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)
2020-12-13 10:27:31 +01:00
Shane Lontis
acd3e548bc Add fips self tests for all included kdf
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13480)
2020-12-11 10:59:32 +10:00
Shane Lontis
f0591559f6 Add validate method to ECX keymanager
Fixes #11619

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13459)
2020-12-11 10:53:19 +10:00
Pauli
a678506e2f rand: don't leak memory
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)
2020-12-09 22:28:52 +10:00
Pauli
8389eeea2c rand seed: include lock and unlock functions.
This satisfies EVP's RAND layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)
2020-12-09 21:46:38 +10:00
Pauli
e37b307e02 Fix error clash in build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)
2020-12-09 21:46:38 +10:00
Pauli
81aef6ba72 rand: add a provider side seed source.
This allows the operating system sources that OpenSSL supports to be
used directly as RNGs.  It also allows DRBG seeding to be explicitly
specified rather than being left to a fall back case.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13455)
2020-12-09 12:20:32 +10:00
Richard Levitte
142841ddc4 providers/common/der/build.info: Improve checks of disabled algos
This protects us from unwanted GENERATE statements in particular.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13626)
2020-12-08 16:16:53 +01:00
Shane Lontis
c1131e6a0e Deprecate EC_POINT_bn2point and EC_POINT_point2bn.
Fixes #10366

The one place that actually used was in the legacy printing of ecparams.
This has been replaced by the pointtobuf variant.

The ecparam app was using one of these functions - this line has just been
removed as another PR will remove all the code generated lines..

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13294)
2020-12-07 17:15:39 +10:00
Dr. David von Oheimb
8ce3244c57 encode_key2text.c: Fix build error on OPENSSL_NO_{DH,DSA,EC}
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13110)
2020-12-04 16:20:53 +01:00
Dr. David von Oheimb
01b7708138 encode_key2any.c: Fix build error on OPENSSL_NO_DH and OPENSSL_NO_EC
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13110)
2020-12-04 16:20:53 +01:00
Shane Lontis
c2386b81fe Fix dsa & rsa signature dupctx() so that ctx->propq is strduped
Discovered when fixing up ecdsa code.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13520)
2020-12-04 08:33:28 +10:00
Shane Lontis
283320281b Fix ecdsa digest setting code to match dsa.
Fixes #13422

ecdsa_set_ctx_params() was not setting the digest correctly. The side
effect noted was that the check for sha1 when signing was not being
done in fips mode.

Also fixed the dupctx() so that propq is deep copied.
The usage of the variable 'flag_allow_md' was also copied from the dsa code.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13520)
2020-12-04 08:33:27 +10:00