Commit Graph

54 Commits

Author SHA1 Message Date
Vladimirs Ambrosovs
2aaef03339 Bugfixes for params to legacy control translations for EC parameters
param->ctrl translation: Fix fix_ecdh_cofactor()

In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should
return value in ctx->p1

param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl
 return

Since some of the ctrl operations may return 0 as valid value
(e.g. ecdh_cofactor value 0 is valid setting), before colling
POST_PARAMS_TO_CTRL, we need to check return value for 0 as well
otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails
without a chance to fix the return value

param->ctrl translation: Set ecdh_cofactor default action_type GET

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22587)
2024-11-07 10:35:54 +01:00
Tomas Mraz
7ed6de997f Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:35:49 +02:00
Tomas Mraz
55c1458303 evp_pkey_ctx_setget_params_to_ctrl(): Always properly set ctx.action_type
Fixes #24698

Some applicable translations are bidirectional so they have
NONE action_type. However we need to set the real action_type
in the ctx.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24709)
2024-06-26 11:52:02 +02:00
Matt Caswell
da1c088f59 Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 09:59:15 +01:00
Ingo Franzki
cf712830b7 ctrl_params_translate: Allow get_rsa_payload_x() also for RSA-PSS
The get_rsa_payload_x() functions should also allow to get the payload
for RSA-PSS keys.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
2023-08-24 16:11:38 +02:00
Ingo Franzki
e2c2cca4b2 ctrl_params_translate: Allow RSA controls also for RSA-PSS
Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
2023-08-24 16:11:38 +02:00
Dimitri Papadopoulos
a024ab984e Fix typos found by codespell
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21467)
2023-07-18 18:54:45 +10:00
ljuzwiuk
64b1d2fb06 Fix RSA OAEP set/get label for legacy engine
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21401)
2023-07-17 08:15:06 +10:00
Yuan, Shuai
43d5dac9d0 Fixed EVP_PKEY_CTX_set_ec_paramgen_curve_nid() for SM2 in ENGINEs
The CTRL translation is missing for SM2 key types.

Fixes #20899
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20900)
2023-05-15 12:04:55 +02:00
Yuan, Shuai
be6497aa20 Fixed TLS1.3 handshake issue for legacy engine API.
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20922)
2023-05-11 12:49:40 +02:00
Richard Levitte
1009940c14 param->ctrl translation: Fix evp_pkey_ctx_setget_params_to_ctrl()
Ensure that ctx.ctrl_cmd defaults to translation->cmd_num

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20780)
2023-05-01 11:20:04 +01:00
Richard Levitte
ac52fe5f5a param->ctrl translation: Fix fix_ec_paramgen_curve_nid()
This function didn't prepare space to get the param string, which causes
the default_fixup_args() call to fail.

Fixes #20161

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20780)
2023-05-01 11:20:04 +01:00
Pauli
bbe9d2de6c Coverity 1524597: null pointer dereference
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20629)
2023-03-30 20:17:12 +02:00
Jorge Ramirez-Ortiz
9adbce7493 translation: EC legacy keys, handle OSSL_PKEY_PARAM_EC_PUB_X,Y requests
Required by tpm2-tss to load legacy EC keys using the OpenSSL engine.

Fixes: https://github.com/tpm2-software/tpm2-tss/issues/2581
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20535)
2023-03-27 12:06:21 +02:00
ndossche
650f047428 Fix error check on default_check() helper function
default_check() can return a zero value to indicate an internal error in
one condition for the PRE_CTRL_STR_TO_PARAMS state. This state can be
reached from the default_fixup_args() function which does not check for
a zero value. All other callers of default_check() in that file do check
for a zero return value. Fix it by changing the check to <= 0.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20175)
2023-02-08 16:56:20 +01:00
Hubert Kario
5ab3ec1bb1 rsa: Add option to disable implicit rejection
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
2022-12-12 11:30:52 +01:00
Juergen Christ
c048779520 Add translation for ECX group parameter
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519
and X448.  The translation of this parameter resulted in an error.  This
caused errors for legacy keys and engines.

Fix this situation by adding a translation that simply checks that the correct
parameter is to be set, but does not actually set anything.  This is correct
since the group name is anyway optional for these two curves.

Fixes #19313

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19348)
2022-10-13 13:26:14 +01:00
FdaSilvaYY
1567a821a4 crypto: Fix various typos, repeated words, align some spelling to LDP.
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- file name -> filename
- host name -> hostname

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-12 16:55:01 +11:00
Richard Levitte
e077455e9e Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
2022-10-05 14:02:03 +02:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Tomas Mraz
359dad5178 fix_dh_paramgen_type: Avoid crash with invalid paramgen type
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18202)
2022-05-02 08:35:54 +02:00
Dmitry Belyavskiy
fba140c735 str[n]casecmp => OPENSSL_strncasecmp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)
2022-04-22 11:34:41 +02:00
Richard Levitte
d5f9166bac Move e_os.h to include/internal
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform.  It simply fails to build.

Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)
2022-02-05 05:31:09 +01:00
Tomas Mraz
f58bb2dd00 Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114
Fixes #17485

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
2022-01-17 16:20:57 +01:00
Dimitris Apostolou
e304aa87b3 Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
2022-01-05 12:37:20 +01:00
Tom Cosgrove
6f87463b62 Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value
When an integer value was specified, it was not being passed back via
the orig_p2 weirdness.

Regression test included.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17136)
2021-11-27 17:08:52 +10:00
Phil Mesnier
09d91264c8 Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with
ctx->p2 being a null pointer.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16913)

(cherry picked from commit 07e6c85736)
2021-11-05 10:55:19 +10:00
PW Hu
944fcfc69d Fix incorrect return check of BN_bn2nativepad
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16943)
2021-11-01 15:08:51 +08:00
Tomas Mraz
922422119d ctrl_params_translate: Fix leak of BN_CTX
Also add a missing allocation failure check.

Fixes #16788

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16804)
2021-10-12 16:45:21 +02:00
Tomas Mraz
0ec738433e Multiple fixes for getting pub key from legacy DH PKEY
There were multiple issues with getting OSSL_PKEY_PARAM_PUB_KEY
from a legacy EVP_PKEY DH and DHX keys.

Fixes #16247

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16253)
2021-08-16 12:55:08 +02:00
Pauli
5cdeb99f9c ctrls: add missing control string translation for key -> priv for HMAC
Fixes #16200

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16212)
2021-08-05 10:14:32 +02:00
Juergen Christ
daf4b2437f Fix compile warning with GCC 11.
When configured with strict warnings, GCC 11 complains about a possible
stringop-translation:

Config:

/usr/bin/perl ./Configure enable-asan enable-ubsan enable-zlib-dynamic \
enable-unit-test enable-md2 enable-rc5 enable-buildtest-c++ \
enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-fips -w \
--strict-warnings

Warning:

crypto/evp/ctrl_params_translate.c: In function 'fix_rsa_pss_saltlen':
crypto/evp/ctrl_params_translate.c:1356:13: error: 'strncpy' specified bound 50 equals destination size [-Werror=stringop-truncation]
 1356 |             strncpy(ctx->name_buf, str_value_map[i].ptr, sizeof(ctx->name_buf));
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix by copying one byte less than the buffer size.  We anyway overwrite the
last byte.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15993)
2021-07-08 10:34:55 +02:00
Pauli
5e56f4587d evp: fix coverity 1473380 Copy into fixed size buffer (STRING_OVERFLOW)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
2021-06-30 13:55:09 +10:00
Pauli
3f617061ec evp: fix Coverity 1485669 improper use of negative value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)
2021-06-08 19:32:25 +10:00
Tomas Mraz
ed576acdf5 Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-06-01 12:40:00 +02:00
Matt Caswell
3bcc933ec4 Teach EVP_PKEYs to say whether they were decoded from explicit params
Currently we explicitly downgrade an EVP_PKEY to an EC_KEY and ask
the EC_KEY directly whether it was decoded from explicit parameters or not.
Instead we teach EVP_PKEYs to respond to a new parameter for this purpose.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15526)
2021-05-31 09:23:39 +10:00
Shane Lontis
7c14d0c1c0 Rename the field 'provctx and data' to 'algctx' inside some objects containing
pointers to provider size algorithm contexts.

Fixes #14284

The gettable_ctx_params methods were confusingly passing a 'provctx' and
a provider context which are completely different objects.
Some objects such as EVP_KDF used 'data' while others such as EVP_MD used 'provctx'.

For libcrypto this 'ctx' is an opaque ptr returned when a providers algorithm
implementation creates an internal context using a new_ctx() method.
Hence the new name 'algctx'.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15275)
2021-05-24 10:12:18 +10:00
Dr. David von Oheimb
56784203ec Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
2021-05-11 12:46:42 +02:00
Dr. David von Oheimb
f925315203 Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
2021-05-11 12:46:42 +02:00
Shane Lontis
f1ffaaeece Fixes related to separation of DH and DHX types
Fix dh_rfc5114 option in genpkey.

Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444

Updated documentation for app to indicate what options are available for
DH and DHX keys.

DH and DHX now have different keymanager gen_set_params() methods.

Added CHANGES entry to indicate the breaking change.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14883)
2021-04-26 19:52:11 +02:00
Richard Levitte
ad57a13bb8 Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()
The intention is to allow for OIDs for which libcrypto has no
information, but are still fetchable for OSSL_ALGORITHM
implementations that specify an OID amongst their names.

Fixes #14278

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
2021-04-18 10:10:24 +02:00
Pauli
34ed733396 SipHash: Fix CTRL API for the digest size.
Adds a mapping from "digestsize" to "size" for setting a param.

Fixes #14370

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14850)
2021-04-16 09:00:41 +10:00
Tomas Mraz
0cfbc828e0 Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.

Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.

Fixes #14276

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
2021-04-06 09:10:11 +02:00
Tomas Mraz
0a4a48a8b4 EVP_PKEY_CTRL_CIPHER can be used with encrypt/decrypt with GOST
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
2021-04-01 14:39:53 +02:00
Richard Levitte
b24b72d109 EVP: One stray comma removed in crypto/evp/ctrl_params_translate.c
Commas at the end of a list of items isn't allowed by ANSI C.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
2021-03-31 13:28:46 +10:00
Pauli
abded2ced4 evp: fix coverity 1473380: copy into fixed size buffer
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14614)
2021-03-21 11:13:39 +10:00
Pauli
b6d1bd4eb8 evp: fix coverity 1473381 - dereference after null check
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)
2021-03-20 10:18:32 +10:00
Shane Lontis
3e6a0d5738 Reword repeated words.
A trivial PR to remove some commonly repeated words. It looks like this is
not the first PR to do this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14420)
2021-03-09 16:25:45 +10:00
Matt Caswell
7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type
OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
2021-03-08 15:13:09 +00:00
Rich Salz
b0aae91324 Remove RSA SSLv23 padding mode
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14248)
2021-03-01 10:56:12 +01:00