Commit Graph

11 Commits

Author SHA1 Message Date
Richard Levitte
6f4b766315 PROV: add RSA signature implementation
This includes legacy PSS controls to params conversion, and an attempt
to generalise the parameter names when they are suitable for more than
one operation.

Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers
for known RSA+hash function combinations.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
2020-02-22 01:07:15 +01:00
Matt Caswell
6f7d213533 Add X25519/X448 Key Exchange to the default provider
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10964)
2020-02-11 22:32:56 +00:00
Richard Levitte
31a796d1cc PROV: Implement padding mode words in the RSA ASYM_CIPHER implementation
Because the libcrypto code has relinquished control of exact words to
express padding mode choices, we re-implement them in the appropriate
provider implementation.

For the sake of legacy controls, we maintain support for the numeric
form of the padding mode, but leave that support otherwise undeclared.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10947)
2020-02-04 19:32:37 +01:00
Matt Caswell
d9a7510747 Teach the RSA implementation about TLS RSA Key Transport
In TLSv1.2 a pre-master secret value is passed from the client to the
server encrypted using RSA PKCS1 type 2 padding in a ClientKeyExchange
message. As well as the normal formatting rules for RSA PKCA1 type 2
padding TLS imposes some additional rules about what constitutes a well
formed key. Specifically it must be exactly the right length and
encode the TLS version originally requested by the client (as opposed to
the actual negotiated version) in its first two bytes.

All of these checks need to be done in constant time and, if they fail,
then the TLS implementation is supposed to continue anyway with a random
key (and therefore the connection will fail later on). This avoids
padding oracle type attacks.

This commit implements this within the RSA padding code so that we keep
all the constant time padding logic in one place. A later commit will
remove it from libssl.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10411)
2019-12-05 16:12:18 +00:00
Richard Levitte
045e51cbf4 PROV SERIALIZER: add support for writing DH keys and parameters
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte
cb58d81e68 PROV SERIALIZER: add common functionality to serialize keys
To support generic output of public keys wrapped in a X509_PUBKEY,
additional PEM and i2d/d2i routines are added for that type.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Matt Caswell
2c938e2ee8 Implement provider support for Asym Ciphers
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)
2019-11-14 09:29:46 +00:00
Richard Levitte
936c2b9e93 Update source files for deprecation at 3.0
Previous macros suggested that from 3.0, we're only allowed to
deprecate things at a major version.  However, there's no policy
stating this, but there is for removal, saying that to remove
something, it must have been deprecated for 5 years, and that removal
can only happen at a major version.

Meanwhile, the semantic versioning rule is that deprecation should
trigger a MINOR version update, which is reflected in the macro names
as of this change.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
2019-11-07 11:37:25 +01:00
Simo Sorce
33f54da3dd Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
2019-10-23 08:32:48 +02:00
Robbie Harwood
f6dead1b72 [KDF] Add feedback-mode and CMAC support to KBKDF
Implement SP800-108 section 5.2 with CMAC support.  As a side effect,
enable 5.1 with CMAC and 5.2 with HMAC.  Add test vectors from RFC 6803.

Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10143)
2019-10-17 12:45:03 +10:00
Richard Levitte
ddd21319e9 Cleanup: move remaining providers/common/include/internal/*.h
The end up in providers/common/include/prov/.
All inclusions are adjusted accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
2019-10-10 14:12:15 +02:00