mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
27,252 Commits 34 Branches 390 Tags 491 MiB
5357c10624
Commit Graph

13 Commits

Author SHA1 Message Date
Pauli
5357c10624 ffc: add _ossl to exported but internal functions 
The functions updated are:
    ffc_generate_private_key, ffc_named_group_from_uid,
    ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify,
    ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate,
    ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate,
    ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp,
    ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name,
    ffc_params_flags_to_name, ffc_params_fromdata,
    ffc_params_get0_pqg, ffc_params_get_validate_params,
    ffc_params_init, ffc_params_print, ffc_params_set0_j,
    ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex,
    ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed,
    ffc_params_set_validate_params, ffc_params_simple_validate,
    ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest,
    ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key
    and ffc_validate_public_key_partial.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13041)
 2020-10-06 09:04:19 +10:00
Shane Lontis
776cf98b49 Fix coverity CID #1457935 - Check return value in ffc_params.c for BIO_indent/BIO_puts calls. 
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
 2020-09-05 15:41:31 +10:00
Shane Lontis
38145fba0a Fix DSA/DH so that legacy keys can still be generated by the default provider 
Fixes #12589

The 'type' parameter needed to be propagated to the ffc params during keygen,
so that the simple validation of params done during keygen can handle legacy keys for the default provider.
The fips provider ignores this change and only allows fips186-4 approved sizes.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12623)
 2020-08-17 23:40:20 +10:00
Matt Caswell
023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 
The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work for
DH.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
 2020-06-19 10:19:31 +01:00
Shane Lontis
4f2271d58a Add ACVP fips module tests 
For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.

This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).

The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.

The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.

The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)
 2020-06-17 11:33:16 +10:00
Shane Lontis
b808665265 Update core_names.h fields and document most fields. 
Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related to RSA keys.
Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file.
Updated Keyexchange and signature code and docs.
Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod.
Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it.

Added some usage examples. As a result of the usage examples the following change was also made:
ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11610)
 2020-05-26 13:53:07 +10:00
Richard Levitte
f844f9eb44 Rename FIPS_MODE to FIPS_MODULE 
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not.  The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
 2020-04-28 15:37:37 +02:00
Matt Caswell
a033c9a2e8 Fix some build failures with no-dh 
Add some missing OPENSSL_NO_DH guards.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11582)
 2020-04-22 10:32:47 +01:00
Shane Lontis
7165593ce5 Add DH keygen to providers 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11332)
 2020-04-16 01:14:00 +10:00
Shane Lontis
b03ec3b5d6 Add DSA keygen to provider 
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
 2020-04-15 21:02:52 +10:00
Pauli
86cde3187d ffc: use sizeof(*pointer) instead of sizeof(struct) in memset(3) call. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11101)
 2020-02-17 19:29:05 +10:00
Shane Lontis
f11f86f6ec Add FFC param/key generation 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10909)
 2020-02-06 22:28:36 +10:00
Shane Lontis
dc8de3e6f1 Modify DSA and DH keys to use a shared FFC_PARAMS struct 
This is required in order to share code for FIPS related parameter generation and validation routinues.
Note the 'counter' field is now stored as a integer (as that is the form required for generation/validation functions).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10860)
 2020-01-24 14:09:33 +10:00