Commit Graph

65 Commits

Author SHA1 Message Date
Richard Levitte
905b097fd5 Deprecate ERR_load_KDF_strings()
Not only deprecate, but also remove the reason strings and make
ERR_load_KDF_strings() do nothing.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
2019-11-12 13:30:35 +01:00
Richard Levitte
7c6a0d909a Reinstate the KDF error macros
For minimum breakage with existing applications that might use them.

This reverts commit fe6ec26b20 and
37ed621071.

Fixes #10340

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
2019-11-12 13:30:34 +01:00
Pauli
37ed621071 Cleanse crypto/kdf directory
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Pauli
fb9e6dd6f8 KDF/PRF updates to libcrypto
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Pauli
f05b53a368 KDF provider conversion error updates - generated
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Pauli
5eb43d382b Move KDFs to the provider.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Pauli
7f588d20cd OSSL_PARAM_construct_utf8_string computes the string length.
If the passed string length is zero, the function computes the string length
from the passed string.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9760)
2019-09-04 19:41:22 +10:00
Richard Levitte
703170d4b9 Get rid of the diversity of names for MAC parameters
The EVP_PKEY MAC implementations had a diversity of controls that were
really the same thing.  We did reproduce that for the provider based
MACs, but are changing our minds on this.  Instead of that, we now use
one parameter name for passing the name of the underlying ciphers or
digests to a MAC implementation, "cipher" and "digest", and one
parameter name for passing the output size of the MAC, "size".

Then we leave it to the EVP_PKEY->EVP_MAC bridge to translate "md"
to "digest", and "digestsize" to "size".

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9667)
2019-08-24 13:01:15 +02:00
Richard Levitte
81ff9eebbc Use macros internally for algorithm names
The macros are defined in include/openssl/core_names.h and follow the
naming standard OSSL_{OPNAME}_NAME_{ALGONAME}, where {OPNAME} is the
name of the operation (such as MAC) and {ALGONAME} is the name of the
algorithm.  Example: OSSL_MAC_NAME_HMAC

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9635)
2019-08-19 08:10:16 +02:00
Richard Levitte
776796e818 Adapt diverse code to provider based MACs.
CRMF, SSKDF, TLS1_PRF and SIV are affected by this.

This also forces the need to check MAC names, which leads to storing
the names in the created methods, which affects all EVP APIs, not just
EVP_MAC.  We will want that kind of information anyway (for example
for 'openssl list')...  Consequently, EVP_MAC_name() is re-implemented.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Rich Salz
cbfa5b0398 Regenerate mkerr files
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9058)
2019-07-16 05:26:28 +02:00
Bernd Edlinger
7a228c391e Replace long dash characters with normal ascii minus
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9321)
2019-07-09 14:03:44 +02:00
Shane Lontis
1aec7716c1 Add X9.42 KDF.
Move the KDF code for CMS DH key agreement into an EVP_KDF object.
There are 2 specifications for X9.42 KDF. This implementation uses DER for
otherinfo which embeds the KDF loop counter inside the DER object.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8898)
2019-07-09 09:33:18 +10:00
Shane Lontis
f0efeea29e PBKDF2 updates to conform to SP800-132
The existing code used PKCS5 specifications.
SP800-132 adds the following additional constraints for:
  - the range of the key length.
  - the minimum iteration count (1000 recommended).
  - salt length (at least 128 bits).
These additional constraints may cause errors (in scrypt, and
some PKCS5 related test vectors). To disable the new
constraints use the new ctrl string "pkcs5".
For backwards compatability, the checks are only enabled by
default for fips mode.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8868)
2019-06-11 20:40:07 +10:00
Kurt Roeckx
be5fc053ed Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
GH: #7651
2019-06-06 17:41:41 +02:00
David Makepeace
0f52d9ed7e Cleaned up tls1_prf and added comments.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8987)
2019-05-24 10:39:18 +10:00
David Makepeace
e70185883e Added algorithm description comments to HKDF.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8994)
2019-05-24 10:09:37 +10:00
Shane Lontis
8bbeaaa4fc Added X963KDF API
X963 KDF is used for CMS ec keyagree Recipient Info.
The X963 KDF that is used by CMS EC Key Agreement has been moved
into a EVP_KDF object. This KDF is almost identical to the the SSKDF
hash variant, so it has been implemented inside the SSKDF code with
its own method table.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8902)
2019-05-16 11:43:41 +10:00
Simo Sorce
4679345149 Change the digest string from "md" to "digest"
Conform to other modules which were changed at the last minute and this
discrepancy was not noticed.
Retain "md" as an alias so not to break 3rd party backports/tests scripts.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8783)
2019-05-03 23:47:43 +02:00
Shane Lontis
d2ba812343 Added EVP_KDF (similiar to the EVP_MAC)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)
2019-05-03 17:52:50 +02:00
Shane Lontis
97cc9c9b01 Coverity: hkdf ENV_MD_size() is an int that can be negative
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8692)
2019-04-09 09:02:59 +10:00
Shane Lontis
a3c62426b9 coverity fixes for SSKDF + mac_app + kdf test cleanup
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8566)
2019-03-28 10:17:38 +00:00
Matt Caswell
1783847061 Correctly check the return code of EVP_MAC_ctrl everwhere it is used
EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places
were not getting this check correct.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
2019-03-27 14:31:56 +00:00
Shane Lontis
9537fe5757 Single step kdf implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8230)
2019-03-19 11:03:45 +00:00
Richard Levitte
cee719c2d8 The use of the likes of UINT32_MAX requires internal/numbers.h
Found a few more cases.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8366)
2019-02-28 10:31:20 +01:00
Simo Sorce
8d76481b18 Implement SSH KDF
SSH's KDF is defined in RFC 4253 in Section 7.2

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7290)
2019-02-27 11:02:54 +00:00
David Makepeace
5a285addbf Added new EVP/KDF API.
Changed PKEY/KDF API to call the new API.
Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs.
Documentation updated.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6674)
2019-02-13 12:11:49 +01:00
Kurt Roeckx
6e94b5aecd Convert tls1_prf_P_hash to use the EVP_MAC interface
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #7554
2018-12-15 12:53:16 +01:00
Richard Levitte
7bb803e85b Following the license change, modify the boilerplates in crypto/kdf/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7796)
2018-12-06 14:58:41 +01:00
Matt Caswell
ca55d70be0 Reset the HKDF state between operations
Fixes #7497

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7501)
2018-10-29 14:06:54 +00:00
Shane Lontis
64ed55ab03 hkdf zeroization fix
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)
2018-09-05 05:21:46 +10:00
Richard Levitte
28428130db Update copyright year
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5990)
2018-04-17 15:18:40 +02:00
Rich Salz
cdb10bae3f Set error code on alloc failures
Almost all *alloc failures now set an error code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5842)
2018-04-03 11:31:16 -04:00
Matt Caswell
c4d3c19b4c Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5851)
2018-04-03 13:57:12 +01:00
FdaSilvaYY
3484236d8d EVP,KDF: Add more error code along some return 0 in ...
methods :
 - EVP_PBE_scrypt
 - EVP_PKEY_meth_add0
 - EVP_PKEY_meth_new
 - EVP_PKEY_CTX_dup

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5783)
2018-03-29 22:46:10 +02:00
Matt Caswell
b0edda11cb Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)
2018-03-20 13:08:46 +00:00
Matt Caswell
f929439f61 Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
e32b52a27e Add support for setting raw private HMAC keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
888098304b More updates following review feedback
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
2017-08-21 08:44:44 +01:00
Matt Caswell
7d248ee0ae Remove OPENSSL_assert() from crypto/kdf
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
2017-08-21 08:44:44 +01:00
Johannes Bauer
402f26e6ee Fix building without scrypt
Building without the scrypt KDF is now possible, the OPENSSL_NO_SCRYPT
define is honored in code. Previous this lead to undefined references.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4116)
2017-08-08 20:50:44 +01:00
Johannes Bauer
cefa762ee5 Add interface to the scrypt KDF by means of PKEY_METHOD
Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD.
This fixes #4021 (at least for the scrypt portion of the issue).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)
2017-08-08 15:44:49 +01:00
Johannes Bauer
3f4af53c22 Fix indentation
Conform to coding guidelines.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)
2017-08-03 01:07:52 +01:00
Johannes Bauer
5b27751923 Added differentiation between missing secret and missing seed
This was previously mistakenly handled as a single error code.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)
2017-08-03 01:07:52 +01:00
Johannes Bauer
f55129c739 Changed use of EVP_PKEY_CTX_md() and more specific error codes
Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and
introduced more specific error codes (not only indicating *that* some
parameter is missing, but actually *which* one it is).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)
2017-08-03 01:07:52 +01:00
Johannes Bauer
a24a5b8cc4 More error handling to HKDF and one more case in TLS1-PRF
HKDF now handles an invalid digest like TLS1-PRF does (i.e., returns
KDF_R_INVALID_DIGEST if the passed digest is not known). Both KDFs now
set the error code KDF_R_UNKNOWN_PARAMETER_TYPE if a type was passed
that is not recognized. This will have the effect of improving debugging
output in case a user uses "openssl pkeyutl -kdf ..." in a wrong way and
result in an actual error code (instead of just "failure" and an empty
error stack).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)
2017-08-03 01:07:52 +01:00
Johannes Bauer
e65f650922 Set error when HKDF used without parameters
Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER
error code when required parameters have not been set. This will make
"openssl pkeyutl -kdf HKDF" return a meaningful error message instead of
simply "Public Key operation error".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)
2017-08-03 01:07:52 +01:00
Rich Salz
52df25cf2e make error tables const and separate header file
Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)
2017-06-07 15:12:03 -04:00
Matt Caswell
ddd2c38917 Following the changes to HKDF to accept a mode, add some tests for this
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00
Matt Caswell
d2139cf8df Update HKDF to support separte Extract and Expand steps
At the moment you can only do an HKDF Extract and Expand in one go. For
TLS1.3 we need to be able to do an Extract first, and the subsequently do
a number of Expand steps on the same PRK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00