Commit Graph

111 Commits

Author SHA1 Message Date
Benjamin Kaduk
ad7cb0bf5c test_ecpub: verify returned length after encoding
Save the length we got from querying how much space was needed, and
check that the actual encoding call returned the same length.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14291)
2021-02-27 16:14:09 +01:00
Benjamin Kaduk
c0ff1932e4 Add test for EC pubkey export/import
There seems to be an issue with i2d_provided() in i2d_evp.c that causes
us to fail to construct a valid chain of encoders for the "type-specific"
output when it's an EC pubkey.  This test is designed to exercise that
codepath for a variety of curves.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14291)
2021-02-27 16:14:09 +01:00
Tomas Mraz
1cba86234a evp_extra_test: Do not manipulate providers in default context
Otherwise the with OPENSSL_TEST_RAND_ORDER following tests will
be broken. There is also no real need to do that.

Fixes #14070

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14305)
2021-02-25 17:55:58 +01:00
Matt Caswell
5eb73cfb37 Add a test for a names_do_all function
Make sure that if we change the namemap part way through calling a
names_do_all function it still works.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)
2021-02-25 08:37:22 +10:00
Tomas Mraz
fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY
Additional renames done in encoder and decoder implementation
to follow the style.

Fixes #13622

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14155)
2021-02-17 15:26:12 +01:00
Shane Lontis
2db985b7b1 Simplify the EVP_PKEY_XXX_fromdata_XX methods.
The existing names such as EVP_PKEY_param_fromdata_settable were a bit
confusing since the 'param' referred to key params not OSSL_PARAM. To simplify
the interface a 'selection' parameter will be passed instead. The
changes are:

(1) EVP_PKEY_fromdata_init() replaces both EVP_PKEY_key_fromdata_init() and EVP_PKEY_param_fromdata_init().
(2) EVP_PKEY_fromdata() has an additional selection parameter.
(3) EVP_PKEY_fromdata_settable() replaces EVP_PKEY_key_fromdata_settable() and EVP_PKEY_param_fromdata_settable().
    EVP_PKEY_fromdata_settable() also uses a selection parameter.

Fixes #12989

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14076)
2021-02-08 16:33:43 +10:00
Matt Caswell
b8a1272d57 Test that EC keys without a public key in them work as expected
We create EC keys via both the "fromdata" and legacy key routes to make
sure that they can be used without a public key.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13922)
2021-02-01 08:59:35 +00:00
Daniel Bevenius
e947a0642d EVP: fix keygen for EVP_PKEY_RSA_PSS
This commit attempts to fix the an issue when generating a key of type
EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will
return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds
EVP_PKEY_RSA_PSS to also be accepted.

The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a
function and it is now called in legacy_ctrl_to_param.

Fixes #12384

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13099)
2021-01-28 16:25:16 +01:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Matt Caswell
8a9394c1ed Fix no-dh and no-dsa
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13915)
2021-01-22 09:47:59 +00:00
Rich Salz
a3d267f184 Deprecate EVP_KEY_new_CMAC_key and EVP_PKEY_new_CMAC_key_ex
EVP_KEY_new_CMAC_key_ex was in the pre-release 3.0 only, so is safe
to remove.
Restore 1.1.1 version of EVP_PKEY_new_CMAC_key documentation.
Also make testing of EVP_PKEY_new_CMAC_key properly #ifdef'd.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13829)
2021-01-21 12:08:46 +01:00
Tomas Mraz
0d83b7b903 Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity
To clarify the purpose of these two calls rename them to
EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv.

Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV
to better align with the function name.

Fixes #13411

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13870)
2021-01-18 14:27:44 +01:00
Jon Spillett
2c04b34140 Allow EVP_PKEY private key objects to be created without a public component
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13855)
2021-01-15 17:24:41 +01:00
Richard Levitte
6ed4022cd1 Fix 'no-deprecated'
Some of the handling of no-deprecated stuff wasn't quite complete, or
even plain wrong.

This restores i2d_PublicKey() to be able to handle EVP_PKEYs with
legacy internal keys.

This also refactors the DSA key tests in test/evp_extra_test.c to use
EVP functionality entirely.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)
2020-12-19 17:02:12 +01:00
Matt Caswell
d4c2f498a3 Don't test a deprecated function in a no-deprecated build
EVP_PKEY_set1_DH is deprecated so there is no need to test it in a
no-deprecated build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
2020-11-27 11:04:54 +00:00
Tomas Mraz
8d8dd09b96 Add test for no reset after DigestFinal_ex and DigestFinalXOF
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13402)
2020-11-26 17:39:26 +01:00
Pauli
0d4460d27e test: changes resulting from moving the entropy source out of the FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13226)
2020-11-20 08:24:21 +10:00
Richard Levitte
d7e498ac55 Deprecate RSA harder
This deprecates all functions that deal with the types RSA and RSA_METHOD

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13096)
2020-11-18 23:38:34 +01:00
Richard Levitte
e6774a7289 test/evp_extra_test.c: Modify to reflect provider support in test_EVP_PKEY_check
With our providers, RSA now supports public key check and key parameter check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)
2020-11-07 12:31:24 +01:00
Dr. Matthias St. Pierre
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 11:59:53 +01:00
Matt Caswell
d8652be06e Run the withlibctx.pl script
Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)
2020-10-01 09:25:20 +01:00
Matt Caswell
bfb56a974d Extend the SM2 asym cipher test
Ensure we test getting and setting ctx params

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12913)
2020-09-25 11:13:53 +01:00
Matt Caswell
fb2a6954fb Clean up some SM2 related TODOs in the tests
Now that we have full SM2 support, we can remove some TODOs from the tests.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12913)
2020-09-25 11:13:53 +01:00
Richard Levitte
8a288609b1 TEST: Remove use of EVP_PKEY_set_alias_type() in test/evp_extra_test.c
We already test EVP_PKEY_set_alias_type() quite thoroughly in
test/ecdsatest.c, that should be enough.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12920)
2020-09-25 11:07:42 +02:00
Paul Yang
d0b79f8631 Add SM2 signature algorithm to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
2020-09-22 08:18:09 +01:00
Richard Levitte
f0c62c5328 TEST: Add a test of EC key generation with encoding spec
The primary function of this test is to exercise
EVP_PKEY_CTX_set_ec_param_enc().

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12853)
2020-09-12 20:24:52 +02:00
Richard Levitte
08497fc64f Fix test/evp_extra_test.c
Because EVP_PKEY_CTX_new_from_name() could return a non-NULL context
with no value in it, the lack of legacy implementation when OpenSSL
was configured with 'no-ec' went through undetected.  This adds the
necessary guards to skip a test of SM2 in that case.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/12785)
2020-09-08 06:26:19 +02:00
Richard Levitte
a10847c427 "Downgrade" provider-native keys to legacy where needed
Some sub-systems and openssl sub-commands do not yet deal cleanly with
purely provider-native EVP_PKEYs.  We compensate that by "downgrading"
keys in select places, or ensure that the 'file:' scheme ENGINE loader
is activated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Matt Caswell
e5bc0ce2ae Extend test_CMAC_keygen in evp_extra_test
The test only setup the generation of a key. It did not complete that
generation. We extend the test to complete the generation and to use the
generated key. We also compare the result with a key generated in a
different way.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
2020-08-29 17:40:11 +10:00
Matt Caswell
1bf625040c Fix evp_extra_test to not assume that HMAC is legacy
evp_extra_test had a test that checks whether an EVP_PKEY_CTX can still
be created for HMAC even though there are no providers loaded because it
is a legacy algorithm. However after the earlier commits this is no longer
the case. We swap the check to a different legacy algorithm (SM2).
Hopefully before too long there will be no legacy algorithms left and the
test can be deleted.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
2020-08-29 17:40:09 +10:00
Benjamin Kaduk
440b852a0f Add tests for new EVP_CIPHER_CTX IV accessors
Test that EVP_CIPHER_CTX_get_iv() returns the same IV that was
given at initialization time, and that EVP_CIPHER_CTX_get_iv_state()
returns the expected value after performing an encryption operation
(which will differ from the previous value for CBC and OFB modes),
for various modes of AES.

Do this both for the implicit fetch and explicit fetch paths,
at the cost of a slightly more complicated switch statement.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-08-11 07:07:57 -07:00
Shane Lontis
0ab18e7924 Add EVP signature with libctx methods.
-Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx()
-Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to
  EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11884)
2020-08-09 17:34:52 +10:00
Pauli
41bbba5375 EVP: deprecate the EVP_X_meth_ functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11082)
2020-07-22 20:19:01 +10:00
Shane Lontis
e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
2020-07-08 11:19:08 +03:00
Pauli
1c19ff3ce8 test: add test for generation of random data in chunks.
THe EVP_RAND wrapper works with the underlying RNG to produce the amount of
random data requested even if it is larger than the largest single generation
the source allows.  This test verified that this works.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:07:46 +10:00
Pauli
f9e504e8b1 property: Move global default properties to the library context.
Fixes a problem where global properties don't work with a NULL query.
Specifying an algorithm with a NULL query ignores the default properties.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12123)
2020-06-23 21:44:47 +10:00
Richard Levitte
29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11855)
2020-06-02 20:00:25 +02:00
Benjamin Kaduk
2cd3ebc76c test HKDF with empty IKM
Add an extra EVP test that provides empty input key material.  It
currently fails, since we lose the information about "key present but
zero length" as we deserialize parameters in the provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)
2020-05-28 10:01:47 -07:00
Matt Caswell
5ddec6a7d3 Add a test for fetching EVP_PKEY style algs without a provider
Following on from the previous commit, add a test to check that we fail
to create an EVP_PKEY_CTX if an algorithm is not available in any provider,
*unless* it is an algorithm that has no provider support.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)
2020-05-28 17:01:47 +01:00
Richard Levitte
fab8fde3fc test/evp_extra_test.c: Add OPENSSL_NO_CMAC around CMAC test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11833)
2020-05-14 17:15:05 +02:00
Richard Levitte
a87820e16b test/evp_extra_test.c: Add test for CMAC keygen with a NULL engine
Verifies that #11671 is fixed

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11674)
2020-05-14 10:05:29 +02:00
Matt Caswell
86dc26baf6 Add some tests for the newly added raw private/public key functions
We already had soem tests for the older raw private/public key functions
so we expand those to call the new versions as well and pass in a libctx.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11635)
2020-05-04 09:30:55 +01:00
Richard Levitte
f844f9eb44 Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not.  The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
2020-04-28 15:37:37 +02:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Richard Levitte
8a5cb59601 TEST: Add a test of keygen with an empty template in test/evp_extra_test.c
We do it with RSA, which may seem strange.  However, an RSA "template"
is generally ignored, so this is safe.  This is modelled after the test
code given in github issue #11549.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11550)
2020-04-17 19:50:03 +10:00
Matt Caswell
a45694a356 Make it possible to easily specify a libctx for EVP_DigestSign*
EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex did not provide the
capability to specify an explicit OPENSSL_CTX parameter. It is still
possible by explicitly setting an EVP_PKEY_CTX - but in most cases it
would be much simpler to just specify it in the Init call. We add the
capability to do that.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11353)
2020-03-23 11:09:49 +00:00
Richard Levitte
f54a410189 test/evp_extra_test.c: adapt for RSA signature tests
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
2020-02-22 01:07:15 +01:00
Pauli
c5d9414e09 DSA: fix the DSA parameter logic in test.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
2020-02-12 08:52:41 +10:00
Richard Levitte
00bc1ad99a Don't pass a digest-size to signature implementations
It turns out this was never necessary, as the implementation should
always check the default digest size anyway.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10947)
2020-02-04 19:32:37 +01:00