Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.
Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.
Fixes#14276
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
The following operation types are covered:
EVP_MD, EVP_CIPHER, EVP_MAC, EVP_RAND, EVP_KEYMGMT, EVP_SIGNATURE,
EVP_ASYM_CIPHER, EVP_KEM, EVP_KEYEXCH, EVP_KDF. Also EVP_PKEY.
For EVP_MD and EVP_CIPHER, OBJ_nid2ln() is used as a fallback for
legacy implementations.
For EVP_PKEY, the info field of the EVP_PKEY_ASN1_METHOD is used as a
fallback for legacy implementations.
Fixes#14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well
as the generic use of OBJ_nid2ln() as a one line description.
We also add the base functionality to make use of this field.
Fixes#14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
Fixes#14401
Note that this moves the public key check out of DH compute_key() since
key validation does not belong inside this primitive..
The check has been moved to the EVP_PKEY_derive_set_peer() function so that
it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex()
to disable this behaviour.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14717)
Commas at the end of a list of items isn't allowed by ANSI C.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
Use OSSL_DECODER to decode the PKCS8 data to create provided keys.
If that fails fallback to the legacy implementation.
Fixes#14302
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14659)
Also do not shortcut the pkey == NULL case
to allow EVP_PKEY_get_params() to raise an error.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14606)
The TODO described a case where a legacy derive operation is called, but
the peer key is provider based. In practice this will almost never be a
problem. We should never end up in our own legacy EVP_PKEY_METHOD
implementations if no ENGINE has been configured. If an ENGINE has been
configured then we we will be using a third party EVP_PKEY_METHOD
implementation and public APIs will be used to obtain the key data from the
peer key so there will be no "reaching inside" the pkey.
There is a theoretical case where a third party ENGINE wraps our own
internal EVP_PKEY_METHODs using EVP_PKEY_meth_find() or
EVP_PKEY_meth_get0(). For these cases we just ensure all our
EVP_PKEY_METHODs never reach "inside" the implementation of a peer key. We
can never assume that it is a legacy key.
Fixes#14399
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14555)
They aren't relevant:
. Digest Sign isn't supported in the FIPS provider.
. Remove legacy NID use.
Fixes#14394Fixes#14395
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14565)
The comments are either about legacy stuff that is going to be
removed in later releases or about a safety check that can
be kept.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14554)
Without this, it is necessary to query an algorithm before setting the default
property query. With this, the value will be created and the default will
work.
Fixes#14516
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14542)
The first TODO 3.0 is not really a TODO, just a comment.
The second one is something that is needed for compatibility
with existing applications. There is no major reason in
trying to change this behavior right now.
Fixes#14400
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14534)
Fixes#14390
The only caller of this function tests EVP_KEYMGMT_is_a() beforehand
which will fail if the RSA key types do not match. So the test is not
necessary. The assert has been removed when it does the test.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14524)
Some functions that lock things are void, so we just return early.
Also make ossl_namemap_empty return 0 on error. Updated the docs, and added
some code to ossl_namemap_stored() to handle the failure, and updated the
tests to allow for failure.
Fixes: #14230
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14238)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14429)
A trivial PR to remove some commonly repeated words. It looks like this is
not the first PR to do this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14420)
OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Most of these were already deprecated but a few have been missed. This
commit corrects that.
Fixes#14303Fixes#14317
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
If someone calls an EVP_PKEY_get0*() function then we create a legacy
key and cache it in the EVP_PKEY - but it doesn't become an "origin" and
it doesn't ever get updated. This will be documented as a restriction of
the EVP_PKEY_get0*() function with provided keys.
Fixes#14020
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Make sure we were sucessful in creating an EVP_PKEY
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
