Commit Graph

174 Commits

Author SHA1 Message Date
Shane Lontis
e454a3934c Add a range check (from SP800-56Ar3) to DH key derivation.
Fixes #14401

Note that this moves the public key check out of DH compute_key() since
key validation does not belong inside this primitive..
The check has been moved to the EVP_PKEY_derive_set_peer() function so that
it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex()
to disable this behaviour.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14717)
2021-04-01 09:07:08 +10:00
Pauli
8f586f5bc1 test: coverity 1455749 - dereference after null check
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)
2021-03-20 10:18:32 +10:00
Pauli
337ace06b9 test: coverity 1455747 - dereference after null check
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14589)
2021-03-20 10:18:32 +10:00
Pauli
af6171b35a test: support params arguments to init functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
2021-03-12 08:27:11 +10:00
Shane Lontis
3e6a0d5738 Reword repeated words.
A trivial PR to remove some commonly repeated words. It looks like this is
not the first PR to do this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14420)
2021-03-09 16:25:45 +10:00
Pauli
7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
05cdec396b test: adjust tests to include extra argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
41df96efc1 evp_test: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Rich Salz
a3d267f184 Deprecate EVP_KEY_new_CMAC_key and EVP_PKEY_new_CMAC_key_ex
EVP_KEY_new_CMAC_key_ex was in the pre-release 3.0 only, so is safe
to remove.
Restore 1.1.1 version of EVP_PKEY_new_CMAC_key documentation.
Also make testing of EVP_PKEY_new_CMAC_key properly #ifdef'd.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13829)
2021-01-21 12:08:46 +01:00
Tomas Mraz
0d83b7b903 Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity
To clarify the purpose of these two calls rename them to
EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv.

Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV
to better align with the function name.

Fixes #13411

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13870)
2021-01-18 14:27:44 +01:00
Richard Levitte
3a1ee3c199 Drop OPENSSL_NO_RSA everywhere
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
2020-12-20 12:19:42 +01:00
Dr. David von Oheimb
bca7ad6efd Use adapted test_get_libctx() for simpler test setup and better error reporting
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13001)
2020-12-10 11:01:26 +01:00
Shane Lontis
89cccbea51 Add EVP_KDF-X942 to the fips module
The X942 KDF had been modified so that it supports all optional fields - not
just the fields used by CMS.

As there are 2 types of KDF for X942 - this has been made a bit clearer
by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an
alias of X963KDF.

This work was instigated as a result of the ACVP tests optionally being
able to use keybits for the supp_pubinfo field.
Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this
to be disabled.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13418)
2020-12-02 12:15:05 +10:00
Dr. David von Oheimb
20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13568)
2020-12-01 07:49:38 +01:00
Shane Lontis
4605c5ab47 Fix dsa securitycheck for fips.
Fixes #12627

Changed security check for DSA verification to match SP800-131Ar2 when
the security strength is < 112.
Fixed compilation error when using config opt 'no-fips-securitychecks'
Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13387)
2020-11-16 17:21:57 +10:00
Dr. Matthias St. Pierre
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 11:59:53 +01:00
Matt Caswell
d8652be06e Run the withlibctx.pl script
Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)
2020-10-01 09:25:20 +01:00
Shane Lontis
991a6bb581 Add option to fipsinstall to disable fips security checks at run time.
Changes merged from a patch by @richsalz.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:50 +01:00
Shane Lontis
7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:39 +01:00
Shane Lontis
0645110ebd Add fips checks for ecdsa signatures
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Richard Levitte
ec0ce188f4 EVP: Centralise fetching error reporting
Instead of sometimes, and sometimes not reporting an error in the
caller of EVP_XXX_fetch(), where the error may or may not be very
accurate, it's now centralised to the inner EVP fetch functionality.
It's made in such a way that it can determine if an error occured
because the algorithm in question is not there, or if something else
went wrong, and will report EVP_R_UNSUPPORTED_ALGORITHM for the
former, and EVP_R_FETCH_FAILED for the latter.

This helps our own test/evp_test.c when it tries to figure out why an
EVP_PKEY it tried to load failed to do so.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12857)
2020-09-13 20:52:48 +02:00
Matt Caswell
24c4ea958e Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:10:39 +01:00
Richard Levitte
5045abb2e9 EC: Remove one error record that shadows another
In EC_GROUP_new_from_params(), ERR_R_EC_LIB was reported if
group_new_from_name() returned NULL.  However, this shadows a possible
EC_R_INVALID_CURVE, making that harder to detect, which happens to be
important to do in test/evp_test.c.

This also extends key_unsupported() in test/evp_test.c to check for
this error alongside the check for EC_R_UNKNOWN_GROUP.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:33 +02:00
Richard Levitte
88c1d0c1da TEST: have key_unsupported() in evp_test.c look at the last error
key_unsupported() looked at the first error in the queue to see if a
key algorithm is supported or not.  However, there are situations
where the errors it looks for is preceded by others.  It's much safer
to look at the last recorded error.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
2020-09-03 17:48:32 +02:00
Matt Caswell
a540ef90f5 Extend the provider MAC bridge for CMAC
The previous commits added support for HMAC, SIPHASH and Poly1305 into
the provider MAC bridge. We now extend that for CMAC too.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
2020-08-29 17:40:11 +10:00
Shane Lontis
ab7f4a3d2b Fix coverity CID #1465790 - Dereference after NULL check in evp_test.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
2020-08-24 11:19:28 +10:00
Richard Levitte
5f2b7db09b TEST: Use PEM_read_bio_PUBKEY_ex() and PEM_read_bio_PrivateKey_ex()
test/evp_test.c and test/sslapitest.c are affected.  This allows them
to decode keys found in stanza files via provider decoder implementations
when a library context other than the default should be used.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12673)
2020-08-20 12:37:35 +02:00
Matt Caswell
bfa6aaab45 Test that EVP_default_properties_is_fips_enabled() works early
We check that EVP_default_properties_is_fips_enabled() is working even
before other function calls have auto-loaded the config file.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12567)
2020-08-17 11:27:51 +01:00
Benjamin Kaduk
bdc0df8ab5 Avoid deprecated API in evp_test.c
Use EVP_CIPHER_CTX_get_iv_state() in cipher_test_enc() rather than
the deprecated EVP_CIPHER_CTX_iv().

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-08-11 07:07:58 -07:00
Matt Caswell
711ae5d359 Remove a TODO from evp_test
Now that the EVP_PKEY KDF bridge is based on provider code a TODO item
can be removed from evp_test.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12573)
2020-08-10 14:52:49 +01:00
Shane Lontis
dda4e259e5 Add some of the missing CMS API documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11884)
2020-08-09 17:34:52 +10:00
Shane Lontis
5ccada09aa Add evp_test fixes.
Changed many tests so they also test fips (and removed 'availablein = default' from some tests).
Seperated the monolithic evppkey.txt file into smaller maintainable groups.
Changed the availablein option so it must be first - this then skips the entire test before any fetching happens.
Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg),
before the fetch happens.
Added missing libctx's found by adding a libctx to test_evp.
Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default'
Added missing algorithm aliases for cipher/digests to the providers.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12236)
2020-08-07 14:29:00 +10:00
Pauli
9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11082)
2020-07-22 20:18:29 +10:00
Pauli
340f82a4e7 evp_test: use correct deallocation for EVP_MD
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11082)
2020-07-22 20:18:29 +10:00
Matt Caswell
660c534435 Revert "kdf: make function naming consistent."
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.

This reverts commit 765d04c946.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12186)
2020-07-16 14:21:07 +02:00
Matt Caswell
865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*"
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.

This reverts commit d9c2fd51e2.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12186)
2020-07-16 14:21:07 +02:00
Shane Lontis
7cc355c2e4 Add AES_CBC_CTS ciphers to providers
Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS.
CS1, CS2 and CS3 variants are supported.
Only single shot updates are supported.
The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This
would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that
tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly.
The cipher returns the flag EVP_CIPH_FLAG_CTS.
EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12094)
2020-07-15 23:11:50 +02:00
Pauli
c9ed9307f2 test: update EVP tests to include DRBG testing
[extended tests]

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:07:46 +10:00
Pauli
d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.

Before 3.0 is released, the names are mutable and this prevents more
inconsistencies being introduced.

There are no functional or code changes.
Just the renaming and a little reformatting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11997)
2020-06-11 11:16:37 +10:00
Pauli
765d04c946 kdf: make function naming consistent.
The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11996)
2020-06-11 11:14:21 +10:00
Matt Caswell
b533510f3b Fail if we fail to fetch the EVP_KEYMGMT
If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy.
This is because some algorithms (such as MACs and KDFs used via an old
style EVP_PKEY) have not been transferred to providers.

Unfortunately this means that you cannot stop some algorithms from being
used by not loading the provider.

For example if you wanted to prevent RSA from being used, you might expect
to just not load any providers that make it available. Unfortunately that
doesn't work because we simply fall back to legacy if we fail to fetch
the EVP_KEYMGMT.

Instead we should fail *unless* the key type is one of those legacy key
types that we have not transferred.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)
2020-05-28 17:01:47 +01:00
Dr. David von Oheimb
c74aaa3920 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11953)
2020-05-27 14:36:13 +02:00
Rich Salz
852c2ed260 In OpenSSL builds, declare STACK for datatypes ...
... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this.  Most of all, ParseC needed to be more
consistent.  The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns.  There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)
2020-04-24 16:42:46 +02:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Richard Levitte
88af1ebb04 test/evp_test.c: fix keygen_test_run()
There was a misunderstanding what it should return.  It should return
0 on internal error, but 1 even if the thing it tests fails (the error
is determined by |t->err|).

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)
2020-03-12 10:44:02 +01:00
Pauli
2ee0dfa684 Params: add argument to the _from_text calls to indicate if the param exists.
The extra argument is a integer pointer and is optional.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11049)
2020-02-21 13:04:25 +01:00
Matt Caswell
8d242823ed Fix common test framework options
PR#6975 added the ability to our test framework to have common options to
all tests. For example providing the option "-test 5" to one of our test
programs will just run test number 5. This can be useful when debugging
tests.

Unforuntately this does not work well for a number of tests. In particular
those tests that call test_get_argument() without first skipping over these
common test options will not get the expected value. Some tests did this
correctly but a large number did not.

A helper function is introduced, test_skip_common_options(), to make this
easier for those tests which do not have their own specialised test option
handling, but yet still need to call test_get_argument(). This function
call is then added to all those tests that need it.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10975)
2020-02-03 11:41:56 +00:00
Richard Levitte
3995de2c03 Adapt tests for SM2 changes.
With test/ecdsatest.c, we test all the curves once for each EC key
type we have, i.e. one round trip with EVP_PKEY_EC and one with
EVP_PKEY_SM2.  This shows that we can use "normal" EC computations on
keys with the SM2 curve (which have the type EVP_PKEY_SM2 by default)
and SM2 computations with any other curve (which have the type
EVP_PKEY_EC by default)

test/evp_test.c, on the other hand, doesn't need to explicitly set the
EVP_PKEY_SM2 alias type, as that now happens automatically.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10942)
2020-02-02 12:04:00 +01:00
Pauli
ed5cb1776b mdc2: use evp_test instead of a separate test application.
One of the MDC2 test applications can be done using evp_test.
This makes it so.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10831)
2020-01-19 11:31:40 +10:00