Commit Graph

299 Commits

Author SHA1 Message Date
Pauli
b7466c1303 Move PKCS#12 KDF to provider.
This KDF is defined in RFC7292 in appendix B.  It is widely used in PKCS#12
and should be provided.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12624)
2020-08-14 18:15:12 +10:00
Shane Lontis
e5b2cd5899 Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo
Added der_writer functions for writing octet string primitives.
Generate OID's for key wrapping algorithms used by X942 KDF.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12554)
2020-08-04 12:18:51 +10:00
Richard Levitte
a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12492)
2020-07-27 12:15:29 +02:00
Matt Caswell
51d9ac870a Fix no-ec2m
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12526)
2020-07-27 10:07:35 +01:00
Richard Levitte
853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12410)
2020-07-24 16:32:01 +02:00
Richard Levitte
904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a
libcommon.a is FIPS agnostic, while libfips.a and libnonfips.a are
FIPS / non-FIPS specific.  Since bio_prov.c checks FIPS_MODULE, it
belongs to the latter.

Along with this, a bit more instruction commentary is added to
providers/build.info.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/12486)
2020-07-21 11:52:32 +02:00
Shane Lontis
9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests.
As the ERR_raise() is setup at this point returng a range of negative values for errors is not required.
This will need to be revisited if the code ever moves to running from the DEP.
Added a -config option to the fips install so that it can test if a fips module is loadable from configuration.
(The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file).
Added more failure tests for the raised errors.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12346)
2020-07-21 16:30:02 +10:00
Matt Caswell
865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*"
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.

This reverts commit d9c2fd51e2.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12186)
2020-07-16 14:21:07 +02:00
Pauli
ecca5b6e2e capabilities: make capability selection case insensitive.
Everything else to do with algorithm selection and properties is case
insensitive.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12450)
2020-07-16 09:19:24 +02:00
Pauli
9bd8d96c39 deprecate engines in provider code
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12226)
2020-07-16 09:12:27 +02:00
Matt Caswell
2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12292)
2020-07-08 08:55:56 +01:00
Nicola Tuveri
e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys
The following built-in curves do not have an assigned OID:

- Oakley-EC2N-3
- Oakley-EC2N-4

In general we shouldn't assume that an OID is always available.

This commit detects such cases, raises an error and returns appropriate
return values so that the condition can be detected and correctly
handled by the callers, when serializing EC parameters or EC keys with
the default `ec_param_enc:named_curve`.

Fixes #12306

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12313)
2020-07-06 19:15:36 +03:00
Dr. Matthias St. Pierre
363b1e5dae Make the naming scheme for dispatched functions more consistent
The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core and providers.

This change includes in particular all up- and downcalls, i.e., the
dispatched functions passed from core to provider and vice versa.

- OSSL_core_  -> OSSL_FUNC_core_
- OSSL_provider_ -> OSSL_FUNC_core_

For operations and their function dispatch tables, the following convention
is used:

  Type                 | Name (evp_generic_fetch(3))       |
  ---------------------|-----------------------------------|
  operation            | OSSL_OP_FOO                       |
  function id          | OSSL_FUNC_FOO_FUNCTION_NAME       |
  function "name"      | OSSL_FUNC_foo_function_name       |
  function typedef     | OSSL_FUNC_foo_function_name_fn    |
  function ptr getter  | OSSL_FUNC_foo_function_name       |

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)
2020-06-24 22:01:22 +02:00
Dr. Matthias St. Pierre
23c48d94d4 Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)
2020-06-24 22:01:22 +02:00
Pauli
15dfa092d0 rand: core APIs for provider friendly random.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:05:41 +10:00
Matt Caswell
48e971dd9f Create defines for TLS Group Ids
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
2020-06-19 10:19:32 +01:00
Matt Caswell
72bfc95858 Add the concept of "Capabilities" to the default and fips providers
With capabilities we can query a provider about what it can do.
Initially we support a "TLS-GROUP" capability.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
2020-06-19 10:19:31 +01:00
Pauli
d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.

Before 3.0 is released, the names are mutable and this prevents more
inconsistencies being introduced.

There are no functional or code changes.
Just the renaming and a little reformatting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11997)
2020-06-11 11:16:37 +10:00
Matt Caswell
00c405b365 Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)
2020-06-04 14:33:57 +01:00
Richard Levitte
3f5ea7dc0c Fix omissions in providers/common/der/build.info
Dependencies on generated files must be declared explicitly.  When
refactoring the DER code in providers/common/der, a few of those
dependency declaration were omitted, which may lead to build errors in
a parallel build.

Some cleanup and extensive used of build.info variables is done while
at it, to avoid unnecessary repetition.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11906)
2020-05-25 13:59:29 +02:00
Richard Levitte
a30027b680 Refactor the provider side DER constants and writers
This splits up all the providers/common/der/*.c.in so the generated
portion is on its own and all related DER writing routines are in
their own files.  This also ensures that the DIGEST consstants aren't
reproduced in several files (resulting in symbol clashes).

Finally, the production of OID macros is moved to the generated header
files, allowing other similar macros, or DER constant arrays, to be
built on top of them.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11868)
2020-05-20 21:07:09 +02:00
Matt Caswell
d40b42ab4c Maintain strict type discipline between the core and providers
A provider could be linked against a different version of libcrypto than
the version of libcrypto that loaded the provider. Different versions of
libcrypto could define opaque types differently. It must never occur that
a type created in one libcrypto is used directly by the other libcrypto.
This will cause crashes.

We can "cheat" for "built-in" providers that are part of libcrypto itself,
because we know that the two libcrypto versions are the same - but not for
other providers.

To ensure this does not occur we use different types names for the handful
of opaque types that are passed between the core and providers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11758)
2020-05-16 17:10:03 +01:00
Matt Caswell
454afd9866 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)
2020-05-15 14:09:49 +01:00
Richard Levitte
90ad284f4e PROV: make some DER AID arrays non-static, to avoid clang complaints
The problem encountered is that some arrays were deemed unnecessary by
clang, for example:

    providers/common/der/der_rsa.c:424:28: error: variable 'der_aid_sha224Identifier' is not needed and will not be emitted [-Werror,-Wunneeded-internal-declaration]
    static const unsigned char der_aid_sha224Identifier[] = {
                               ^

However, these arrays are used in sizeof() expressions in other parts
of the code that's actually used, making that warning-turned-error a
practical problem.  We solve this by making the array non-static,
which guarantees that the arrays will be emitted, even though
unnecessarily.  Fortunately, they are very small.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-14 12:20:24 +02:00
Richard Levitte
2d5536609b PROV & SIGNATURE: Adapt the RSA signature code for PSS-parameters
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-14 12:16:36 +02:00
Richard Levitte
36a2a551d7 PROV: Refactor the RSA DER support
We separate out the NIST arc OIDs to a separate file, so it can be
re-used, and also the DIGEST OIDs.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-14 12:16:35 +02:00
Richard Levitte
78906fff4a PROV: Adapt all our providers to use the new PROV_CTX structure
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11803)
2020-05-13 17:22:13 +01:00
Richard Levitte
05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers
The provider context structure is made to include the following information:

- The core provider handle (first argument to the provider init
  function).  This handle is meant to be used in all upcalls that need
  it.

- A library context, used for any libcrypto calls that need it, done in
  the provider itself.

Regarding the library context, that's generally only needed if the
provider makes any libcrypto calls, i.e. is linked with libcrypto.  That
happens to be the case for all OpenSSL providers, but is applicable for
other providers that use libcrypto internally as well.

The normal thing to do for a provider init function is to create its own
library context.  For a provider that's meant to become a dynamically
loadable module, this is what MUST be done.
However, we do not do that in the default provider; it uses the library
context associated with the core provider handle instead.  This is
permissible, although generally discouraged, as long as the provider in
question is guaranteed to be built-in, into libcrypto or into the
application that uses it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11803)
2020-05-13 17:21:58 +01:00
Shane Lontis
45c236ad1f Add RSA SHA512 truncated digest support
Partial Fix for #11648.

Some additional work still needs to be done to support RSA-PSS mode.

RSA legacy digests will be addressed in another PR.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11681)
2020-05-07 16:00:40 +10:00
Shane Lontis
3bf26eb335 Add OIDS for md4 and ripemd160 to der_rsa
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11696)
2020-05-07 15:36:02 +10:00
Richard Levitte
f844f9eb44 Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not.  The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
2020-04-28 15:37:37 +02:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Richard Levitte
1f185f51a7 PROV: Implement EC param / key generation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11328)
2020-04-15 11:03:59 +02:00
Richard Levitte
2d956b320c PROV: Add DERlib support for ECDSA and EC keys
This replaces crypto/ec/ecdsa_aid.c with new code and generated OIDs

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11450)
2020-04-07 11:16:56 +02:00
Richard Levitte
8c55580347 PROV: Add DERlib support for DSA
This replaces crypto/dsa/dsa_aid.c with new code and generated OIDs

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11450)
2020-04-07 11:16:56 +02:00
Richard Levitte
6f5837dc16 PROV: Add DERlib support for RSA
This replaces crypto/rsa/rsa_aid.c with new code and generated OIDs

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11450)
2020-04-07 11:16:56 +02:00
Richard Levitte
1d39620b34 PROV: Add the beginning of a DER writing library
This library is meant to be small and quick.  It's based on WPACKET,
which was extended to support DER writing.  The way it's used is a
bit unusual, as it's used to write the structures backward into a
given buffer.  A typical quick call looks like this:

    /*
     * Fill in this structure:
     *
     * something ::= SEQUENCE {
     *     id OBJECT IDENTIFIER,
     *     x [0] INTEGER OPTIONAL,
     *     y [1] BOOLEAN OPTIONAL,
     *     n INTEGER
     * }
     */
    unsigned char buf[nnnn], *p = NULL;
    size_t encoded_len = 0;
    WPACKET pkt;
    int ok;

    ok =   WPACKET_init_der(&pkt, buf, sizeof(buf)
        && DER_w_start_sequence(&pkt, -1)
        && DER_w_bn(&pkt, -1, bn)
        && DER_w_boolean(&pkt, 1, bool)
        && DER_w_precompiled(&pkt, -1, OID, sizeof(OID))
        && DER_w_end_sequence(&pkt, -1)
        && WPACKET_finish(&pkt)
        && WPACKET_get_total_written(&pkt, &encoded_len)
        && (p = WPACKET_get_curr(&pkt)) != NULL;

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11450)
2020-04-07 11:16:56 +02:00
Richard Levitte
77de6bb38d Add perl support to parse and DER encode ASN.1 OID specs
We have an old OID database that's not as readable as would be
desired, and we have spots with hand coded DER for well known OIDs.

The perl modules added here give enough support that we can parse
OBJECT IDENTIFIER definitions and encode them as DER.

OpenSSL::OID is a general OID parsing and encoding of ASN.1
definitions, and supports enough of the X.680 syntax to understand
what we find in RFCs and similar documents and produce the DER
encoding for them.

oids_to_c is a specialized module to convert the DER encoding from
OpenSSL::OID to C code.  This is primarily useful in file templates
that are processed with util/dofile.pl.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11450)
2020-04-07 11:16:56 +02:00
Matt Caswell
5fcb97c61e Ignore some fetch failures
Some fetch failurs are ok and should be ignored.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11405)
2020-03-27 11:12:27 +00:00
Matt Caswell
3965480c82 Implement provider support for Ed25519 annd Ed448
At the moment we only provider support for these algorithms in the default
provider. These algorithms only support "one shot" EVP_DigestSign() and
EVP_DigestVerify() as per the existing libcrypto versions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
2020-03-09 07:59:15 +00:00
Richard Levitte
6f4b766315 PROV: add RSA signature implementation
This includes legacy PSS controls to params conversion, and an attempt
to generalise the parameter names when they are suitable for more than
one operation.

Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers
for known RSA+hash function combinations.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
2020-02-22 01:07:15 +01:00
Matt Caswell
6f7d213533 Add X25519/X448 Key Exchange to the default provider
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10964)
2020-02-11 22:32:56 +00:00
Richard Levitte
31a796d1cc PROV: Implement padding mode words in the RSA ASYM_CIPHER implementation
Because the libcrypto code has relinquished control of exact words to
express padding mode choices, we re-implement them in the appropriate
provider implementation.

For the sake of legacy controls, we maintain support for the numeric
form of the padding mode, but leave that support otherwise undeclared.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10947)
2020-02-04 19:32:37 +01:00
Shane Lontis
0d2bfe52bb Add AES_CBC_HMAC_SHA ciphers to providers.
Also Add ability for providers to dynamically exclude cipher algorithms.
Cipher algorithms are only returned from providers if their capable() method is either NULL,
or the method returns 1.
This is mainly required for ciphers that only have hardware implementations.
If there is no hardware support, then the algorithm needs to be not available.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10146)
2020-01-06 13:02:16 +10:00
Richard Levitte
68a51d59a2 Move providers/common/{ciphers,digests}/* to providers/implementations
The idea to have all these things in providers/common was viable as
long as the implementations was spread around their main providers.
This is, however, no longer the case, so we move the common blocks
closer to the source that use them.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10564)
2019-12-11 12:55:48 +01:00
Matt Caswell
d9a7510747 Teach the RSA implementation about TLS RSA Key Transport
In TLSv1.2 a pre-master secret value is passed from the client to the
server encrypted using RSA PKCS1 type 2 padding in a ClientKeyExchange
message. As well as the normal formatting rules for RSA PKCA1 type 2
padding TLS imposes some additional rules about what constitutes a well
formed key. Specifically it must be exactly the right length and
encode the TLS version originally requested by the client (as opposed to
the actual negotiated version) in its first two bytes.

All of these checks need to be done in constant time and, if they fail,
then the TLS implementation is supposed to continue anyway with a random
key (and therefore the connection will fail later on). This avoids
padding oracle type attacks.

This commit implements this within the RSA padding code so that we keep
all the constant time padding logic in one place. A later commit will
remove it from libssl.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10411)
2019-12-05 16:12:18 +00:00
Richard Levitte
045e51cbf4 PROV SERIALIZER: add support for writing DH keys and parameters
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte
cb58d81e68 PROV SERIALIZER: add common functionality to serialize keys
To support generic output of public keys wrapped in a X509_PUBKEY,
additional PEM and i2d/d2i routines are added for that type.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte
63665fff84 PROV BIO: add a BIO_vprintf() upcall, and a provider BIO library
The BIO_vprintf() will allow the provider to print any text, given a
BIO supplied by libcrypto.

Additionally, we add a provider library with functions to collect all
the currently supplied BIO upcalls, as well as wrappers around those
upcalls.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Matt Caswell
4b9c750be8 Make sure we handle input NULL with length 0
If we call EVP_EncryptUpdate/EVP_DecryptUpdate with length 0 we should
be able to handle it. Most importantly we shouldn't get different
results if we do this compared to if we don't!

An exception is made for CCM mode which has special handling for this in
the low level cipher function.

Fixes #8675

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10530)
2019-11-29 10:41:06 +00:00
Pauli
c676ff42b0 PROV: check for memory allocation failure in digest _dupctx.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10487)
2019-11-22 15:20:54 +10:00
Patrick Steuer
51356a066e Dont pass zero length input to asm modules for ciphers
The asm modules may assume an input length > 0.

Fixes: #9262

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10323)
2019-11-20 10:24:53 +01:00
Matt Caswell
d23adad113 EVP_CIPHER_CTX_set_keylen should not succeed if a bad keylen is passed
EVP_CIPHER_CTX_set_keylen() was succeeding even though a bad key length
is passed to it. This is because the set_ctx_params() were all accepting
this parameter and blindly changing the keylen even though the cipher did
not accept a variable key length. Even removing this didn't entirely
resolve the issue because set_ctx_params() functions succeed even if
passed a parameter they do not recognise.

This should fix various issues found by OSSfuzz/Cryptofuzz.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10449)
2019-11-19 13:33:54 +00:00
Shane Lontis
f75abcc0f0 Fix Use after free when copying cipher ctx
Fixes #10438
issue found by clusterfuzz/ossfuzz

The dest was getting a copy of the src structure which contained a pointer that should point to an offset inside itself - because of the copy it was pointing to the original structure.

The setup for a ctx is mainly done by the initkey method in the PROV_CIPHER_HW structure. Because of this it makes sense that the structure should also contain a copyctx method that is use to resolve any pointers that need to be setup.

A dup_ctx has been added to the cipher_enc tests in evp_test. It does a dup after setup and then frees the original ctx. This detects any floating pointers in the duplicated context that were pointing back to the freed ctx.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10443)
2019-11-18 13:13:05 +10:00
Matt Caswell
2c938e2ee8 Implement provider support for Asym Ciphers
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)
2019-11-14 09:29:46 +00:00
Richard Levitte
a8f6d2642d Rename providers/common/provlib.c to nid_to_name.c
It contains only one function, which should only get added to non-FIPS
providers.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10389)
2019-11-10 05:05:06 +01:00
Richard Levitte
936c2b9e93 Update source files for deprecation at 3.0
Previous macros suggested that from 3.0, we're only allowed to
deprecate things at a major version.  However, there's no policy
stating this, but there is for removal, saying that to remove
something, it must have been deprecated for 5 years, and that removal
can only happen at a major version.

Meanwhile, the semantic versioning rule is that deprecation should
trigger a MINOR version update, which is reflected in the macro names
as of this change.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
2019-11-07 11:37:25 +01:00
Simo Sorce
33f54da3dd Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
2019-10-23 08:32:48 +02:00
Robbie Harwood
f6dead1b72 [KDF] Add feedback-mode and CMAC support to KBKDF
Implement SP800-108 section 5.2 with CMAC support.  As a side effect,
enable 5.1 with CMAC and 5.2 with HMAC.  Add test vectors from RFC 6803.

Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10143)
2019-10-17 12:45:03 +10:00
Richard Levitte
5b084ca049 Remove EVP_CIPH_FLAG_CUSTOM_CIPHER in all our providers
Not needed any more, since the presence of the OSSL_FUNC_CIPHER_CIPHER
function is enough to tell that there's a custom cipher function.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)
2019-10-11 15:58:15 +02:00
Richard Levitte
ff33581c67 Providers: fix OSSL_FUNC_CIPHER_CIPHER functions
This involves gcm_cipher() (providers/common/ciphers/cipher_gcm.c),
ccm_cipher() (providers/common/ciphers/cipher_ccm.c), and
tdes_wrap_cipher() (providers/common/ciphers/cipher_tdes_wrap.c)

These are generic implementations of the OSSL_FUNC_CIPHER_CIPHER
function, which returned -1 on error when they should return 0.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)
2019-10-11 15:55:36 +02:00
Richard Levitte
ddd21319e9 Cleanup: move remaining providers/common/include/internal/*.h
The end up in providers/common/include/prov/.
All inclusions are adjusted accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
2019-10-10 14:12:15 +02:00
Richard Levitte
af3e7e1bcc Cleanup: move providers/common/include/internal/provider_args.h
New name is providers/implementations/include/prov/implementations.h
All inclusions are adapted accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
2019-10-10 14:12:15 +02:00
Richard Levitte
604e884bb8 Providers: move all ciphers
From providers/{common,default}/ to providers/implementations/

Except for common code, which remains in providers/common/ciphers/.
However, we do move providers/common/include/internal/ciphers/*.h
to providers/common/include/prov/, and adjust all source including
any of those header files.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
2019-10-10 14:12:15 +02:00
Richard Levitte
7c214f1092 Providers: move all digests
From providers/{common,default,legacy}/ to providers/implementations/
However, providers/common/digests/digest_common.c stays where it is,
because it's support code rather than an implementation.

To better support all kinds of implementations with common code, we
add the library providers/libcommon.a.  Code that ends up in this
library must be FIPS agnostic.

While we're moving things around, though, we move digestscommon.h
from providers/common/include/internal to providers/common/include/prov,
thereby starting on a provider specific include structure, which
follows the line of thoughts of the recent header file reorganization.
We modify the affected '#include "internal/something.h"' to
'#include "prov/something.h"'.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
2019-10-10 14:12:15 +02:00
Richard Levitte
5687e357c6 Providers: move common exchange,kdfs,keymgmt,macs,signature
From providers/common/ to providers/implementations/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
2019-10-10 14:12:15 +02:00
Richard Levitte
dec95d7589 Rework how our providers are built
We put almost everything in these internal static libraries:

libcommon               Block building code that can be used by all
                        our implementations, legacy and non-legacy
                        alike.
libimplementations      All non-legacy algorithm implementations and
                        only them.  All the code that ends up here is
                        agnostic to the definitions of FIPS_MODE.
liblegacy               All legacy implementations.

libnonfips              Support code for the algorithm implementations.
                        Built with FIPS_MODE undefined.  Any code that
                        checks that FIPS_MODE isn't defined must end
                        up in this library.
libfips                 Support code for the algorithm implementations.
                        Built with FIPS_MODE defined.  Any code that
                        checks that FIPS_MODE is defined must end up
                        in this library.

The FIPS provider module is built from providers/fips/*.c and linked
with libimplementations, libcommon and libfips.

The Legacy provider module is built from providers/legacy/*.c and
linked with liblegacy, libcommon and libcrypto.
If module building is disabled, the object files from liblegacy and
libcommon are added to libcrypto and the Legacy provider becomes a
built-in provider.

The Default provider module is built-in, so it ends up being linked
with libimplementations, libcommon and libnonfips.  For libcrypto in
form of static library, the object files from those other libraries
are simply being added to libcrypto.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
2019-10-10 14:12:15 +02:00
Shane Lontis
f816aa47ac Add rc2 ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9991)
2019-10-08 16:42:28 +10:00
Shane Lontis
089cb623be Move cipher ctx 'original iv' parameter into the provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10026)
2019-10-08 09:19:10 +10:00
Matt Caswell
45a845e40b Add EVP_DigestSign/EVP_DigestVerify support for DSA
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10013)
2019-10-03 09:47:12 +01:00
Shane Lontis
6a41156c20 Add rc5 ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10006)
2019-10-03 16:05:49 +10:00
Richard Levitte
6ef81d388d Remove EVP_CIPH_FLAG_DEFAULT_ASN1 from all provided implementations
Since that flag has lost its relevance, don't use it any more.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-10-01 22:51:00 +02:00
Dr. Matthias St. Pierre
ae4186b004 Fix header file include guard names
Make the include guards consistent by renaming them systematically according
to the naming conventions below

For the public header files (in the 'include/openssl' directory), the guard
names try to match the path specified in the include directives, with
all letters converted to upper case and '/' and '.' replaced by '_'. For the
private header files files, an extra 'OSSL_' is added as prefix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:36 +02:00
Dr. Matthias St. Pierre
706457b7bd Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

  '*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:35 +02:00
Dr. Matthias St. Pierre
25f2138b0a Reorganize private crypto header files
Currently, there are two different directories which contain internal
header files of libcrypto which are meant to be shared internally:

While header files in 'include/internal' are intended to be shared
between libcrypto and libssl, the files in 'crypto/include/internal'
are intended to be shared inside libcrypto only.

To make things complicated, the include search path is set up in such
a way that the directive #include "internal/file.h" could refer to
a file in either of these two directoroes. This makes it necessary
in some cases to add a '_int.h' suffix to some files to resolve this
ambiguity:

  #include "internal/file.h"      # located in 'include/internal'
  #include "internal/file_int.h"  # located in 'crypto/include/internal'

This commit moves the private crypto headers from

  'crypto/include/internal'  to  'include/crypto'

As a result, the include directives become unambiguous

  #include "internal/file.h"       # located in 'include/internal'
  #include "crypto/file.h"         # located in 'include/crypto'

hence the superfluous '_int.h' suffixes can be stripped.

The files 'store_int.h' and 'store.h' need to be treated specially;
they are joined into a single file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 20:26:34 +02:00
Robbie Harwood
a39bc4404b [KDF] Add KBKDF implementation for counter-mode HMAC
Implement SP800-108 section 5.1 with HMAC intended for use in Kerberos.
Add test vectors from RFC 8009.

Adds error codes PROV_R_INVALID_MAC and PROV_R_MISSING_MAC.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9924)
2019-09-27 23:17:26 +02:00
Pauli
5053a3766a Remove engine param from the settable list
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:41 +10:00
Pauli
38cfb11d47 Make the "engine" parameter to some provider algorithms (KDF/PRF) hidden.
This parameter will disappear once engines are wrapped by a provider so
it shouldn't ever be visible to the public.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:41 +10:00
Shane Lontis
bafde18324 Add rc4 cipher to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9992)
2019-09-25 10:46:39 +10:00
Shane Lontis
e3f3ee448f Add des ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9954)
2019-09-23 14:35:16 +10:00
Richard Levitte
6061cd5413 Remove name string from PROV_CIPHER and PROV_DIGEST
It was short lived, as it's not necessary any more.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9946)
2019-09-20 08:28:47 +02:00
Richard Levitte
d3386f770a Refactor SSKDF to create the MAC contexts early
The SSKDF implementation fetched the digest(s) for the underlying MAC,
just to get their names and pass those down to the MAC, which in turn
would fetch those same digests again.

This change circumvents this by fetching the MAC and create the MAC
contexts for them directly when this PRF receives the relevant
parameters, thus only having to pass EVP_MAC_CTX pointers around.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9946)
2019-09-20 08:28:47 +02:00
Richard Levitte
4e8b8e47c8 Refactor TLS-PRF's kdf_tls1_prf_mkmacctx() to a provider utility
ossl_prov_macctx_load_from_params() creates a EVP_MAC_CTX *, or sets
new common parameters for an existing one.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9946)
2019-09-20 08:28:47 +02:00
Shane Lontis
ca392b2943 Add aes_wrap cipher to providers
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9406)
2019-09-20 12:33:02 +10:00
Shane Lontis
2e9645c8b9 Move gcm decryption tag check higher up in the callstack
Code was updated for s390 that accidently removed the check inside the final method.
Moving the check up before the final method is called is a better way of handling this.
The oneshot method also calls the final method but doesnt need to do this check.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9945)
2019-09-20 12:25:28 +10:00
Richard Levitte
7cfa1717b8 Modify providers that keep track of underlying algorithms
With some provider implementations, there are underlying ciphers,
digests and macs.  For some of them, the name was retrieved from the
method, but since the methods do not store those any more, we add
different mechanics.

For code that needs to pass on the name of a cipher or diges via
parameters, we simply locally store the name that was used when
fetching said cipher or digest.  This will ensure that any underlying
code that needs to fetch that same cipher or digest does so with the
exact same name instead of any random name from the set of names
associated with the algorithm.

For code that needs to check what kind of algorithm was passed, we
provide EVP_{type}_is_a(), that returns true if the given method has
the given name as one of its names.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-19 14:58:17 +02:00
Shane Lontis
f8c0218f09 Fix Solaris compile errors in provider ciphers
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9941)
2019-09-19 21:21:39 +10:00
Shane Lontis
3837c202b5 Add aes_ocb cipher to providers
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9320)
2019-09-19 20:10:25 +10:00
Shane Lontis
105dde2528 Add sm4 ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9935)
2019-09-19 15:38:51 +10:00
Patrick Steuer
a74b2eda2f Fix strict-warnings build
..which was broken for s390 due to 1c3ace68.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9937)
2019-09-18 21:58:10 +02:00
Patrick Steuer
682b6f6747 Fix aes ofb, cfb and cfb8 for s390x
..which was broken since e1178600.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9939)
2019-09-18 20:43:02 +02:00
Shane Lontis
70adc64632 Add SEED ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9932)
2019-09-18 22:13:59 +10:00
Richard Levitte
9a92bf1bff Refactor TLS1-PRF to create the MAC contexts early
The TLS1-PRF implementation fetched the digest(s) for the underlying
MAC, just to get their names and pass those down to the MAC, which in
turn would fetch those same digests again.

This change circumvents this by fetching the MAC (or MACs in the
MD5-SHA1 special case) and create the MAC contexts for them directly
when this PRF receives the relevant parameters, thus only having to
pass EVP_MAC_CTX pointers around.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9930)
2019-09-18 13:15:13 +02:00
Shane Lontis
18b0042731 Add cast5 ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9929)
2019-09-18 18:55:11 +10:00
Shane Lontis
f22431f2cd Add IDEA ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9917)
2019-09-18 15:57:08 +10:00
Shane Lontis
793374c82a Fix Coverity CID:1453685 'unreachable code' in aes_xts code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9902)
2019-09-18 15:20:30 +10:00
Shane Lontis
8c95977fbf Fix Solaris aes_hw_t4 compile issue
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9910)
2019-09-17 13:34:47 +10:00
Shane Lontis
55c7dc7927 Add blowfish ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9887)
2019-09-15 20:06:28 +10:00
Shane Lontis
f407a9a998 Fix aesni_xts compile error
Block copy bug..

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9900)
2019-09-15 19:29:02 +10:00
Shane Lontis
3a9f26f330 Add aes_xts cipher to providers
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9327)
2019-09-14 09:27:49 +10:00
Richard Levitte
0cd1b144f9 util/mkerr.pl: make it not depend on the function code
The output C code was made to use ERR_func_error_string() to see if a
string table was already loaded or not.  Since this function returns
NULL always, this check became useless.

Change it to use ERR_reason_error_string() instead, as there's no
reason to believe we will get rid of reason strings, ever.

To top it off, we rebuild all affected C sources.

Fixes #9756

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9756)
2019-09-12 17:59:52 +02:00
Matt Caswell
252a3665e4 Fix no-engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9863)
2019-09-12 10:14:18 +01:00
Matt Caswell
8d0f8c8181 Fix no-dsa
Also fixes no-dh

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9861)
2019-09-12 10:12:28 +01:00
Shane Lontis
dc64dc2edd Add EVP_CIPHER_CTX_tag_length()
There is no deprecated CTRL support for this new field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9698)
2019-09-11 17:52:30 +10:00
Pauli
f20a59cb1c Coverity 1453634: Resource leaks (RESOURCE_LEAK)
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9805)
2019-09-11 08:27:27 +10:00
Pauli
d111712f6a Coverity 1453633: Error handling issues (CHECKED_RETURN)
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9805)
2019-09-11 08:27:27 +10:00
Pauli
085f1d11a0 Coverity 1453630: Null pointer dereferences (FORWARD_NULL)
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9805)
2019-09-11 08:27:26 +10:00
Matt Caswell
9c45222ddc Revise EVP_PKEY param handling
We add new functions for getting parameters and discovering the gettable
and settable parameters. We also make EVP_PKEY_CTX_get_signature_md() a
function and implement it in terms of the new functions.

This enables applications to discover the set of parameters that are
supported for a given algorithm implementation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9753)
2019-09-09 14:00:00 +01:00
Matt Caswell
390acbebfa Add support for verify/verify_recover functions to EVP_SIGNATURE
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9753)
2019-09-09 14:00:00 +01:00
Matt Caswell
4889dadcb8 Implement DSA in the default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9753)
2019-09-09 14:00:00 +01:00
Pauli
0f0db4dc25 Use common digest getter for TLS1 PRF
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Pauli
7e149b3928 Use common digest getter for single step KDF
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Pauli
e957226a0c Use common digest getter for PBKDF2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Pauli
86f17ed64c Use common digest getter for HKDF
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Pauli
96d7e2733e KMAC using common digest get code
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Pauli
103d8b0be4 HMAC using common digest get code
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Pauli
76497acf52 GMAC using common cipher get code
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Pauli
1dcc7ee6cf CMAC using common cipher get code
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Pauli
2f17cc493c Unify the digest getting code inside providers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
2019-09-07 16:01:53 +10:00
Richard Levitte
b1f1512993 PBKDF2 implementation: refactor to avoid memleak
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Richard Levitte
df2f8af4cb Fix memleaks in KDF implementations
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Pauli
59cba5ac85 KDF error codes reworked
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Pauli
e3405a4a9a Add KDFs to providers
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Pauli
5eb43d382b Move KDFs to the provider.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06 19:27:57 +10:00
Shane Lontis
1c3ace6898 Change provider params from int to size_t
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9699)
2019-09-05 11:23:57 +10:00
Richard Levitte
550f974a09 New function EVP_CIPHER_free()
This function re-implements EVP_CIPHER_meth_free(), but has a name that
isn't encumbered by legacy EVP_CIPHER construction functionality.

We also refactor most of EVP_CIPHER_meth_new() into an internal
evp_cipher_new() that's used when creating fetched methods.

EVP_CIPHER_meth_new() and EVP_CIPHER_meth_free() are rewritten in terms of
evp_cipher_new() and EVP_CIPHER_free().  This means that at any time, we can
deprecate all the EVP_CIPHER_meth_ functions with no harmful consequence.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9758)
2019-09-04 10:38:13 +02:00
Richard Levitte
3fd7026276 New function EVP_MD_free()
This function re-implements EVP_MD_meth_free(), but has a name that
isn't encumbered by legacy EVP_MD construction functionality.

We also refactor most of EVP_MD_meth_new() into an internal
evp_md_new() that's used when creating fetched methods.

EVP_MD_meth_new() and EVP_MD_meth_free() are rewritten in terms of
evp_md_new() and EVP_MD_free().  This means that at any time, we can
deprecate all the EVP_MD_meth_ functions with no harmful consequence.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9758)
2019-09-04 10:38:13 +02:00
Shane Lontis
2f9789f7e7 Fix platform specific issues with provider ciphers
s390_aes naming issues with ofb128 and cfb128
Solaris missing include for camellia.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9702)
2019-09-01 14:06:48 +10:00
Matt Caswell
3be06e0d10 Fix no-engine
Make sure references to ENGINE functions are appropriately guarded.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9720)
2019-08-29 15:21:13 +01:00
Matt Caswell
bad41b689f Fix no-cmac
Don't include files that we don't want to build

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9718)
2019-08-29 12:03:30 +01:00
Richard Levitte
d5f8542913 Coverty fixes for MACs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9700)
2019-08-27 18:55:01 +02:00
Shane Lontis
4a42e26404 Cleanup ciphers and Add 3des ciphers.
Moved the relevant ciphers into default and restructed headers to allow the move.
This removed most of the cases of #ifdef NO_XXX (which are now specified in build.info)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9482)
2019-08-26 17:05:08 +10:00
Shane Lontis
37a830e729 Fix Issue OSS-Fuzz: Branch on uninitialized memory (in ccm code).
This would also happen for aes-ccm. There was one branch path where it just returned 1
without setting *padlen, It now branches so that the value is set to 0.

Fixes #9691

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9692)
2019-08-25 17:10:55 +10:00
Richard Levitte
703170d4b9 Get rid of the diversity of names for MAC parameters
The EVP_PKEY MAC implementations had a diversity of controls that were
really the same thing.  We did reproduce that for the provider based
MACs, but are changing our minds on this.  Instead of that, we now use
one parameter name for passing the name of the underlying ciphers or
digests to a MAC implementation, "cipher" and "digest", and one
parameter name for passing the output size of the MAC, "size".

Then we leave it to the EVP_PKEY->EVP_MAC bridge to translate "md"
to "digest", and "digestsize" to "size".

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9667)
2019-08-24 13:01:15 +02:00
Shane Lontis
e1178600cc Add basic aria and camellia ciphers modes to default provider
The aes code has been refactored into generic and algorithn specific parts,
so that most of the code can be shared.
The cipher related files have been broken up into smaller parts.
Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the
generic code used by aes).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9451)
2019-08-22 11:42:54 +10:00
Shane Lontis
c85d5e0257 cleanup provider digests
Added some missing #ifdef NO_XXX around some of the digest functions.
Renamed core_mkdigest.h to digestcommon.h
Added ERR_raise() to set/get params for digest.
Moved common code for get_params/gettable_params into digest_common.c
Renamed #defines in digestcommon.
Removed null_prov.c (It should not be needed)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9625)
2019-08-20 09:07:12 +10:00
Shane Lontis
3bfe9005e5 Add aes_ccm to provider
Add Cleanups for gcm - based on the changes to ccm.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9280)
2019-08-20 08:54:41 +10:00
Richard Levitte
81ff9eebbc Use macros internally for algorithm names
The macros are defined in include/openssl/core_names.h and follow the
naming standard OSSL_{OPNAME}_NAME_{ALGONAME}, where {OPNAME} is the
name of the operation (such as MAC) and {ALGONAME} is the name of the
algorithm.  Example: OSSL_MAC_NAME_HMAC

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9635)
2019-08-19 08:10:16 +02:00
Shane Lontis
784883fc2c cipher cleanups.
Add test to evp_test_extra for ciphers (that is similiar to the digest_fetch).
Move some of the aes and gcm methods that can be shared with other ciphers into ciphers_common.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9580)
2019-08-19 09:30:59 +10:00
Patrick Steuer
a890ef833d Directly return from final sha3/keccak_final if no bytes are requested
Requesting zero bytes from shake previously led to out-of-bounds write
on some platforms.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9433)
2019-08-18 21:06:03 +02:00
Richard Levitte
92d9d0ae2b Rename ctx_{get,set}_params to {get,set}_ctx_params
Recently, we added dispatched functions to get parameter descriptions,
and those for operation context parameters ended up being called
something_gettable_ctx_params and something_settable_ctx_params.

The corresponding dispatched functions to actually perform parameter
transfers were previously called something_ctx_get_params and
something_ctx_set_params, which doesn't quite match, so we rename them
to something_get_ctx_params and something_set_ctx_params.

An argument in favor of this name change is English, where you'd
rather say something like "set the context parameters".

This only change the libcrypto <-> provider interface.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9612)
2019-08-16 09:04:29 +02:00
Richard Levitte
bb31895d87 Rename the hash implementations KMAC{128,256} to KECCAK_KMAC{128,256}
This avoids getting them confused with the MAC implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
f73eb733ee Adjust some provider reason codes
BLAKE2 MACs came with a set of new reason codes.  Those talking about
lengths are consistently called PROV_R_INVALID_FOO_LENGTH, for any
name FOO.  The cipher messages were briefer.  In the interest of
having more humanly readable messages, we adjust the reasons used by
the ciphers (that's just IV length and key length).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
ae0b6b9203 Move Poly1305 to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
4657693d9e Move SipHash to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
e23cda000e Move KMAC to providers
Instead of using evp_keccak_kmac128() and evp_keccak_kmac256(), we refer
to the hash implementation by name, and fetch it, which should get us the
implementation from providers/common/digests/sha3_prov.c.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
5183ebdcf5 Move HMAC to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
d33313be44 Move GMAC to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
2e5db6ad84 Move CMAC to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
55a0a117e7 Move BLAKE2 MACs to the providers
This also moves the remaining parts of BLAKE2 digests to the default
provider, and removes the legacy EVP implementation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00