Commit Graph

574 Commits

Author SHA1 Message Date
Tomas Mraz 3d1becd42a provider-storemgmt: Document the input-type and properties parameters.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
2021-05-06 11:43:32 +01:00
Pauli f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
2021-05-05 22:11:04 +10:00
Shane Lontis c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq()
already exist.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14997)
2021-04-27 09:45:53 +10:00
Shane Lontis 990aa405db Doc updates for DH/DSA examples
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14936)
2021-04-27 09:36:49 +10:00
Shane Lontis f1ffaaeece Fixes related to separation of DH and DHX types
Fix dh_rfc5114 option in genpkey.

Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444

Updated documentation for app to indicate what options are available for
DH and DHX keys.

DH and DHX now have different keymanager gen_set_params() methods.

Added CHANGES entry to indicate the breaking change.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14883)
2021-04-26 19:52:11 +02:00
Tomas Mraz 6c9bc258d2 Add type_name member to provided methods and use it
Fixes #14701

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14898)
2021-04-26 12:05:05 +02:00
Matt Caswell f5afac4bda Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14986)
2021-04-22 14:38:44 +01:00
Richard Levitte f99659535d ENCODER & DECODER: Allow decoder implementations to specify "carry on"
So far, decoder implementations would return true (1) for a successful
decode all the way, including what the callback it called returned,
and false (0) in all other cases.

This construction didn't allow to stop to decoding process on fatal
errors, nor to choose what to report in the provider code.

This is now changed so that decoders implementations are made to
return false only on errors that should stop the decoding process from
carrying on with other implementations, and return true for all other
cases, even if that didn't result in a constructed object (EVP_PKEY
for example), essentially making it OK to return "empty handed".

The success of the decoding process is now all about successfully
constructing the final object, rather than about the return value of
the decoding chain.  If no construction is attempted, the central
decoding processing code concludes that whatever the input consisted
of, it's not supported by the available decoder implementations.

Fixes #14423

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)
2021-04-21 10:53:03 +02:00
Dr. David von Oheimb 16b8862d80 PKCS12 etc.: Add hints on using -legacy and -provider-path options
Fixes #14790

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14891)
2021-04-19 16:23:46 +02:00
Tomas Mraz 185e1aa226 Add DHX FIPS 186-4 domain parameter validation example
Fixes #14369

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14896)
2021-04-19 09:30:02 +10:00
Pauli e494fac705 Fix naming for EVP_RAND_CTX_gettable functions.
Change:

    EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params
    EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settable_params

Which brings them in line with the other similar functions for other algorithm
types.

Fixes #14880

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14893)
2021-04-17 18:22:13 +10:00
Pauli ed34837807 lifecycle: correct [sg]ettable to [sg]et
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14867)
2021-04-16 17:59:25 +10:00
Shane Lontis a732a4c329 Add EVP_PKEY_todata() and EVP_PKEY_export() functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14800)
2021-04-15 18:42:04 +02:00
Tomas Mraz 85fcc3fb77 Remove keymgmt_copy function from the provider API
It is superceded by the keymgmt_dup.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
2021-04-15 09:19:39 +02:00
Tomas Mraz b4f447c038 Add selection support to the provider keymgmt_dup function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
2021-04-15 09:19:39 +02:00
Tomas Mraz 4a9fe33c8e Implement provider-side keymgmt_dup function
To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.

Use it when copying everything to an empty EVP_PKEY
which is the case with EVP_PKEY_dup().

Fixes #14658

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
2021-04-15 09:19:39 +02:00
Shane Lontis 3fed27181a Add FIPS Self test for AES_ECB decrypt
Fixes #14807

Compliance with IG 9.4 requires that an inverse cipher function be
tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this
requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse
function during decryption mode).

Added a mode to the cipher test so that the AES_GCM only does an encrypt
and AES_ECB only does a decrypt. TDES still does both.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14825)
2021-04-13 13:06:37 +10:00
Pauli d36114d7cd kmac: update the documention for the customisation string maximum length
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14810)
2021-04-12 14:59:09 +10:00
Nan Xiao 4c979cbeeb Fix typos in x509.pod
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14783)
2021-04-09 19:04:21 +10:00
Tomas Mraz bd6e7fb7a7 Small fixes and cleanups of provider API documentation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14756)
2021-04-09 10:32:00 +02:00
Tomas Mraz fdb5315b2d provider-decoder.pod: Documentation of provider side decoder API
Fixes #13949

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14756)
2021-04-09 10:32:00 +02:00
Matt Caswell 3c2bdd7df9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)
2021-04-08 13:04:41 +01:00
Matt Caswell 4adfbe4c92 Update provider.pod
The previous commits moved some content out of provider.pod into other
pages, so that content is now removed. provider.pod is now exclusively
focussed on provider authors.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)
2021-04-08 12:20:22 +01:00
Matt Caswell 7008df2ba5 Add additional glossary entries
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)
2021-04-08 12:20:21 +01:00
Matt Caswell 0666d5318e Expand the libcrypto documentation
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)
2021-04-08 12:20:21 +01:00
Tomas Mraz 78043fe898 Add "save-parameters" encoder parameter
The parameter makes the dsa key encoder to skip saving the DSA
key parameters similarly to what the legacy dsa key encoder did.

Fixes #14362

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14746)
2021-04-01 14:43:11 +02:00
Nan Xiao 1ee1a169c3 Fix typos in bio.pod
CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14706)
2021-03-30 19:01:52 +02:00
Pauli 4551763efc doc: life-cycle descritpion for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
2021-03-26 18:21:37 +10:00
Pauli 10b63e9756 doc: note that MAC lifecycle transitions will be enforced at some point
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
2021-03-26 18:21:37 +10:00
Pauli b0b63654e9 doc: life-cycle descritpion for RANDs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
2021-03-26 18:21:37 +10:00
Pauli 632bc4dff3 doc: note that RAND lifecycle transitions will be enforced at some point
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
2021-03-26 18:21:36 +10:00
Pauli 77d12ae049 doc: life-cycle description for KDFs/PRFs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
2021-03-26 18:21:36 +10:00
Pauli 2e1a40d037 doc: note that KDF/PRF transitions will be enforced at some future point
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14522)
2021-03-26 18:21:36 +10:00
Tomas Mraz 9a48544058 Make EVP_PKEY_missing_parameters work properly on provided RSA keys
This requires changing semantics of the keymgmt_has()
function a little in the sense that it now returns 1
if the selection has no meaning for the key type. It
was already doing so for ECX keys for example.

The keymgmt_validate function semantics is changed
similarly to allow passing validation on the same
selection that the key returns 1 for.

Fixes #14509

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14511)
2021-03-17 14:57:47 +01:00
Arthur Gautier 4139a0c6ec EVP_KDF-KB man page: fixup ABI/API change
fixup 7c75f2daf8
      https://github.com/openssl/openssl/pull/14310

Previous commit changes the api, one code sample was left with previous
API.

CLA: trivial
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14551)
2021-03-17 12:32:39 +10:00
Pauli 8f391c7d1b doc: remove TODOs about redesigning the AEAD API
The changes would be significant and the benefits not likely to be too great.

Fixes #14368

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14565)
2021-03-17 10:33:45 +10:00
Shane Lontis 3a37ddde91 Fix DSA EVP_PKEY_param_check() when defaults are used for param generation.
Fixes #14480

An internal flag that is set during param gen was not being tested, so
the wrong type was used to select the dsa domain param validation method.

In the default provider - if no gen_type is set then by default the fips186_4 gentype
will be selected when pbits >=2048 otherwise it selects fips186_2.
The fips provider ignores the gen_type and always uses fips186_4.

Before this change dsa used fips186_2 by default in the default
provider.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14508)
2021-03-15 09:01:51 +10:00
Pauli f59612fed8 doc: note that get_params and set_params calls should return true if the param array is null
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
2021-03-12 08:27:21 +10:00
Pauli f187d4f9f8 doc: document the additional params argument to the various init() calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
2021-03-12 08:27:21 +10:00
Pauli c4c422e0cc doc: add params argument to key manager's gen_init call
Fixes #14286

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
2021-03-12 08:27:11 +10:00
Matt Caswell 8020d79b40 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
2021-03-11 13:27:36 +00:00
Pauli 925b5360f7 core: add up_ref callback for OSSL_CORE_BIO
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14419)
2021-03-11 09:25:57 +10:00
Shane Lontis a30823c80f Add new filter BIO BIO_f_readbuffer()
This allows BIO_tell() and BIO_seek() to work for BIO's that do
not support these methods. The main use case for this is file/fd BIO's
that use stdin.

This works for stdin taken from input redirection (command < file),
and stdin via pipe (cat file | command).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
2021-03-11 07:57:31 +10:00
Arthur Gautier c99248ea81 EVP_KDF-KB man page: Fix typo in the example code
CLA: trivial
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14455)
2021-03-09 22:12:17 +10:00
Shane Lontis 3e6a0d5738 Reword repeated words.
A trivial PR to remove some commonly repeated words. It looks like this is
not the first PR to do this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14420)
2021-03-09 16:25:45 +10:00
Matt Caswell cc57dc9625 Document the change in behaviour of the the low level key getters/setters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
2021-03-08 15:11:31 +00:00
Richard Levitte 8593ff00cc DOCS: Fix provider-mac.pod and the docs of our implementations
The idea being that doc/man7/provider-mac.pod is for provider authors,
while provider users find the documentation for each implementation in
doc/man7/EVP_MAC-*.pod, the documentation of parameters wasn't quite
aligned.  This change re-arranges the parameter documentation to be
more aligned with this idea.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14380)
2021-03-03 14:08:00 +01:00
Tomas Mraz fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context
This allows making the signature operations return different
settable params when the context is initialized with
EVP_DigestSign/VerifyInit.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14338)
2021-03-03 11:25:39 +01:00
Tomas Mraz 8d05a65256 Resolve TODOs in signature implementations.
The DER writing errors can be ignored safely.

Document that the EVP_MAX_MD_SIZE is a hardcoded limit
for digest sizes.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
2021-03-03 10:00:21 +10:00
Rich Salz b0aae91324 Remove RSA SSLv23 padding mode
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14248)
2021-03-01 10:56:12 +01:00
Pauli f8a5822cff doc: update documenation with params argument on DRBG instantiate calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli 6980e36a2a doc: document additional argument to KDF derive calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli a9603292fb core: add param argument to KDF derive call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli ae7d90a159 siphash: Add the C and D round parameters for SipHash.
This represents a gap in functionality from the low level APIs.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:48 +10:00
Pauli fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Pauli 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Pauli 530cacb56f doc: changes to match the updated context gettable/settable calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Pauli 90fec26dc6 doc: note changes to rand gettable/settable provider call
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Pauli d618ac6fd7 doc: note changes to digest gettable/settable provider calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:08:41 +10:00
Richard Levitte a8eb71ad57 Allow the sshkdf type to be passed as a single character
This partially reverts commit 270a5ce1d9.

This also slightly modifies the way diverse parameters in are
specified in providers/fips/self_test_data.inc for better consistency.

Fixes #14027

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)
2021-02-24 19:50:10 +01:00
Pauli b0001d0cf2 provider: add an unquery function to allow providers to clean up.
Without this, a provider  has no way to know that an application
has finished with the array it returned earlier.  A non-caching provider
requires this information.

Fixes #12974

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12974)
2021-02-24 21:24:36 +10:00
Tomas Mraz 76e48c9d66 Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
The functions are not needed and require returning octet ptr parameters
from providers that would like to support them which complicates provider
implementations.

Fixes #12985

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14279)
2021-02-24 10:44:15 +01:00
Pauli ac60c84fc4 RAND_METHOD deprecation: documentation
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)
2021-02-23 23:24:13 +10:00
Richard Levitte 247a1786e2 OSSL_PARAM: Correct the assumptions on the UTF8 string length
When the string "ABCDEFGH" is passed, what's considered its data, this?

    { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H' }

or this?

    { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', '\0' }

If it's passed as a pass phrase, should the terminating NUL byte be
considered part of the pass phrase, or not?

Our treatment of OSSL_PARAMs with the data type OSSL_PARAM_UTF8_STRING
set the length of the string to include the terminating NUL byte,
which is quite confusing.  What should the recipient of such a string
believe?

Instead of perpetuating this confusion, we change the assumption to
set the OSSL_PARAM to the length of the string, not including the
terminating NUL byte, thereby giving it the same value as a strlen()
call would give.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14168)
2021-02-18 16:58:17 +01:00
Matt Caswell a28d06f3e9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
2021-02-18 15:05:17 +00:00
Pauli 68883d9db8 doc: document the two new RAND functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Matt Caswell 899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.

Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
2021-02-15 14:17:36 +10:00
Shane Lontis af53092c2b Replace provider digest flags with separate param fields
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
2021-02-10 12:31:31 +10:00
Shane Lontis a054d15c22 Replace provider cipher flags with separate param fields
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
2021-02-10 12:31:31 +10:00
Shane Lontis 36978c19a9 Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields.
Fixes #12992

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
2021-02-10 12:31:31 +10:00
Shane Lontis 8a686bdb3a Change the ASN1 variant of x942kdf so that it can test acvp data.
This 'special' way of specifying the data should only be used for testing
purposes. It should not be used in production environments.
ACVP passes a blob of DER encoded data for some of the fields rather
than passing them as separate fields that need to be DER encoded.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14077)
2021-02-10 10:28:32 +10:00
Tomas Mraz 26372a4d44 provider-signature.pod: Fix formatting.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13988)
2021-02-05 14:04:59 +01:00
Juergen Christ 270a5ce1d9 Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters.  This caused endianness problems on big-endian machines.  As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer.  While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86).  Change the
parameter to char array and fix the usages.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
2021-01-28 16:05:50 +01:00
Richard Levitte 4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Richard Levitte ba0a6d1deb Clean away unnecessary length related OSSL_PARAM key names
This cleans away old misunderstandings of what can be done with OSSL_PARAM.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13946)
2021-01-26 15:51:50 +01:00
Shane Lontis 5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Tomas Mraz 0d83b7b903 Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity
To clarify the purpose of these two calls rename them to
EVP_CIPHER_CTX_get_original_iv and EVP_CIPHER_CTX_get_updated_iv.

Also rename the OSSL_CIPHER_PARAM_IV_STATE to OSSL_CIPHER_PARAM_UPDATED_IV
to better align with the function name.

Fixes #13411

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13870)
2021-01-18 14:27:44 +01:00
Rich Salz e604b7c915 Document openssl thread-safety
Also discuss reference-counting, mutability and safety.

Thanks to David Benjamin for pointing to comment text he added
to boringSSL's header files.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13788)
2021-01-15 10:51:51 +01:00
Michael Baentsch 3bc061eb0a Enhance default provider documentation
Bring Wiki and man page documentation in line regarding default provider
fall-back behaviour.

Fixes #13844

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13859)
2021-01-14 17:33:47 +00:00
Matt Caswell 886ad0045b Document the core_thread_start upcall
The core_thread_start upcall previously had a placeholder in the docs.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
2021-01-14 17:30:46 +00:00
Dr. David von Oheimb 1579594383 APPS: Allow OPENSSL_CONF to be empty, not loading a config file
Also document the function CONF_get1_default_config_file()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
2021-01-13 11:53:15 +01:00
Sahana Prasad e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free()
instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code.

Signed-off-by: Sahana Prasad <sahana@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13814)
2021-01-09 18:22:49 +01:00
Matt Caswell bd0c71298a Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13800)
2021-01-07 13:38:50 +00:00
Etienne Millon b2d1465153 EVP_SIGNATURE-ED25519.pod: fix typo in algo name
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13768)
2021-01-05 16:44:09 +01:00
Richard Levitte 19ad83f6c8 DOCS: Update OSSL_DECODER_CTX_new_by_EVP_PKEY.pod to match declarations
Fixes #13441

We're also starting on a glossary, doc/man7/openssl-glossary.pod,
where terms we use should be explained.  There's no need to explain
terms as essays, but at least a few quick lines, and possibly a
reference to some external documentation.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13581)
2020-12-11 18:49:42 +01:00
Matt Caswell 05fa5fde10 Fix some typos in EVP_PKEY-DH.pod
A missing newline messes up how the code sample is rendered. Also a few
miscellaneous typos are fixed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13643)
2020-12-11 11:10:56 +00:00
Shane Lontis acd3e548bc Add fips self tests for all included kdf
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13480)
2020-12-11 10:59:32 +10:00
Pauli 81aef6ba72 rand: add a provider side seed source.
This allows the operating system sources that OpenSSL supports to be
used directly as RNGs.  It also allows DRBG seeding to be explicitly
specified rather than being left to a fall back case.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13455)
2020-12-09 12:20:32 +10:00
Shane Lontis 89cccbea51 Add EVP_KDF-X942 to the fips module
The X942 KDF had been modified so that it supports all optional fields - not
just the fields used by CMS.

As there are 2 types of KDF for X942 - this has been made a bit clearer
by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an
alias of X963KDF.

This work was instigated as a result of the ACVP tests optionally being
able to use keybits for the supp_pubinfo field.
Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this
to be disabled.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13418)
2020-12-02 12:15:05 +10:00
Pauli 71febb3992 doc: Documentation changes for moving the entropy source out of the fips provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13226)
2020-11-20 08:24:21 +10:00
Shane Lontis 317b7c57e4 Fixup EVP-MAC-KMAC documentation
Fixes #13232

Added example that shows setup of XOF.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13385)
2020-11-16 16:56:11 +10:00
Pauli 3084b9d316 Document the provider KDF API.
Fixes #11351

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13376)
2020-11-16 08:07:42 +10:00
Richard Levitte cd861ab73d ENCODER: Add support for OSSL_FUNC_encoder_does_selection()
OSSL_FUNC_encoder_does_selection() is a dispatchable encoder implementation
function that should return 1 if the given |selection| is supported by an
encoder implementation and 0 if not.  This can be used by libcrypto
functionality to figure out if an encoder implementation should be
considered or not.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte 8a98a507fb ENCODER: Add support for specifying the outermost output structure
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Richard Levitte 45da4a0fc5 CORE: Add support for specifying the outermost object structure
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)
2020-11-11 12:43:27 +01:00
Shane Lontis 4757a34751 Add support for making all of KBKDF FixedInput fields optional.
Added settable integer parameters OSSL_KDF_PARAM_KBKDF_USE_L, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR.
This is required for CAVS tests that only use a combined blob of
inputdata. A test showing this use case has been added.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13258)
2020-11-11 12:15:18 +10:00
Nicola Tuveri d1fb6b481b Constify OSSL_FUNC_keymgmt_validate()
The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13201)
2020-10-23 17:54:40 +03:00
Shane Lontis 1ba21239dd Rename EVP_KDF_size() to EVP_KDF_CTX_get_kdf_size().
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116)
2020-10-22 20:47:02 +10:00
Shane Lontis 90a2576b9b Rename EVP_MAC_size() to EVP_MAC_CTX_get_mac_size().
Fixes #11320

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116)
2020-10-22 20:47:02 +10:00
Nicola Tuveri 3d914185b7 Constify OSSL_FUNC_keymgmt_has()
The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13200)
2020-10-22 12:27:39 +10:00
Matt Caswell 5ac8fb584a Rename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key
We do the same thing for the "get1" version. In reality this has broader
use than just TLS (it can also be used in CMS), and "encodedpoint" only
makes sense when you are talking about EC based algorithms.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13105)
2020-10-20 16:39:41 +01:00
Matt Caswell eec0ad10b9 Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13144)
2020-10-15 14:10:06 +01:00
Dr. Matthias St. Pierre a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term libctx was used by far most often.)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 12:00:21 +01:00
Dr. Matthias St. Pierre b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 11:59:53 +01:00
Nicola Tuveri c1a74f59ac Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
Note that with this commit the optional parameter is introduced, but
libssl still ignores it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
2020-10-14 18:42:59 +03:00
Richard Levitte 8ebd88950d Document how deprecation should be done
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
2020-10-12 08:29:31 +02:00
Pauli 69340cafb4 doc: remove duplicated code in example
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13048)
2020-10-06 09:01:34 +10:00
Shane Lontis fa9e541d49 Remove openssl provider app
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12943)
2020-09-26 07:13:22 +10:00
Matt Caswell a48309cb5c Document the provider side SM2 Asymmetric Cipher support
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12913)
2020-09-25 11:13:54 +01:00
Dr. Matthias St. Pierre b0614f0ae3 drbg: revert renamings of the generate and reseed counter
The original names were more intuitive: the generate_counter counts the
number of generate requests, and the reseed_counter counts the number
of reseedings (of the principal DRBG).

    reseed_gen_counter  -> generate_counter
    reseed_prop_counter -> reseed_counter

This is the anologue to commit 8380f453ec on the 1.1.1 stable branch.
The only difference is that the second renaming has already been reverted
on the master branch.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12941)
2020-09-23 23:15:46 +02:00
Shane Lontis 26496f5a5c Fix EVP_KDF_scrypt so that is uses a propq for its fetch.
The parameter can be set via settable parameter OSSL_KDF_PARAM_PROPERTIES

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
2020-09-23 17:31:40 +10:00
Richard Levitte 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface
This is part of an effort to make OSSL_ENCODER work more like OSSL_DECODER.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
2020-09-20 17:29:31 +02:00
Shane Lontis 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers
SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover.
As these are simple KEM operations another operation type has been added that can support future extensions.

Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate()
Added EVP_KEM_* functions.
Added OSSL_FUNC_kem_* dispatch functions

Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to
"RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value.
This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations.

The design of the public API's resulted from contributions from @romen & @levitte.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12750)
2020-09-19 18:08:46 +10:00
Matt Caswell 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)
2020-09-18 15:26:28 +01:00
Shane Lontis 7f9e744036 Add selftest callback to CRNG output test
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12795)
2020-09-18 06:20:33 +10:00
Shane Lontis 4343a4187d Add self tests for rsa encryption
SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption
using the RSA primitive (i.e. no padding). This is specified in FIPS140-2 IG D.9

A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt()
are now in the fips module.

Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops().

Added corruption test

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12835)
2020-09-16 14:10:23 +10:00
Matt Caswell 820d87bc98 Update the EVP_PKEY MAC documentation
Include more information about the new HMAC parameter. Also fill in some
missing documentation about the EVP_PKEY MAC bridge.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
Matt Caswell 52ae0f8fc2 Add some documentation about the EVP_PKEY MAC interface
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
2020-08-29 17:40:11 +10:00
Richard Levitte 8704b6bf32 STORE for providers: define libcrypto <-> provider interface
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
2020-08-24 10:02:25 +02:00
Richard Levitte 14c8a3d118 CORE: Define provider-native abstract objects
This is placed as CORE because the core of libcrypto is the authority
for what is possible to do and what's required to make these abstract
objects work.

In essence, an abstract object is an OSSL_PARAM array with well
defined parameter keys and values:

-   an object type, which is a number indicating what kind of
    libcrypto structure the object in question can be used with.  The
    currently possible numbers are defined in <openssl/core_object.h>.
-   an object data type, which is a string that indicates more closely
    what the contents of the object are.
-   the object data, an octet string.  The exact encoding used depends
    on the context in which it's used.  For example, the decoder
    sub-system accepts any encoding, as long as there is a decoder
    implementation that takes that as input.  If central code is to
    handle the data directly, DER encoding is assumed. (*)
-   an object reference, also an octet string.  This octet string is
    not the object contents, just a mere reference to a provider-native
    object. (**)
-   an object description, which is a human readable text string that
    can be displayed if some software desires to do so.

The intent is that certain provider-native operations (called X
here) are able to return any sort of object that belong with other
operations, or an object that has no provider support otherwise.

(*) A future extension might be to be able to specify encoding.

(**) The possible mechanisms for dealing with object references are:

-   An object loading function in the target operation.  The exact
    target operation is determined by the object type (for example,
    OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT)
    and the implementation to be fetched by its object data type (for
    an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched).
    This loading function is only useful for this if the implementations
    that are involved (X and KEYMGMT, for example) are from the same
    provider.

-   An object exporter function in the operation X implementation.
    That exporter function can be used to export the object data in
    OSSL_PARAM form that can be imported by a target operation's
    import function.  This can be used when it's not possible to fetch
    the target operation implementation from the same provider.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
2020-08-24 10:02:25 +02:00
Shane Lontis c0f39ded68 Add Explicit EC parameter support to providers.
This was added for backward compatability.
Added EC_GROUP_new_from_params() that supports explicit curve parameters.

This fixes the 15-test_genec.t TODO.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12604)
2020-08-22 14:55:41 +10:00
Richard Levitte ece9304c96 Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE
Fixes #12455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-21 09:23:58 +02:00
Dr. David von Oheimb 09c2e26e64 Re-word null->empty property; improve iteration.count example in property.pod
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
2020-08-21 09:04:09 +02:00
Pauli b7466c1303 Move PKCS#12 KDF to provider.
This KDF is defined in RFC7292 in appendix B.  It is widely used in PKCS#12
and should be provided.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12624)
2020-08-14 18:15:12 +10:00
Benjamin Kaduk 8489026850 Support cipher provider "iv state"
Some modes (e.g., CBC and OFB) update the effective IV with each
block-cipher invocation, making the "IV" stored in the (historically)
EVP_CIPHER_CTX or (current) PROV_CIPHER_CTX distinct from the initial
IV passed in at cipher initialization time.  The latter is stored in
the "oiv" (original IV) field, and has historically been accessible
via the EVP_CIPHER_CTX_original_iv() API.  The "effective IV" has
also historically been accessible, via both EVP_CIPHER_CTX_iv()
and EVP_CIPHER_CTX_iv_noconst(), the latter of which allows for
*write* access to the internal cipher state.  This is particularly
problematic given that provider-internal cipher state need not, in
general, even be accessible from the same address space as libcrypto,
so these APIs are not sustainable in the long term.  However, it still
remains necessary to provide access to the contents of the "IV state"
(e.g., when serializing cipher state for in-kernel TLS); a subsequent
reinitialization of a cipher context using the "IV state" as the
input IV will be able to resume processing of data in a compatible
manner.

This problem was introduced in commit
089cb623be, which effectively caused
all IV queries to return the "original IV", removing access to the
current IV state of the cipher.

These functions for accessing the (even the "original") IV had remained
undocumented for quite some time, presumably due to unease about
exposing the internals of the cipher state in such a manner.

Note that this also as a side effect "fixes" some "bugs" where things
had been referring to the 'iv' field that should have been using the
'oiv' field.  It also fixes the EVP_CTRL_GET_IV cipher control,
which was clearly intended to expose the non-original IV, for
use exporting the cipher state into the kernel for kTLS.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-08-11 07:07:37 -07:00
Shane Lontis 04cb5ec0b7 Add 'on demand self test' and status test to providers
The default and legacy providers currently return 1 for status and self test checks.
Added test to show the 3 different stages the self test can be run (for installation, loading and on demand).

For the fips provider:
  - If the on demand self test fails, then any subsequent fetches should also fail. To implement this the
    cached algorithms are flushed on failure.
  - getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core
    libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at
    any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11752)
2020-08-09 18:06:52 +10:00
Pauli 7d615e2178 rand_drbg: remove RAND_DRBG.
The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG
type changing mechanism (RAND_DRBG_set()).

Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.

Other related changes:

Use RNG instead of DRBG in EVP_RAND documentation.  The documentation was
using DRBG in places where it should have been RNG or CSRNG.

Move the RAND_DRBG(7) documentation to EVP_RAND(7).

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12509)
2020-08-07 14:16:47 +10:00
Pauli 992492f5e8 gettables: documentation changes to pass the provider context.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12581)
2020-08-07 08:02:14 +10:00
Pauli dfc0857d81 serialisation: Add a built-in base provider.
Move the libcrypto serialisation functionality into a place where it can
be provided at some point. The serialisation still remains native in the
default provider.

Add additional code to the list command to display what kind of serialisation
each entry is capable of.

Having the FIPS provider auto load the base provider is a future
(but necessary) enhancement.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12104)
2020-07-30 20:15:22 +10:00
Richard Levitte 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load()
This function is used to create a keydata for a key that libcrypto
only has a reference to.

This introduces provider references, the contents which only the
provider know how to interpret.  Outside of the provider, this is just
an array of bytes.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12410)
2020-07-24 16:32:00 +02:00
Shane Lontis 6725682d77 Add X509 related libctx changes.
- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)
2020-07-24 22:53:27 +10:00
Richard Levitte e39e295e20 Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12463)
2020-07-16 14:47:04 +02:00
Matt Caswell 660c534435 Revert "kdf: make function naming consistent."
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.

This reverts commit 765d04c946.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12186)
2020-07-16 14:21:07 +02:00
Matt Caswell 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*"
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.

This reverts commit d9c2fd51e2.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12186)
2020-07-16 14:21:07 +02:00
Shane Lontis 7cc355c2e4 Add AES_CBC_CTS ciphers to providers
Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS.
CS1, CS2 and CS3 variants are supported.
Only single shot updates are supported.
The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This
would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that
tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly.
The cipher returns the flag EVP_CIPH_FLAG_CTS.
EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12094)
2020-07-15 23:11:50 +02:00
Gustaf Neumann 8c1cbc7210 Fix typos and repeated words
CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)
2020-07-05 01:49:20 +02:00
Matt Caswell fbd2ece171 Update copyright year
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12273)
2020-06-25 14:13:12 +01:00
Dr. Matthias St. Pierre 363b1e5dae Make the naming scheme for dispatched functions more consistent
The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core and providers.

This change includes in particular all up- and downcalls, i.e., the
dispatched functions passed from core to provider and vice versa.

- OSSL_core_  -> OSSL_FUNC_core_
- OSSL_provider_ -> OSSL_FUNC_core_

For operations and their function dispatch tables, the following convention
is used:

  Type                 | Name (evp_generic_fetch(3))       |
  ---------------------|-----------------------------------|
  operation            | OSSL_OP_FOO                       |
  function id          | OSSL_FUNC_FOO_FUNCTION_NAME       |
  function "name"      | OSSL_FUNC_foo_function_name       |
  function typedef     | OSSL_FUNC_foo_function_name_fn    |
  function ptr getter  | OSSL_FUNC_foo_function_name       |

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)
2020-06-24 22:01:22 +02:00
Dr. Matthias St. Pierre 23c48d94d4 Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)
2020-06-24 22:01:22 +02:00
Pauli dc4e74ef6c evp_rand: documentation
EVP_RAND, the RNGs and provider-rand.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
2020-06-24 20:07:46 +10:00
Matt Caswell 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
2020-06-19 10:19:31 +01:00
Matt Caswell 3c49e4ff51 Add documentation about Capabilities
Document the OSSL_PROVIDER_get_capabilities() function as well as the
provider side support for capabilities.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
2020-06-19 10:19:31 +01:00
Matt Caswell 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too
The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work for
DH.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
2020-06-19 10:19:31 +01:00
Matt Caswell 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic
We rename these function to EVP_PKEY_CTX_get_group_name and
EVP_PKEY_CTX_set_group_name so that they can be used for other algorithms
other than EC.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
2020-06-19 10:19:31 +01:00
Benny Baumann edeaa96ae6 Add missing section on asymmetric ciphers
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12170)
2020-06-19 09:06:14 +01:00
Shane Lontis 4f2271d58a Add ACVP fips module tests
For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.

This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).

The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.

The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.

The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)
2020-06-17 11:33:16 +10:00
Nicola Tuveri 2edb571b4b Fix nits detected by make cmd-nits
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12127)
2020-06-14 02:15:51 +03:00
Pauli d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.

Before 3.0 is released, the names are mutable and this prevents more
inconsistencies being introduced.

There are no functional or code changes.
Just the renaming and a little reformatting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11997)
2020-06-11 11:16:37 +10:00
Pauli 765d04c946 kdf: make function naming consistent.
The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11996)
2020-06-11 11:14:21 +10:00
Shane Lontis 8bf37709a4 Update RSA keygen to use sp800-56b by default
Fixes #11742
Fixes #11764

The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048.
Insecure key lengths and mutltiprime RSA will use the old method.

Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11765)
2020-06-10 08:59:56 +10:00
Matt Caswell 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys
EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present
which isn't the case for provided keys. Support has been added to dh,
ec and ecx keys.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)
2020-06-05 11:04:11 +01:00
Matt Caswell 00c405b365 Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)
2020-06-04 14:33:57 +01:00
Rich Salz 2b584ff372 Update manpage to fix examples, other minor tweaks
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)
2020-06-03 09:57:02 +02:00
Rich Salz 4e6e57cfcd Cleanup cert config files for tests
Merge test/P[12]ss.cnf into one config file
Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf
Remove Netscape cert extensions, add keyUsage comment from some cnf files

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)
2020-06-03 09:56:56 +02:00
Richard Levitte f438f53a4e DOCS: add openssl-core_names.h(7)
A CAVEATS section is present in this manual.  That section name is
borrowed from OpenBSD, where mdoc(7) explains it like this:

    CAVEATS
    Common misuses and misunderstandings should be explained in this
    section.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11963)
2020-05-29 08:26:10 +02:00
Richard Levitte 329b2a2cde DOCS: add openssl-core_numbers.h(7)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11963)
2020-05-29 08:26:10 +02:00
Rich Salz e847085914 Clean up some doc nits
Mostly "No items in =over/=back list"

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11902)
2020-05-27 00:35:00 +02:00
Shane Lontis b808665265 Update core_names.h fields and document most fields.
Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related to RSA keys.
Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file.
Updated Keyexchange and signature code and docs.
Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod.
Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it.

Added some usage examples. As a result of the usage examples the following change was also made:
ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 13:53:07 +10:00
Matt Caswell 06a2027bd5 Update documentation following changes of various types
The previous commit changed the types of various objects passed between
the core and providers. Therefore the documentation needs to be updated
to reflect that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11758)
2020-05-16 17:10:03 +01:00
Matt Caswell 454afd9866 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)
2020-05-15 14:09:49 +01:00
Pauli 8c30dfee3e doc: remove deprecation notes for apps that are staying.
The apps that are staying are: dhparam, dsa, dsaparam, ec, ecparam, gendsa and
rsa.

The rsautl app remains deprecated.

The -dsaparam option to dhparam also remains deprecated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11575)
2020-05-09 09:44:20 +10:00
Shane Lontis 5e77b79a8c Remove gen_get_params & gen_gettable_params from keygen operation
EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation.
After adding it it was noticed that it is probably not required for this type, so instead
the gen_get_params and gen_gettable_params have been remnoved from the provider interface.
gen_get_params was only implemented for ec to get the curve name. This seems redundant
since normally you would set parameters into the keygen_init() and then generate a key.
Normally you would expect to extract data from the key - not the object that we just set up
to do the keygen.

Added a simple settable and gettable test into a test that does keygen.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11683)
2020-05-07 15:31:05 +10:00
Shourya Shukla a6ed19dc9a Amend references to "OpenSSL license"
A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend the occurences.

Fixes #11649

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11663)
2020-04-29 15:27:22 +02:00
Sebastian Andrzej Siewior af0d413654 doc: Random spellchecking
A little spell checking.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11644)
2020-04-28 09:06:04 +10:00
Matt Caswell 33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Richard Levitte 1a7328c882 PROV: Ensure that ED25519 & ED448 keys have a mandatory digest
This adds handling of the parameter "mandatory-digest" and responds
with an empty string, meaning that no digest may be used.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11576)
2020-04-23 10:44:37 +01:00
Shane Lontis 9e537cd2ad DOC: Extend EVP_PKEY-DSA(7) / EVP_PKEY_DH(7) with FFC information
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11546)
2020-04-20 08:56:05 +10:00
Richard Levitte 33df1cfdd5 DOC: Refactor provider-keymgmt(7) to give the keytypes their own pages
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11546)
2020-04-20 08:56:05 +10:00
Pauli 4350a6bd42 doc: note that the FIPS provider contains some non-approved algorithms.
Also note how to select them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11371)
2020-04-17 19:51:37 +10:00
Shane Lontis b03ec3b5d6 Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
2020-04-15 21:02:52 +10:00
Richard Levitte 2b9add6965 KEYMGMT: Add functions to get param/key generation parameters
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11328)
2020-04-15 11:03:59 +02:00
Pauli 7b4344ac3e Add a null provider which implements no algorithms.
By loading the null provider into the default context, it is possible
to verify that it is not accidentally being used.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11488)
2020-04-09 17:12:35 +10:00
Shane Lontis ec4d1b8f8c Add data driven SELF TEST code for signatures and key agreement
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11036)
2020-04-03 16:50:36 +10:00
Shane Lontis 96ebe52e89 Add EVP_PKEY_gettable_params support for accessing EVP_PKEY key data fields
Currently only RSA, EC and ECX are supported (DH and DSA need to be added to the keygen
PR's seperately because the fields supported have changed significantly).

The API's require the keys to be provider based.

Made the keymanagement export and get_params functions share the same code by supplying
support functions that work for both a OSSL_PARAM_BLD as well as a OSSL_PARAM[].
This approach means that complex code is not required to build an
empty OSSL_PARAM[] with the correct sized fields before then doing a second
pass to populate the array.

The RSA factor arrays have been changed to use unique key names to simplify the interface
needed by the user.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11365)
2020-04-01 15:51:18 +10:00
Shane Lontis edd3b7a309 Add ECDSA to providers
Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10968)
2020-03-15 21:34:29 +10:00
Jakub Jelen c08dea30d4 doc: Update the reference from draft to RFC
CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11299)
2020-03-13 09:57:24 +01:00
Richard Levitte 1a5632e0dc CORE: Add the key object generator libcrypto<->provider interface
We introduce these dispatched functions:

-   OP_keymgmt_gen_init() to initialize the key object generation.
-   OP_keymgmt_gen_set_template() to set a template for key object
    generation.  The template is another key object, for example one
    with domain parameters.
-   OP_keymgmt_gen_set_params() to set other key object generation
    parameters.
-   OP_keymgmt_gen_settable_params() to find out what settable
    parameters there are.
-   OP_keymgmt_gen() to perform the key object generation.
-   OP_keymgmt_gen_cleanup() to clean up the key object generation.

Internal function for easy and consistent use of these ddispatched
functions are added.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)
2020-03-12 10:43:58 +01:00
Richard Levitte 1e55cbc874 DOCS: Move implementation specific docs away from provider-digest(7)
The provider- manuals are meant to describe the general interface for
their respective operation.  This is not the place to describe
implementation specific details.

This change creates a number of doc/man7/EVP_MD manuals, one for each
algorithm or set of algorithms, as well as doc/man7/EVP_MD-common.pod
to describe what's common to them all.

While we're at it, correct the SHA3 settable context params array to
match what's actually settable.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11270)
2020-03-10 13:32:06 +01:00
Richard Levitte c5926e930c DOCS: Start restructuring our provider and implementation documentation
This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod,
and fills in currently implemented operations and algorithms in them, as
well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to
come.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11270)
2020-03-10 13:31:06 +01:00
Richard Levitte b4dc705a73 DOCS: Fix documentation on asymmetric keydata types
Some type specs didn't correspond to actual use.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11275)
2020-03-09 10:49:29 +01:00
Matt Caswell d62be1580b Document the new DigestSign provider functions
As well as the newly added "one shot" functions, we also document a number
of the other other digestsign functions which were missing documentation in
provider-signature.pod.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
2020-03-09 07:59:15 +00:00
Rich Salz a8055c70fa Add some missing env var documentation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11189)
2020-03-04 11:41:50 +01:00
Shane Lontis f552d90045 Add Serializers for EC
Provide EC serializers for text, pem and der.

EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by
other KEY types (which normally have a SEQUENCE at the top level).
For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the
code can still be shared with EC.

The EC serializer only supports named curves currently.

NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be
added in another PR. (Probably when deserialization is considered).

EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was
that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non
optional. As this is not the case for any other key the code has been modified.

Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11107)
2020-03-04 07:48:45 +10:00
Shane Lontis 47c239c6b8 Add pairwise consistency self tests to asym keygenerators
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10952)
2020-03-03 14:02:36 +10:00
Richard Levitte 13697f1c62 KEYMGMT: Add a keydata copy function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
2020-03-02 03:27:03 +01:00
Richard Levitte bee5d6cd3f KEYMGMT: Add a keydata matching function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
2020-03-02 03:27:03 +01:00
Matt Caswell 8efc4a9c65 Implement the ECX Serializers
Provide serializers for X25519 and X448 for text, pem and der. There are
no parameter serializers because there are no parameters for these
algorithms.

Add some documentation about the various import/export types available
Add additional testing for the serializers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11095)
2020-02-28 08:08:59 +10:00
Matt Caswell 745fc918e7 Introduce the provider property
Replace the properties default, fips and legacy with a single property
called "provider". So, for example, instead of writing "default=yes" to
get algorithms from the default provider you would instead write
"provider=default". We also have a new "fips" property to indicate that
an algorithm is compatible with FIPS mode. This applies to all the
algorithms in the FIPS provider, as well as any non-cryptographic
algorithms (currently only serializers).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11097)
2020-02-21 20:17:02 +00:00
Nicola Tuveri ce82b892e8 [PROV][EC] Update documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
2020-02-18 19:11:10 +02:00
Richard Levitte b305452f69 Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:

1.  provider side domain parameters and key data isn't mutable. In
    other words, as soon as a key has been created in any (loaded,
    imported data, ...), it's set in stone.
2.  provider side domain parameters can be strictly separated from the
    key data.

This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:

- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key

To remedy all this, we:

1.  let go of the distinction between domain parameters and key
    material proper in the libcrypto <-> provider interface.

    As a consequence, functions that still need it gain a selection
    argument, which is a set of bits that indicate what parts of the
    key object are to be considered in a specific call.  This allows
    a reduction of very similar functions into one.

2.  Rework the libcrypto <-> provider interface so provider side key
    objects are created and destructed with a separate function, and
    get their data filled and extracted in through import and export.

(future work will see other key object constructors and other
functions to fill them with data)

Fixes #10979

squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics

Remedy 1 needs a rewrite:

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-07 09:37:56 +01:00
Dr. Matthias St. Pierre 7fa8bcfe43 Fix misspelling errors and typos reported by codespell
Fixes #10998

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11000)
2020-02-06 17:01:00 +01:00
Richard Levitte f4e4382cae EVP_PKEY_assign_EC_KEY(): detect SM2 curve and set EVP_PKEY type accordingly
This means that when loaded or created, EC EVP_PKEYs with the SM2
curve will be regarded as EVP_PKEY_SM2 type keys by default.
Applications are no longer forced to check and fix this.

It's still possible, for those who want this, to set the key type to
EVP_PKEY_EC and thereby run the normal EC computations with the SM2
curve.  This has to be done explicitly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10942)
2020-02-02 12:04:00 +01:00
Shane Lontis 12603de634 Add RSA key validation to default provider
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10780)
2020-01-29 20:32:32 +10:00
Rich Salz fadb57e554 Fix some missing doc links.
Replace "=for openssl foreign manuals" with simpler syntax, it looks
like the "=for openssl ifdef" construct.
Fix some broken L<> links; add some missing foreign references and fixed
some typo's.
The WARNINGS in dhparam referred to non-existant commands so reword it.

Fixes #10109

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10256)
2020-01-22 18:06:49 +01:00
Richard Levitte 6508e85883 EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys
These functions relied entirely on the presence of 'pkey->pmeth',
which is NULL on provider only keys.  This adds an interface to get
domparam and key data from a provider, given corresponding provider
data (the actual domparam or key).

The retrieved data is cached in the EVP_PKEY structure (lending the
idea from provided EVP_CIPHER).

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
2020-01-17 09:04:04 +01:00
Shane Lontis 36fc5fc6bd Add FIPS Self test kats for digests
Added an API to optionally set a self test callback.
The callback has the following 2 purposes
(1) Output information about the KAT tests.
(2) Allow the ability to corrupt one of the KAT's
The fipsinstall program uses the API.

Some KATS are not included in this PR since the required functionality did not yet exist in the provider.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10374)
2020-01-15 10:48:01 +10:00
Shane Lontis 11b4435986 Add GCM support for EVP_CTRL_GCM_IV_GEN and EVP_CTRL_GCM_SET_IV_INV to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10173)
2020-01-10 11:58:27 +10:00
Richard Levitte e62a45b60e CORE & EVP: Specify OP_query_operation_name() for KEYMGMT
This will allow keymgmt implementation for key types that need it to
specify the names of the diverse operation algorithms it can be used
with.  Currently, only one name per key type and operation is allowed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10647)
2020-01-09 15:01:16 +01:00
Richard Levitte cc4ff1061e DOCS: The interpretation of OPENSSL_API_COMPAT has changed, update docs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/10765)
2020-01-09 15:00:16 +01:00
Shane Lontis 1242f3c798 Fix KMAC docs
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9970)
2020-01-07 09:22:08 +10:00
Shane Lontis 0d2bfe52bb Add AES_CBC_HMAC_SHA ciphers to providers.
Also Add ability for providers to dynamically exclude cipher algorithms.
Cipher algorithms are only returned from providers if their capable() method is either NULL,
or the method returns 1.
This is mainly required for ciphers that only have hardware implementations.
If there is no hardware support, then the algorithm needs to be not available.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10146)
2020-01-06 13:02:16 +10:00
Richard Levitte 365955fb27 Rename doc/man7/provider-asymcipher.pod
The correct name is doc/man7/provider-asym_cipher.pod, to match the
name in the NAME section.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)
2019-12-21 22:53:54 +01:00
Rich Salz 742ccab318 Deprecate most of debug-memory
Fixes #8322

The leak-checking (and backtrace option, on some platforms) provided
by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered;
only the "make malloc fail" capability remains.  OpenSSL recommends using
the compiler's leak-detection instead.

The OPENSSL_DEBUG_MEMORY environment variable is no longer used.
CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(),
CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code.
CRYPTO_mem_debug_{malloc,realloc,free}() have been removed.  All of the
above are now deprecated.

Merge (now really small) mem_dbg.c into mem.c

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)
2019-12-14 20:57:35 +01:00
Rich Salz d2b194d78f Various missing-link fixes
Also, turn missing L<foo(3)> into foo(3)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10104)
2019-12-12 16:55:02 +01:00
Veres Lajos 79c44b4e30 Fix some typos
Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer>

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10544)
2019-12-11 19:04:01 +01:00
Matt Caswell 350c923517 Add documentation for the newly added RSA_PKCS1_WITH_TLS_PADDING
Documentation for RSA_PKCS1_WITH_TLS_PADDING padding mode as per the
previous commits, as well as the associated parameters for this mode.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10411)
2019-12-05 16:12:18 +00:00
Richard Levitte 63665fff84 PROV BIO: add a BIO_vprintf() upcall, and a provider BIO library
The BIO_vprintf() will allow the provider to print any text, given a
BIO supplied by libcrypto.

Additionally, we add a provider library with functions to collect all
the currently supplied BIO upcalls, as well as wrappers around those
upcalls.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte 866234ac35 SERIALIZER: add support for serializing EVP_PKEYs
The following public functions is added:

- OSSL_SERIALIZER_CTX_new_by_EVP_PKEY()
- OSSL_SERIALIZER_CTX_set_cipher()
- OSSL_SERIALIZER_CTX_set_passphrase()
- OSSL_SERIALIZER_CTX_set_passphrase_cb()
- OSSL_SERIALIZER_CTX_set_passphrase_ui()

OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() selects a suitable serializer
for the given EVP_PKEY, and sets up the OSSL_SERIALIZER_CTX to
function together with OSSL_SERIALIZER_to_bio() and
OSSL_SERIALIZER_to_fp().

OSSL_SERIALIZER_CTX_set_cipher() indicates what cipher should be used
to produce an encrypted serialization of the EVP_PKEY.  This is passed
directly to the provider using OSSL_SERIALIZER_CTX_set_params().

OSSL_SERIALIZER_CTX_set_passphrase() can be used to set a pass phrase
to be used for the encryption.  This is passed directly to the
provider using OSSL_SERIALIZER_CTX_set_params().

OSSL_SERIALIZER_CTX_set_passphrase_cb() and
OSSL_SERIALIZER_CTX_set_passphrase_ui() sets up a callback to be used
to prompt for a passphrase.  This is stored in the context, and is
called via an internal intermediary at the time of serialization.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:55:16 +01:00
Richard Levitte 0d003c52d3 SERIALIZER: New API for serialization of objects through providers
Serialization is needed to be able to take a provider object (such as
the provider side key data) and output it in PEM form, DER form, text
form (for display), and possibly other future forms (XML? JSON? JWK?)

The idea is that a serializer should be able to handle objects it has
intimate knowledge of, as well as object data in OSSL_PARAM form.  The
latter will allow libcrypto to serialize some object with a different
provider than the one holding the data, if exporting of that data is
allowed and there is a serializer that can handle it.

We will provide serializers for the types of objects we know about,
which should be useful together with any other provider that provides
implementations of the same type of object.

Serializers are selected by method name and a couple of additional
properties:

- format        used to tell what format the output should be in.
                Possibilities could include "format=text",
                "format=pem", "format=der", "format=pem-pkcs1"
                (traditional), "format=der-pkcs1" (traditional)
- type          used to tell exactly what type of data should be
                output, for example "type=public" (the public part of
                a key), "type=private" (the private part of a key),
                "type=domainparams" (domain parameters).

This also adds a passphrase callback function type,
OSSL_PASSPHRASE_CALLBACK, which is a bit like OSSL_CALLBACK, but it
takes a few extra arguments to place the result in.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:54:48 +01:00
Matt Caswell cc38e643cb Disable mem leak checking for the self test lock
The fips self test lock is deallocated in platform specific ways that may
occur after we do mem leak checking. If we don't know how to free it for
a particular platform then we just leak it deliberately. So we
temporarily disable the mem leak checking while we allocate the lock.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9939)
2019-11-29 16:14:44 +00:00
Rich Salz 22bb8c2545 Document more env var stuff, fix some typo's
Add openssl-env.pod
Also fix up many other environment page formatting nits.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10135)
2019-11-28 13:58:51 +01:00
Richard Levitte 2a03823606 doc/man7/proxy-certificates.pod: New guide for proxy certificates
This replaces doc/HOWTO/proxy_certificates.txt

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10507)
2019-11-27 16:18:28 +01:00
Matt Caswell e44192d14b Documentation updates due to naming tweaks
Also documents our new canonical naming.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10092)
2019-11-21 15:49:58 +00:00
Rich Salz d7cea0b8f5 Fix some broken doc links
Replace L<> link to header-file with a C<> reference.
Change some broken L<provider(3)> links to L<provider(7)>.
For consistency, rename four cipher pages to have a specific mode.
Fix up all references to any "generic" names to point to specific names.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10100)
2019-11-15 17:20:33 +01:00
Tomas Mraz a90311fead A few fixes in the EVP_KDF-KB and EVP_KDF-KRB5KDF manpages
The context and label is info and salt respectively - fix
the example in KB manpage for that.

There are some typos and bug in EVP_KDF_derive call in the
KRB5KDF example.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10426)
2019-11-14 17:26:16 +01:00
Matt Caswell 11d876df50 Add documentation for the Asymmetric Cipher Operation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)
2019-11-14 09:29:46 +00:00
Richard Levitte 10e7216e50 CORE: Add a generic callback function type
This offers a very generic way to define a callback as well as calling
it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10412)
2019-11-14 08:22:29 +01:00
Dmitry Belyavskiy b6db6612d1 Fix cut'n'paste typos in the provider-digest pod
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10398)
2019-11-11 21:17:18 +03:00
Rich Salz 1903a9b77a Fix L<xxx(1)> links to be L<openssl-xxx(1)>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10328)
2019-11-10 18:58:50 +01:00
Shane Lontis eb173822b2 Add AES SIV ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10120)
2019-11-08 12:14:44 +10:00
Rich Salz ccd9e70d4e Strip much out of ssl.pod
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
2019-11-06 19:38:32 +01:00
Rich Salz 16f8a61830 Remove outdated info from man7/ssl
There were two paragraphs of useful information about SSL_dup, so
copy that to the right manpage.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
2019-11-06 19:38:32 +01:00
Rich Salz 6e4618a0d7 Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226

Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
2019-10-31 14:26:34 +01:00
Rich Salz 1b0d1bf7f1 Fix broken links, mainly typo's
Also tweak find-doc-nits while fixing a bug (don't need .in files)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)
2019-10-24 08:45:25 -04:00
Simo Sorce 33f54da3dd Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
2019-10-23 08:32:48 +02:00
Robbie Harwood f6dead1b72 [KDF] Add feedback-mode and CMAC support to KBKDF
Implement SP800-108 section 5.2 with CMAC support.  As a side effect,
enable 5.1 with CMAC and 5.2 with HMAC.  Add test vectors from RFC 6803.

Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10143)
2019-10-17 12:45:03 +10:00
Shane Lontis 3d5a7578e0 Add ChaCha related ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10081)
2019-10-16 16:18:42 +10:00
Richard Levitte bb82531f65 POD: stop abusing comment
OpenSSL uses some POD directives masquerading as 'comment'
('=for comment' etc).  This is abusive and confusing.  Instead, we use
our own keyword.

    =for openssl whatever

    =begin openssl

    whatever

    =end openssl

(we have never used the multiline form, but might start one day)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10048)
2019-10-11 15:30:57 +02:00
Shane Lontis f816aa47ac Add rc2 ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9991)
2019-10-08 16:42:28 +10:00
Paul Yang a56f68adb7 Support SM2 in apps/speed
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10053)
2019-10-07 06:32:18 +08:00
Rich Salz 86913ef711 Fix L<EVP_KDF-derive> to L<EVP_DEF_derive>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10096)
2019-10-04 13:40:14 -04:00
Shane Lontis 6a41156c20 Add rc5 ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10006)
2019-10-03 16:05:49 +10:00
Rich Salz 9c0586d5fc Fix errors found by new find-doc-nits
Also patch find-doc-nits to ignore a Microsoft trademark and not
flag it as a spelling error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10023)
2019-10-03 10:33:54 +10:00
Richard Levitte c96399e296 Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work.  This change adapts them
to work with provided implementations as well, in one of two possible
ways:

1.  If the implementation's set_asn1_parameters or get_asn1_parameters
    function pointers are non-NULL, this is a legacy implementation,
    and that function is called.
2.  Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
    set, the default AlgorithmIdentifier parameter code in libcrypto
    is executed.
3.  Otherwise, if the cipher is a provided implementation, the ASN1
    type structure is converted to a DER blob which is then passed to
    the implementation as a parameter (param_to_asn1) or the DER blob
    is retrieved from the implementation as a parameter and converted
    locally to a ASN1_TYPE (asn1_to_param).

With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-10-01 22:51:00 +02:00
Rich Salz e8769719c9 Consistent formatting of flags with args
For documentation of all commands with "-flag arg" format them
consistently: "B<-flag> I<arg>", except when arg is literal
(for example "B<-inform> B<PEM>|B<DER>")
Update find-doc-nits to complain if badly formatted strings are found.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10022)
2019-10-01 08:36:58 +02:00
Richard Levitte c18d2d94c8 Funtion name with variable part in doc/man7/ and doc/internal/man3/
We have a few pages where part of function names can be considered
variable.  There are no normative guidelines for such a case, but if
we draw from the formatting convention of variable and argument names,
we can draw the conclusion that this variable part should be italized,
within already given conventions.  In other words, we need to help the
POD processor along in cases like these:

    SPARSE_ARRAY_OF(TYPE)
    ossl_sa_TYPE_num()

These need explicit formatting:

    B<SPARSE_ARRAY_OF>(I<TYPE>)
    B<ossl_sa_I<TYPE>_num>()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10034)
2019-09-28 06:33:16 +02:00
Richard Levitte dfabee82be Make doc/man7/ and doc/internal/man3/ conform with man-pages(7)
It's all in the details, from man-pages(7):

    Formatting conventions for manual pages describing functions

        ...
        Variable names should, like argument names, be specified in italics.
        ...

    Formatting conventions (general)

        ...
        Special macros, which are usually in uppercase, are in bold.
        Exception: don't boldface NULL.
        ...

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10034)
2019-09-28 06:33:16 +02:00
Robbie Harwood a39bc4404b [KDF] Add KBKDF implementation for counter-mode HMAC
Implement SP800-108 section 5.1 with HMAC intended for use in Kerberos.
Add test vectors from RFC 8009.

Adds error codes PROV_R_INVALID_MAC and PROV_R_MISSING_MAC.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9924)
2019-09-27 23:17:26 +02:00
Pauli 0c452a51a5 Reformat param description lines
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10024)
2019-09-27 16:21:51 +10:00
Pauli d56eba1fd1 Make OSSL_PARAM descriptions uniformly formatted.
=item B<MACRO> ("name") <type>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10024)
2019-09-27 16:21:51 +10:00
Pauli 72c162abb0 Use OSSL_PARAM types. Limits are explained in the description where appropriate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Pauli f49a65d09c Use OSSL_PARAM types for MAC documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Pauli e7f2dac968 Use OSSL_PARAM types for KDF documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Pauli 5a2a2f66c5 Remove the engine parameter from the provider MAC documentations
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:42 +10:00
Pauli 8d1502da1e Remove the engine parameter from the individual MAC documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:42 +10:00
Pauli fddb1847b1 Change PARAMETER NAMES links to PARAMETERS
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9905)
2019-09-18 18:36:13 +10:00
Pauli 4c04e7b1cc Fix links to functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9905)
2019-09-18 18:36:13 +10:00
Pauli 40526dfd92 Clean up KDF documentation in section 7.
The EVP_KDF_ctrl function doesn't exist anymore and have been replaced by
EVP_KDF_CTX_set_params.

The EVP_KDF_new_id function doesn't exist either and EVP_KDF_new should be
used instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9905)
2019-09-18 18:36:13 +10:00