- 07 8月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
Trust the returned value from EVP_PKEY_get_default_digest_name()! It mimics exactly the values that EVP_PKEY_get_default_digest_nid() is supposed to return, and that value should simply be passed unchanged. Callers depend on it. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12586)
-
- 01 8月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
-
- 27 7月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
- EVP_PKEY_is_a() didn't recognise "RSA-PSS" for legacy keys. - The RSA-PSS keymgmt didn't have a OSSL_FUNC_keymgmt_match() function. - ossl_prov_prepare_rsa_params() didn't return 1 for unrestricted RSA-PSS params. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492)
-
- 24 7月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
-
由 Richard Levitte 提交于
This makes the following functions available for libcrypto code: evp_keymgmt_util_try_import() - callback function evp_keymgmt_util_assign_pkey() - assigns keymgmt and keydata to an EVP_PKEY evp_keymgmt_util_make_pkey() - creates an EVP_PKEY from keymgmt and keydata Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
-
- 16 7月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
-
- 19 6月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
We rename these function to EVP_PKEY_CTX_get_group_name and EVP_PKEY_CTX_set_group_name so that they can be used for other algorithms other than EC. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
-
- 11 6月, 2020 1 次提交
-
-
由 Pauli 提交于
functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11997)
-
- 05 6月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present which isn't the case for provided keys. Support has been added to dh, ec and ecx keys. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11898)
-
- 27 5月, 2020 1 次提交
-
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11953)
-
- 24 5月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
EVP_PKEYs with provider side internal keys got the key type EVP_PKEY_NONE. This turned out to be too disruptive, so we try instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever EVP_PKEY type it uses. To make internal coding easier, we introduce a few internal macros to distinguish what can be expected from a EVP_PKEY: - evp_pkey_is_blank(), to detect an unassigned EVP_PKEY. - evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a type, which may be an old style type number or a EVP_KEYMGMT method. - evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned an key value. - evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an EVP_PKEY_METHOD. - evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is a provider side one, i.e. will be handdled via an EVP_KEYMGMT and other provider methods. This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY contains a provider side key for which there are no known EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be handled via EVP_KEYMGMT and other provider methods. Fixes #11823 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11913)
-
- 04 5月, 2020 2 次提交
-
-
由 Matt Caswell 提交于
If the key is a provider key then we should export it from the provider. Fixes #11627 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
由 Matt Caswell 提交于
We also introduce variants which are OPENSSL_CTX aware Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11635)
-
- 30 4月, 2020 2 次提交
-
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
-
- 28 4月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
-
- 25 4月, 2020 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11601)
-
- 24 4月, 2020 1 次提交
-
-
由 Rich Salz 提交于
... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
-
- 23 4月, 2020 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
-
由 Richard Levitte 提交于
evp_keymgmt_util_get_deflt_digest_name() is a refactor of the provider side key part of EVP_PKEY_get_default_digest_name(), that takes EVP_KEYMGMT and provider keydata pointers instead of an EVP_PKEY pointer. We also ensure that it uses SN_undef as the default name if the provider implementation gave us an empty string, since this is what EVP_PKEY_get_default_digest_name() responds when getting the digest name via a EVP_PKEY_ASN1_METHOD ctrl call that returns NID_undef. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11576)
-
- 17 4月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
Previously import_to just took an EVP_PKEY as the argument. However we need to some additional context data as well - specifically the libctx. Therefore we pass an EVP_PKEY_CTX instead to hold the combination of both of these things. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11536)
-
- 15 4月, 2020 2 次提交
-
-
由 Shane Lontis 提交于
Moved some shared FFC code into the FFC files. Added extra paramgen parameters for seed, gindex. Fixed bug in ossl_prov util to print bignums. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11303)
-
由 Richard Levitte 提交于
The EVP_KEYMGMT pointer in the pkey is removed when downgrading, but wasn't necessarily freed when need, thus leaving an incorrect reference count. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11328)
-
- 14 4月, 2020 1 次提交
-
-
由 Aaron Thompson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11515)
-
- 09 4月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
The EC export_to function calls EC_POINT_point2buf that can later generate a random number in some circumstances. Therefore we pass in a BN_CTX associated with the library context. This means we have to change the export_to function signature to accept the library context. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11493)
-
- 08 4月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
libssl code uses EVP_PKEY_get0_EC_KEY() to extract certain basic data from the EC_KEY. We replace that with internal EVP_PKEY functions. This may or may not be refactored later on. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11358)
-
由 Richard Levitte 提交于
EVP_PKEY_is_a() is the provider side key checking function corresponding to checking EVP_PKEY_id() or an EVP_PKEY against macros like EVP_PKEY_EC. It also works with legacy internal keys. We also add a warning indoc/man3/EVP_PKEY_set1_RSA.pod regarding the reliability of certain functions that only understand legacy keys. Finally, we take the opportunity to clean up doc/man3/EVP_PKEY_set1_RSA.pod to better conform with man-page layout norms, see man-pages(7) on Linux. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11358)
-
- 01 4月, 2020 1 次提交
-
-
由 Shane Lontis 提交于
Currently only RSA, EC and ECX are supported (DH and DSA need to be added to the keygen PR's seperately because the fields supported have changed significantly). The API's require the keys to be provider based. Made the keymanagement export and get_params functions share the same code by supplying support functions that work for both a OSSL_PARAM_BLD as well as a OSSL_PARAM[]. This approach means that complex code is not required to build an empty OSSL_PARAM[] with the correct sized fields before then doing a second pass to populate the array. The RSA factor arrays have been changed to use unique key names to simplify the interface needed by the user. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11365)
-
- 26 3月, 2020 4 次提交
-
-
由 Richard Levitte 提交于
Provider KEYMGMT functions can handle domain parameters as well as "other" parameters (the cofactor mode flag in ECC keys is one of those). The public EVP functions EVP_PKEY_copy_parameters(), EVP_PKEY_missing_parameters(), EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() tried to handle all parameters, but looking back at EVP_PKEY_ASN1_METHOD code (especially crypto/ec/ec_ameth.c), it turns out that they only need to concern themselves with domain parameters. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11375)
-
由 Richard Levitte 提交于
Upgrading EVP_PKEYs from containing legacy keys to containing provider side keys proved to be risky, with a number of unpleasant corner cases, and with functions like EVP_PKEY_get0_DSA() failing unexpectedly. We therefore change course, and instead of upgrading legacy internal keys to provider side internal keys, we downgrade provider side internal keys to legacy ones. To be able to do this, we add |import_from| and make it a callback function designed for evp_keymgmt_export(). This means that evp_pkey_upgrade_to_provider() is replaced with evp_pkey_downgrade(). EVP_PKEY_copy_parameters() is the most deeply affected function of this change. Fixes #11366 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11375)
-
由 Richard Levitte 提交于
This function intialises an EVP_PKEY to contain a provider side internal key. We take the opportunity to also document the older EVP_PKEY_set_type() and EVP_PKEY_set_type_str(). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11375)
-
由 Richard Levitte 提交于
EVP_PKEY is rather complex, even before provider side keys entered the stage. You could have untyped / unassigned keys (pk->type == EVP_PKEY_NONE), keys that had been assigned a type but no data (pk->pkey.ptr == NULL), and fully assigned keys (pk->type != EVP_PKEY_NONE && pk->pkey.ptr != NULL). For provider side keys, the corresponding states weren't well defined, and the code didn't quite account for all the possibilities. We also guard most of the legacy fields in EVP_PKEY with FIPS_MODE, so they don't exist at all in the FIPS module. Most of all, code needs to adapt to the case where an EVP_PKEY's |keymgmt| is non-NULL, but its |keydata| is NULL. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11375)
-
- 21 3月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
Instead of fetching the EVP_KEYMGMT in the init for every different operation, do it when creating the EVP_PKEY_CTX. This allows certain control functions to be called between the creation of the EVP_PKEY_CTX and the call of the operation's init function. Use case: EVP_PKEY_CTX_set1_id(), which is allowed to be called very early with the legacy implementation, this should still be allowed with provider implementations. Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11343)
-
- 12 3月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
The following functions are added: EVP_PKEY_gen_set_params(), replacing the older EVP_PKEY_CTX_ctrl() EVP_PKEY_gen(), replacing both EVP_PKEY_keygen() and EVP_PKEY_paramgen() These functions are made to work together with already existing domparams and key generation functionality: EVP_PKEY_CTX_new_provided(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen_init(), etc. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10289)
-
- 02 3月, 2020 3 次提交
-
-
由 Richard Levitte 提交于
This adds evp_keymgmt_util_copy() and affects EVP_PKEY_copy_parameters() Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11158)
-
由 Richard Levitte 提交于
This adds evp_keymgmt_util_match() and affects EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). The word 'match' was used for the new routines because many associate 'cmp' with comparison functions that allows sorting, i.e. return -1, 0 or 1 depending on the order in which the two compared elements should be sorted. EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() don't quite do that. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11158)
-
由 Richard Levitte 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11158)
-
- 29 2月, 2020 2 次提交
-
-
由 Richard Levitte 提交于
This function "upgrades" a key from a legacy key container to a provider side key container. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11148)
-
由 Richard Levitte 提交于
The role of this cache was two-fold: 1. It was a cache of key copies exported to providers with which an operation was initiated. 2. If the EVP_PKEY didn't have a legacy key, item 0 of the cache was the corresponding provider side origin, while the rest was the actual cache. This dual role for item 0 made the code a bit confusing, so we now make a separate keymgmt / keydata pair outside of that cache, which is the provider side "origin" key. A hard rule is that an EVP_PKEY cannot hold a legacy "origin" and a provider side "origin" at the same time. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11148)
-
- 22 2月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
Previously, evp-keymgmt_util_export_to_provider() took care of all kinds of exports of EVP_PKEYs to provider side keys, be it from its legacy key or from another provider side key. This works most of the times, but there may be cases where the caller wants to be a bit more in control of what sort of export happens when. Also, when it's time to remove all legacy stuff, that job will be much easier if we have a better separation between legacy support and support of provided stuff, as far as we can take it. This changes moves the support of legacy key to provider side key export from evp-keymgmt_util_export_to_provider() to evp_pkey_make_provided(), and makes sure the latter is called from all EVP_PKEY functions that handle legacy stuff. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11074)
-