Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes

Optimization of ossl_ec_key_public_check()

We can do just the quick check if cofactor == 1 as the
fact that the point is on the curve already implies
that order * point = infinity.

Optimization of ossl_ec_key_public_check()

We can do just the quick check if cofactor == 1 as the
fact that the point is on the curve already implies
that order * point = infinity.

Fixes #21833

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24816)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Remove a redundant point mul from ossl_ec_key_public_check()

This code was added in error and is entirely redundant. It is also an
expensive operation (e.g. see #21833).

Fixes #

Remove a redundant point mul from ossl_ec_key_public_check()

This code was added in error and is entirely redundant. It is also an
expensive operation (e.g. see #21833).

Fixes #21834

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21902)

show more ...

ec: update to structure based atomics

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21

ec: update to structure based atomics

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)

show more ...

dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1

This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision
against a newly calculated

dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1

This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision
against a newly calculated public key.

Co-authored-by: Randall Steck <rsteck@thinqsoft.com>
Co-authored-by: Mark J. Minnoch <mark@keypair.us>
Co-authored-by: Steve Weymann <steve@keypair.us>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)

show more ...

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

Add HPKE DHKEM provider support for EC, X25519 and X448.

The code is derived from @sftcd's work in PR #17172.
This PR puts the DHKEM algorithms into the provider layer as
KEM algorit

Add HPKE DHKEM provider support for EC, X25519 and X448.

The code is derived from @sftcd's work in PR #17172.
This PR puts the DHKEM algorithms into the provider layer as
KEM algorithms for EC and ECX.

This PR only implements the DHKEM component of HPKE as specified in
RFC 9180.

crypto/hpke/hpke_util.c has been added for fuctions that will
be shared between DHKEM and HPKE.

API's for EVP_PKEY_auth_encapsulate_init() and EVP_PKEY_auth_decapsulate_init()
have been added to support authenticated encapsulation. auth_init() functions
were chosen rather that a EVP_PKEY_KEM_set_auth() interface to support
future algorithms that could possibly need different init functions.

Internal code has been refactored, so that it can be shared between the DHKEM
and other systems. Since DHKEM operates on low level keys it needs to be
able to do low level ECDH and ECXDH calls without converting the keys
back into EVP_PKEY/EVP_PKEY_CTX form. See ossl_ecx_compute_key(),
ossl_ec_public_from_private()

DHKEM requires API's to derive a key using a seed (IKM). This did not sit
well inside the DHKEM itself as dispatch functions. This functionality
fits better inside the EC and ECX keymanagers keygen, since
they are just variations of keygen where the private key is generated
in a different manner. This should mainly be used for testing purposes.
See ossl_ec_generate_key_dhkem().
It supports this by allowing a settable param to be passed to keygen
(See OSSL_PKEY_PARAM_DHKEM_IKM).
The keygen calls code within ec and ecx dhkem implementation to handle this.
See ossl_ecx_dhkem_derive_private() and ossl_ec_dhkem_derive_private().
These 2 functions are also used by the EC/ECX DHKEM implementations to generate
the sender ephemeral keys.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19068)

show more ...

Fix EC_KEY_set_private_key() priv_key regression

This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
https://github.com/openssl/open

Fix EC_KEY_set_private_key() priv_key regression

This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696

Fixes #18744.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18942)

show more ...

Fix a memory leak in ec_key_simple_oct2priv

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course

Fix a memory leak in ec_key_simple_oct2priv

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18366)

show more ...

fips module header inclusion fine-tunning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

fips module header inclusion fine-tunning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)

show more ...

add zero strenght arguments to BN and RAND RNG calls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)

Implement pem_read_key directly through OSSL_DECODER

Using OSSL_STORE is too heavy and breaks things.

There were also needed various fixes mainly for missing proper
handling of

Implement pem_read_key directly through OSSL_DECODER

Using OSSL_STORE is too heavy and breaks things.

There were also needed various fixes mainly for missing proper
handling of the SM2 keys in the OSSL_DECODER.

Fixes #14788

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15045)

show more ...

Add selection support to the provider keymgmt_dup function

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)

Fix external symbols related to ec & sm2 keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*

Reviewed-

Fix external symbols related to ec & sm2 keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)

show more ...

Add EVP_PKEY_public_check_quick.

Adding the EVP_PKEY_param_check_quick() reminded me that there are also
partial checks for public keys as part of SP800-56A for FFC (DH named safe
pr

Add EVP_PKEY_public_check_quick.

Adding the EVP_PKEY_param_check_quick() reminded me that there are also
partial checks for public keys as part of SP800-56A for FFC (DH named safe
prime groups) and ECC. The code was mainly already there and just needed
to be plumbed into the validate methods.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14206)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)

Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@open

Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)

show more ...

DECODER: Adjust the library context of keys in our decoders

Because decoders are coupled with keymgmts from the same provider,
ours need to produce provider side keys the same way. Sinc

DECODER: Adjust the library context of keys in our decoders

Because decoders are coupled with keymgmts from the same provider,
ours need to produce provider side keys the same way. Since our
keymgmts create key data with the provider library context, so must
our decoders.

We solve with functions to adjust the library context of decoded keys,
and use them.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)

show more ...

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using ut

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)

show more ...

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)

show more ...

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fro

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

Add SM2 key management

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback().

This was written before the ec key contained a library context,
now that it contains a libctx it can

Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback().

This was written before the ec key contained a library context,
now that it contains a libctx it can be passed correctly to the callback.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12877)

show more ...

EC_KEY: add EC_KEY_decoded_from_explicit_params()

The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.

Reviewed-by: David

EC_KEY: add EC_KEY_decoded_from_explicit_params()

The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)

show more ...