Remove unused code from the fips module

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Remove unused code from the fips module

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15167)

show more ...

EVP: Implement data-driven translation between known ctrl and OSSL_PARAMs

The idea is to make it as transparent as possible to call things like
EVP_PKEY_CTX_ctrl() with a provider backed

EVP: Implement data-driven translation between known ctrl and OSSL_PARAMs

The idea is to make it as transparent as possible to call things like
EVP_PKEY_CTX_ctrl() with a provider backed EVP_PKEY_CTX, or things
like EVP_PKEY_get_bn_param() with a legacy EVP_PKEY.

All these sorts of calls demand that we translate between ctrl
commands and OSSL_PARAM keys, and treat the arguments appropriately.

This implementation has it being as data driven as possible, thereby
centralizing everything into one table of translation data, which
supports both directions.

Fixes #13528

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13913)

show more ...

EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured). However

EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
EC_KEY. This change solves that problem by shuffling these functions
to more appropriate places.

Partially fixes #13550

squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_EC. This requires some re-arrangements of
internal tables to translate between numeric identities and names.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

show more ...

EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled
('no-dsa' not configured). However, t

EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled
('no-dsa' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
DH. This change solves that problem by shuffling these functions to
more appropriate places.

By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_DH. This requires some re-arrangements of
internal tables to translate between numeric identities and names.

Partially fixes #13550

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

show more ...

EVP_PKEY & DSA: move dsa_ctrl.c to be included only on libcrypto

These functions aren't used by the FIPS module, so there's no reason
to include it there.

Reviewed-by: Tomas Mra

EVP_PKEY & DSA: move dsa_ctrl.c to be included only on libcrypto

These functions aren't used by the FIPS module, so there's no reason
to include it there.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

show more ...

EVP_PKEY & DSA: Make DSA EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_dsa_ functions were only available when DSA was
enabled ('no-dsa' not configured). Howeve

EVP_PKEY & DSA: Make DSA EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_dsa_ functions were only available when DSA was
enabled ('no-dsa' not configured). However, that makes it impossible
to use these functions with an engine or a provider that happens to
implement DSA. This change solves that problem by shuffling these
functions to more appropriate places.

Fixes #13529

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13530)

show more ...

Deprecate RSA harder

This deprecates all functions that deal with the types RSA and RSA_METHOD

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/open

Deprecate RSA harder

This deprecates all functions that deal with the types RSA and RSA_METHOD

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13096)

show more ...

Add KEM (Key encapsulation mechanism) support to providers

SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover.
As these are simple KEM operations another

Add KEM (Key encapsulation mechanism) support to providers

SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover.
As these are simple KEM operations another operation type has been added that can support future extensions.

Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate()
Added EVP_KEM_* functions.
Added OSSL_FUNC_kem_* dispatch functions

Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to
"RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value.
This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations.

The design of the public API's resulted from contributions from @romen & @levitte.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12750)

show more ...

Add self tests for rsa encryption

SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption
using the RSA primitive (i.e. no padding). This is

Add self tests for rsa encryption

SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption
using the RSA primitive (i.e. no padding). This is specified in FIPS140-2 IG D.9

A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt()
are now in the fips module.

Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops().

Added corruption test

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12835)

show more ...

Delete unused PKEY MAC files

Now that the all the legacy PKEY MAC bridge code has been moved to the
providers we no longer need the old bridge and it can be removed.

Reviewed-by

Delete unused PKEY MAC files

Now that the all the legacy PKEY MAC bridge code has been moved to the
providers we no longer need the old bridge and it can be removed.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)

show more ...

Delete old KDF bridge EVP_PKEY_METHODS

The KDF bridge is now done provider side so the old EVP_PKEY_METHODS for
this are no longer required.

Reviewed-by: Paul Dale <paul.dale@or

Delete old KDF bridge EVP_PKEY_METHODS

The KDF bridge is now done provider side so the old EVP_PKEY_METHODS for
this are no longer required.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12573)

show more ...

CTR, HASH and HMAC DRBGs in provider

Move the three different DRBGs to the provider.

As part of the move, the DRBG specific data was pulled out of a common
structure and into th

CTR, HASH and HMAC DRBGs in provider

Move the three different DRBGs to the provider.

As part of the move, the DRBG specific data was pulled out of a common
structure and into their own structures. Only these smaller structures are
securely allocated. This saves quite a bit of secure memory:

+-------------------------------+
| DRBG | Bytes | Secure |
+--------------+-------+--------+
| HASH | 376 | 512 |
| HMAC | 168 | 256 |
| CTR | 176 | 256 |
| Common (new) | 320 | 0 |
| Common (old) | 592 | 1024 |
+--------------+-------+--------+

Bytes is the structure size on the X86/64.
Secure is the number of bytes of secure memory used (power of two allocator).

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)

show more ...

rand: core APIs for provider friendly random.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)

Use build.info, not ifdef for crypto modules

Don't wrap conditionally-compiled files in global ifndef tests.
Instead, test if the feature is disabled and, if so, do not
compile it.

Use build.info, not ifdef for crypto modules

Don't wrap conditionally-compiled files in global ifndef tests.
Instead, test if the feature is disabled and, if so, do not
compile it.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11263)

show more ...

Adapt all build.info and test recipes to the new $disabled{'deprecated-x.y'}

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11027)

Add RSA key validation to default provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10780)

EVP: Adapt EVP_PKEY Seal and Open for provider keys

This affects the following function, which can now deal with provider
side keys:

- EVP_SealInit()
- EVP_OpenInit()

EVP: Adapt EVP_PKEY Seal and Open for provider keys

This affects the following function, which can now deal with provider
side keys:

- EVP_SealInit()
- EVP_OpenInit()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10808)

show more ...

Add DH key exchange to fips provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10826)

Add dsa signature alg to fips provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10615)

Cleanup legacy digest methods.

Macros have been added to generate the simple legacy methods.
Engines and EVP_MD_METH_get methods still require access to the old legacy methods,
so th

Cleanup legacy digest methods.

Macros have been added to generate the simple legacy methods.
Engines and EVP_MD_METH_get methods still require access to the old legacy methods,
so they needed to be added back in.
They may only be removed after engines are deprecated and removed.
Removed some unnecessary #includes and #ifndef guards (which are done in build.info instead).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10602)

show more ...

Fix no-blake2

We modify the build.info file to exclude the legacy_blake2.c file in
the event that blake2 support has been disabled.

Reviewed-by: Richard Levitte <levitte@openssl

Fix no-blake2

We modify the build.info file to exclude the legacy_blake2.c file in
the event that blake2 support has been disabled.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10425)

show more ...

Move BLAKE2 digests completely to the default provider

This leaves minimal implementations of EVP_blake2b512 and EVP_blake2s256,
that are now only there to provide a name for implicit fe

Move BLAKE2 digests completely to the default provider

This leaves minimal implementations of EVP_blake2b512 and EVP_blake2s256,
that are now only there to provide a name for implicit fetches.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9075)

show more ...

Move MD2, MD4 and MD5 digests completely to the providers

This leaves minimal implementations of EVP_md2, EVP_md4, EVP_md5 and
EVP_mdc2, that are now only there to provide a name for imp

Move MD2, MD4 and MD5 digests completely to the providers

This leaves minimal implementations of EVP_md2, EVP_md4, EVP_md5 and
EVP_mdc2, that are now only there to provide a name for implicit fetches.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10164)

show more ...

Support calling EVP_DigestUpdate instead of EVP_Digest[Sign|Verify]Update

Prior to OpenSSL 3.0 EVP_Digest[Sign|Verify|Update were just macros for
EVP_DigestUpdate. They are now separate

Support calling EVP_DigestUpdate instead of EVP_Digest[Sign|Verify]Update

Prior to OpenSSL 3.0 EVP_Digest[Sign|Verify|Update were just macros for
EVP_DigestUpdate. They are now separate functions. Unfortunately some
code assumes that EVP_Digest[Sign|Verify]Update is interchangeable with
EVP_DigestUpdate. For example the dgst app uses an MD bio which always
calls EVP_DigestUpdate(). However the dgst app supports signing instead
of digesting and may initialise with EVP_DigestSignInit_ex() instead of
just EVP_DigestInit().

We now detect these differences and redirect to the correct function
where appropriate.

Fixes #10114

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10116)

show more ...

Rework how our providers are built

We put almost everything in these internal static libraries:

libcommon Block building code that can be used by all

Rework how our providers are built

We put almost everything in these internal static libraries:

libcommon Block building code that can be used by all
our implementations, legacy and non-legacy
alike.
libimplementations All non-legacy algorithm implementations and
only them. All the code that ends up here is
agnostic to the definitions of FIPS_MODE.
liblegacy All legacy implementations.

libnonfips Support code for the algorithm implementations.
Built with FIPS_MODE undefined. Any code that
checks that FIPS_MODE isn't defined must end
up in this library.
libfips Support code for the algorithm implementations.
Built with FIPS_MODE defined. Any code that
checks that FIPS_MODE is defined must end up
in this library.

The FIPS provider module is built from providers/fips/*.c and linked
with libimplementations, libcommon and libfips.

The Legacy provider module is built from providers/legacy/*.c and
linked with liblegacy, libcommon and libcrypto.
If module building is disabled, the object files from liblegacy and
libcommon are added to libcrypto and the Legacy provider becomes a
built-in provider.

The Default provider module is built-in, so it ends up being linked
with libimplementations, libcommon and libnonfips. For libcrypto in
form of static library, the object files from those other libraries
are simply being added to libcrypto.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)

show more ...