Make EVP_PKEY_CTX_[get|set]_group_name work for DH too

The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work f

Make EVP_PKEY_CTX_[get|set]_group_name work for DH too

The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work for
DH.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)

show more ...

Add ACVP fips module tests

For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These te

Add ACVP fips module tests

For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.

This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).

The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.

The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.

The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)

show more ...

Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys

EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present
which isn't the case for provided keys. Sup

Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys

EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present
which isn't the case for provided keys. Support has been added to dh,
ec and ecx keys.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)

show more ...

Update core_names.h fields and document most fields.

Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related

Update core_names.h fields and document most fields.

Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related to RSA keys.
Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file.
Updated Keyexchange and signature code and docs.
Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod.
Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it.

Added some usage examples. As a result of the usage examples the following change was also made:
ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11610)

show more ...

When a private key is validated and there is no private key, return early.

Affected functions:

dsa_validate_public
dsa_validate_private
dh_validate_public
dh_validate_pr

When a private key is validated and there is no private key, return early.

Affected functions:

dsa_validate_public
dsa_validate_private
dh_validate_public
dh_validate_private

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11598)

show more ...

Fix DH_get_nid() so that it does not cache values.

DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to usin

Fix DH_get_nid() so that it does not cache values.

DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.

The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.

Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.

Fix error in documented return value for DH_get_nid

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)

show more ...

Add DH keygen to providers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11332)

Add DSA keygen to provider

Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.

Rev

Add DSA keygen to provider

Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)

show more ...

Param build: make structures opaque.

Since this is public, it is best to make the underlying structure opaque.
This means converting from stack allocation to dynamic allocation for all

Param build: make structures opaque.

Since this is public, it is best to make the underlying structure opaque.
This means converting from stack allocation to dynamic allocation for all
usages.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11390)

show more ...

Param builder: make the OSSL_PARAM_BLD APIs public.

The catalyst for this is the difficult of passing BNs through the other
OSSL_PARAM APIs.

Reviewed-by: Nicola Tuveri <nic.tuv@

Param builder: make the OSSL_PARAM_BLD APIs public.

The catalyst for this is the difficult of passing BNs through the other
OSSL_PARAM APIs.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11390)

show more ...

EVP: Implement support for key downgrading in backends

Downgrading EVP_PKEYs from containing provider side internal keys to
containing legacy keys demands support in the EVP_PKEY_ASN1_ME

EVP: Implement support for key downgrading in backends

Downgrading EVP_PKEYs from containing provider side internal keys to
containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD.

This became a bit elaborate because the code would be almost exactly
the same as the import functions int EVP_KEYMGMT. Therefore, we end
up moving most of the code to common backend support files that can be
used both by legacy backend code and by our providers.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)

show more ...

EVP: Clarify the states of an EVP_PKEY

EVP_PKEY is rather complex, even before provider side keys entered the
stage.
You could have untyped / unassigned keys (pk->type == EVP_PKEY_NO

EVP: Clarify the states of an EVP_PKEY

EVP_PKEY is rather complex, even before provider side keys entered the
stage.
You could have untyped / unassigned keys (pk->type == EVP_PKEY_NONE),
keys that had been assigned a type but no data (pk->pkey.ptr == NULL),
and fully assigned keys (pk->type != EVP_PKEY_NONE && pk->pkey.ptr != NULL).

For provider side keys, the corresponding states weren't well defined,
and the code didn't quite account for all the possibilities.

We also guard most of the legacy fields in EVP_PKEY with FIPS_MODE, so
they don't exist at all in the FIPS module.

Most of all, code needs to adapt to the case where an EVP_PKEY's
|keymgmt| is non-NULL, but its |keydata| is NULL.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)

show more ...

Add DH key validation to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10911)

PROV: Add a OP_keymgmt_match() function to our DH, DSA, RSA and EC_KEY impl

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)

Deprecate the low level Diffie-Hellman functions.

Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by

Deprecate the low level Diffie-Hellman functions.

Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)

show more ...

[PROV][KEYMGMT][DH][DSA] use BN_clear_free for secrets

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shan

[PROV][KEYMGMT][DH][DSA] use BN_clear_free for secrets

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)

show more ...

Add FFC param/key validation

Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes)

Reviewed-by: Matt Cas

Add FFC param/key validation

Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10910)

show more ...

Implement Provider side Key Management for X25519 and X448

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from ht

Implement Provider side Key Management for X25519 and X448

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10964)

show more ...

KEYMGMT: Require both get_params and gettable_params, or none

The same go for the pairs import + import_types and export + export_types.

This required some additional changes in our

KEYMGMT: Require both get_params and gettable_params, or none

The same go for the pairs import + import_types and export + export_types.

This required some additional changes in our KEYMGMT implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)

show more ...

Adapt existing KEYMGMT implementations to the redesigned interface

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul

Adapt existing KEYMGMT implementations to the redesigned interface

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)

show more ...

PROV: Adapt the RSA, DSA and DH KEYMGMT implementations

They now all respond to requests for key size, bits and security bits.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Me

PROV: Adapt the RSA, DSA and DH KEYMGMT implementations

They now all respond to requests for key size, bits and security bits.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

show more ...

CORE & PROV: make export of key data leaner through callback

Exporting data from a provider owned domainparams or key is quite an
ordeal, with having to figure out what parameter keys an

CORE & PROV: make export of key data leaner through callback

Exporting data from a provider owned domainparams or key is quite an
ordeal, with having to figure out what parameter keys an
implementation supports, call the export function a first time to find
out how large each parameter buffer must be, allocate the necessary
space for it, and call the export function again.

So how about letting the export function build up the key data params
and call back with that? This change implements exactly such a
mechanism.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10414)

show more ...

DH: Add export of keys and domain parameters from provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)

DH: Add export of domain parameters to provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)

Cleanup: move providers/common/include/internal/provider_args.h

New name is providers/implementations/include/prov/implementations.h
All inclusions are adapted accordingly.

Revi

Cleanup: move providers/common/include/internal/provider_args.h

New name is providers/implementations/include/prov/implementations.h
All inclusions are adapted accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)

show more ...