Implement deterministic ECDSA sign (RFC6979)

This PR is based off the contributions in PR #9223 by Jemmy1228.

It has been modified and reworked to:
(1) Work with providers
(

Implement deterministic ECDSA sign (RFC6979)

This PR is based off the contributions in PR #9223 by Jemmy1228.

It has been modified and reworked to:
(1) Work with providers
(2) Support ECDSA and DSA
(3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG.

A nonce_type is passed around inside the Signing API's, in order to support any
future deterministic algorithms.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18809)

show more ...

test: add sm4 xts test cases

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19619)

With fips provider 3.0.0 skip tests related to explicit curves handling

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by:

With fips provider 3.0.0 skip tests related to explicit curves handling

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

evp_test: allow FIPS provider version based escapes in evp_test

Also fix a number of regressions when run against the 3.0.0 FIPS provider
that result from bug fixes.

Reviewed-by

evp_test: allow FIPS provider version based escapes in evp_test

Also fix a number of regressions when run against the 3.0.0 FIPS provider
that result from bug fixes.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)

show more ...

test/evp_test: Test if EVP_DigestSign() set signature's length.

Increase the signature's length, that is passed to EVP_DigestSign(). The
implementation should set this parameter back to

test/evp_test: Test if EVP_DigestSign() set signature's length.

Increase the signature's length, that is passed to EVP_DigestSign(). The
implementation should set this parameter back to the actual length, that
has been written.

This (oneshot_digestsign_test_run()) fails for the ed25519/ ed448
implementation of s390 prio the fix. The change in digestsign_test_run()
follows the same pattern and is for collecting bonus points.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18928)

show more ...

Implement AES-GCM-SIV (RFC8452)

Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement

Implement AES-GCM-SIV (RFC8452)

Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally,
there would be separate polyval assembly implementation(s), but the only one
I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed.

This implementation lives only in the default provider; there is no legacy
implementation.

The code offered in #16721 is not used; that implementation sits on top of
OpenSSL, this one is embedded inside OpenSSL.

Full test vectors from RFC8452 are included, except the 0 length plaintext;
that is not supported; and I'm not sure it's worthwhile to do so.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18693)

show more ...

Make evp_test skip mac tests if digest or ciphers are disabled.

Fixes test error in #18714
This only happens currently during minimal builds.

Reviewed-by: Tomas Mraz <tomas@open

Make evp_test skip mac tests if digest or ciphers are disabled.

Fixes test error in #18714
This only happens currently during minimal builds.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18737)

show more ...

test/evp_test.c: Add check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.

Sign

test/evp_test.c: Add check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18592)

show more ...

test/evp_test.c: Check too big output buffer sizes in PKEYKDF tests

EVP_PKEY_derive() should be able to cope with a too big buffer for fixed
size outputs. However, we don't test that.

test/evp_test.c: Check too big output buffer sizes in PKEYKDF tests

EVP_PKEY_derive() should be able to cope with a too big buffer for fixed
size outputs. However, we don't test that.

This change modifies the PKEYKDF tests to ask EVP_PKEY_derive() what the
desired output buffer size is, and as long as the returned value isn't
absurd (indicating that anything goes), the output buffer is made to be
twice as big as what is expected.

Tests #18517

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18533)

(cherry picked from commit a0587aaeff7391b8cf4ee4c6a233d0f4dca7d62f)

show more ...

Fix check of EVP_CIPHER_CTX_ctrl

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

Fix check of EVP_CIPHER_CTX_ctrl

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18368)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

str[n]casecmp => OPENSSL_strncasecmp

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)

evp_test: Try computing MACs twice with reinitialization of EVP_MAC_CTX

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://g

evp_test: Try computing MACs twice with reinitialization of EVP_MAC_CTX

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18100)

show more ...

evp_test: Add testcases for DH KEX with X9.42 KDF

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.c

evp_test: Add testcases for DH KEX with X9.42 KDF

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17859)

show more ...

evp_test: Skip testcase if r parameter is unsupported

The r parameter of the KBKDF is unsupported by 3.0 FIPS module.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from htt

evp_test: Skip testcase if r parameter is unsupported

The r parameter of the KBKDF is unsupported by 3.0 FIPS module.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)

show more ...

evp_test: Add the missing check after calling OPENSSL_strdup and sk_OPENSSL_STRING_new_null

Since the memory allocation may fail, the 'mac_name' and 'controls'
could be NULL.
And the

evp_test: Add the missing check after calling OPENSSL_strdup and sk_OPENSSL_STRING_new_null

Since the memory allocation may fail, the 'mac_name' and 'controls'
could be NULL.
And the 'mac_name' will be printed in mac_test_run_mac() without check.
Also the result of 'params_n +
sk_OPENSSL_STRING_num(expected->controls)' in
mac_test_run_mac() will be 'params_n - 1' if allocation fails , which
does not make sense.
Therefore, it should be better to check them in order to guarantee the
complete success of initiation.
If fails, we also need to free the 'mdat' to avoid the memory leak.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17628)

show more ...

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to b

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)

show more ...

evp_test: add a ctx dup operation to the KDF tests

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17572)

evp_test: Add the missing check after calling OPENSSL_malloc

The OPENSSL_zalloc() could return NULL pointer if fails.
Add the check for it does make sense, like how digest_test_init() de

evp_test: Add the missing check after calling OPENSSL_malloc

The OPENSSL_zalloc() could return NULL pointer if fails.
Add the check for it does make sense, like how digest_test_init() deals
with.

CLA: trivial

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)

show more ...

test: add cipher context dup test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

test: add digest context dup tests

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)

Fix: some patches related to error exiting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Fix: some patches related to error exiting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17417)

show more ...

Support different R_BITS lengths for KBKDF

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Support different R_BITS lengths for KBKDF

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17063)

show more ...

Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and HAS_CASE_SUFFIX()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/

Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

show more ...