Rename FIPS_MODE to FIPS_MODULE

This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.

Fixes #11538

Rename FIPS_MODE to FIPS_MODULE

This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)

show more ...

Fix DH_get_nid() so that it does not cache values.

DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to usin

Fix DH_get_nid() so that it does not cache values.

DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.

The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.

Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.

Fix error in documented return value for DH_get_nid

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)

show more ...

Add DH keygen to providers

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11332)

Constify various mostly X509-related parameter types in crypto/ and apps/

in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *,
also some result types of new functions, which

Constify various mostly X509-related parameter types in crypto/ and apps/

in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *,
also some result types of new functions, which does not break compatibility

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10504)

show more ...

DH: add internal dh_get_method()

This should have been publically present a long time ago, to be
consistent with the RSA, DSA and EC_KEY APIs. However, since we've
now deprecated th

DH: add internal dh_get_method()

This should have been publically present a long time ago, to be
consistent with the RSA, DSA and EC_KEY APIs. However, since we've
now deprecated that kind of function for the other key types, there's
no point in adding a public function, but we still need it internally.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11193)

show more ...

Change DH_get_nid() to set the value of q if it is not already set

Fixes #11108.

It only sets q if a valid named group is found.
The function signature was recently changed to p

Change DH_get_nid() to set the value of q if it is not already set

Fixes #11108.

It only sets q if a valid named group is found.
The function signature was recently changed to pass a non const DH pointer
in order to allow the nid to be cached internally. As an extension of this
the value of q can now also be set as q is always known for named groups.
The length field is also set if q is set.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11114)

show more ...

Deprecate the low level Diffie-Hellman functions.

Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by

Deprecate the low level Diffie-Hellman functions.

Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)

show more ...

Add FFC param/key validation

Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes)

Reviewed-by: Matt Cas

Add FFC param/key validation

Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10910)

show more ...

Missing "obj_mac" header file in "dh_lib"

Usage of `NID_undef` symbol without including its definition was causing
a build fail

Reviewed-by: Richard Levitte <levitte@openssl.org

Missing "obj_mac" header file in "dh_lib"

Usage of `NID_undef` symbol without including its definition was causing
a build fail

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10996)

show more ...

Add support for DH 'modp' group parameters (RFC 3526)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10897)

Modify DSA and DH keys to use a shared FFC_PARAMS struct

This is required in order to share code for FIPS related parameter generation and validation routinues.
Note the 'counter' field

Modify DSA and DH keys to use a shared FFC_PARAMS struct

This is required in order to share code for FIPS related parameter generation and validation routinues.
Note the 'counter' field is now stored as a integer (as that is the form required for generation/validation functions).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10860)

show more ...

Add DH key exchange to fips provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10826)

CRYPTO: Remove support for ex_data fields when building the FIPS module

These fields are purely application data, and applications don't reach
into the bowels of the FIPS module, so thes

CRYPTO: Remove support for ex_data fields when building the FIPS module

These fields are purely application data, and applications don't reach
into the bowels of the FIPS module, so these fields are never used
there.

Fixes #10835

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10837)

show more ...

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
direc

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

'*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)

show more ...

Use BN_clear_free in DH_set0_key

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9796)

Adapt DH to use with KEYMGMT

The biggest part in this was to move the key->param builder from EVP
to the DH ASN.1 method, and to implement the KEYMGMT support in the
provider DH.

Adapt DH to use with KEYMGMT

The biggest part in this was to move the key->param builder from EVP
to the DH ASN.1 method, and to implement the KEYMGMT support in the
provider DH.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9394)

show more ...

Following the license change, modify the boilerplates in crypto/dh/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7

Following the license change, modify the boilerplates in crypto/dh/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7788)

show more ...

Harmonize the error handling codepath

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Re

Harmonize the error handling codepath

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7121)

show more ...

Fix segfault in RSA_free() (and DSA/DH/EC_KEY)

`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).

Fo

Fix segfault in RSA_free() (and DSA/DH/EC_KEY)

`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).

For the rest of the description I'll talk about `RSA_*`, but the same
applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.

If `RSA_new_method()` fails because the engine does not implement the
required method, when `RSA_free(RSA *r)` is called,
`r->meth == NULL` and a segfault happens while checking if
`r->meth->finish` is defined.

This commit fixes this issue by ensuring that `r->meth` is not NULL
before dereferencing it to check for `r->meth->finish`.

Fixes #7102 .

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7121)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6371)

DH: add simple getters for commonly used DH struct members

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6273)

Remove parentheses of return.

Since return is inconsistent, I removed unnecessary parentheses and
unified them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt

Remove parentheses of return.

Since return is inconsistent, I removed unnecessary parentheses and
unified them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4541)

show more ...

Allow DH_set0_key with only private key.

The pub_key field for DH isn't actually used in DH_compute_key at all.
(Note the peer public key is passed in as as BIGNUM.) It's mostly there

Allow DH_set0_key with only private key.

The pub_key field for DH isn't actually used in DH_compute_key at all.
(Note the peer public key is passed in as as BIGNUM.) It's mostly there
so the caller may extract it from DH_generate_key. It doesn't
particularly need to be present if filling in a DH from external
parameters.

The check in DH_set0_key conflicts with adding OpenSSL 1.1.0 to Node.
Their public API is a thin wrapper over the old OpenSSL one:
https://nodejs.org/api/crypto.html#crypto_class_diffiehellman

They have separate setPrivateKey and setPublicKey methods, so the public
key may be set last or not at all. In 1.0.2, either worked fine since
operations on DH objects generally didn't use the public key. (Like
with OpenSSL, Node's setPublicKey method is also largely a no-op, but so
it goes.) In 1.1.0, DH_set0_key prevents create a private-key-only DH
object.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4384)

show more ...

Move the REF_PRINT support from e_os.h to internal/refcount.h.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://

Move the REF_PRINT support from e_os.h to internal/refcount.h.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)

show more ...

e_os.h removal from other headers and source files.

Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and
ssl/ssl_locl.h).

Added e_os.h into the files

e_os.h removal from other headers and source files.

Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and
ssl/ssl_locl.h).

Added e_os.h into the files that need it now.

Directly reference internal/nelem.h when required.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)

show more ...