Don't hold a lock when calling a callback in ossl_namemap_doall_names

We don't want to hold a read lock when calling a user supplied callback.
That callback could do anything so the risk

Don't hold a lock when calling a callback in ossl_namemap_doall_names

We don't want to hold a read lock when calling a user supplied callback.
That callback could do anything so the risk of a deadlock is high.
Instead we collect all the names first inside the read lock, and then
subsequently call the user callback outside the read lock.

Fixes #14225

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)

Implement EVP_PKEY_param_check_quick() and use it in libssl

The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "ful

Implement EVP_PKEY_param_check_quick() and use it in libssl

The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.

Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)

show more ...

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using ut

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)

show more ...

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)

show more ...

Correctly display the signing/hmac algorithm in the dgst app

In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:

HMAC-SHA1(README.md)= 55315

Correctly display the signing/hmac algorithm in the dgst app

In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:

HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1

Prior to this change master would instead display this like so:

SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1

The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get
the algorithm name from the EVP_PKEY. This doesn't work with provider
based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name()
function, and an equivalent EVP_KEYMGMT_get0_first_name() function.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)

show more ...

Add public API for gettables and settables for keymanagement, signatures and key exchange.

The openssl provider app will now display these params.

Reviewed-by: Matt Caswell <matt@op

Add public API for gettables and settables for keymanagement, signatures and key exchange.

The openssl provider app will now display these params.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12396)

show more ...

gettables: core changes to pass the provider context.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12581)

KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load()

This function is used to create a keydata for a key that libcrypto
only has a reference to.

This introduces provider r

KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load()

This function is used to create a keydata for a key that libcrypto
only has a reference to.

This introduces provider references, the contents which only the
provider know how to interpret. Outside of the provider, this is just
an array of bytes.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12410)

show more ...

Make the naming scheme for dispatched functions more consistent

The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core a

Make the naming scheme for dispatched functions more consistent

The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all
functions which are dispatched between the core and providers.

This change includes in particular all up- and downcalls, i.e., the
dispatched functions passed from core to provider and vice versa.

- OSSL_core_ -> OSSL_FUNC_core_
- OSSL_provider_ -> OSSL_FUNC_core_

For operations and their function dispatch tables, the following convention
is used:

Type | Name (evp_generic_fetch(3)) |
---------------------|-----------------------------------|
operation | OSSL_OP_FOO |
function id | OSSL_FUNC_FOO_FUNCTION_NAME |
function "name" | OSSL_FUNC_foo_function_name |
function typedef | OSSL_FUNC_foo_function_name_fn |
function ptr getter | OSSL_FUNC_foo_function_name |

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)

show more ...

Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12222)

Make sure we save the copy function when registering a new Keymgmt

If a provider had a "copy" function in the its keymgmt definition we
were ignoring it.

Reviewed-by: Shane Lont

Make sure we save the copy function when registering a new Keymgmt

If a provider had a "copy" function in the its keymgmt definition we
were ignoring it.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)

show more ...

Remove gen_get_params & gen_gettable_params from keygen operation

EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation.
After adding it it was noticed that it is prob

Remove gen_get_params & gen_gettable_params from keygen operation

EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation.
After adding it it was noticed that it is probably not required for this type, so instead
the gen_get_params and gen_gettable_params have been remnoved from the provider interface.
gen_get_params was only implemented for ec to get the curve name. This seems redundant
since normally you would set parameters into the keygen_init() and then generate a key.
Normally you would expect to extract data from the key - not the object that we just set up
to do the keygen.

Added a simple settable and gettable test into a test that does keygen.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11683)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)

EVP: Fix calls to evp_pkey_export_to_provider()

The calls weren't quite right, as this function has changed its behaviour.
We also change the internal documentation of this function, and

EVP: Fix calls to evp_pkey_export_to_provider()

The calls weren't quite right, as this function has changed its behaviour.
We also change the internal documentation of this function, and document
evp_pkey_downgrade().

Fixes #11549

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11550)

show more ...

KEYMGMT: Add functions to get param/key generation parameters

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.

KEYMGMT: Add functions to get param/key generation parameters

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11328)

show more ...

CORE: Add the key object generator libcrypto<->provider interface

We introduce these dispatched functions:

- OP_keymgmt_gen_init() to initialize the key object generation.
-

CORE: Add the key object generator libcrypto<->provider interface

We introduce these dispatched functions:

- OP_keymgmt_gen_init() to initialize the key object generation.
- OP_keymgmt_gen_set_template() to set a template for key object
generation. The template is another key object, for example one
with domain parameters.
- OP_keymgmt_gen_set_params() to set other key object generation
parameters.
- OP_keymgmt_gen_settable_params() to find out what settable
parameters there are.
- OP_keymgmt_gen() to perform the key object generation.
- OP_keymgmt_gen_cleanup() to clean up the key object generation.

Internal function for easy and consistent use of these ddispatched
functions are added.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)

show more ...

KEYMGMT: Add a keydata copy function

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)

KEYMGMT: Add a keydata matching function

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)

[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shan

[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)

show more ...

KEYMGMT: Require both get_params and gettable_params, or none

The same go for the pairs import + import_types and export + export_types.

This required some additional changes in our

KEYMGMT: Require both get_params and gettable_params, or none

The same go for the pairs import + import_types and export + export_types.

This required some additional changes in our KEYMGMT implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)

show more ...

Redesign the KEYMGMT libcrypto <-> provider interface - the basics

The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:

1. provider side domain param

Redesign the KEYMGMT libcrypto <-> provider interface - the basics

The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:

1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.

This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:

- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key

To remedy all this, we:

1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.

As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.

2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.

(future work will see other key object constructors and other
functions to fill them with data)

Fixes #10979

squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics

Remedy 1 needs a rewrite:

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)

show more ...

Reorganize the internal evp_keymgmt functions

Some of the evp_keymgmt_ functions are just wrappers around the
EVP_KEYMGMT function pointers. We move those from keymgmt_lib.c to
keym

Reorganize the internal evp_keymgmt functions

Some of the evp_keymgmt_ functions are just wrappers around the
EVP_KEYMGMT function pointers. We move those from keymgmt_lib.c to
keymgmt_meth.c.

Other evp_keymgmt_ functions are utility functions to help the rest of
the EVP functions. Since their names are easily confused with the
functions that were moved to keymgmt_meth.c, we rename them so they
all start with evp_keymgmt_util_.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)

show more ...

Add RSA key validation to default provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10780)

EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys

These functions relied entirely on the presence of 'pkey->pmeth',
which is NULL on provider only keys. This add

EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys

These functions relied entirely on the presence of 'pkey->pmeth',
which is NULL on provider only keys. This adds an interface to get
domparam and key data from a provider, given corresponding provider
data (the actual domparam or key).

The retrieved data is cached in the EVP_PKEY structure (lending the
idea from provided EVP_CIPHER).

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)

show more ...