Commit Graph

15 Commits (a6f8e131f40bbca55867af7d1504a58acd4c3b3d)

Author SHA1 Message Date
Pauli 965fa9c080 prov: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <>
(Merged from
2021-05-29 17:17:12 +10:00
Rich Salz 9d0dd1d513 Use "" for include crypto/xxx
Reviewed-by: Shane Lontis <>
Reviewed-by: Paul Dale <>
(Merged from
2021-05-27 09:56:41 +10:00
Richard Levitte 848af5e8fe Drop libimplementations.a
libimplementations.a was a nice idea, but had a few flaws:

1.  The idea to have common code in libimplementations.a and FIPS
    sensitive helper functions in libfips.a / libnonfips.a didn't
    catch on, and we saw full implementation ending up in them instead
    and not appearing in libimplementations.a at all.

2.  Because more or less ALL algorithm implementations were included
    in libimplementations.a (the idea being that the appropriate
    objects from it would be selected automatically by the linker when
    building the shared libraries), it's very hard to find only the
    implementation source that should go into the FIPS module, with
    the result that the FIPS checksum mechanism include source files
    that it shouldn't

To mitigate, we drop libimplementations.a, but retain the idea of
collecting implementations in static libraries.  With that, we not


    Includes all implementations that should become part of the FIPS


    Includes all implementations that should become part of the legacy


    Includes all implementations that should become part of the
    default and base providers.

With this, libnonfips.a becomes irrelevant and is dropped.
libcommon.a is retained to include common provider code that can be
used uniformly by all providers.

Fixes #15157

Reviewed-by: Tomas Mraz <>
(Merged from
2021-05-07 10:17:23 +02:00
Matt Caswell 6ce58488bd Store some FIPS global variables in the FIPS_GLOBAL structure
We had some FIPS global variables that were based on values from the
config file. In theory if two instances of the fips module are loaded
they could be based on different config files which would cause this to
fail. Instead we store them in the FIPS_GLOBAL structure.

Fixes #14364

Reviewed-by: Tomas Mraz <>
Reviewed-by: Paul Dale <>
(Merged from
2021-04-16 14:27:28 +01:00
Tomas Mraz 0cfbc828e0 Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.

Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.

Fixes #14276

Reviewed-by: Dmitry Belyavskiy <>
(Merged from
2021-04-06 09:10:11 +02:00
Pauli 5a084c5f0b prov: update KEM to support params on init()
Reviewed-by: Shane Lontis <>
(Merged from
2021-03-12 08:27:11 +10:00
Tomas Mraz fb67126ea8 EVP_PKEY_CTX_get/settable_params: pass provider operation context
This allows making the signature operations return different
settable params when the context is initialized with

Reviewed-by: Paul Dale <>
Reviewed-by: Shane Lontis <>
(Merged from
2021-03-03 11:25:39 +01:00
Matt Caswell a28d06f3e9 Update copyright year
Reviewed-by: Tomas Mraz <>
(Merged from
2021-02-18 15:05:17 +00:00
Tomas Mraz 2741128e9d Move the PROV_R reason codes to a public header
The PROV_R codes can be returned to applications so it is useful
to have some common set of provider reason codes for the applications
or third party providers.

Reviewed-by: Richard Levitte <>
Reviewed-by: Paul Dale <>
Reviewed-by: Shane Lontis <>
(Merged from
2021-02-11 09:34:31 +01:00
Dr. Matthias St. Pierre a829b735b6 Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term libctx was used by far most often.)

Reviewed-by: Paul Dale <>
Reviewed-by: Matt Caswell <>
(Merged from
2020-10-15 12:00:21 +01:00
Dr. Matthias St. Pierre b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <>
Reviewed-by: Matt Caswell <>
(Merged from
2020-10-15 11:59:53 +01:00
Pauli 23b2fc0b50 rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
    rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
    rsa_check_prime_factor, rsa_check_prime_factor_range,
    rsa_check_private_exponent, rsa_check_public_exponent,
    rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
    rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
    rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
    rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
    rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
    rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
    rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
    rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
    rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
    rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
    rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
    rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
    rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
    rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
    rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
    rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
    rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
    rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
    rsa_validate_private and rsa_validate_public.

Reviewed-by: Matt Caswell <>
(Merged from
2020-10-07 09:04:51 +10:00
Pauli 1be63951f8 prov: prefix all OSSL_DISPATCH tables names with ossl_
This stops them leaking into other namespaces in a static build.
They remain internal.

Reviewed-by: Richard Levitte <>
(Merged from
2020-09-29 16:31:46 +10:00
Shane Lontis 21e5be854d Add key length check to rsa_kem operation.
This uses similiar code used by other rsa related operations.

Reviewed-by: Tomas Mraz <>
(Merged from
2020-09-24 22:45:25 +10:00
Shane Lontis 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers
SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover.
As these are simple KEM operations another operation type has been added that can support future extensions.

Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate()
Added EVP_KEM_* functions.
Added OSSL_FUNC_kem_* dispatch functions

Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to
"RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value.
This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations.

The design of the public API's resulted from contributions from @romen & @levitte.

Reviewed-by: Nicola Tuveri <>
Reviewed-by: Matt Caswell <>
(Merged from
2020-09-19 18:08:46 +10:00