Commit Graph

8 Commits (fd3ed85c67174a0d3b6639ba9b237351d1c2201f)

Author SHA1 Message Date
Matt Caswell 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too
The previous commit added the EVP_PKEY_CTX_[get|set]_group_name
functions to work with EC groups. We now extend that to also work for

Reviewed-by: Shane Lontis <>
(Merged from
2020-06-19 10:19:31 +01:00
Shane Lontis 4f2271d58a Add ACVP fips module tests
For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See These tests are very similiar to the old CAVS tests.

This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).

The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.

The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.

The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.

Reviewed-by: Matt Caswell <>
(Merged from
2020-06-17 11:33:16 +10:00
Shane Lontis b808665265 Update core_names.h fields and document most fields.
Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related to RSA keys.
Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file.
Updated Keyexchange and signature code and docs.
Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod.
Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it.

Added some usage examples. As a result of the usage examples the following change was also made:
ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter.

Reviewed-by: Richard Levitte <>
(Merged from
2020-05-26 13:53:07 +10:00
Pauli ada7d4c345 coverity 1462548 Resource leak
Reviewed-by: Tomas Mraz <>
(Merged from
2020-04-30 20:21:32 +10:00
Matt Caswell a033c9a2e8 Fix some build failures with no-dh
Add some missing OPENSSL_NO_DH guards.

Reviewed-by: Tomas Mraz <>
(Merged from
2020-04-22 10:32:47 +01:00
Shane Lontis 7165593ce5 Add DH keygen to providers
Reviewed-by: Matt Caswell <>
Reviewed-by: Richard Levitte <>
(Merged from
2020-04-16 01:14:00 +10:00
Shane Lontis b03ec3b5d6 Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.

Reviewed-by: Matt Caswell <>
(Merged from
2020-04-15 21:02:52 +10:00
Richard Levitte 0abae1636d EVP: Implement support for key downgrading in backends
Downgrading EVP_PKEYs from containing provider side internal keys to
containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD.

This became a bit elaborate because the code would be almost exactly
the same as the import functions int EVP_KEYMGMT.  Therefore, we end
up moving most of the code to common backend support files that can be
used both by legacy backend code and by our providers.

Reviewed-by: Matt Caswell <>
(Merged from
2020-03-25 17:01:32 +01:00