summaryrefslogtreecommitdiff
path: root/providers/defltprov.c
Commit message (Collapse)AuthorAgeFilesLines
...
* provider: add RAND algorithm tablesPauli2020-06-241-0/+13
| | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
* Add the concept of "Capabilities" to the default and fips providersMatt Caswell2020-06-191-0/+2
| | | | | | | | With capabilities we can query a provider about what it can do. Initially we support a "TLS-GROUP" capability. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
* Maintain strict type discipline between the core and providersMatt Caswell2020-05-161-6/+13
| | | | | | | | | | | | | | | | | | A provider could be linked against a different version of libcrypto than the version of libcrypto that loaded the provider. Different versions of libcrypto could define opaque types differently. It must never occur that a type created in one libcrypto is used directly by the other libcrypto. This will cause crashes. We can "cheat" for "built-in" providers that are part of libcrypto itself, because we know that the two libcrypto versions are the same - but not for other providers. To ensure this does not occur we use different types names for the handful of opaque types that are passed between the core and providers. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11758)
* PROV & SERIALIZER: Adapt the RSA serializers for PSS-parametersRichard Levitte2020-05-141-0/+12
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710)
* PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementationRichard Levitte2020-05-141-0/+1
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710)
* PROV: Adapt all our providers to use the new PROV_CTX structureRichard Levitte2020-05-131-3/+16
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11803)
* Fix some misunderstandings in our providers' main modulesRichard Levitte2020-05-121-4/+12
| | | | | | | | | | | | | This started with adding forward declarations of all provider side interface functions, and fixing all compiler errors. Furthermore, diminish the faulty assumption that the provider context is and always will be just a library context. That means adding a teardown function in all providers that aren't necessarily built into libcrypto. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11777)
* Update copyright yearMatt Caswell2020-04-231-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Move legacy ciphers into the legacy providerShane Lontis2020-04-091-53/+1
| | | | | | | | | | | DES, idea, seed, rc2, rc4, rc5, cast and blowfish have been moved out of the default provider. Code shared between desx and tdes has been moved into a seperate file (cipher_tdes_common.c). 3 test recipes failed due to using app/openssl calls that used legacy ciphers. These calls have been updated to supply both the default and legacy providers. Fixed openssl app '-provider' memory leak Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11419)
* Implement serializers for ED25519 and ED448Matt Caswell2020-03-181-0/+26
| | | | | | | | | | This is largely based on the existing X25519 and X448 serializers - but a few adjustments were necessary so that we can identify what type of key we are using. Previously we used the keylen for this but X25519 and ED25519 have the same keylen. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11272)
* Add ECDSA to providersShane Lontis2020-03-151-1/+2
| | | | | | | Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10968)
* Implement provider support for Ed25519 annd Ed448Matt Caswell2020-03-091-0/+4
| | | | | | | | | At the moment we only provider support for these algorithms in the default provider. These algorithms only support "one shot" EVP_DigestSign() and EVP_DigestVerify() as per the existing libcrypto versions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11261)
* Add Key Management support for EdDSA keysMatt Caswell2020-03-091-0/+2
| | | | | | | Support added for Ed25519 and Ed448 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11261)
* Add Serializers for ECShane Lontis2020-03-041-7/+25
| | | | | | | | | | | | | | | | | | | | | | | Provide EC serializers for text, pem and der. EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by other KEY types (which normally have a SEQUENCE at the top level). For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the code can still be shared with EC. The EC serializer only supports named curves currently. NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be added in another PR. (Probably when deserialization is considered). EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non optional. As this is not the case for any other key the code has been modified. Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11107)
* Implement the ECX SerializersMatt Caswell2020-02-281-0/+28
| | | | | | | | | | | | Provide serializers for X25519 and X448 for text, pem and der. There are no parameter serializers because there are no parameters for these algorithms. Add some documentation about the various import/export types available Add additional testing for the serializers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11095)
* Fix default provider merge glitchRichard Levitte2020-02-231-1/+1
| | | | | | | | Property "default" no longer exists, replace "default=yes" with "provider=default" Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11150)
* PROV: add RSA signature implementationRichard Levitte2020-02-221-0/+1
| | | | | | | | | | | | | This includes legacy PSS controls to params conversion, and an attempt to generalise the parameter names when they are suitable for more than one operation. Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers for known RSA+hash function combinations. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10557)
* Introduce the provider propertyMatt Caswell2020-02-211-76/+81
| | | | | | | | | | | | | | Replace the properties default, fips and legacy with a single property called "provider". So, for example, instead of writing "default=yes" to get algorithms from the default provider you would instead write "provider=default". We also have a new "fips" property to indicate that an algorithm is compatible with FIPS mode. This applies to all the algorithms in the FIPS provider, as well as any non-cryptographic algorithms (currently only serializers). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11097)
* [PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDHNicola Tuveri2020-02-181-0/+2
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10631)
* Add X25519/X448 Key Exchange to the default providerMatt Caswell2020-02-111-0/+4
| | | | | | Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
* Implement Provider side Key Management for X25519 and X448Matt Caswell2020-02-111-0/+4
| | | | | | Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
* Adapt existing SERIALIZER implementations to the redesigned interfaceRichard Levitte2020-02-071-6/+6
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11006)
* Implement the NULL cipher in the default providerMatt Caswell2020-01-201-0/+1
| | | | | | | | | Libssl uses the null cipher in certain situations. It should be converted to a provided cipher. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10865)
* PROV: Adjust the KEYMGMT name specs to include all namesRichard Levitte2020-01-091-3/+3
| | | | | | | | | This is very simply to allow the common case, where the KEYMGMT is fetched first, and all names are needed at that time to secure that they are found. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10647)
* Add the DSA serializers to the default provider toolsRichard Levitte2020-01-081-0/+21
| | | | | | | | | | The DSA serializers are implemented, but didn't get added to the default provider's serializer algorithm table. Fixes #10645 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10772)
* Add AES_CBC_HMAC_SHA ciphers to providers.Shane Lontis2020-01-061-152/+165
| | | | | | | | | | | Also Add ability for providers to dynamically exclude cipher algorithms. Cipher algorithms are only returned from providers if their capable() method is either NULL, or the method returns 1. This is mainly required for ciphers that only have hardware implementations. If there is no hardware support, then the algorithm needs to be not available. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10146)
* Fix no-dhMatt Caswell2019-12-231-0/+2
| | | | | | | The new serializer code broke no-dh builds so we add some more guards to fix it. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10644)
* PROV SERIALIZER: add support for writing DH keys and parametersRichard Levitte2019-11-291-0/+19
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
* PROV SERIALIZER: add support for writing RSA keysRichard Levitte2019-11-291-0/+19
| | | | | | | | | This also adds the missing accessor RSA_get0_pss_params(), so those parameters can be included in the PKCS#8 data structure without needing to know the inside of the RSA structure. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
* PROV BIO: add a BIO_vprintf() upcall, and a provider BIO libraryRichard Levitte2019-11-291-0/+3
| | | | | | | | | | | | The BIO_vprintf() will allow the provider to print any text, given a BIO supplied by libcrypto. Additionally, we add a provider library with functions to collect all the currently supplied BIO upcalls, as well as wrappers around those upcalls. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
* Tweak some algorithm naming inconsistenciesMatt Caswell2019-11-211-12/+15
| | | | | | | Make some algorithms names better match our "canonical" style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10092)
* Move RSA Asym cipher code to the default providerMatt Caswell2019-11-141-0/+6
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10152)
* Add rc4_hmac_md5 cipher to default providerShane Lontis2019-11-111-0/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10179)
* Add AES SIV ciphers to default providerShane Lontis2019-11-081-0/+5
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10120)
* KDF: use string names not macros to align with other algorithms.Pauli2019-10-311-10/+10
| | | | | | | | | Only the KDF and PRF algorithms used the macros for their names, all other algorithms used a string name directly. This brings the KDFs and PRFs into line with the rest. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10293)
* Add KRB5KDF from RFC 3961Simo Sorce2019-10-231-0/+1
| | | | | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9949)
* New RSA keymgmt implementation to handle import / export of RSA keysRichard Levitte2019-10-171-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10190)
* Add ChaCha related ciphers to default providerShane Lontis2019-10-161-0/+6
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10081)
* Cleanup: move provider mains upRichard Levitte2019-10-101-0/+434
providers/default/defltprov.c and providers/legacy/legacyprov.c are moved up to providers/ and providers/build.info is adjusted accordingly. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
View Lorry Controller Status