[openssl/openssl] f3090f: Implement deterministic ECDSA sign (RFC6979)
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: f3090fc710e30a749acaf9e5dfbe20dd163cf15d https://github.com/openssl/openssl/commit/f3090fc710e30a749acaf9e5dfbe20dd163cf15d Author: slontis Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M crypto/build.info A crypto/deterministic_nonce.c M crypto/dsa/dsa_local.h M crypto/dsa/dsa_ossl.c M crypto/dsa/dsa_sign.c M crypto/ec/ecdsa_ossl.c M doc/build.info A doc/man7/EVP_KDF-HMAC-DRBG.pod M doc/man7/EVP_RAND-HMAC-DRBG.pod M doc/man7/EVP_SIGNATURE-DSA.pod M doc/man7/EVP_SIGNATURE-ECDSA.pod M doc/man7/OSSL_PROVIDER-default.pod M doc/man7/provider-signature.pod M include/crypto/dsa.h M include/crypto/ec.h A include/internal/deterministic_nonce.h M include/openssl/core_names.h M providers/defltprov.c A providers/implementations/include/prov/hmac_drbg.h M providers/implementations/include/prov/implementations.h M providers/implementations/include/prov/names.h M providers/implementations/kdfs/build.info A providers/implementations/kdfs/hmacdrbg_kdf.c M providers/implementations/rands/drbg_hmac.c M providers/implementations/rands/drbg_local.h M providers/implementations/signature/dsa_sig.c M providers/implementations/signature/ecdsa_sig.c M test/evp_kdf_test.c M test/evp_test.c M test/recipes/30-test_evp.t A test/recipes/30-test_evp_data/evpkdf_hmac_drbg.txt Log Message: --- Implement deterministic ECDSA sign (RFC6979) This PR is based off the contributions in PR #9223 by Jemmy1228. It has been modified and reworked to: (1) Work with providers (2) Support ECDSA and DSA (3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG. A nonce_type is passed around inside the Signing API's, in order to support any future deterministic algorithms. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18809) Commit: 0a7528cc7c3b80e00e3093f5d32525574138a33e https://github.com/openssl/openssl/commit/0a7528cc7c3b80e00e3093f5d32525574138a33e Author: slontis Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_RAND-CTR-DRBG.pod M doc/man7/EVP_RAND-HASH-DRBG.pod M doc/man7/EVP_RAND-SEED-SRC.pod M doc/man7/EVP_RAND-TEST-RAND.pod Log Message: --- Fix docs related to EVP_RAND_CTX_new() that were not passing the parent parameter. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18809) Commit: 5375fd8e948234e8b8a10ded94badf6f59b53608 https://github.com/openssl/openssl/commit/5375fd8e948234e8b8a10ded94badf6f59b53608 Author: Billy Brumley Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M test/recipes/30-test_evp.t A test/recipes/30-test_evp_data/evppkey_rfc6979.txt Log Message: --- [test/recipes] RFC6979 deterministic ECDSA KATs in evptest format Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18809) Commit: 6b3d28757620e0781bb1556032bb6961ee39af63 https://github.com/openssl/openssl/commit/6b3d28757620e0781bb1556032bb6961ee39af63 Author: slontis Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M test/evp_test.c M test/recipes/30-test_evp.t A test/recipes/30-test_evp_data/evppkey_dsa_rfc6979.txt A test/recipes/30-test_evp_data/evppkey_ecdsa_rfc6979.txt R test/recipes/30-test_evp_data/evppkey_rfc6979.txt Log Message: --- [test/recipes] Add RFC6979 deterministic DSA KATs in evptest format Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18809) Compare: https://github.com/openssl/openssl/compare/9ba4f489ecd3...6b3d28757620
[openssl/openssl] 9ba4f4: evp_test: fix rebase mistake with no_gost
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 9ba4f489ecd30901603d66a8ec578cbca08fac06 https://github.com/openssl/openssl/commit/9ba4f489ecd30901603d66a8ec578cbca08fac06 Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M test/recipes/30-test_evp.t Log Message: --- evp_test: fix rebase mistake with no_gost Reviewed-by: Richard Levitte Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19785)
[openssl/openssl] ca0dd5: Remove redundant assignment in felem_mul_ref in p521
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: ca0dd5f4a303def58800a7e4d7edf9242ed73241 https://github.com/openssl/openssl/commit/ca0dd5f4a303def58800a7e4d7edf9242ed73241 Author: Rohan McLure Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M crypto/ec/ecp_nistp521.c Log Message: --- Remove redundant assignment in felem_mul_ref in p521 ftmp4 is assigned immediately before receiving the reduced output of the multiplication of ftmp and ftmp3, without being read inbetween these assignments. Remove redundant assignment. Reviewed-by: Hugo Landau Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19766) (cherry picked from commit 3d4dfeb28a5cb944b8300b4cf807e19ab97d04f5)
[openssl/openssl] 3d4dfe: Remove redundant assignment in felem_mul_ref in p521
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 3d4dfeb28a5cb944b8300b4cf807e19ab97d04f5 https://github.com/openssl/openssl/commit/3d4dfeb28a5cb944b8300b4cf807e19ab97d04f5 Author: Rohan McLure Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M crypto/ec/ecp_nistp521.c Log Message: --- Remove redundant assignment in felem_mul_ref in p521 ftmp4 is assigned immediately before receiving the reduced output of the multiplication of ftmp and ftmp3, without being read inbetween these assignments. Remove redundant assignment. Reviewed-by: Hugo Landau Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19766)
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D15wv_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeG8ZjpbZX0Bg98iYhPGkjp0yqsomTrmbHp4M3dH9azT75eDoW3P-2B00AfcYAnTXPoNpilDp-2BKgdvWkC6gkWZSanA8UVOAKNEIzSLutMAKCukJxgR-2Fs-2FCuYwJgZ2xkHRpLX9kb269xZIa5KeUNCJMfaVZbEeNoElari2l9rmcs812Lp95vOcdp4Rm2LYAvKX2LTM-3D Build ID: 497391 Analysis Summary: New defects found: 0 Defects eliminated: 7
[openssl/openssl] 059123: doc: fix location of AES-SIV ciphers
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 059123bed8fa4e6d5af2d30063ebffeb0020ee85 https://github.com/openssl/openssl/commit/059123bed8fa4e6d5af2d30063ebffeb0020ee85 Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_CIPHER-AES.pod Log Message: --- doc: fix location of AES-SIV ciphers Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19776) (cherry picked from commit d1aa7d11363ebb0dff080966f842fade91135eaa)
[openssl/openssl] d1aa7d: doc: fix location of AES-SIV ciphers
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: d1aa7d11363ebb0dff080966f842fade91135eaa https://github.com/openssl/openssl/commit/d1aa7d11363ebb0dff080966f842fade91135eaa Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_CIPHER-AES.pod Log Message: --- doc: fix location of AES-SIV ciphers Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19776)
[openssl/openssl] edaab8: aes: add AES-GCM-SIV modes to the FIPS provider
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: edaab86dc001603741f5b5e406afc1cc3a1c4e6e https://github.com/openssl/openssl/commit/edaab86dc001603741f5b5e406afc1cc3a1c4e6e Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_CIPHER-AES.pod M providers/fips/fipsprov.c M providers/implementations/ciphers/build.info M test/recipes/30-test_evp.t M test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt Log Message: --- aes: add AES-GCM-SIV modes to the FIPS provider Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19777) Commit: abff8bd842b802c09b981b7552bd92ef1d0ced64 https://github.com/openssl/openssl/commit/abff8bd842b802c09b981b7552bd92ef1d0ced64 Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_CIPHER-AES.pod M test/recipes/30-test_evp_data/evpmac_common.txt Log Message: --- Update fips version check to be more robust Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19777) Commit: 4a7231df5ca9f3d8759dc8c22cb8e9f27b312024 https://github.com/openssl/openssl/commit/4a7231df5ca9f3d8759dc8c22cb8e9f27b312024 Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/OSSL_PROVIDER-FIPS.pod Log Message: --- fips prov: remove 3DES from list of inclusions Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19777) Compare: https://github.com/openssl/openssl/compare/e44b34185268...4a7231df5ca9
[openssl/openssl] de8f6a: obj: Add SM4 XTS OID
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: de8f6a3e293a43f364cddefdf734b13486ec4cc9 https://github.com/openssl/openssl/commit/de8f6a3e293a43f364cddefdf734b13486ec4cc9 Author: Xu Yizhou Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M crypto/objects/obj_dat.h M crypto/objects/obj_mac.num M crypto/objects/objects.txt M fuzz/oids.txt M include/openssl/obj_mac.h Log Message: --- obj: Add SM4 XTS OID Add the following OID: SM4-XTS: 1.2.156.10197.1.104.10 Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19619) Commit: 2788b56f0c8306c89c97a6599484120afddfa14a https://github.com/openssl/openssl/commit/2788b56f0c8306c89c97a6599484120afddfa14a Author: Xu Yizhou Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M crypto/modes/build.info A crypto/modes/xts128gb.c M include/crypto/modes.h M include/openssl/core_names.h M providers/defltprov.c M providers/implementations/ciphers/build.info A providers/implementations/ciphers/cipher_sm4_xts.c A providers/implementations/ciphers/cipher_sm4_xts.h A providers/implementations/ciphers/cipher_sm4_xts_hw.c M providers/implementations/include/prov/implementations.h M providers/implementations/include/prov/names.h Log Message: --- providers: Add SM4 XTS implementation Signed-off-by: Xu Yizhou Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19619) Commit: 6cdf83eaabda63f7c5cf9d69d51d931308da471e https://github.com/openssl/openssl/commit/6cdf83eaabda63f7c5cf9d69d51d931308da471e Author: Xu Yizhou Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M test/evp_test.c M test/recipes/30-test_evp_data/evpciph_sm4.txt Log Message: --- test: add sm4 xts test cases Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19619) Commit: e44b34185268e99ee2dc499073cf56d0465d60e2 https://github.com/openssl/openssl/commit/e44b34185268e99ee2dc499073cf56d0465d60e2 Author: Xu Yizhou Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M doc/man3/EVP_EncryptInit.pod M doc/man7/EVP_CIPHER-SM4.pod Log Message: --- doc: add note for sm4 xts Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19619) Compare: https://github.com/openssl/openssl/compare/9fba7d261ac9...e44b34185268
[openssl/openssl] 926db4: Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT a...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 926db476bc669fdcc4c4d2f1cb547060bdbfa153 https://github.com/openssl/openssl/commit/926db476bc669fdcc4c4d2f1cb547060bdbfa153 Author: Nicola Tuveri Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M CHANGES.md M crypto/ec/ec_ameth.c M doc/man7/EVP_PKEY-EC.pod M providers/implementations/keymgmt/ec_kmgmt.c M test/evp_pkey_provided_test.c Log Message: --- Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED Originally the code to im/export the EC pubkey was meant to be consumed only by the im/export functions when crossing the provider boundary. Having our providers exporting to a COMPRESSED format octet string made sense to avoid memory waste, as it wasn't exposed outside the provider API, and providers had all tools available to convert across the three formats. Later on, with #13139 deprecating the `EC_KEY_*` functions, more state was added among the params imported/exported on an EC provider-native key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`). Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently exposed directly to users outside the provider API, and the choice of COMPRESSED over UNCOMPRESSED as the default became less sensible in light of usability, given the latter is more often needed by applications and protocols. This commit fixes it, by using `EC_KEY_get_conv_form()` to get the point format from the internal state (an `EC_KEY` under the hood) of the provider-side object, and using it on `EVP_PKEY_export()`/`EVP_PKEY_todata()` to format `OSSL_PKEY_PARAM_PUB_KEY`. The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via `EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the more specialized methods. For symmetry, this commit also alters `ec_pkey_export_to()` in `crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC keys: it exclusively used COMPRESSED format, and now it honors the conversion format specified in the EC_KEY object being exported to a provider when this function is called. Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the 3.1 change in behavior for our providers. Fixes #16595 Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19681) Commit: d656efb9eb7692c0b1cba843d7787751e388cc8a https://github.com/openssl/openssl/commit/d656efb9eb7692c0b1cba843d7787751e388cc8a Author: Nicola Tuveri Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M pyca-cryptography Log Message: --- Update pyca-cryptography submodule to 38.0.4 Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19681) Compare: https://github.com/openssl/openssl/compare/18e72cbefec5...d656efb9eb76
[openssl/openssl] a16e86: Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT a...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: a16e86683e8d76c4b9268d757c584b5c971db728 https://github.com/openssl/openssl/commit/a16e86683e8d76c4b9268d757c584b5c971db728 Author: Nicola Tuveri Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M CHANGES.md M crypto/ec/ec_ameth.c M doc/man7/EVP_PKEY-EC.pod M providers/implementations/keymgmt/ec_kmgmt.c M test/evp_pkey_provided_test.c Log Message: --- Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED Originally the code to im/export the EC pubkey was meant to be consumed only by the im/export functions when crossing the provider boundary. Having our providers exporting to a COMPRESSED format octet string made sense to avoid memory waste, as it wasn't exposed outside the provider API, and providers had all tools available to convert across the three formats. Later on, with #13139 deprecating the `EC_KEY_*` functions, more state was added among the params imported/exported on an EC provider-native key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`). Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently exposed directly to users outside the provider API, and the choice of COMPRESSED over UNCOMPRESSED as the default became less sensible in light of usability, given the latter is more often needed by applications and protocols. This commit fixes it, by using `EC_KEY_get_conv_form()` to get the point format from the internal state (an `EC_KEY` under the hood) of the provider-side object, and using it on `EVP_PKEY_export()`/`EVP_PKEY_todata()` to format `OSSL_PKEY_PARAM_PUB_KEY`. The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via `EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the more specialized methods. For symmetry, this commit also alters `ec_pkey_export_to()` in `crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC keys: it exclusively used COMPRESSED format, and now it honors the conversion format specified in the EC_KEY object being exported to a provider when this function is called. Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the 3.1 change in behavior for our providers. Fixes #16595 Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19681) (cherry picked from commit 926db476bc669fdcc4c4d2f1cb547060bdbfa153) Commit: 9fba7d261ac970e43e80dc41b11f2655a1b530b0 https://github.com/openssl/openssl/commit/9fba7d261ac970e43e80dc41b11f2655a1b530b0 Author: Nicola Tuveri Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M pyca-cryptography Log Message: --- Update pyca-cryptography submodule to 38.0.4 Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19681) (cherry picked from commit d656efb9eb7692c0b1cba843d7787751e388cc8a) Compare: https://github.com/openssl/openssl/compare/450f96e965f0...9fba7d261ac9
[openssl/openssl] 450f96: Fix Coverity issues in HPKE
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 450f96e965f0d5e89737755364df5933b5085639 https://github.com/openssl/openssl/commit/450f96e965f0d5e89737755364df5933b5085639 Author: slontis Date: 2022-11-29 (Tue, 29 Nov 2022) Changed paths: M crypto/hpke/hpke.c M test/hpke_test.c Log Message: --- Fix Coverity issues in HPKE CID 1517043 and 1517038: (Forward NULL) - Removed redundant check that is already done by the caller. It was complaining that it checked for ctlen == NULL and then did a goto that used this *ctlen. CID 1517042 and 1517041: (Forward NULL) - Similar to above for ptlen in hpke_aead_dec() CID 1517040: Remove unneeded logging. This gets rid of the warning related to taking the sizeof(&) CID 1517039: Check returned value of RAND_bytes_ex() in hpke_test CID 1517038: Check return result of KEM_INFO_find() in OSSL_HPKE_get_recomended_ikmelen. Even though this is a false positive, it should not rely on the internals of other function calls. Changed some goto's into returns to match OpenSSL coding guidelines. Removed Raises from calls to _new which fail from malloc calls. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19774)