Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move KDFs and PRFs into providers. #9662

Closed
wants to merge 34 commits into from
Closed

Move KDFs and PRFs into providers. #9662

wants to merge 34 commits into from

Conversation

@paulidale
Copy link
Contributor

paulidale commented Aug 22, 2019

Move the KDFs and PRFs into the provider (both FIPS and default).

  • documentation is added or updated
  • tests are added or updated
@paulidale paulidale added this to In progress in 3.0 New Core + FIPS via automation Aug 22, 2019
@paulidale

This comment has been minimized.

Copy link
Contributor Author

paulidale commented Aug 22, 2019

Compiling but not linking. The EVP_MAC_ APIs are unavailable from the FIPS provider which prevents build it. Both the Single Step KDF and the TLS1 PRF require MAC access.

crypto/dh/dh_kdf.c Outdated Show resolved Hide resolved
crypto/evp/kdf_lib.c Outdated Show resolved Hide resolved
crypto/evp/build.info Outdated Show resolved Hide resolved
include/openssl/core_names.h Outdated Show resolved Hide resolved
crypto/evp/kdf_lib.c Outdated Show resolved Hide resolved
@paulidale paulidale force-pushed the paulidale:kdf branch 3 times, most recently from 70653e0 to 764015f Aug 23, 2019
apps/kdf.c Outdated Show resolved Hide resolved
@paulidale paulidale force-pushed the paulidale:kdf branch 3 times, most recently from 476f21c to 74d6e5c Aug 24, 2019
crypto/evp/kdf_meth.c Outdated Show resolved Hide resolved
crypto/evp/pkey_kdf.c Outdated Show resolved Hide resolved
providers/common/kdfs/pbkdf2.c Outdated Show resolved Hide resolved
providers/common/kdfs/pbkdf2.c Outdated Show resolved Hide resolved
providers/common/kdfs/scrypt.c Outdated Show resolved Hide resolved
providers/common/kdfs/scrypt.c Outdated Show resolved Hide resolved
providers/common/kdfs/scrypt.c Outdated Show resolved Hide resolved
providers/common/kdfs/sshkdf.c Outdated Show resolved Hide resolved
providers/common/kdfs/sshkdf.c Outdated Show resolved Hide resolved
providers/common/kdfs/sskdf.c Outdated Show resolved Hide resolved
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
This will only be required until everything is moved to providers and a NULL
provider pointer won't be possible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte added a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #9662)
levitte added a commit that referenced this pull request Sep 6, 2019
Undo the caching scheme, pass through most controls as parameters, except
for SEED and INFO, where we keep supporting adding data through additional
ctrl calls by collecting the data, and only passing it to the EVP_KDF
before calling its derive function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #9662)
levitte added a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #9662)
levitte added a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #9662)
levitte added a commit that referenced this pull request Sep 6, 2019
The EVP_KDF_ definitions are no longer needed, and neither is
EVP_get_kdfbyname()

test/evp_kdf_test.c tried to use a EVP_get_kdfbyname() that was rewritten
to use EVP_KDF_fetch() without ever freeing the resulting KDF method.
It's better to refactor the test to use EVP_KDF_fetch directly.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #9662)
levitte added a commit that referenced this pull request Sep 6, 2019
pkey_kdf_ctrl_str() has to do the same kind of special treatment as
pkey_kdf_ctrl() does.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #9662)
levitte added a commit that referenced this pull request Sep 6, 2019
BUF_MEM_grow() returns the passed length, but also zero on error.  If
the passed length was zero, an extra check to see if a returned zero
was an error or not is needed.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
…efinitions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
levitte pushed a commit that referenced this pull request Sep 6, 2019
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #9662)
@paulidale

This comment has been minimized.

Copy link
Contributor Author

paulidale commented Sep 6, 2019

Merged, thanks for your patience.

@paulidale paulidale closed this Sep 6, 2019
3.0 New Core + FIPS automation moved this from Reviewer approved to Done Sep 6, 2019
@paulidale paulidale deleted the paulidale:kdf branch Sep 6, 2019
@levitte

This comment has been minimized.

Copy link
Member

levitte commented Sep 6, 2019

thanks for your patience.

Likewise

@mattcaswell

This comment has been minimized.

Copy link
Member

mattcaswell commented Sep 6, 2019

This broke the gost test. Please see issue #9794.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
5 participants
You can’t perform that action at this time.