Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
5af02212 |
| 18-Feb-2021 |
Shane Lontis |
Fix external symbols related to dsa keys Partial fix for #12964 This adds ossl_ names for the following symbols: dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, d
Fix external symbols related to dsa keys Partial fix for #12964 This adds ossl_ names for the following symbols: dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, dsa_check_pub_key, dsa_check_pub_key_partial, dsa_do_sign_int, dsa_ffc_params_fromdata, dsa_generate_ffc_parameters, dsa_generate_public_key, dsa_get0_params, dsa_key_fromdata, dsa_new_with_ctx, dsa_pkey_method, dsa_sign_int Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
show more ...
|
Revision tags: OpenSSL_1_1_1j |
|
#
ba37b820 |
| 10-Feb-2021 |
Tomas Mraz |
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default pr
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
5357c106 |
| 30-Sep-2020 |
Pauli |
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify, ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate, ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate, ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp, ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name, ffc_params_flags_to_name, ffc_params_fromdata, ffc_params_get0_pqg, ffc_params_get_validate_params, ffc_params_init, ffc_params_print, ffc_params_set0_j, ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex, ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed, ffc_params_set_validate_params, ffc_params_simple_validate, ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest, ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key and ffc_validate_public_key_partial. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13041)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
35e6ea3b |
| 10-Sep-2020 |
Shane Lontis |
keygen: add FIPS error state management to conditional self tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://gith
keygen: add FIPS error state management to conditional self tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
63794b04 |
| 09-Jul-2020 |
Shane Lontis |
Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then i
Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12176)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
f844f9eb |
| 13-Apr-2020 |
Richard Levitte |
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
show more ...
|
#
738ee181 |
| 20-Apr-2020 |
Shane Lontis |
Fix DH_get_nid() so that it does not cache values. DH_set0_pqg() is now responsible for caching the nid, q and length. DH with or without named safe prime groups now default to usin
Fix DH_get_nid() so that it does not cache values. DH_set0_pqg() is now responsible for caching the nid, q and length. DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1) when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation. The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p. Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names). The BIGNUMS were code generated. Fix error in documented return value for DH_get_nid Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11562)
show more ...
|
#
b03ec3b5 |
| 15-Apr-2020 |
Shane Lontis |
Add DSA keygen to provider Moved some shared FFC code into the FFC files. Added extra paramgen parameters for seed, gindex. Fixed bug in ossl_prov util to print bignums. Rev
Add DSA keygen to provider Moved some shared FFC code into the FFC files. Added extra paramgen parameters for seed, gindex. Fixed bug in ossl_prov util to print bignums. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11303)
show more ...
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
47c239c6 |
| 03-Mar-2020 |
Shane Lontis |
Add pairwise consistency self tests to asym keygenerators Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10952)
|
#
8083fd3a |
| 16-Feb-2020 |
Shane Lontis |
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Cas
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
show more ...
|
#
f41ac0ee |
| 29-Jan-2020 |
Pauli |
Deprecate the low level DSA functions. Use of the low level DSA functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Matt Casw
Deprecate the low level DSA functions. Use of the low level DSA functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10977)
show more ...
|
#
f11f86f6 |
| 06-Feb-2020 |
Shane Lontis |
Add FFC param/key generation Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10909)
|
#
dc8de3e6 |
| 24-Jan-2020 |
Shane Lontis |
Modify DSA and DH keys to use a shared FFC_PARAMS struct This is required in order to share code for FIPS related parameter generation and validation routinues. Note the 'counter' field
Modify DSA and DH keys to use a shared FFC_PARAMS struct This is required in order to share code for FIPS related parameter generation and validation routinues. Note the 'counter' field is now stored as a integer (as that is the form required for generation/validation functions). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10860)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
4889dadc |
| 30-Aug-2019 |
Matt Caswell |
Implement DSA in the default provider Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
3cdbea65 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/dsa/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
Following the license change, modify the boilerplates in crypto/dsa/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7789)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
26a7d938 |
| 17-Oct-2017 |
KaoruToda |
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
show more ...
|
#
ddc6a5c8 |
| 02-Aug-2017 |
Rich Salz |
Add RAND_priv_bytes() for private keys Add a new global DRBG for private keys used by RAND_priv_bytes. Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes(). C
Add RAND_priv_bytes() for private keys Add a new global DRBG for private keys used by RAND_priv_bytes. Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes(). Change callers to use the appropriate BN_priv... function. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4076)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13 |
|
#
823146d6 |
| 04-Jun-2016 |
FdaSilvaYY |
Useless header include of openssl/rand.h Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Useless header include of openssl/rand.h Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1168)
show more ...
|
#
5584f65a |
| 26-May-2016 |
Matt Caswell |
Deprecate the flags that switch off constant time The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
Deprecate the flags that switch off constant time The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch off the constant time implementation for RSA, DSA and DH have been made no-ops and deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
d2e9e320 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 07/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5 |
|
#
1258396d |
| 30-Mar-2016 |
Matt Caswell |
Make the DSA structure opaque Move the dsa_st structure out of the public header file. Add some accessor functions to enable access to the internal fields, and update all internal us
Make the DSA structure opaque Move the dsa_st structure out of the public header file. Add some accessor functions to enable access to the internal fields, and update all internal usage to use the new functions. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12, OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
fd7d2520 |
| 24-Nov-2015 |
Matt Caswell |
Tighten up BN_with_flags usage and avoid a reachable assert The function rsa_ossl_mod_exp uses the function BN_with_flags to create a temporary copy (local_r1) of a BIGNUM (r1) with modi
Tighten up BN_with_flags usage and avoid a reachable assert The function rsa_ossl_mod_exp uses the function BN_with_flags to create a temporary copy (local_r1) of a BIGNUM (r1) with modified flags. This temporary copy shares some state with the original r1. If the state of r1 gets updated then local_r1's state will be stale. This was occurring in the function so that when local_r1 was freed a call to bn_check_top was made which failed an assert due to the stale state. To resolve this we must free local_r1 immediately after we have finished using it and not wait until the end of the function. This problem prompted a review of all BN_with_flag usage within the codebase. All other usage appears to be correct, although often not obviously so. This commit refactors things to make it much clearer for these other uses. Reviewed-by: Emilia Käsper <emilia@openssl.org>
show more ...
|