#
5d632274 |
| 07-Aug-2024 |
icy17 <1061499390@qq.com> |
Add missing security rules about NULL check to various manpages Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas M
Add missing security rules about NULL check to various manpages Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25083)
show more ...
|
#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
5e908e60 |
| 14-Mar-2024 |
slontis |
Update Documentation for EVP_DigestSign, EVP_DigestVerify. Fixes #23075 In OpenSSL 3.2 EVP_DigestSign and EVP_DigestVerify were changed so that a flag is set once these function
Update Documentation for EVP_DigestSign, EVP_DigestVerify. Fixes #23075 In OpenSSL 3.2 EVP_DigestSign and EVP_DigestVerify were changed so that a flag is set once these functions do a one-shot sign or verify operation. This PR updates the documentation to match the behaviour. Investigations showed that prior to 3.2 different key type behaved differently if multiple calls were done. By accident X25519 and X448 would produce the same signature, but ECDSA and RSA remembered the digest state between calls, so the signature was different when multiple calls were done. Because of this undefined behaviour something needed to be done, so keeping the 'only allow it to be called once' behaviour seems a reasonable approach. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23834)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
0fc00fc0 |
| 24-Feb-2023 |
Simo Sorce |
Do not fail if ctx dup does not succeed If the ctx was *really* needed we'll probably fail later with an error anyway, so no point in failing immediately. Document that this beh
Do not fail if ctx dup does not succeed If the ctx was *really* needed we'll probably fail later with an error anyway, so no point in failing immediately. Document that this behavior is dependent on the provider used to implement the signature/verification. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/20375)
show more ...
|
#
d4c5d8ff |
| 25-Jan-2023 |
Tomas Mraz |
Add notes about ignoring initialization failures on contexts Fixes #20130 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Me
Add notes about ignoring initialization failures on contexts Fixes #20130 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/20136)
show more ...
|
#
2bd8190a |
| 02-Aug-2022 |
Kurt Roeckx |
Change name of parameter in documentation from sigret to sig The rest of the documentation talks about sig, not sigret Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by:
Change name of parameter in documentation from sigret to sig The rest of the documentation talks about sig, not sigret Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18943)
show more ...
|
#
0b3d2594 |
| 04-May-2022 |
slontis |
Add documentation for key validation that indicates the difference between the EVP_PKEY_XXX_check() calls for the default and fips providers. Reviewed-by: Tomas Mraz <tomas@openssl.org>
Add documentation for key validation that indicates the difference between the EVP_PKEY_XXX_check() calls for the default and fips providers. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18235)
show more ...
|
#
3641f04f |
| 05-Nov-2021 |
Tomas Mraz |
doc: Document outcome of multiple digestsign/digestverify calls Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16964)
|
#
dc3f057c |
| 08-Oct-2021 |
Matt Caswell |
Add an additional note to EVP_DigestSign() documentation Clarify what happens if it fails. Make it clear that you can pass a NULL "sig" buffer to get the "siglen". Reviewed-by:
Add an additional note to EVP_DigestSign() documentation Clarify what happens if it fails. Make it clear that you can pass a NULL "sig" buffer to get the "siglen". Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
#
8e94c51b |
| 14-Jul-2021 |
Pauli |
doc: document the params arguments to the initialisation functions. These were accidentally omitted when the arguments were added globally. Fixes #16067 Reviewed-by: Tomas
doc: document the params arguments to the initialisation functions. These were accidentally omitted when the arguments were added globally. Fixes #16067 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16072)
show more ...
|
#
38fc02a7 |
| 17-Jun-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
12021035 |
| 19-May-2021 |
Dr. David von Oheimb |
EVP_DigestSignInit.pod: Clarification in EVP_DigestSignFinal() parameter 'sig' Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from htt
EVP_DigestSignInit.pod: Clarification in EVP_DigestSignFinal() parameter 'sig' Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15354)
show more ...
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
d8652be0 |
| 24-Sep-2020 |
Matt Caswell |
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fro
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
#
0ab18e79 |
| 26-Jul-2020 |
Shane Lontis |
Add EVP signature with libctx methods. -Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx() -Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to
Add EVP signature with libctx methods. -Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx() -Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
show more ...
|
Revision tags: openssl-3.0.0-alpha5 |
|
#
8c1cbc72 |
| 29-Jun-2020 |
Gustaf Neumann |
Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from ht
Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12320)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
a45694a3 |
| 12-Mar-2020 |
Matt Caswell |
Make it possible to easily specify a libctx for EVP_DigestSign* EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex did not provide the capability to specify an explicit OPENSSL_CTX parame
Make it possible to easily specify a libctx for EVP_DigestSign* EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex did not provide the capability to specify an explicit OPENSSL_CTX parameter. It is still possible by explicitly setting an EVP_PKEY_CTX - but in most cases it would be much simpler to just specify it in the Init call. We add the capability to do that. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11353)
show more ...
|
#
099a3982 |
| 14-Jan-2020 |
Jakub Jelen |
doc: Fix typo in EVP_DigestSignInit manpage CLA: trivial Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by:
doc: Fix typo in EVP_DigestSignInit manpage CLA: trivial Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10841)
show more ...
|
#
76123661 |
| 12-Jan-2020 |
Richard Levitte |
Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init() The returned -2 was to mark when these operations are unsupported. However, that breaks away from the previous API and expectatio
Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init() The returned -2 was to mark when these operations are unsupported. However, that breaks away from the previous API and expectations, and there's not enough justification for that not being zero. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10815)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
3c86a2b5 |
| 12-Nov-2019 |
moehuster |
Fix L<EVP_MD_CTX_set_pkey_ctx> links Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/p
Fix L<EVP_MD_CTX_set_pkey_ctx> links Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10420) (cherry picked from commit ca7c982821cd6d7546f92623da61a6f43ee32d0a)
show more ...
|
#
1903a9b7 |
| 01-Nov-2019 |
Rich Salz |
Fix L<xxx(1)> links to be L<openssl-xxx(1)> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://gi
Fix L<xxx(1)> links to be L<openssl-xxx(1)> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10328)
show more ...
|
#
0e521004 |
| 30-Oct-2019 |
Richard Levitte |
EVP: Make the SIGNATURE implementation leaner Because the algorithm to use is decided already when creating an EVP_PKEY_CTX regardless of how it was created, it turns out that it's u
EVP: Make the SIGNATURE implementation leaner Because the algorithm to use is decided already when creating an EVP_PKEY_CTX regardless of how it was created, it turns out that it's unnecessary to provide the SIGNATURE method explicitly, and rather always have it be fetched implicitly. This means fewer changes for applications that want to use new signature algorithms / implementations. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10303)
show more ...
|