#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
944f822a |
| 05-Dec-2021 |
slontis |
Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY. The private key for rsa, dsa, dh and ecx was being included when the selector was just the public key. (ec wa
Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY. The private key for rsa, dsa, dh and ecx was being included when the selector was just the public key. (ec was working correctly). This matches the documented behaviour. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17200)
show more ...
|
#
7db69a35 |
| 17-Dec-2021 |
Carlo Teubner <435950+c4rlo@users.noreply.github.com> |
crypto/dsa.h: fix include guard name The current include guard name is a duplicate of the one in dsaerr.h. Noticed via https://lgtm.com/projects/g/openssl/openssl CLA: triv
crypto/dsa.h: fix include guard name The current include guard name is a duplicate of the one in dsaerr.h. Noticed via https://lgtm.com/projects/g/openssl/openssl CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17303)
show more ...
|
#
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
b247113c |
| 13-Apr-2021 |
Tomas Mraz |
Detect low-level engine and app method based keys The low-level engine and app method based keys have to be treated as foreign and must be used with old legacy pmeths. Fixes #14
Detect low-level engine and app method based keys The low-level engine and app method based keys have to be treated as foreign and must be used with old legacy pmeths. Fixes #14632 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14859)
show more ...
|
#
b4f447c0 |
| 08-Apr-2021 |
Tomas Mraz |
Add selection support to the provider keymgmt_dup function Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
|
Revision tags: openssl-3.0.0-alpha14 |
|
#
4a9fe33c |
| 07-Apr-2021 |
Tomas Mraz |
Implement provider-side keymgmt_dup function To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function to the provider API and implement it for all asym-key key managements.
Implement provider-side keymgmt_dup function To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function to the provider API and implement it for all asym-key key managements. Use it when copying everything to an empty EVP_PKEY which is the case with EVP_PKEY_dup(). Fixes #14658 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
show more ...
|
Revision tags: OpenSSL_1_1_1k |
|
#
cf333799 |
| 18-Mar-2021 |
Richard Levitte |
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared ba
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
show more ...
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
3a37ddde |
| 11-Mar-2021 |
Shane Lontis |
Fix DSA EVP_PKEY_param_check() when defaults are used for param generation. Fixes #14480 An internal flag that is set during param gen was not being tested, so the wrong type wa
Fix DSA EVP_PKEY_param_check() when defaults are used for param generation. Fixes #14480 An internal flag that is set during param gen was not being tested, so the wrong type was used to select the dsa domain param validation method. In the default provider - if no gen_type is set then by default the fips186_4 gentype will be selected when pbits >=2048 otherwise it selects fips186_2. The fips provider ignores the gen_type and always uses fips186_4. Before this change dsa used fips186_2 by default in the default provider. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14508)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
5af02212 |
| 18-Feb-2021 |
Shane Lontis |
Fix external symbols related to dsa keys Partial fix for #12964 This adds ossl_ names for the following symbols: dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, d
Fix external symbols related to dsa keys Partial fix for #12964 This adds ossl_ names for the following symbols: dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, dsa_check_pub_key, dsa_check_pub_key_partial, dsa_do_sign_int, dsa_ffc_params_fromdata, dsa_generate_ffc_parameters, dsa_generate_public_key, dsa_get0_params, dsa_key_fromdata, dsa_new_with_ctx, dsa_pkey_method, dsa_sign_int Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
show more ...
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
ba37b820 |
| 10-Feb-2021 |
Tomas Mraz |
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default pr
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
show more ...
|
#
80ce21fe |
| 06-Feb-2021 |
FdaSilvaYY |
include/crypto: add a few missing #pragma once directives Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from http
include/crypto: add a few missing #pragma once directives Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14096)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
6963979f |
| 11-Dec-2020 |
Richard Levitte |
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Sinc
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
a02c715c |
| 20-Aug-2020 |
Richard Levitte |
Clean away some declarations dsa_algorithmidentifier_encoding(), ecdsa_algorithmidentifier_encoding(), rsa_algorithmidentifier_encoding() have been replaced with DER writer functions
Clean away some declarations dsa_algorithmidentifier_encoding(), ecdsa_algorithmidentifier_encoding(), rsa_algorithmidentifier_encoding() have been replaced with DER writer functions, so they aren't useful any more. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12693)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
4f2271d5 |
| 17-Jun-2020 |
Shane Lontis |
Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These te
Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11572)
show more ...
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
b03ec3b5 |
| 15-Apr-2020 |
Shane Lontis |
Add DSA keygen to provider Moved some shared FFC code into the FFC files. Added extra paramgen parameters for seed, gindex. Fixed bug in ossl_prov util to print bignums. Rev
Add DSA keygen to provider Moved some shared FFC code into the FFC files. Added extra paramgen parameters for seed, gindex. Fixed bug in ossl_prov util to print bignums. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11303)
show more ...
|
Revision tags: OpenSSL_1_1_1f |
|
#
0abae163 |
| 23-Mar-2020 |
Richard Levitte |
EVP: Implement support for key downgrading in backends Downgrading EVP_PKEYs from containing provider side internal keys to containing legacy keys demands support in the EVP_PKEY_ASN1_ME
EVP: Implement support for key downgrading in backends Downgrading EVP_PKEYs from containing provider side internal keys to containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD. This became a bit elaborate because the code would be almost exactly the same as the import functions int EVP_KEYMGMT. Therefore, we end up moving most of the code to common backend support files that can be used both by legacy backend code and by our providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11375)
show more ...
|
Revision tags: OpenSSL_1_1_1e |
|
#
2888fc15 |
| 06-Feb-2020 |
Richard Levitte |
PROV: Add a OP_keymgmt_match() function to our DH, DSA, RSA and EC_KEY impl Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11158)
|
#
8083fd3a |
| 16-Feb-2020 |
Shane Lontis |
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Cas
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
show more ...
|
#
f11f86f6 |
| 06-Feb-2020 |
Shane Lontis |
Add FFC param/key generation Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10909)
|
#
505b41fc |
| 21-Jan-2020 |
Richard Levitte |
PROV: Adapt the DSA signature implementation to provide Algorithmidentifiers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1092
PROV: Adapt the DSA signature implementation to provide Algorithmidentifiers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10920)
show more ...
|
#
a3327784 |
| 14-Jan-2020 |
Richard Levitte |
CRYPTO: Remove support for ex_data fields when building the FIPS module These fields are purely application data, and applications don't reach into the bowels of the FIPS module, so thes
CRYPTO: Remove support for ex_data fields when building the FIPS module These fields are purely application data, and applications don't reach into the bowels of the FIPS module, so these fields are never used there. Fixes #10835 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10837)
show more ...
|
#
e683582b |
| 12-Jan-2020 |
Shane Lontis |
Add dsa signature alg to fips provider Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10615)
|