Revision tags: OpenSSL_1_0_2u |
|
#
8c78f0ec |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize public header files (part 2) Add an <openssl/ossl_typ.h> compatibility header. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/open
Reorganize public header files (part 2) Add an <openssl/ossl_typ.h> compatibility header. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
14e275e8 |
| 25-Jul-2019 |
Richard Levitte |
Deprecate the public definition of ERR_STATE The intention is to make it opaque later on. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/op
Deprecate the public definition of ERR_STATE The intention is to make it opaque later on. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9462)
show more ...
|
#
dfcb5d29 |
| 30-Aug-2019 |
Matt Caswell |
Add the ability to perform signatures in a provider This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It also introduces the new type EVP_SIGNATURE to represent signature
Add the ability to perform signatures in a provider This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It also introduces the new type EVP_SIGNATURE to represent signature algorithms. This also automatically makes the EVP_Sign* APIs provider aware because they use EVP_Digest* (which is already provider aware) and EVP_PKEY_sign(_init) under the covers. At this stage there are no signature algorithms in any providers. That will come in the following commits. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
show more ...
|
#
a94a3e0d |
| 04-Jul-2019 |
Richard Levitte |
Add basic EVP_KEYMGMT API and libcrypto <-> provider interface The idea with the key management "operation" is to support the following set of functionality: - Key domain parame
Add basic EVP_KEYMGMT API and libcrypto <-> provider interface The idea with the key management "operation" is to support the following set of functionality: - Key domain parameter generation - Key domain parameter import - Key domain parameter export - Key generation - Key import - Key export - Key loading (HSM / hidden key support) With that set of function, we can support handling domain parameters on one provider, key handling on another, and key usage on a third, with transparent export / import of applicable data. Of course, if a provider doesn't offer export / import functionality, then all operations surrounding a key must be performed with the same provider. This method also avoids having to do anything special with legacy assignment of libcrypto key structures, i.e. EVP_PKEY_assign_RSA(). They will simply be used as keys to be exported from whenever they are used with provider based operations. This change only adds the EVP_KEYMGMT API and the libcrypto <-> provider interface. Further changes will integrate them into existing libcrypto functionality. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9312)
show more ...
|
#
ff64702b |
| 27-Jun-2019 |
Matt Caswell |
Make the EVP Key Exchange code provider aware We introduce a new EVP_KEYEXCH type to represent key exchange algorithms and refactor the existing code to use it where available.
Make the EVP Key Exchange code provider aware We introduce a new EVP_KEYEXCH type to represent key exchange algorithms and refactor the existing code to use it where available. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9266)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
d2ba8123 |
| 22-Apr-2019 |
Shane Lontis |
Added EVP_KDF (similiar to the EVP_MAC) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openss
Added EVP_KDF (similiar to the EVP_MAC) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8808)
show more ...
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
4c2883a9 |
| 20-Jan-2019 |
Richard Levitte |
Replumbing: Add the Provider Object, type OSSL_PROVIDER The OSSL_PROVIDER is the core object involved in loading a provider module, initialize a provider and do the initial communication
Replumbing: Add the Provider Object, type OSSL_PROVIDER The OSSL_PROVIDER is the core object involved in loading a provider module, initialize a provider and do the initial communication of provider wide and core wide dispatch tables. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
show more ...
|
#
7753be74 |
| 20-Jan-2019 |
Richard Levitte |
Replumbing: Add include/openssl/core.h, initially with core types Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8286)
|
#
d64b6299 |
| 06-Feb-2019 |
Richard Levitte |
Add an OpenSSL library context The context builds on CRYPTO_EX_DATA, allowing it to be dynamically extended with new data from the different parts of libcrypto. Reviewed-by: Mat
Add an OpenSSL library context The context builds on CRYPTO_EX_DATA, allowing it to be dynamically extended with new data from the different parts of libcrypto. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8225)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
5a285add |
| 21-Jun-2018 |
David Makepeace |
Added new EVP/KDF API. Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated.
Added new EVP/KDF API. Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6674)
show more ...
|
#
48f4ad77 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in include/ and crypto/include/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/77
Following the license change, modify the boilerplates in include/ and crypto/include/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7770)
show more ...
|
#
567db2c1 |
| 12-Oct-2018 |
Richard Levitte |
Add EVP_MAC API We currently implement EVP MAC methods as EVP_PKEY methods. This change creates a separate EVP API for MACs, to replace the current EVP_PKEY ones. A note ab
Add EVP_MAC API We currently implement EVP MAC methods as EVP_PKEY methods. This change creates a separate EVP API for MACs, to replace the current EVP_PKEY ones. A note about this EVP API and how it interfaces with underlying MAC implementations: Other EVP APIs pass the EVP API context down to implementations, and it can be observed that the implementations use the pointer to their own private data almost exclusively. The EVP_MAC API deviates from that pattern by passing the pointer to the implementation's private data directly, and thereby deny the implementations access to the EVP_MAC context structure. This change is made to provide a clearer separation between the EVP library itself and the implementations of its supported algorithm classes. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7393)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
6decf943 |
| 05-Mar-2018 |
Dr. Matthias St. Pierre |
Publish the RAND_DRBG API Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL A
Publish the RAND_DRBG API Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre2 |
|
#
0d664759 |
| 27-Feb-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
#
fac8673b |
| 19-Feb-2017 |
Richard Levitte |
STORE: Add the possibility to search for specific information Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
|
#
c16de9d8 |
| 31-Aug-2017 |
Dr. Matthias St. Pierre |
Fix reseeding issues of the public RAND_DRBG Reseeding is handled very differently by the classic RAND_METHOD API and the new RAND_DRBG api. These differences led to some problems when
Fix reseeding issues of the public RAND_DRBG Reseeding is handled very differently by the classic RAND_METHOD API and the new RAND_DRBG api. These differences led to some problems when the new RAND_DRBG was made the default OpenSSL RNG. In particular, RAND_add() did not work as expected anymore. These issues are discussed on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API' and in Pull Request #4328. This commit fixes the mentioned issues, introducing the following changes: - Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which facilitates collecting entropy by the get_entropy() callback. - Don't use RAND_poll()/RAND_add() for collecting entropy from the get_entropy() callback anymore. Instead, replace RAND_poll() by RAND_POOL_acquire_entropy(). - Add a new function rand_drbg_restart() which tries to get the DRBG in an instantiated state by all means, regardless of the current state (uninstantiated, error, ...) the DRBG is in. If the caller provides entropy or additional input, it will be used for reseeding. - Restore the original documented behaviour of RAND_add() and RAND_poll() (namely to reseed the DRBG immediately) by a new implementation based on rand_drbg_restart(). - Add automatic error recovery from temporary failures of the entropy source to RAND_DRBG_generate() using the rand_drbg_restart() function. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4328)
show more ...
|
#
75e2c877 |
| 03-Aug-2017 |
Rich Salz |
Switch from ossl_rand to DRBG rand If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success.
Switch from ossl_rand to DRBG rand If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4019)
show more ...
|
#
12fb8c3d |
| 27-Jun-2017 |
Rich Salz |
Add DRBG random method Ported from the last FIPS release, with DUAL_EC and SHA1 and the self-tests removed. Since only AES-CTR is supported, other code simplifications were done. R
Add DRBG random method Ported from the last FIPS release, with DUAL_EC and SHA1 and the self-tests removed. Since only AES-CTR is supported, other code simplifications were done. Removed the "entropy blocklen" concept. Moved internal functions to new include/internal/rand.h. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3789)
show more ...
|
Revision tags: OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
#
71a5516d |
| 08-Dec-2016 |
Richard Levitte |
Add the STORE module This STORE module adds the following functionality: - A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close() that accesses a URI and helps
Add the STORE module This STORE module adds the following functionality: - A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close() that accesses a URI and helps loading the supported objects (PKEYs, CERTs and CRLs for the moment) from it. - An opaque type OSSL_STORE_INFO that holds information on each loaded object. - A few functions to retrieve desired data from a OSSL_STORE_INFO reference. - Functions to register and unregister loaders for different URI schemes. This enables dynamic addition of loaders from applications or from engines. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
show more ...
|
#
786dd2c2 |
| 21-Apr-2017 |
Dr. Stephen Henson |
Add support for custom signature parameters Many signature types define the digest and public key type by a single OID such as ecdsa_with_sha256. Some types (RSA-PSS for example
Add support for custom signature parameters Many signature types define the digest and public key type by a single OID such as ecdsa_with_sha256. Some types (RSA-PSS for example) use a single OID to indicate the signature scheme and additional parameters are encoded in the AlgorithmIdentifier. Add an X509_SIG_INFO structure to contain details about the signature type: specifically the digest algorithm, public key algorithm, security bits and various flags. This supports both existing algorithms and more complex types. Add accessors for the structure and a special case that retrieves signature information from a certificate. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3301)
show more ...
|
Revision tags: OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6 |
|
#
f1f5ee17 |
| 26-Jun-2016 |
Andy Polyakov |
include/openssl: don't include <windows.h> in public headers. If application uses any of Windows-specific interfaces, make it application developer's respondibility to include <windows.h
include/openssl: don't include <windows.h> in public headers. If application uses any of Windows-specific interfaces, make it application developer's respondibility to include <windows.h>. Rationale is that <windows.h> is quite "toxic" and is sensitive to inclusion order (most notably in relation to <winsock2.h>). It's only natural to give complete control to the application developer. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
21dcbebc |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 03/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5 |
|
#
f0e0fd51 |
| 15-Apr-2016 |
Rich Salz |
Make many X509_xxx types opaque. Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Rich
Make many X509_xxx types opaque. Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
#
b9aec69a |
| 08-Apr-2016 |
Rich Salz |
Add SSL_DANE typedef for consistency. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
#
d3e6d6bc |
| 30-Mar-2016 |
Kirill Marinushkin |
moved structure bio_buf_mem_st from headers to bss_mem.c Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|