#
0113ec84 |
| 28-Apr-2022 |
Todd Short |
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)
show more ...
|
#
bef9b48e |
| 12-Nov-2021 |
Tomas Mraz |
Add null digest implementation to the default provider This is necessary to keep compatibility with 1.1.1. Fixes #16660 Reviewed-by: Matt Caswell <matt@openssl.org> (Me
Add null digest implementation to the default provider This is necessary to keep compatibility with 1.1.1. Fixes #16660 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17016)
show more ...
|
#
c2ee608a |
| 01-Sep-2021 |
Tianjia Zhang |
providers: Add SM4 GCM implementation The GCM mode of the SM4 algorithm is specifieded by RFC8998. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-b
providers: Add SM4 GCM implementation The GCM mode of the SM4 algorithm is specifieded by RFC8998. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16491)
show more ...
|
#
524f1261 |
| 13-Sep-2021 |
Ulrich Müller |
Add default provider support for Keccak 224, 256, 384 and 512 Fixes issue openssl#13033 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
Add default provider support for Keccak 224, 256, 384 and 512 Fixes issue openssl#13033 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16594)
show more ...
|
#
7f5a9399 |
| 12-Aug-2021 |
Shane Lontis |
Add support for camellia cbc cts mode Fixes #16276 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16286)
|
#
736dba01 |
| 02-Aug-2021 |
Pauli |
provider: add TLS13_KDF to the default and FIPS providers Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lo
provider: add TLS13_KDF to the default and FIPS providers Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
e2f5df36 |
| 10-Mar-2021 |
Richard Levitte |
PROV: Add OIDs we know to all provider applicable algorithms The OIDs were extracted with the help of libcrypto's ASN1 OID database. While doing this, we move all the names strings
PROV: Add OIDs we know to all provider applicable algorithms The OIDs were extracted with the help of libcrypto's ASN1 OID database. While doing this, we move all the names strings to macro definitions, to avoid duplication and conflicting names declarations. Those macros are all in providers/implementations/include/prov/names.h Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14498)
show more ...
|
#
baf02793 |
| 16-Mar-2021 |
Richard Levitte |
APPS: Replace the use of OBJ_nid2ln() with name or description calls With new provided algorithms added, we'd rather rely on the names and descriptions that we get from the providers.
APPS: Replace the use of OBJ_nid2ln() with name or description calls With new provided algorithms added, we'd rather rely on the names and descriptions that we get from the providers. Specifically with the 'openssl list' command, we now display the description of all algorithms. For '-public-key-algorithms', we additionally print key type information a bit more like we do for legacy methods. We also add descriptions to all our keymgmt functions, because the built in EVP_PKEY_ASN1_METHODs had them. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14656)
show more ...
|
#
c8830891 |
| 09-Mar-2021 |
Shane Lontis |
Add ossl_provider symbols Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
#
9500c823 |
| 24-Feb-2021 |
Shane Lontis |
Fix misc external ossl_ symbols. Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
b233ea82 |
| 26-Jan-2021 |
Matt Caswell |
Avoid races by caching exported ciphers in the init function TSAN was reporting a race of the exported ciphers cache that we create in the default and fips providers. This was because we
Avoid races by caching exported ciphers in the init function TSAN was reporting a race of the exported ciphers cache that we create in the default and fips providers. This was because we cached it in the query function rather than the init function, so this would cause a race if multiple threads queried at the same time. In practice it probably wouldn't make much difference since different threads should come up with the same answer. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
show more ...
|
#
58f422f6 |
| 28-Jan-2021 |
Richard Levitte |
Fix some odd names in our provider source code ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions sm2_as
Fix some odd names in our provider source code ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions sm2_asym_cipher_functions -> ossl_sm2_asym_cipher_functions sm2_keymgmt_functions -> ossl_sm2_keymgmt_functions sm2_signature_functions -> ossl_sm2_signature_functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
show more ...
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
81aef6ba |
| 19-Nov-2020 |
Pauli |
rand: add a provider side seed source. This allows the operating system sources that OpenSSL supports to be used directly as RNGs. It also allows DRBG seeding to be explicitly speci
rand: add a provider side seed source. This allows the operating system sources that OpenSSL supports to be used directly as RNGs. It also allows DRBG seeding to be explicitly specified rather than being left to a fall back case. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13455)
show more ...
|
#
89cccbea |
| 16-Nov-2020 |
Shane Lontis |
Add EVP_KDF-X942 to the fips module The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X94
Add EVP_KDF-X942 to the fips module The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X942 - this has been made a bit clearer by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an alias of X963KDF. This work was instigated as a result of the ACVP tests optionally being able to use keybits for the supp_pubinfo field. Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this to be disabled. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13418)
show more ...
|
Revision tags: openssl-3.0.0-alpha8 |
|
#
08edd447 |
| 30-Oct-2020 |
Pauli |
prov: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https
prov: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
show more ...
|
#
c319b627 |
| 17-Oct-2020 |
Richard Levitte |
PROV: Re-implement all the keypair encoders The base functionality to implement the keypair encoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH a
PROV: Re-implement all the keypair encoders The base functionality to implement the keypair encoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be output, the output type ("TEXT", "DER" or "PEM") and the outermost output structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13167)
show more ...
|
#
2c090c1d |
| 26-Oct-2020 |
Richard Levitte |
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH a
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
show more ...
|
#
649bd87c |
| 04-Nov-2020 |
Pauli |
defltprov: remove duplicate algorithm names. Ed25519 and Ed448 contained aliases that were the same as the primary name. This removes the aliases leaving ED25519 and ED448 as the canonic
defltprov: remove duplicate algorithm names. Ed25519 and Ed448 contained aliases that were the same as the primary name. This removes the aliases leaving ED25519 and ED448 as the canonical names. Matching is case insensitive, so no functionality is lost. The FIPS provider didn't include the duplicates. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13308)
show more ...
|
#
8ea761bf |
| 29-Oct-2020 |
Shane Lontis |
Add AES KW inverse ciphers to the EVP layer Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13272)
|
Revision tags: openssl-3.0.0-alpha7 |
|
#
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
592dcfd3 |
| 29-Sep-2020 |
Pauli |
prov: prefix all exposed 'cipher' symbols with ossl_ Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13030)
|
#
7d6766cb |
| 28-Sep-2020 |
Pauli |
prov: prefix provider internal functions with ossl_ Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/open
prov: prefix provider internal functions with ossl_ Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13014)
show more ...
|
#
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|