Revision tags: OpenSSL_1_1_1h |
|
#
ce64d3ee |
| 18-Sep-2020 |
Matt Caswell |
Move SM2 asymmetric encryption to be available in the default provider Fixes #12908 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/o
Move SM2 asymmetric encryption to be available in the default provider Fixes #12908 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12913)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
d0b79f86 |
| 04-Mar-2020 |
Paul Yang |
Add SM2 signature algorithm to default provider Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openss
Add SM2 signature algorithm to default provider Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12536)
show more ...
|
#
7ee511d0 |
| 26-Jul-2020 |
Paul Yang |
Add SM2 key management Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12536)
|
#
111dc4b0 |
| 14-Sep-2020 |
Richard Levitte |
ENCODER: Refactor our provider encoder implementations This only refactors them for the changed API, there's not yet a separate DER to PEM encoder and therefore no chaining possibility
ENCODER: Refactor our provider encoder implementations This only refactors them for the changed API, there's not yet a separate DER to PEM encoder and therefore no chaining possibility yet. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
#
80f4fd18 |
| 19-Sep-2020 |
Shane Lontis |
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750)
show more ...
|
#
eab7b424 |
| 07-Sep-2020 |
Pauli |
provider: add an 'is_running' call to all providers. It can be accessed (read only) via the status parameter. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://g
provider: add an 'is_running' call to all providers. It can be accessed (read only) via the status parameter. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|
#
ce43db7a |
| 08-Sep-2020 |
Jon Spillett |
Fix up issue on AIX caused by broken compiler handling of macro expansion Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from h
Fix up issue on AIX caused by broken compiler handling of macro expansion Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12812)
show more ...
|
#
63f187cf |
| 02-Aug-2020 |
Richard Levitte |
STORE: Add a built-in 'file:' storemgmt implementation (loader) This replaces the older 'file:' loader that is now an engine. It's still possible to use the older 'file:' loader by
STORE: Add a built-in 'file:' storemgmt implementation (loader) This replaces the older 'file:' loader that is now an engine. It's still possible to use the older 'file:' loader by explicitly using the engine, and tests will remain for it as long as ENGINEs are still supported (even through deprecated). To support this storemgmt implementation, a few internal OSSL_DECODER modifications are needed: - An internal function that implements most of OSSL_DECODER_CTX_new_by_EVP_PKEY(), but operates on an already existing OSSL_DECODER_CTX instead of allocating a new one. - Allow direct creation of a OSSL_DECODER from an OSSL_ALGORITHM. It isn't attached to any provider, and is only used internally, to simply catch any DER encoded object to be passed back to the object callback with no further checking. This implementation becomes the last resort decoder, when all "normal" decodation attempts (i.e. those that are supposed to result in an OpenSSL object of some sort) have failed. Because file_store_attach() uses BIO_tell(), we must also support BIO_ctrl() as a libcrypto upcall. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12587)
show more ...
|
#
b48ca22a |
| 02-Sep-2020 |
Jon Spillett |
Avoid AIX compiler issue by making the macro argument names not match any substring Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Mer
Avoid AIX compiler issue by making the macro argument names not match any substring Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12767)
show more ...
|
#
e3bf65da |
| 19-Aug-2020 |
Matt Caswell |
Include "legacy" in the name of the various MAC bridge functions Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
|
#
a540ef90 |
| 11-Aug-2020 |
Matt Caswell |
Extend the provider MAC bridge for CMAC The previous commits added support for HMAC, SIPHASH and Poly1305 into the provider MAC bridge. We now extend that for CMAC too. Reviewed
Extend the provider MAC bridge for CMAC The previous commits added support for HMAC, SIPHASH and Poly1305 into the provider MAC bridge. We now extend that for CMAC too. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
#
4db71d01 |
| 11-Aug-2020 |
Matt Caswell |
Extend the provider MAC bridge for Poly1305 The previous commits added support for HMAC and SIPHASH into the provider MAC bridge. We now extend that for Poly1305 too. Reviewed-b
Extend the provider MAC bridge for Poly1305 The previous commits added support for HMAC and SIPHASH into the provider MAC bridge. We now extend that for Poly1305 too. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
#
b27b31b6 |
| 11-Aug-2020 |
Matt Caswell |
Extend the provider MAC bridge for SIPHASH The previous commits added support for HMAC into the provider MAC bridge. We now extend that for SIPHASH too. Reviewed-by: Paul Dale <
Extend the provider MAC bridge for SIPHASH The previous commits added support for HMAC into the provider MAC bridge. We now extend that for SIPHASH too. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
#
b571e662 |
| 07-Aug-2020 |
Matt Caswell |
Make the provider side EVP PKEY MAC bridge available in default and fips Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
|
#
ece9304c |
| 16-Aug-2020 |
Richard Levitte |
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openss
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
show more ...
|
#
b7466c13 |
| 11-Aug-2020 |
Pauli |
Move PKCS#12 KDF to provider. This KDF is defined in RFC7292 in appendix B. It is widely used in PKCS#12 and should be provided. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.or
Move PKCS#12 KDF to provider. This KDF is defined in RFC7292 in appendix B. It is widely used in PKCS#12 and should be provided. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12624)
show more ...
|
#
627c2203 |
| 04-Aug-2020 |
Shane Lontis |
Add DHX support to keymanager Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12575)
|
#
194de849 |
| 31-Jul-2020 |
Matt Caswell |
Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
|
#
05d2f72e |
| 20-Jul-2020 |
Matt Caswell |
Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
|
#
ac2d58c7 |
| 03-Jul-2020 |
Matt Caswell |
Implement a EVP_PKEY KDF to KDF provider bridge Some KDF implementations were available before the current EVP_KDF API. They were used via EVP_PKEY_derive. There exists a bridge between
Implement a EVP_PKEY KDF to KDF provider bridge Some KDF implementations were available before the current EVP_KDF API. They were used via EVP_PKEY_derive. There exists a bridge between the old API and the EVP_KDF API however this bridge itself uses a legacy EVP_PKEY_METHOD. This commit implements a provider side bridge without having to use any legacy code. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
show more ...
|
#
04cb5ec0 |
| 09-Aug-2020 |
Shane Lontis |
Add 'on demand self test' and status test to providers The default and legacy providers currently return 1 for status and self test checks. Added test to show the 3 different stages the
Add 'on demand self test' and status test to providers The default and legacy providers currently return 1 for status and self test checks. Added test to show the 3 different stages the self test can be run (for installation, loading and on demand). For the fips provider: - If the on demand self test fails, then any subsequent fetches should also fail. To implement this the cached algorithms are flushed on failure. - getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11752)
show more ...
|
#
5ccada09 |
| 07-Aug-2020 |
Shane Lontis |
Add evp_test fixes. Changed many tests so they also test fips (and removed 'availablein = default' from some tests). Seperated the monolithic evppkey.txt file into smaller maintainable g
Add evp_test fixes. Changed many tests so they also test fips (and removed 'availablein = default' from some tests). Seperated the monolithic evppkey.txt file into smaller maintainable groups. Changed the availablein option so it must be first - this then skips the entire test before any fetching happens. Changed the code so that all the OPENSSL_NO_XXXX tests are done in code via methods such as is_cipher_disabled(alg), before the fetch happens. Added missing libctx's found by adding a libctx to test_evp. Broke up large data files for cipher, kdf's and mac's into smaller pieces so they no longer need 'AvailableIn = default' Added missing algorithm aliases for cipher/digests to the providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12236)
show more ...
|
#
a3f15e23 |
| 27-Jul-2020 |
Pauli |
deserialisation: add deserialisation to the base provider Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
|
#
dfc0857d |
| 10-Jun-2020 |
Pauli |
serialisation: Add a built-in base provider. Move the libcrypto serialisation functionality into a place where it can be provided at some point. The serialisation still remains native in
serialisation: Add a built-in base provider. Move the libcrypto serialisation functionality into a place where it can be provided at some point. The serialisation still remains native in the default provider. Add additional code to the list command to display what kind of serialisation each entry is capable of. Having the FIPS provider auto load the base provider is a future (but necessary) enhancement. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
show more ...
|
#
a4e55ccc |
| 20-Jul-2020 |
Richard Levitte |
PROV: Add a DER to RSA-PSS deserializer implementation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492)
|