#
d649c51a |
| 21-May-2022 |
Peiwei Hu |
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
show more ...
|
#
61adb6cf |
| 11-Oct-2021 |
Matt Caswell |
Fix a bug in signature self tests in the FIPS module When calling EVP_PKEY_sign(), the size of the signature buffer must be passed in *siglen. Reviewed-by: Tomas Mraz <tomas@ope
Fix a bug in signature self tests in the FIPS module When calling EVP_PKEY_sign(), the size of the signature buffer must be passed in *siglen. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
#
55950587 |
| 29-Aug-2021 |
slontis |
Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE Fixes #16457 The ECDSA and DSA signature tests use Pairwise tests instead of KATS. Note there is a seperate type used by
Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE Fixes #16457 The ECDSA and DSA signature tests use Pairwise tests instead of KATS. Note there is a seperate type used by the keygen for conditional Pairwise Tests. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16461)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
e494fac7 |
| 15-Apr-2021 |
Pauli |
Fix naming for EVP_RAND_CTX_gettable functions. Change: EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settabl
Fix naming for EVP_RAND_CTX_gettable functions. Change: EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settable_params Which brings them in line with the other similar functions for other algorithm types. Fixes #14880 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14893)
show more ...
|
#
3fed2718 |
| 12-Apr-2021 |
Shane Lontis |
Add FIPS Self test for AES_ECB decrypt Fixes #14807 Compliance with IG 9.4 requires that an inverse cipher function be tested if one is implemented. Just running AES_GCM encrypt
Add FIPS Self test for AES_ECB decrypt Fixes #14807 Compliance with IG 9.4 requires that an inverse cipher function be tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse function during decryption mode). Added a mode to the cipher test so that the AES_GCM only does an encrypt and AES_ECB only does a decrypt. TDES still does both. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14825)
show more ...
|
Revision tags: openssl-3.0.0-alpha14 |
|
#
3f883c7c |
| 07-Apr-2021 |
Shane Lontis |
Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free(). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14785)
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
8d5b197b |
| 26-Feb-2021 |
Pauli |
fips: update DRBG KATs for the extra instantiate argument Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
#
6bcd32a4 |
| 26-Feb-2021 |
Pauli |
fips: add additional argument to KDF derive call in self test Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
#
a8eb71ad |
| 01-Feb-2021 |
Richard Levitte |
Allow the sshkdf type to be passed as a single character This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1. This also slightly modifies the way diverse paramete
Allow the sshkdf type to be passed as a single character This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1. This also slightly modifies the way diverse parameters in are specified in providers/fips/self_test_data.inc for better consistency. Fixes #14027 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14035)
show more ...
|
#
2db985b7 |
| 05-Feb-2021 |
Shane Lontis |
Simplify the EVP_PKEY_XXX_fromdata_XX methods. The existing names such as EVP_PKEY_param_fromdata_settable were a bit confusing since the 'param' referred to key params not OSSL_PARAM. T
Simplify the EVP_PKEY_XXX_fromdata_XX methods. The existing names such as EVP_PKEY_param_fromdata_settable were a bit confusing since the 'param' referred to key params not OSSL_PARAM. To simplify the interface a 'selection' parameter will be passed instead. The changes are: (1) EVP_PKEY_fromdata_init() replaces both EVP_PKEY_key_fromdata_init() and EVP_PKEY_param_fromdata_init(). (2) EVP_PKEY_fromdata() has an additional selection parameter. (3) EVP_PKEY_fromdata_settable() replaces EVP_PKEY_key_fromdata_settable() and EVP_PKEY_param_fromdata_settable(). EVP_PKEY_fromdata_settable() also uses a selection parameter. Fixes #12989 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14076)
show more ...
|
Revision tags: openssl-3.0.0-alpha11 |
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
6d9a54c6 |
| 14-Jan-2021 |
Tomas Mraz |
Pass correct maximum output length to provider derive operation And improve error checking in EVP_PKEY_derive* calls. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from h
Pass correct maximum output length to provider derive operation And improve error checking in EVP_PKEY_derive* calls. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13869)
show more ...
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
acd3e548 |
| 23-Nov-2020 |
Shane Lontis |
Add fips self tests for all included kdf Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13480)
|
#
cbb85bda |
| 27-Nov-2020 |
Matt Caswell |
Fix builds that specify both no-dh and no-ec Various sections of code assumed that at least one of dh or ec would be available. We also now also need to handle cases where a provider has
Fix builds that specify both no-dh and no-ec Various sections of code assumed that at least one of dh or ec would be available. We also now also need to handle cases where a provider has a key exchange algorithm and TLS-GROUP that we don't know about. Fixes #13536 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13549)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
7d6766cb |
| 28-Sep-2020 |
Pauli |
prov: prefix provider internal functions with ossl_ Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/open
prov: prefix provider internal functions with ossl_ Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13014)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
4343a418 |
| 16-Sep-2020 |
Shane Lontis |
Add self tests for rsa encryption SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption using the RSA primitive (i.e. no padding). This is
Add self tests for rsa encryption SP800-56br2 requires seperate KAT's (fips self tests) to be tested for both encryption and decryption using the RSA primitive (i.e. no padding). This is specified in FIPS140-2 IG D.9 A copy of the methods EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt() are now in the fips module. Removed the #ifdef FIPS_MODULE in evp_pkey_ctx_free_old_ops(). Added corruption test Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12835)
show more ...
|
#
4f14a378 |
| 12-Sep-2020 |
Dr. Matthias St. Pierre |
prov/drbg: cleanup some RAND_DRBG leftovers These are leftovers from the RAND_DRBG removal (#12509). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.co
prov/drbg: cleanup some RAND_DRBG leftovers These are leftovers from the RAND_DRBG removal (#12509). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12866)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
660c5344 |
| 18-Jun-2020 |
Matt Caswell |
Revert "kdf: make function naming consistent." The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This
Revert "kdf: make function naming consistent." The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit 765d04c9460a304c8119f57941341a149498b9db. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
show more ...
|
Revision tags: openssl-3.0.0-alpha3 |
|
#
6154f9a7 |
| 20-May-2020 |
Pauli |
fips rand: DRBG KAT self test updates to provider model. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
|
#
765d04c9 |
| 08-Jun-2020 |
Pauli |
kdf: make function naming consistent. The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace for consistency. Reviewed-by: Richard Levitte <levitte@openssl.o
kdf: make function naming consistent. The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace for consistency. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11996)
show more ...
|
Revision tags: openssl-3.0.0-alpha2 |
|
#
a6ed19dc |
| 27-Apr-2020 |
Shourya Shukla |
Amend references to "OpenSSL license" A small number of files contain references to the "OpenSSL license" which has been deprecated and replaced by the "Apache License 2.0". Amend th
Amend references to "OpenSSL license" A small number of files contain references to the "OpenSSL license" which has been deprecated and replaced by the "Apache License 2.0". Amend the occurences. Fixes #11649 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11663)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
ec4d1b8f |
| 03-Apr-2020 |
Shane Lontis |
Add data driven SELF TEST code for signatures and key agreement Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11036)
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
47c239c6 |
| 03-Mar-2020 |
Shane Lontis |
Add pairwise consistency self tests to asym keygenerators Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10952)
|