Revision tags: openssl-3.0.0-alpha16 |
|
#
b4c4a2c6 |
| 27-Apr-2021 |
Tomas Mraz |
Implement pem_read_key directly through OSSL_DECODER Using OSSL_STORE is too heavy and breaks things. There were also needed various fixes mainly for missing proper handling of
Implement pem_read_key directly through OSSL_DECODER Using OSSL_STORE is too heavy and breaks things. There were also needed various fixes mainly for missing proper handling of the SM2 keys in the OSSL_DECODER. Fixes #14788 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15045)
show more ...
|
Revision tags: openssl-3.0.0-alpha15 |
|
#
b4f447c0 |
| 08-Apr-2021 |
Tomas Mraz |
Add selection support to the provider keymgmt_dup function Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
|
Revision tags: openssl-3.0.0-alpha14 |
|
#
4a9fe33c |
| 07-Apr-2021 |
Tomas Mraz |
Implement provider-side keymgmt_dup function To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function to the provider API and implement it for all asym-key key managements.
Implement provider-side keymgmt_dup function To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function to the provider API and implement it for all asym-key key managements. Use it when copying everything to an empty EVP_PKEY which is the case with EVP_PKEY_dup(). Fixes #14658 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
show more ...
|
#
3f883c7c |
| 07-Apr-2021 |
Shane Lontis |
Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free(). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14785)
|
Revision tags: OpenSSL_1_1_1k |
|
#
09fba0b4 |
| 21-Mar-2021 |
Pauli |
fix coverity 1466710: resource leak Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14620)
|
#
bf5b37ce |
| 25-Mar-2021 |
Tomas Mraz |
Make the SM2 group the default group for the SM2 algorithm Fixes #14481 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by:
Make the SM2 group the default group for the SM2 algorithm Fixes #14481 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14684)
show more ...
|
#
218e1263 |
| 21-Mar-2021 |
Pauli |
ec_keymgmt: fix coverity 1474427: resource leak Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14637)
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
9a485440 |
| 11-Mar-2021 |
Tomas Mraz |
Make EVP_PKEY_missing_parameters work properly on provided RSA keys This requires changing semantics of the keymgmt_has() function a little in the sense that it now returns 1 if the
Make EVP_PKEY_missing_parameters work properly on provided RSA keys This requires changing semantics of the keymgmt_has() function a little in the sense that it now returns 1 if the selection has no meaning for the key type. It was already doing so for ECX keys for example. The keymgmt_validate function semantics is changed similarly to allow passing validation on the same selection that the key returns 1 for. Fixes #14509 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14511)
show more ...
|
#
f9562909 |
| 01-Mar-2021 |
Pauli |
provider: add params argument to key manager's gen_init call Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
|
#
fb67126e |
| 26-Feb-2021 |
Tomas Mraz |
EVP_PKEY_CTX_get/settable_params: pass provider operation context This allows making the signature operations return different settable params when the context is initialized with EV
EVP_PKEY_CTX_get/settable_params: pass provider operation context This allows making the signature operations return different settable params when the context is initialized with EVP_DigestSign/VerifyInit. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14338)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
32ab57cb |
| 18-Feb-2021 |
Shane Lontis |
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
show more ...
|
#
4718326a |
| 17-Feb-2021 |
Shane Lontis |
Add EVP_PKEY_public_check_quick. Adding the EVP_PKEY_param_check_quick() reminded me that there are also partial checks for public keys as part of SP800-56A for FFC (DH named safe pr
Add EVP_PKEY_public_check_quick. Adding the EVP_PKEY_param_check_quick() reminded me that there are also partial checks for public keys as part of SP800-56A for FFC (DH named safe prime groups) and ECC. The code was mainly already there and just needed to be plumbed into the validate methods. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14206)
show more ...
|
Revision tags: OpenSSL_1_1_1j |
|
#
899e2564 |
| 09-Feb-2021 |
Matt Caswell |
Implement EVP_PKEY_param_check_quick() and use it in libssl The low level DH API has two functions for checking parameters: DH_check_ex() and DH_check_params_ex(). The former does a "ful
Implement EVP_PKEY_param_check_quick() and use it in libssl The low level DH API has two functions for checking parameters: DH_check_ex() and DH_check_params_ex(). The former does a "full" check, while the latter does a "quick" check. Most importantly it skips the check for a safe prime. We're ok without using safe primes here because we're doing ephemeral DH. Now that libssl is fully using the EVP API, we need a way to specify that we want a quick check instead of a full check. Therefore we introduce EVP_PKEY_param_check_quick() and use it. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14146)
show more ...
|
#
2741128e |
| 05-Feb-2021 |
Tomas Mraz |
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications or third party providers. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14086)
show more ...
|
Revision tags: openssl-3.0.0-alpha11 |
|
#
f2db0528 |
| 28-Jan-2021 |
Richard Levitte |
PROV: Add SM2 encoders and decoders, as well as support functionality The EC KEYMGMT implementation handled SM2 as well, except what's needed to support decoding: loading functions for b
PROV: Add SM2 encoders and decoders, as well as support functionality The EC KEYMGMT implementation handled SM2 as well, except what's needed to support decoding: loading functions for both EC and SM2 that checks for the presence or absence of the SM2 curve the same way as the EC / SM2 import functions. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
show more ...
|
#
58f422f6 |
| 28-Jan-2021 |
Richard Levitte |
Fix some odd names in our provider source code ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions sm2_as
Fix some odd names in our provider source code ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions sm2_asym_cipher_functions -> ossl_sm2_asym_cipher_functions sm2_keymgmt_functions -> ossl_sm2_keymgmt_functions sm2_signature_functions -> ossl_sm2_signature_functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
show more ...
|
#
ec7aef33 |
| 21-Jan-2021 |
Matt Caswell |
Ensure EC keys with a private key but without a public key can be created In 1.1.1 and earlier it was possible to create EC_KEYs that did not have the public key in it. We need to ensure
Ensure EC keys with a private key but without a public key can be created In 1.1.1 and earlier it was possible to create EC_KEYs that did not have the public key in it. We need to ensure that this continues to work in 3.0. Fixes #12612 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13922)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
5b5eea4b |
| 15-Oct-2020 |
Shane Lontis |
Deprecate EC_KEY + Update ec apps to use EVP_PKEY Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@open
Deprecate EC_KEY + Update ec apps to use EVP_PKEY Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
show more ...
|
#
53d650d1 |
| 19-Jan-2021 |
Tomas Mraz |
ec_kmgmt.c: OSSL_PKEY_PARAM_DEFAULT_DIGEST is gettable param for EC/SM2 keys Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13901)
|
#
9e49aff2 |
| 09-Nov-2020 |
Nicola Tuveri |
Add SM2 private key range validation According to the relevant standards, the valid range for SM2 private keys is [1, n-1), where n is the order of the curve generator. For this
Add SM2 private key range validation According to the relevant standards, the valid range for SM2 private keys is [1, n-1), where n is the order of the curve generator. For this reason we cannot reuse the EC validation function as it is, and we introduce a new internal function `sm2_key_private_check()`. Partially fixes https://github.com/openssl/openssl/issues/8435 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13359)
show more ...
|
#
d1fb6b48 |
| 20-Oct-2020 |
Nicola Tuveri |
Constify OSSL_FUNC_keymgmt_validate() The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from
Constify OSSL_FUNC_keymgmt_validate() The keydata argument of OSSL_FUNC_keymgmt_validate() should be read-only. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13201)
show more ...
|
#
3d914185 |
| 20-Oct-2020 |
Nicola Tuveri |
Constify OSSL_FUNC_keymgmt_has() The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <
Constify OSSL_FUNC_keymgmt_has() The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13200)
show more ...
|
#
5ac8fb58 |
| 09-Oct-2020 |
Matt Caswell |
Rename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key We do the same thing for the "get1" version. In reality this has broader use than just TLS (it can also be used
Rename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key We do the same thing for the "get1" version. In reality this has broader use than just TLS (it can also be used in CMS), and "encodedpoint" only makes sense when you are talking about EC based algorithms. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13105)
show more ...
|
#
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|