#
4032cd9a |
| 17-Apr-2023 |
Yi Li |
configure: introduce no-ecx to remove ECX related feature This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi
configure: introduce no-ecx to remove ECX related feature This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20781)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
202cbdd2 |
| 05-May-2021 |
Tomas Mraz |
A few cleanups of the provider build.infos Remove a TODO that is no longer relevant and drop some more non-fips sources from the fips checksums. Reviewed-by: Paul Dale <pauli@op
A few cleanups of the provider build.infos Remove a TODO that is no longer relevant and drop some more non-fips sources from the fips checksums. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15191)
show more ...
|
#
848af5e8 |
| 06-May-2021 |
Richard Levitte |
Drop libimplementations.a libimplementations.a was a nice idea, but had a few flaws: 1. The idea to have common code in libimplementations.a and FIPS sensitive helper funct
Drop libimplementations.a libimplementations.a was a nice idea, but had a few flaws: 1. The idea to have common code in libimplementations.a and FIPS sensitive helper functions in libfips.a / libnonfips.a didn't catch on, and we saw full implementation ending up in them instead and not appearing in libimplementations.a at all. 2. Because more or less ALL algorithm implementations were included in libimplementations.a (the idea being that the appropriate objects from it would be selected automatically by the linker when building the shared libraries), it's very hard to find only the implementation source that should go into the FIPS module, with the result that the FIPS checksum mechanism include source files that it shouldn't To mitigate, we drop libimplementations.a, but retain the idea of collecting implementations in static libraries. With that, we not have: libfips.a Includes all implementations that should become part of the FIPS provider. liblegacy.a Includes all implementations that should become part of the legacy provider. libdefault.a Includes all implementations that should become part of the default and base providers. With this, libnonfips.a becomes irrelevant and is dropped. libcommon.a is retained to include common provider code that can be used uniformly by all providers. Fixes #15157 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15171)
show more ...
|
#
5a86dac8 |
| 06-May-2021 |
Richard Levitte |
Rename files in providers/implementations/signatures It was discovered that eddsa.c exist in two places, here and in crypto/ec/curve448/, which would result in a file name clash if they
Rename files in providers/implementations/signatures It was discovered that eddsa.c exist in two places, here and in crypto/ec/curve448/, which would result in a file name clash if they ever end up in the same library. To mitigate, we rename the copy in providers/implementations/signatures to have '_sig' in the file name, and do the same with all other source files in this directory, for consistency. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15171)
show more ...
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
d0b79f86 |
| 04-Mar-2020 |
Paul Yang |
Add SM2 signature algorithm to default provider Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openss
Add SM2 signature algorithm to default provider Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12536)
show more ...
|
#
d12a2fe4 |
| 15-Sep-2020 |
Matt Caswell |
Teach EdDSA signature algorithms about AlgorithmIdentifiers The other signature algorithms know how to create their own AlgorithmIdentifiers, but the EdDSA algorithms missed this.
Teach EdDSA signature algorithms about AlgorithmIdentifiers The other signature algorithms know how to create their own AlgorithmIdentifiers, but the EdDSA algorithms missed this. Fixes #11875 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12884)
show more ...
|
#
49ed5ba8 |
| 29-Aug-2020 |
Shane Lontis |
fix provider signatures Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
e43b4482 |
| 29-Aug-2020 |
Shane Lontis |
Add fips checks for dsa signatures Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
2ef9a7ac |
| 17-Aug-2020 |
Matt Caswell |
Improve code reuse in the provider MAC bridge We reuse concepts such as PROV_CIPHER, and make use of some common code in provider_util.c Reviewed-by: Paul Dale <paul.dale@oracle
Improve code reuse in the provider MAC bridge We reuse concepts such as PROV_CIPHER, and make use of some common code in provider_util.c Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
#
409910be |
| 07-Aug-2020 |
Matt Caswell |
Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge Some MAC implementations were available before the current EVP_MAC API. They were used via EVP_DigestSign*. Ther
Implement signature functions for EVP_PKEY MAC to EVP_MAC provider bridge Some MAC implementations were available before the current EVP_MAC API. They were used via EVP_DigestSign*. There exists a bridge between the oldAPI and the EVP_MAC API however this bridge itself uses a legacy EVP_PKEY_METHOD. This commit implements the signature functions for the provider side bridge without having to use any legacy code. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
#
4f2271d5 |
| 17-Jun-2020 |
Shane Lontis |
Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These te
Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11572)
show more ...
|
#
2d956b32 |
| 31-Mar-2020 |
Richard Levitte |
PROV: Add DERlib support for ECDSA and EC keys This replaces crypto/ec/ecdsa_aid.c with new code and generated OIDs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from htt
PROV: Add DERlib support for ECDSA and EC keys This replaces crypto/ec/ecdsa_aid.c with new code and generated OIDs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11450)
show more ...
|
#
8c555803 |
| 31-Mar-2020 |
Richard Levitte |
PROV: Add DERlib support for DSA This replaces crypto/dsa/dsa_aid.c with new code and generated OIDs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com
PROV: Add DERlib support for DSA This replaces crypto/dsa/dsa_aid.c with new code and generated OIDs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11450)
show more ...
|
#
6f5837dc |
| 31-Mar-2020 |
Richard Levitte |
PROV: Add DERlib support for RSA This replaces crypto/rsa/rsa_aid.c with new code and generated OIDs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com
PROV: Add DERlib support for RSA This replaces crypto/rsa/rsa_aid.c with new code and generated OIDs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11450)
show more ...
|
#
edd3b7a3 |
| 15-Mar-2020 |
Shane Lontis |
Add ECDSA to providers Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/opens
Add ECDSA to providers Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10968)
show more ...
|
#
d16d0b71 |
| 15-Mar-2020 |
Shane Lontis |
Add RSA sign to the fips provider Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11199)
|
#
3965480c |
| 05-Mar-2020 |
Matt Caswell |
Implement provider support for Ed25519 annd Ed448 At the moment we only provider support for these algorithms in the default provider. These algorithms only support "one shot" EVP_Digest
Implement provider support for Ed25519 annd Ed448 At the moment we only provider support for these algorithms in the default provider. These algorithms only support "one shot" EVP_DigestSign() and EVP_DigestVerify() as per the existing libcrypto versions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11261)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
6f4b7663 |
| 01-Dec-2019 |
Richard Levitte |
PROV: add RSA signature implementation This includes legacy PSS controls to params conversion, and an attempt to generalise the parameter names when they are suitable for more than o
PROV: add RSA signature implementation This includes legacy PSS controls to params conversion, and an attempt to generalise the parameter names when they are suitable for more than one operation. Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers for known RSA+hash function combinations. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10557)
show more ...
|
#
5687e357 |
| 04-Oct-2019 |
Richard Levitte |
Providers: move common exchange,kdfs,keymgmt,macs,signature From providers/common/ to providers/implementations/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https:
Providers: move common exchange,kdfs,keymgmt,macs,signature From providers/common/ to providers/implementations/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
show more ...
|