Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes

that open brace { should be on the previous line

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed

that open brace { should be on the previous line

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22097)

show more ...

rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check

The code did not yet check that the length of the RSA key is positive
and even.

Signed-off-by: Clemens Lang <cllang@redhat.com>

rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check

The code did not yet check that the length of the RSA key is positive
and even.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22403)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Add coverage test for ossl_rsa_sp800_56b_derive_params_from_pq

This test runs the error path for the above function.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by:

Add coverage test for ossl_rsa_sp800_56b_derive_params_from_pq

This test runs the error path for the above function.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20200)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16534)

(cherry picked from commit 54d987b92ce57c1cc38c6d9b

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16534)

(cherry picked from commit 54d987b92ce57c1cc38c6d9b6bf879b003f4cbd4)

show more ...

Allow small RSA exponents in the default provider

Fixes #16255

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi

Allow small RSA exponents in the default provider

Fixes #16255

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16285)

show more ...

Drop OPENSSL_NO_RSA everywhere

The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.

Reviewed-by: Tomas Mraz <tmraz@fedor

Drop OPENSSL_NO_RSA everywhere

The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)

show more ...

Deprecate RSA harder

This deprecates all functions that deal with the types RSA and RSA_METHOD

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/open

Deprecate RSA harder

This deprecates all functions that deal with the types RSA and RSA_METHOD

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13096)

show more ...

rsa: add ossl_ prefix to internal rsa_ calls.

The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_fa

rsa: add ossl_ prefix to internal rsa_ calls.

The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)

show more ...

Add ACVP fips module tests

For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These te

Add ACVP fips module tests

For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.

This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).

The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.

The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.

The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)

Amend references to "OpenSSL license"

A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend th

Amend references to "OpenSSL license"

A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend the occurences.

Fixes #11649

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11663)

show more ...

RSA generation: Use more bits of 1/sqrt(2)

The old version always sets the top 2 bits, so the most significate byte
of the primes was always >= 0xC0. We now use 256 bits to represent

RSA generation: Use more bits of 1/sqrt(2)

The old version always sets the top 2 bits, so the most significate byte
of the primes was always >= 0xC0. We now use 256 bits to represent
1/sqrt(2) = 0x0.B504F333F9DE64845...

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #10246

show more ...

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
direc

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

'*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)

show more ...

removed BN_clear NULL checks

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8507)

FIPS 186-4 RSA Generation & Validation

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

FIPS 186-4 RSA Generation & Validation

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6652)

show more ...