| #
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
| #
bb1aab38 |
| 22-Aug-2024 |
slontis |
FIPS: Add EDDSA public key validation.
EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to
determine if the public key is a valid point on the curve.
The FIPS A
FIPS: Add EDDSA public key validation.
EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to
determine if the public key is a valid point on the curve.
The FIPS ACVP tests require public key validation tests.
See https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/EDDSA-KeyVer-1.0/internalProjection.json
Note that this is NOT required to be called before EDDSA signature verification
since it is done internally.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25265)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
836080a8 |
| 16-Oct-2022 |
James Muir |
Support all five EdDSA instances from RFC 8032
Fixes #6277
Description:
Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519,
Ed25519ctx, Ed25519ph, Ed448, E
Support all five EdDSA instances from RFC 8032
Fixes #6277
Description:
Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519,
Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs.
The desired EdDSA instance is specified via an OSSL_PARAM.
All instances, except for Ed25519, allow context strings as input.
Context strings are passed via an OSSL_PARAM. For Ed25519ctx, the
context string must be nonempty.
Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that
the full message (not a digest) must be passed to sign and verify
operations.
Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input
message is hashed before sign and verify.
Testing:
All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt
(thanks to Shane Lontis for showing how to do that). Those 21 test
vectors are exercised by evp_test.c and cover all five instances.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19705)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
| #
3c2bdd7d |
| 08-Apr-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)
|
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
054d43ff |
| 09-Mar-2021 |
Shane Lontis |
Add ossl_ ecx symbols
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
| #
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
|
Revision tags: OpenSSL_1_1_1h |
|
| #
8dbef010 |
| 22-Sep-2020 |
Shane Lontis |
Fix ecx so that is uses a settable propertyquery
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
| #
aa97970c |
| 10-Jun-2020 |
Pauli |
unify spelling of serialize
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12104)
|
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
3965480c |
| 05-Mar-2020 |
Matt Caswell |
Implement provider support for Ed25519 annd Ed448
At the moment we only provider support for these algorithms in the default
provider. These algorithms only support "one shot" EVP_Digest
Implement provider support for Ed25519 annd Ed448
At the moment we only provider support for these algorithms in the default
provider. These algorithms only support "one shot" EVP_DigestSign() and
EVP_DigestVerify() as per the existing libcrypto versions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
show more ...
|
| #
af7f656c |
| 03-Mar-2020 |
Patrick Steuer |
crypto/ec/curve448/eddsa.c: fix EBCDIC platforms
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://gith
crypto/ec/curve448/eddsa.c: fix EBCDIC platforms
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11229)
show more ...
|
|
Revision tags: OpenSSL_1_0_2u |
|
| #
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
direc
Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like
'*_lcl.h', '*_local.h', or '*_int.h'
This commit changes the different suffixes to '*_local.h' uniformly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
3fd70262 |
| 03-Sep-2019 |
Richard Levitte |
New function EVP_MD_free()
This function re-implements EVP_MD_meth_free(), but has a name that
isn't encumbered by legacy EVP_MD construction functionality.
We also refactor mos
New function EVP_MD_free()
This function re-implements EVP_MD_meth_free(), but has a name that
isn't encumbered by legacy EVP_MD construction functionality.
We also refactor most of EVP_MD_meth_new() into an internal
evp_md_new() that's used when creating fetched methods.
EVP_MD_meth_new() and EVP_MD_meth_free() are rewritten in terms of
evp_md_new() and EVP_MD_free(). This means that at any time, we can
deprecate all the EVP_MD_meth_ functions with no harmful consequence.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9758)
show more ...
|
| #
a9612d6c |
| 03-Jul-2019 |
Matt Caswell |
Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
08afd2f3 |
| 03-Dec-2018 |
Matt Caswell |
Disallow Ed448 signature malleability
Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.2.7
Fixes #7706
Reviewed-by: Kurt R
Disallow Ed448 signature malleability
Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.2.7
Fixes #7706
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)
show more ...
|
| #
a7f182b7 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/ec/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7
Following the license change, modify the boilerplates in crypto/ec/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7791)
show more ...
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
| #
28c5b7d4 |
| 01-Aug-2018 |
Dr. Matthias St. Pierre |
Fix some undefined behaviour in the Curve448 code (2nd attempt)
Fixes #6800
Replaces #5418
This commit reverts commit 7876dbffcee9 and moves the check for a
zero-length inpu
Fix some undefined behaviour in the Curve448 code (2nd attempt)
Fixes #6800
Replaces #5418
This commit reverts commit 7876dbffcee9 and moves the check for a
zero-length input down the callstack into sha3_update().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6838)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre8 |
|
| #
1b3c89cd |
| 29-May-2018 |
Matt Caswell |
Remove some logically dead code
Found by coverity. This is an artifact left over from the original
decaf import which generated the source code for different curves. For
curve 448 th
Remove some logically dead code
Found by coverity. This is an artifact left over from the original
decaf import which generated the source code for different curves. For
curve 448 this is dead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2 |
|
| #
7876dbff |
| 20-Feb-2018 |
Matt Caswell |
Fix some undefined behaviour in the Curve448 code
We can't add NULL data into a hash
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/p
Fix some undefined behaviour in the Curve448 code
We can't add NULL data into a hash
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5418)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre1 |
|
| #
9c9d6ff4 |
| 07-Feb-2018 |
Matt Caswell |
Simplify some code
The original curve448 code was templated to allow for a 25519
implementation. We've just imported the 448 stuff - but a remnant of
the original templated approach
Simplify some code
The original curve448 code was templated to allow for a 25519
implementation. We've just imported the 448 stuff - but a remnant of
the original templated approach remained. This just simplifies that.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
show more ...
|
| #
a7232276 |
| 07-Feb-2018 |
Matt Caswell |
Remove some unneccessary use of constant time code in curve448
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
|
| #
53ef3252 |
| 07-Feb-2018 |
Matt Caswell |
More style fixes for the curve448 code
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
|
| #
68b20c00 |
| 12-Feb-2018 |
Matt Caswell |
More style fixes to Curve448 code based on review feedback
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
|
| #
04ebd4e1 |
| 12-Feb-2018 |
Matt Caswell |
Some style fixes
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
|
