#
6dcb100f |
| 06-Mar-2019 |
Richard Levitte |
X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI This is a wrapper around OSSL_STORE. This also adds necessary support functions: - X509_STORE_load_fi
X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI This is a wrapper around OSSL_STORE. This also adds necessary support functions: - X509_STORE_load_file - X509_STORE_load_path - X509_STORE_load_store - SSL_add_store_cert_subjects_to_stack - SSL_CTX_set_default_verify_store - SSL_CTX_load_verify_file - SSL_CTX_load_verify_dir - SSL_CTX_load_verify_store and deprecates X509_STORE_load_locations and SSL_CTX_load_verify_locations, as they aren't extensible. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8442)
show more ...
|
#
4dde554c |
| 27-Sep-2019 |
Dr. David von Oheimb |
chunk 5 of CMP contribution to OpenSSL Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/op
chunk 5 of CMP contribution to OpenSSL Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10036)
show more ...
|
#
33f54da3 |
| 17-Sep-2019 |
Simo Sorce |
Add KRB5KDF from RFC 3961 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (M
Add KRB5KDF from RFC 3961 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9949)
show more ...
|
#
f6dead1b |
| 17-Oct-2019 |
Robbie Harwood |
[KDF] Add feedback-mode and CMAC support to KBKDF Implement SP800-108 section 5.2 with CMAC support. As a side effect, enable 5.1 with CMAC and 5.2 with HMAC. Add test vectors from RFC
[KDF] Add feedback-mode and CMAC support to KBKDF Implement SP800-108 section 5.2 with CMAC support. As a side effect, enable 5.1 with CMAC and 5.2 with HMAC. Add test vectors from RFC 6803. Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10143)
show more ...
|
#
f816aa47 |
| 08-Oct-2019 |
Shane Lontis |
Add rc2 ciphers to default provider Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9991)
|
#
695d195b |
| 23-May-2019 |
Richard Levitte |
Replumbing: make it possible for providers to specify multiple names This modifies the treatment of algorithm name strings to allow multiple names separated with colons. Reviewe
Replumbing: make it possible for providers to specify multiple names This modifies the treatment of algorithm name strings to allow multiple names separated with colons. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8985)
show more ...
|
#
6a41156c |
| 03-Oct-2019 |
Shane Lontis |
Add rc5 ciphers to default provider Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10006)
|
#
a39bc440 |
| 10-Sep-2019 |
Robbie Harwood |
[KDF] Add KBKDF implementation for counter-mode HMAC Implement SP800-108 section 5.1 with HMAC intended for use in Kerberos. Add test vectors from RFC 8009. Adds error codes PRO
[KDF] Add KBKDF implementation for counter-mode HMAC Implement SP800-108 section 5.1 with HMAC intended for use in Kerberos. Add test vectors from RFC 8009. Adds error codes PROV_R_INVALID_MAC and PROV_R_MISSING_MAC. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9924)
show more ...
|
#
7960dbec |
| 10-Aug-2019 |
Dr. David von Oheimb |
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712) CMP and CRMF API is added to libcrypto, and the "c
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712) CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI. Adds extensive man pages and tests. Integration into build scripts. Incremental pull request based on OpenSSL commit 8869ad4a39f of 2019-04-02 4th chunk: CMP context/parameters and utilities in crypto/cmp/cmp_ctx.c, crypto/cmp/cmp_util.c, and related files Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9107)
show more ...
|
#
19bd1fa1 |
| 19-Sep-2019 |
Patrick Steuer |
s390x assembly pack: accelerate X25519, X448, Ed25519 and Ed448 using PCC and KDSA instructions. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Rich
s390x assembly pack: accelerate X25519, X448, Ed25519 and Ed448 using PCC and KDSA instructions. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10004)
show more ...
|
#
3a9f26f3 |
| 13-Sep-2019 |
Shane Lontis |
Add aes_xts cipher to providers Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9327)
|
#
59cba5ac |
| 24-Aug-2019 |
Pauli |
KDF error codes reworked Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
|
#
f05b53a3 |
| 21-Aug-2019 |
Pauli |
KDF provider conversion error updates - generated Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
|
#
3ca9d210 |
| 23-Aug-2019 |
Richard Levitte |
Refactor how KEYMGMT methods get associated with other methods KEYMGMT methods were attached to other methods after those were fully created and registered, thereby creating a potential
Refactor how KEYMGMT methods get associated with other methods KEYMGMT methods were attached to other methods after those were fully created and registered, thereby creating a potential data race, if two threads tried to create the exact same method at the same time. Instead of this, we change the method creating function to take an extra data parameter, passed all the way from the public fetching function. In the case of EVP_KEYEXCH, we pass all the necessary data that evp_keyexch_from_dispatch() needs to be able to fetch the appropriate KEYMGMT method on the fly. Fixes #9592 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9678)
show more ...
|
#
4a42e264 |
| 26-Aug-2019 |
Shane Lontis |
Cleanup ciphers and Add 3des ciphers. Moved the relevant ciphers into default and restructed headers to allow the move. This removed most of the cases of #ifdef NO_XXX (which are now spe
Cleanup ciphers and Add 3des ciphers. Moved the relevant ciphers into default and restructed headers to allow the move. This removed most of the cases of #ifdef NO_XXX (which are now specified in build.info) Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9482)
show more ...
|
#
3bfe9005 |
| 19-Aug-2019 |
Shane Lontis |
Add aes_ccm to provider Add Cleanups for gcm - based on the changes to ccm. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm
Add aes_ccm to provider Add Cleanups for gcm - based on the changes to ccm. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> (Merged from https://github.com/openssl/openssl/pull/9280)
show more ...
|
#
92d9d0ae |
| 16-Aug-2019 |
Richard Levitte |
Rename ctx_{get,set}_params to {get,set}_ctx_params Recently, we added dispatched functions to get parameter descriptions, and those for operation context parameters ended up being calle
Rename ctx_{get,set}_params to {get,set}_ctx_params Recently, we added dispatched functions to get parameter descriptions, and those for operation context parameters ended up being called something_gettable_ctx_params and something_settable_ctx_params. The corresponding dispatched functions to actually perform parameter transfers were previously called something_ctx_get_params and something_ctx_set_params, which doesn't quite match, so we rename them to something_get_ctx_params and something_set_ctx_params. An argument in favor of this name change is English, where you'd rather say something like "set the context parameters". This only change the libcrypto <-> provider interface. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9612)
show more ...
|
#
f73eb733 |
| 12-Aug-2019 |
Richard Levitte |
Adjust some provider reason codes BLAKE2 MACs came with a set of new reason codes. Those talking about lengths are consistently called PROV_R_INVALID_FOO_LENGTH, for any name FOO.
Adjust some provider reason codes BLAKE2 MACs came with a set of new reason codes. Those talking about lengths are consistently called PROV_R_INVALID_FOO_LENGTH, for any name FOO. The cipher messages were briefer. In the interest of having more humanly readable messages, we adjust the reasons used by the ciphers (that's just IV length and key length). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8877)
show more ...
|
#
ae0b6b92 |
| 02-Jun-2019 |
Richard Levitte |
Move Poly1305 to providers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8877)
|
#
e23cda00 |
| 02-Jun-2019 |
Richard Levitte |
Move KMAC to providers Instead of using evp_keccak_kmac128() and evp_keccak_kmac256(), we refer to the hash implementation by name, and fetch it, which should get us the implementati
Move KMAC to providers Instead of using evp_keccak_kmac128() and evp_keccak_kmac256(), we refer to the hash implementation by name, and fetch it, which should get us the implementation from providers/common/digests/sha3_prov.c. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8877)
show more ...
|
#
d33313be |
| 01-Jun-2019 |
Richard Levitte |
Move GMAC to providers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8877)
|
#
55a0a117 |
| 07-May-2019 |
Richard Levitte |
Move BLAKE2 MACs to the providers This also moves the remaining parts of BLAKE2 digests to the default provider, and removes the legacy EVP implementation. Reviewed-by: Matt Cas
Move BLAKE2 MACs to the providers This also moves the remaining parts of BLAKE2 digests to the default provider, and removes the legacy EVP implementation. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8877)
show more ...
|
#
58c35587 |
| 11-Jul-2019 |
Patrick Steuer |
s390x assembly pack: accelerate ECDSA for NIST P-256, P-384 and P-521 using KDSA instruction. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard
s390x assembly pack: accelerate ECDSA for NIST P-256, P-384 and P-521 using KDSA instruction. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9348)
show more ...
|
#
9bf682f6 |
| 11-Jul-2019 |
Patrick Steuer |
Enable curve-spefific ECDSA implementations via EC_METHOD which are already enabled for ECDH. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard
Enable curve-spefific ECDSA implementations via EC_METHOD which are already enabled for ECDH. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9348)
show more ...
|
#
82bd7c2c |
| 03-Jul-2019 |
Richard Levitte |
Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex() They do the same thing as OPENSSL_hexstr2buf() and OPENSSL_buf2hexstr(), except they take a result buffer from the caller.
Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex() They do the same thing as OPENSSL_hexstr2buf() and OPENSSL_buf2hexstr(), except they take a result buffer from the caller. We take the opportunity to break out the documentation of the hex to / from buffer conversion routines from the OPENSSL_malloc() file to its own file. These routines aren't memory allocation routines per se. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9303)
show more ...
|