#
c1ff5994 |
| 26-Nov-2019 |
Matt Caswell |
Check that OPENSSL_zalloc was successful when creating EVP types We were missing a NULL check in a few very similar places following an OPENSSL_zalloc() call. Reported-by: Ziyan
Check that OPENSSL_zalloc was successful when creating EVP types We were missing a NULL check in a few very similar places following an OPENSSL_zalloc() call. Reported-by: Ziyang Li (@Liby99) Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10526)
show more ...
|
#
0ddf74bf |
| 31-Oct-2019 |
Richard Levitte |
Final cleanup after move to leaner EVP_PKEY methods Now that KEYMGMT method pointers have moved away from the diverse methods that are used with EVP_PKEY_CTX, we no longer need to pass
Final cleanup after move to leaner EVP_PKEY methods Now that KEYMGMT method pointers have moved away from the diverse methods that are used with EVP_PKEY_CTX, we no longer need to pass special argument to evp_generic_fetch() and evp_generic_do_all(). Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10309)
show more ...
|
#
c0e0984f |
| 30-Oct-2019 |
Richard Levitte |
EVP: Make the KEYEXCH implementation leaner Because the algorithm to use is decided already when creating an EVP_PKEY_CTX regardless of how it was created, it turns out that it's unn
EVP: Make the KEYEXCH implementation leaner Because the algorithm to use is decided already when creating an EVP_PKEY_CTX regardless of how it was created, it turns out that it's unnecessary to provide the KEYEXCH method explicitly, and rather always have it be fetched implicitly. This means fewer changes for applications that want to use new key exchange algorithms / implementations. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10305)
show more ...
|
#
02f060d1 |
| 14-Oct-2019 |
Richard Levitte |
PKEY: adapt the export_to_provider funtions to handle domain params too Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10169)
|
#
506cb0f6 |
| 23-Sep-2019 |
Richard Levitte |
EVP: add functions that return the name number The returned number can be used for comparison purposes. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://gi
EVP: add functions that return the name number The returned number can be used for comparison purposes. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
show more ...
|
#
f651c727 |
| 23-Sep-2019 |
Richard Levitte |
EVP: add name traversal functions to all fetchable types The following new functions all do the same thing; they traverse the set of names assigned to implementations of each algorithm t
EVP: add name traversal functions to all fetchable types The following new functions all do the same thing; they traverse the set of names assigned to implementations of each algorithm type: EVP_MD_names_do_all(), EVP_CIPHER_names_do_all(), EVP_MAC_names_do_all(), EVP_KEYMGMT_names_do_all(), EVP_KEYEXCH_names_do_all(), EVP_KDF_names_do_all(), EVP_SIGNATURE_names_do_all() We add a warning to the documentation of EVP_CIPHER_name() and EVP_MD_name(), as they aren't suitable to use with multiple-name implementation. We also remove EVP_MAC_name() and evp_KDF_name(), as they serve no useful purpose. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
show more ...
|
#
251e610c |
| 23-Sep-2019 |
Richard Levitte |
EVP: add missing common functionality This adds the missing functions that should be common for all fetchable EVP sub-APIs: EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EV
EVP: add missing common functionality This adds the missing functions that should be common for all fetchable EVP sub-APIs: EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(), EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(), EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a(). This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(), EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex' to '_provided'. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
show more ...
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
25f2138b |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: W
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
f7c16d48 |
| 14-Sep-2019 |
Richard Levitte |
In provider implemented methods, save the name number, not the name string Multiple names per implementation is already supported in the namemap, but hasn't been used yet. However, as s
In provider implemented methods, save the name number, not the name string Multiple names per implementation is already supported in the namemap, but hasn't been used yet. However, as soon as we have multiple names, we will get an issue with what name should be saved in the method. The solution is to not save the name itself, but rather the number it's associated with. This number is supposed to be unique for each set of names, and we assume that algorithm names are globally unique, i.e. there can be no name overlap between different algorithm types. Incidently, it was also found that the 'get' function used by ossl_construct_method() doesn't need all the parameters it was given; most of what it needs, it can now get through the data structure given by the caller of ossl_construct_method(). As a consequence, ossl_construct_method() itself doesn't need all the parameters it was given either. There are some added internal functions that are expected to disappear as soon as legacy code is removed, such as evp_first_name() and ossl_namemap_num2name(). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9897)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
864b89ce |
| 04-Sep-2019 |
Matt Caswell |
Move EVP_PKEY algorithm implementations into a union An EVP_PKEY can be used for multiple different algorithm operations. Only one can be used at a time, so we move those into a union.
Move EVP_PKEY algorithm implementations into a union An EVP_PKEY can be used for multiple different algorithm operations. Only one can be used at a time, so we move those into a union. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
show more ...
|
#
9c45222d |
| 04-Sep-2019 |
Matt Caswell |
Revise EVP_PKEY param handling We add new functions for getting parameters and discovering the gettable and settable parameters. We also make EVP_PKEY_CTX_get_signature_md() a functi
Revise EVP_PKEY param handling We add new functions for getting parameters and discovering the gettable and settable parameters. We also make EVP_PKEY_CTX_get_signature_md() a function and implement it in terms of the new functions. This enables applications to discover the set of parameters that are supported for a given algorithm implementation. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
show more ...
|
#
dfcb5d29 |
| 30-Aug-2019 |
Matt Caswell |
Add the ability to perform signatures in a provider This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It also introduces the new type EVP_SIGNATURE to represent signature
Add the ability to perform signatures in a provider This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It also introduces the new type EVP_SIGNATURE to represent signature algorithms. This also automatically makes the EVP_Sign* APIs provider aware because they use EVP_Digest* (which is already provider aware) and EVP_PKEY_sign(_init) under the covers. At this stage there are no signature algorithms in any providers. That will come in the following commits. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
show more ...
|
#
3ca9d210 |
| 23-Aug-2019 |
Richard Levitte |
Refactor how KEYMGMT methods get associated with other methods KEYMGMT methods were attached to other methods after those were fully created and registered, thereby creating a potential
Refactor how KEYMGMT methods get associated with other methods KEYMGMT methods were attached to other methods after those were fully created and registered, thereby creating a potential data race, if two threads tried to create the exact same method at the same time. Instead of this, we change the method creating function to take an extra data parameter, passed all the way from the public fetching function. In the case of EVP_KEYEXCH, we pass all the necessary data that evp_keyexch_from_dispatch() needs to be able to fetch the appropriate KEYMGMT method on the fly. Fixes #9592 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9678)
show more ...
|
#
ac5a61ca |
| 09-Aug-2019 |
Shane Lontis |
Add missing SIZE_MAX define for windows Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openss
Add missing SIZE_MAX define for windows Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9559)
show more ...
|
#
8b84b075 |
| 07-Jul-2019 |
Richard Levitte |
Adapt DH to use with KEYMGMT The biggest part in this was to move the key->param builder from EVP to the DH ASN.1 method, and to implement the KEYMGMT support in the provider DH.
Adapt DH to use with KEYMGMT The biggest part in this was to move the key->param builder from EVP to the DH ASN.1 method, and to implement the KEYMGMT support in the provider DH. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9394)
show more ...
|
#
6b9e3724 |
| 10-Jul-2019 |
Richard Levitte |
Add a mechnism to save the name of fetched methods This will be useful for information display, as well as for code that want to check the name of an algorithm. This can eventually repl
Add a mechnism to save the name of fetched methods This will be useful for information display, as well as for code that want to check the name of an algorithm. This can eventually replace all NID checks. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
show more ...
|
#
35aca9ec |
| 27-Jun-2019 |
Matt Caswell |
Add the ability to set PKCS#3 DH padding in providers This also adds the ability to set arbitrary parameters on key exchange algorithms. The ability to pad the output is one such paramet
Add the ability to set PKCS#3 DH padding in providers This also adds the ability to set arbitrary parameters on key exchange algorithms. The ability to pad the output is one such parameter for DH. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9266)
show more ...
|
#
94b40fb7 |
| 27-Jun-2019 |
Matt Caswell |
Enable PKCS#3 DH in the providers The default provider now has support for PKCS#3 Diffie-Hellman so we switch libcrypto to using providers for that algorithm. Reviewed-by: Paul
Enable PKCS#3 DH in the providers The default provider now has support for PKCS#3 Diffie-Hellman so we switch libcrypto to using providers for that algorithm. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9266)
show more ...
|
#
ff64702b |
| 27-Jun-2019 |
Matt Caswell |
Make the EVP Key Exchange code provider aware We introduce a new EVP_KEYEXCH type to represent key exchange algorithms and refactor the existing code to use it where available.
Make the EVP Key Exchange code provider aware We introduce a new EVP_KEYEXCH type to represent key exchange algorithms and refactor the existing code to use it where available. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9266)
show more ...
|