#
60a33997 |
| 04-Jan-2020 |
Richard Levitte |
EVP: Fix method to determine if a PKEY is legacy or not For the implementation of EVP_PKEY_CTX_new(), we determined if an EVP_PKEY wass legacy or not by looking at 'pkey->pkey.ptr'. It
EVP: Fix method to determine if a PKEY is legacy or not For the implementation of EVP_PKEY_CTX_new(), we determined if an EVP_PKEY wass legacy or not by looking at 'pkey->pkey.ptr'. It turns out that this code could get an unassigned EVP_PKEY, with that pointer being NULL, and the determination proven incorrect. The check now looks at 'pkey->ameth' instead. Fixes #10704 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10758)
show more ...
|
#
982efd77 |
| 02-Dec-2019 |
Richard Levitte |
EVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY The case when EVP_PKEY_CTX_new() is called with a provided EVP_PKEY (no legacy data) wasn't handled properly. R
EVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY The case when EVP_PKEY_CTX_new() is called with a provided EVP_PKEY (no legacy data) wasn't handled properly. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10618)
show more ...
|
#
2555285f |
| 08-Nov-2019 |
Anthony Hu |
Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (M
Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10388)
show more ...
|
#
89abd1b6 |
| 28-Oct-2019 |
Matt Caswell |
Move RSA Asym cipher code to the default provider Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10152)
|
#
2c938e2e |
| 01-Oct-2019 |
Matt Caswell |
Implement provider support for Asym Ciphers Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10152)
|
#
7606bed9 |
| 01-Nov-2019 |
Matt Caswell |
Ensure EVP_get_digestbyname() and EVP_get_cipherbyname() know all aliases Now that we have an EVP namemap containing all aliases that providers know about for any given algorithm, it is
Ensure EVP_get_digestbyname() and EVP_get_cipherbyname() know all aliases Now that we have an EVP namemap containing all aliases that providers know about for any given algorithm, it is possible that an application attempts to look up a digest or a cipher via EVP_get_digestbyname() or EVP_get_cipherbyname() with an algorithm name that is unknown to the legacy method database. Therefore we extend those functions to additionally check the aliases in the namemap when searching for a method in the event that our initial lookup attempt fails. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10324)
show more ...
|
#
c0e0984f |
| 30-Oct-2019 |
Richard Levitte |
EVP: Make the KEYEXCH implementation leaner Because the algorithm to use is decided already when creating an EVP_PKEY_CTX regardless of how it was created, it turns out that it's unn
EVP: Make the KEYEXCH implementation leaner Because the algorithm to use is decided already when creating an EVP_PKEY_CTX regardless of how it was created, it turns out that it's unnecessary to provide the KEYEXCH method explicitly, and rather always have it be fetched implicitly. This means fewer changes for applications that want to use new key exchange algorithms / implementations. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10305)
show more ...
|
#
3ee348b0 |
| 01-Nov-2019 |
Richard Levitte |
Change EVP_PKEY_CTX_new_provided() to take a library context too. With provided algorithms, the library context is ever present, so of course it should be specified alongside the algorit
Change EVP_PKEY_CTX_new_provided() to take a library context too. With provided algorithms, the library context is ever present, so of course it should be specified alongside the algorithm name and property query string. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10308)
show more ...
|
#
60653e5b |
| 31-Oct-2019 |
Richard Levitte |
Make EVP_PKEY_CTX initialization more precise There is a vagueness around how the provider data (algorithm name and property query string) is initialized in the presence of an engine.
Make EVP_PKEY_CTX initialization more precise There is a vagueness around how the provider data (algorithm name and property query string) is initialized in the presence of an engine. This change modifies this slightly so that the algorithm name for use with providers is never set if the initilization was given an engine. This makes it easier for other functions to simply check ctx->algorithm to see if the context is meant to be used for strictly legacy stuff or not. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10308)
show more ...
|
#
fb1ecf85 |
| 29-Oct-2019 |
Richard Levitte |
evp_pkey_ctx_free_old_ops(): Make sure to assign NULL to freed pointers Otherwise, should this function be called more than once on the same EVP_PKEY_CTX, we get double free issues.
evp_pkey_ctx_free_old_ops(): Make sure to assign NULL to freed pointers Otherwise, should this function be called more than once on the same EVP_PKEY_CTX, we get double free issues. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10292)
show more ...
|
#
48bb9792 |
| 20-Oct-2019 |
Richard Levitte |
crypto/evp/pmeth_lib.c: Fix copy'n'paste error Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10227)
|
#
a07c17ef |
| 15-Oct-2019 |
Richard Levitte |
Add EVP_PKEY_CTX_new_provided() This works as much as possible EVP_PKEY_CTX_new_id(), except it takes data that's relevant for providers, algorithm name and property query string ins
Add EVP_PKEY_CTX_new_provided() This works as much as possible EVP_PKEY_CTX_new_id(), except it takes data that's relevant for providers, algorithm name and property query string instead of NID and engine. Additionally, if EVP_PKEY_CTX_new() or EVP_PKEY_CTX_new_id() was called, the algorithm name in the EVP_PKEY context will be set to the short name of the given NID (explicit or the one of the given EVP_PKEY), thereby giving an easier transition from legacy methods to provided methods. The intent is that operations will use this information to fetch provider methods implicitly as needed. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10184)
show more ...
|
#
12a765a5 |
| 16-Sep-2019 |
Rich Salz |
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Review
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
show more ...
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
25f2138b |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: W
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
19bd1fa1 |
| 19-Sep-2019 |
Patrick Steuer |
s390x assembly pack: accelerate X25519, X448, Ed25519 and Ed448 using PCC and KDSA instructions. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Rich
s390x assembly pack: accelerate X25519, X448, Ed25519 and Ed448 using PCC and KDSA instructions. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10004)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
864b89ce |
| 04-Sep-2019 |
Matt Caswell |
Move EVP_PKEY algorithm implementations into a union An EVP_PKEY can be used for multiple different algorithm operations. Only one can be used at a time, so we move those into a union.
Move EVP_PKEY algorithm implementations into a union An EVP_PKEY can be used for multiple different algorithm operations. Only one can be used at a time, so we move those into a union. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
show more ...
|
#
9c45222d |
| 04-Sep-2019 |
Matt Caswell |
Revise EVP_PKEY param handling We add new functions for getting parameters and discovering the gettable and settable parameters. We also make EVP_PKEY_CTX_get_signature_md() a functi
Revise EVP_PKEY param handling We add new functions for getting parameters and discovering the gettable and settable parameters. We also make EVP_PKEY_CTX_get_signature_md() a function and implement it in terms of the new functions. This enables applications to discover the set of parameters that are supported for a given algorithm implementation. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
show more ...
|
#
390acbeb |
| 02-Sep-2019 |
Matt Caswell |
Add support for verify/verify_recover functions to EVP_SIGNATURE Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
|
#
4889dadc |
| 30-Aug-2019 |
Matt Caswell |
Implement DSA in the default provider Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
|
#
dfcb5d29 |
| 30-Aug-2019 |
Matt Caswell |
Add the ability to perform signatures in a provider This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It also introduces the new type EVP_SIGNATURE to represent signature
Add the ability to perform signatures in a provider This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It also introduces the new type EVP_SIGNATURE to represent signature algorithms. This also automatically makes the EVP_Sign* APIs provider aware because they use EVP_Digest* (which is already provider aware) and EVP_PKEY_sign(_init) under the covers. At this stage there are no signature algorithms in any providers. That will come in the following commits. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9753)
show more ...
|
#
1c3ace68 |
| 05-Sep-2019 |
Shane Lontis |
Change provider params from int to size_t Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9699)
|
#
8b84b075 |
| 07-Jul-2019 |
Richard Levitte |
Adapt DH to use with KEYMGMT The biggest part in this was to move the key->param builder from EVP to the DH ASN.1 method, and to implement the KEYMGMT support in the provider DH.
Adapt DH to use with KEYMGMT The biggest part in this was to move the key->param builder from EVP to the DH ASN.1 method, and to implement the KEYMGMT support in the provider DH. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9394)
show more ...
|
#
d0ea49a8 |
| 09-Jul-2019 |
Richard Levitte |
Adapt int_ctx_new() to use with providers This affects all its callers: EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(). They are now possible to called with "zero" values, i.e.:
Adapt int_ctx_new() to use with providers This affects all its callers: EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(). They are now possible to called with "zero" values, i.e.: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(NULL, NULL); or EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(0, NULL); This is suitable for provider use, as the key functionality is tied with its keys, and the operation time is determined by the init functions the EVP_PKEY_CTX is used with. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9312)
show more ...
|
#
76ca35e7 |
| 17-Jul-2019 |
Matt Caswell |
Fix no-dh The recent move of the DH code into the default provider broke no-dh. This adds back in various missing guards. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged f
Fix no-dh The recent move of the DH code into the default provider broke no-dh. This adds back in various missing guards. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9399)
show more ...
|