#
5d51925a |
| 10-Aug-2020 |
Matt Caswell |
Convert EVP_PKEY_CTX_set_mac_key() into a function Previously it was a macro. We now make it into a function that is params aware. Reviewed-by: Paul Dale <paul.dale@oracle.com>
Convert EVP_PKEY_CTX_set_mac_key() into a function Previously it was a macro. We now make it into a function that is params aware. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
#
b571e662 |
| 07-Aug-2020 |
Matt Caswell |
Make the provider side EVP PKEY MAC bridge available in default and fips Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
|
#
c0f39ded |
| 22-Aug-2020 |
Shane Lontis |
Add Explicit EC parameter support to providers. This was added for backward compatability. Added EC_GROUP_new_from_params() that supports explicit curve parameters. This fixes t
Add Explicit EC parameter support to providers. This was added for backward compatability. Added EC_GROUP_new_from_params() that supports explicit curve parameters. This fixes the 15-test_genec.t TODO. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12604)
show more ...
|
#
e3efe7a5 |
| 12-Aug-2020 |
Shane Lontis |
Add public API for gettables and settables for keymanagement, signatures and key exchange. The openssl provider app will now display these params. Reviewed-by: Matt Caswell <matt@op
Add public API for gettables and settables for keymanagement, signatures and key exchange. The openssl provider app will now display these params. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12396)
show more ...
|
#
116d2510 |
| 04-Aug-2020 |
Shane Lontis |
Add dh_kdf support to provider Similiar to ecdh this supports the legacy kdf inside the provider dh key exchange. The supporting EVP_PKEY_CTX macros have been changed into mehtods and mo
Add dh_kdf support to provider Similiar to ecdh this supports the legacy kdf inside the provider dh key exchange. The supporting EVP_PKEY_CTX macros have been changed into mehtods and moved into dh_ctrl.c New kdfs such as SSKDF should be done as a seperate pass after doing the derive. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12575)
show more ...
|
#
1704752b |
| 31-Jul-2020 |
Matt Caswell |
Delete old KDF bridge EVP_PKEY_METHODS The KDF bridge is now done provider side so the old EVP_PKEY_METHODS for this are no longer required. Reviewed-by: Paul Dale <paul.dale@or
Delete old KDF bridge EVP_PKEY_METHODS The KDF bridge is now done provider side so the old EVP_PKEY_METHODS for this are no longer required. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
show more ...
|
#
194de849 |
| 31-Jul-2020 |
Matt Caswell |
Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
|
#
05d2f72e |
| 20-Jul-2020 |
Matt Caswell |
Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
|
#
ac2d58c7 |
| 03-Jul-2020 |
Matt Caswell |
Implement a EVP_PKEY KDF to KDF provider bridge Some KDF implementations were available before the current EVP_KDF API. They were used via EVP_PKEY_derive. There exists a bridge between
Implement a EVP_PKEY KDF to KDF provider bridge Some KDF implementations were available before the current EVP_KDF API. They were used via EVP_PKEY_derive. There exists a bridge between the old API and the EVP_KDF API however this bridge itself uses a legacy EVP_PKEY_METHOD. This commit implements a provider side bridge without having to use any legacy code. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
show more ...
|
#
18ec26ba |
| 05-Aug-2020 |
Pauli |
gettables: core changes to pass the provider context. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
|
#
023b188c |
| 20-May-2020 |
Matt Caswell |
Make EVP_PKEY_CTX_[get|set]_group_name work for DH too The previous commit added the EVP_PKEY_CTX_[get|set]_group_name functions to work with EC groups. We now extend that to also work f
Make EVP_PKEY_CTX_[get|set]_group_name work for DH too The previous commit added the EVP_PKEY_CTX_[get|set]_group_name functions to work with EC groups. We now extend that to also work for DH. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
#
11a1b341 |
| 19-May-2020 |
Matt Caswell |
Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic We rename these function to EVP_PKEY_CTX_get_group_name and EVP_PKEY_CTX_set_group_name so that they can be used for other
Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic We rename these function to EVP_PKEY_CTX_get_group_name and EVP_PKEY_CTX_set_group_name so that they can be used for other algorithms other than EC. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
#
4cbb196b |
| 11-Apr-2020 |
Aaron Thompson |
Fix missed fields in EVP_PKEY_meth_copy. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/opens
Fix missed fields in EVP_PKEY_meth_copy. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11514)
show more ...
|
#
b533510f |
| 13-May-2020 |
Matt Caswell |
Fail if we fail to fetch the EVP_KEYMGMT If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy. This is because some algorithms (such as MACs and KDFs used via an old
Fail if we fail to fetch the EVP_KEYMGMT If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy. This is because some algorithms (such as MACs and KDFs used via an old style EVP_PKEY) have not been transferred to providers. Unfortunately this means that you cannot stop some algorithms from being used by not loading the provider. For example if you wanted to prevent RSA from being used, you might expect to just not load any providers that make it available. Unfortunately that doesn't work because we simply fall back to legacy if we fail to fetch the EVP_KEYMGMT. Instead we should fail *unless* the key type is one of those legacy key types that we have not transferred. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11826)
show more ...
|
#
b8086652 |
| 26-May-2020 |
Shane Lontis |
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
show more ...
|
#
5e5bc836 |
| 22-May-2020 |
Richard Levitte |
Re-introduce legacy EVP_PKEY types for provided keys EVP_PKEYs with provider side internal keys got the key type EVP_PKEY_NONE. This turned out to be too disruptive, so we try inste
Re-introduce legacy EVP_PKEY types for provided keys EVP_PKEYs with provider side internal keys got the key type EVP_PKEY_NONE. This turned out to be too disruptive, so we try instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever EVP_PKEY type it uses. To make internal coding easier, we introduce a few internal macros to distinguish what can be expected from a EVP_PKEY: - evp_pkey_is_blank(), to detect an unassigned EVP_PKEY. - evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a type, which may be an old style type number or a EVP_KEYMGMT method. - evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned an key value. - evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an EVP_PKEY_METHOD. - evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is a provider side one, i.e. will be handdled via an EVP_KEYMGMT and other provider methods. This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY contains a provider side key for which there are no known EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be handled via EVP_KEYMGMT and other provider methods. Fixes #11823 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11913)
show more ...
|
#
e25761b1 |
| 05-May-2020 |
Richard Levitte |
EVP: Refactor the RSA-PSS key generation controls for providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710)
|
#
5e77b79a |
| 07-May-2020 |
Shane Lontis |
Remove gen_get_params & gen_gettable_params from keygen operation EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation. After adding it it was noticed that it is prob
Remove gen_get_params & gen_gettable_params from keygen operation EVP_PKEY_CTX_gettable_params() was missing code for the keygen operation. After adding it it was noticed that it is probably not required for this type, so instead the gen_get_params and gen_gettable_params have been remnoved from the provider interface. gen_get_params was only implemented for ec to get the curve name. This seems redundant since normally you would set parameters into the keygen_init() and then generate a key. Normally you would expect to extract data from the key - not the object that we just set up to do the keygen. Added a simple settable and gettable test into a test that does keygen. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11683)
show more ...
|
#
f844f9eb |
| 13-Apr-2020 |
Richard Levitte |
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
b5bcc053 |
| 15-Apr-2020 |
Pauli |
pkey: free key manager on error path Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11371)
|
#
7165593c |
| 15-Apr-2020 |
Shane Lontis |
Add DH keygen to providers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11332)
|
#
b03ec3b5 |
| 15-Apr-2020 |
Shane Lontis |
Add DSA keygen to provider Moved some shared FFC code into the FFC files. Added extra paramgen parameters for seed, gindex. Fixed bug in ossl_prov util to print bignums. Rev
Add DSA keygen to provider Moved some shared FFC code into the FFC files. Added extra paramgen parameters for seed, gindex. Fixed bug in ossl_prov util to print bignums. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11303)
show more ...
|
#
10d756a7 |
| 19-Mar-2020 |
Richard Levitte |
EC: Refactor EVP_PKEY_CTX curve setting macros for param generation The macros are converted to functions, and are modified to support provider implementations. Reviewed-by: Mat
EC: Refactor EVP_PKEY_CTX curve setting macros for param generation The macros are converted to functions, and are modified to support provider implementations. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11328)
show more ...
|
#
2b9add69 |
| 19-Mar-2020 |
Richard Levitte |
KEYMGMT: Add functions to get param/key generation parameters Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.
KEYMGMT: Add functions to get param/key generation parameters Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11328)
show more ...
|