| #
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
| #
390f00a1 |
| 31-Jul-2024 |
slontis |
Add HMAC FIPS keysize check.
HMAC has been changed to use a FIPS indicator for its key check.
HKDF and Single Step use a salt rather than a key when using HMAC,
so we need a mec
Add HMAC FIPS keysize check.
HMAC has been changed to use a FIPS indicator for its key check.
HKDF and Single Step use a salt rather than a key when using HMAC,
so we need a mechanism to bypass this check in HMAC.
A seperate 'internal' query table has been added to the FIPS provider
for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore
the key check. If a KDF requires the key check then it must do the
check itself. The normal MAC dipatch table is used if the user fetches
HMAC directly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
show more ...
|
| #
62457fd9 |
| 14-Dec-2023 |
Neil Horman |
Ignore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT
The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and
OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider,
Ignore OSSL_MAC_PARAM_DIGEST_NOINIT/OSSL_MAC_PARAM_DIGEST_ONESHOT
The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and
OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider,
and the former causes a segfault when the provider attempts to call
EVP_MAC_init on an EVP_MAC object that has been instructed not to be
initalized (as the update function will not have been set in the MAC
object, which is unilaterally called from EVP_MAC_init
Remove the tests for the above flags, and document them as being
deprecated and ignored.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23054)
show more ...
|
| #
17506897 |
| 17-Nov-2023 |
James Muir |
doc: fix description of mac "block-size" parameter
The macro for "block-size" is OSSL_MAC_PARAM_BLOCK_SIZE, and this
parameter is not settable. Refer to the "customization string" rathe
doc: fix description of mac "block-size" parameter
The macro for "block-size" is OSSL_MAC_PARAM_BLOCK_SIZE, and this
parameter is not settable. Refer to the "customization string" rather
than the "custom value" (in the Blake2 spec, this is called the
personalization string).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22763)
show more ...
|
| #
edc9ce8e |
| 24-May-2021 |
Pauli |
doc: document the MAC block size getter
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl
doc: document the MAC block size getter
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15427)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
8593ff00 |
| 01-Mar-2021 |
Richard Levitte |
DOCS: Fix provider-mac.pod and the docs of our implementations
The idea being that doc/man7/provider-mac.pod is for provider authors,
while provider users find the documentation for each
DOCS: Fix provider-mac.pod and the docs of our implementations
The idea being that doc/man7/provider-mac.pod is for provider authors,
while provider users find the documentation for each implementation in
doc/man7/EVP_MAC-*.pod, the documentation of parameters wasn't quite
aligned. This change re-arranges the parameter documentation to be
more aligned with this idea.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14380)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha12 |
|
| #
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
|
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
| #
36978c19 |
| 14-Dec-2020 |
Shane Lontis |
Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields.
Fixes #12992
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1
Replace MAC flags OSSL_MAC_PARAM_FLAGS with separate param fields.
Fixes #12992
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
show more ...
|
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
| #
90a2576b |
| 13-Oct-2020 |
Shane Lontis |
Rename EVP_MAC_size() to EVP_MAC_CTX_get_mac_size().
Fixes #11320
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116)
|
|
Revision tags: OpenSSL_1_1_1h |
|
| #
820d87bc |
| 27-Aug-2020 |
Matt Caswell |
Update the EVP_PKEY MAC documentation
Include more information about the new HMAC parameter. Also fill in some
missing documentation about the EVP_PKEY MAC bridge.
Reviewed-by:
Update the EVP_PKEY MAC documentation
Include more information about the new HMAC parameter. Also fill in some
missing documentation about the EVP_PKEY MAC bridge.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
| #
865adf97 |
| 18-Jun-2020 |
Matt Caswell |
Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*"
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the pr
Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*"
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.
This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12186)
show more ...
|
| #
d9c2fd51 |
| 08-Jun-2020 |
Pauli |
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.
Before 3.0 is released, the names are mu
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*
functions are now EVP_MAC functions, usually with ctx in their names.
Before 3.0 is released, the names are mutable and this prevents more
inconsistencies being introduced.
There are no functional or code changes.
Just the renaming and a little reformatting.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11997)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
745fc918 |
| 14-Feb-2020 |
Matt Caswell |
Introduce the provider property
Replace the properties default, fips and legacy with a single property
called "provider". So, for example, instead of writing "default=yes" to
get alg
Introduce the provider property
Replace the properties default, fips and legacy with a single property
called "provider". So, for example, instead of writing "default=yes" to
get algorithms from the default provider you would instead write
"provider=default". We also have a new "fips" property to indicate that
an algorithm is compatible with FIPS mode. This applies to all the
algorithms in the FIPS provider, as well as any non-cryptographic
algorithms (currently only serializers).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11097)
show more ...
|
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
0c452a51 |
| 10-Sep-2019 |
Pauli |
Reformat param description lines
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10024)
|
| #
f49a65d0 |
| 25-Sep-2019 |
Pauli |
Use OSSL_PARAM types for MAC documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
|
| #
8d1502da |
| 22-Sep-2019 |
Pauli |
Remove the engine parameter from the individual MAC documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
|
| #
fddb1847 |
| 16-Sep-2019 |
Pauli |
Change PARAMETER NAMES links to PARAMETERS
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9905)
|
| #
e592dbde |
| 28-Aug-2019 |
Richard Levitte |
Rework the documentation of our individual MAC implementations
We now describe parameters instead of controls.
Also, since macros like EVP_MAC_CMAC do not exist any more, we rename
Rework the documentation of our individual MAC implementations
We now describe parameters instead of controls.
Also, since macros like EVP_MAC_CMAC do not exist any more, we rename
the pod files from EVP_MAC_{algo}.pod to EVP_MAC-{algo}.pod. This
allows getting the documentation like this:
man EVP_MAC CMAC
[skip ci]
Fixes #9709
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9713)
show more ...
|
