#
54fb2fd0 |
| 11-Sep-2024 |
Dmitry Belyavskiy |
EVP_get_default_properties - implementation Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pu
EVP_get_default_properties - implementation Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25434)
show more ...
|
#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
c48e5687 |
| 25-Aug-2024 |
slontis |
XOF / EVP_MD_size() changes. Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and does a ctx get rather than just returning EVP_MD_size(). SHAKE did not have a get_ct
XOF / EVP_MD_size() changes. Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and does a ctx get rather than just returning EVP_MD_size(). SHAKE did not have a get_ctx_params() so that had to be added to return the xoflen. Added a helper function EVP_MD_xof() EVP_MD_CTX_size() was just an aliased macro for EVP_MD_size(), so to keep it the same I added an extra function. EVP_MD_size() always returns 0 for SHAKE now, since it caches the value of md_size at the time of an EVP_MD_fetch(). This is probably better than returning the incorrect initial value it was before e.g (16 for SHAKE128) and returning tht always instead of the set xoflen. Note BLAKE2B uses "size" instead of "xoflen" to do a similar thing. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285)
show more ...
|
#
033dcce2 |
| 25-Jul-2024 |
Richard Levitte |
feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor() This should be sufficient to cover the intent with the following legacy ctrls: - EVP_PKEY_CTRL_PKC
feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor() This should be sufficient to cover the intent with the following legacy ctrls: - EVP_PKEY_CTRL_PKCS7_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_SIGN (through EVP_SIGNATURE implementations) - EVP_PKEY_CTRL_CMS_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_SIGN (through EVP_SIGNATURE implementations) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000)
show more ...
|
#
258aaa97 |
| 25-Jul-2024 |
Richard Levitte |
feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor() EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can be used instead of EVP_
feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor() EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can be used instead of EVP_CIPHER_asn1_to_param() and EVP_CIPHER_param_to_asn1(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000)
show more ...
|
#
e675aabb |
| 18-Jan-2024 |
Richard Levitte |
Implement functionality for direct use of composite signature algorithms The following API groups are extended with a new init function, as well as an update and final function, to allow
Implement functionality for direct use of composite signature algorithms The following API groups are extended with a new init function, as well as an update and final function, to allow the use of explicitly fetched signature implementations for any composite signature algorithm, like "sha1WithRSAEncryption": - EVP_PKEY_sign - EVP_PKEY_verify - EVP_PKEY_verify_recover To support this, providers are required to add a few new functions, not the least one that declares what key types an signature implementation supports. While at this, the validity check in evp_signature_from_algorithm() is also refactored; the SIGNATURE provider functionality is too complex for counters. It's better, or at least more readable, to check function combinations. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
show more ...
|
#
d9346c59 |
| 24-Jul-2024 |
slontis |
Add KeyManagement keygen parameter getter/gettable functions. Added OSSL_FUNC_keymgmt_gen_get_params() and OSSL_FUNC_keymgmt_gen_gettable_params() This will allow a FIPS indicat
Add KeyManagement keygen parameter getter/gettable functions. Added OSSL_FUNC_keymgmt_gen_get_params() and OSSL_FUNC_keymgmt_gen_gettable_params() This will allow a FIPS indicator parameter to be queried after keygen. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24978)
show more ...
|
#
787e1dd9 |
| 11-Jul-2024 |
Richard Levitte |
fix: style nits Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Sho
fix: style nits Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24854)
show more ...
|
#
b96e10b9 |
| 11-Jul-2024 |
Richard Levitte |
fix: refactor the EVP_PKEY_OP checks On the one hand, we have public macros that are collections of EVP_PKEY_OP bits, like EVP_PKEY_OP_TYPE_SIG, obviously meant to be used like this:
fix: refactor the EVP_PKEY_OP checks On the one hand, we have public macros that are collections of EVP_PKEY_OP bits, like EVP_PKEY_OP_TYPE_SIG, obviously meant to be used like this: if ((ctx->operation & EVP_PKEY_OP_TYPE_SIG) == 0) ... On the other hand, we also have internal test macros, like EVP_PKEY_CTX_IS_SIGNATURE_OP(), obviously meant to be used like this: if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) ... Unfortunately, these two sets of macros were completely separate, forcing developers to keep them both sync, manually. This refactor makes the internal macros use the corresponding public macros, and adds the missing public macros, for consistency. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24854)
show more ...
|
#
53664908 |
| 21-Jul-2023 |
slontis |
Add EVP_DigestSqueeze() API. Fixes #7894 This allows SHAKE to squeeze multiple times with different output sizes. The existing EVP_DigestFinalXOF() API has been left as a o
Add EVP_DigestSqueeze() API. Fixes #7894 This allows SHAKE to squeeze multiple times with different output sizes. The existing EVP_DigestFinalXOF() API has been left as a one shot operation. A similar interface is used by another toolkit. The low level SHA3_Squeeze() function needed to change slightly so that it can handle multiple squeezes. This involves changing the assembler code so that it passes a boolean to indicate whether the Keccak function should be called on entry. At the provider level, the squeeze is buffered, so that it only requests a multiple of the blocksize when SHA3_Squeeze() is called. On the first call the value is zero, on subsequent calls the value passed is 1. This PR is derived from the excellent work done by @nmathewson in https://github.com/openssl/openssl/pull/7921 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21511)
show more ...
|
#
a1c03068 |
| 16-Oct-2023 |
Stephen Farrell |
Add additional internal HPKE hardening checks resulting from code audit. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://g
Add additional internal HPKE hardening checks resulting from code audit. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22493)
show more ...
|
#
1296c2ec |
| 02-Oct-2023 |
Richard Levitte |
Restore the meaning of EVP_PKEY_print_private() With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD function "priv_print", effectively asking the backend to pri
Restore the meaning of EVP_PKEY_print_private() With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD function "priv_print", effectively asking the backend to print whatever it regards as private key components. In all backends that were built into libcrypto, this function printed what was included in the private key structure, which usually includes the public key components as well. With OpenSSL 3.0, some of the corresponding key2text encoders got a slightly different behavior, where the presence of the selector OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be regarded as private key components printed. This isn't entirely consistent, though, as the RSA key2text encoder will still print the public key components regardless. To compensate for the changed backend behavior, EVP_PKEY_print_private() was made to ask the encoder to print the keypair rather than just the private key, thereby moving the backend semantics to the application API. Unfortunately, this causes confusion for providers where the key2text encoder really should print the private key only. This change restores the built-in 1.1.1 backend behavior in the encoders that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its documented behavior, leaving it to the backend to decide what it regards as "private key components". Fixes #22233 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22237)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
3fc2b7d6 |
| 09-Mar-2023 |
Simo Sorce |
Add a flag so finalised contexts are not reused The EVP layer should not rely on the underlying low level code to handle catching incorrect reuse of contexts. Add a flag to mark a co
Add a flag so finalised contexts are not reused The EVP layer should not rely on the underlying low level code to handle catching incorrect reuse of contexts. Add a flag to mark a context as finalised as needed and then catch and immediately error on Update/Final operations if called improperly. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/20375)
show more ...
|
#
98283a61 |
| 24-Jun-2021 |
Dmitry Belyavskiy |
Enable some disabled __owurs Fixes #15902 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com>
Enable some disabled __owurs Fixes #15902 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/15905)
show more ...
|
#
7c8187d4 |
| 26-Sep-2022 |
Pauli |
rand: add set0 calls for the private and public DRBGs The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means the entropy needs to be cooked. This permits this.
rand: add set0 calls for the private and public DRBGs The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means the entropy needs to be cooked. This permits this. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19510)
show more ...
|
#
78c44b05 |
| 26-Aug-2022 |
slontis |
Add HPKE DHKEM provider support for EC, X25519 and X448. The code is derived from @sftcd's work in PR #17172. This PR puts the DHKEM algorithms into the provider layer as KEM algorit
Add HPKE DHKEM provider support for EC, X25519 and X448. The code is derived from @sftcd's work in PR #17172. This PR puts the DHKEM algorithms into the provider layer as KEM algorithms for EC and ECX. This PR only implements the DHKEM component of HPKE as specified in RFC 9180. crypto/hpke/hpke_util.c has been added for fuctions that will be shared between DHKEM and HPKE. API's for EVP_PKEY_auth_encapsulate_init() and EVP_PKEY_auth_decapsulate_init() have been added to support authenticated encapsulation. auth_init() functions were chosen rather that a EVP_PKEY_KEM_set_auth() interface to support future algorithms that could possibly need different init functions. Internal code has been refactored, so that it can be shared between the DHKEM and other systems. Since DHKEM operates on low level keys it needs to be able to do low level ECDH and ECXDH calls without converting the keys back into EVP_PKEY/EVP_PKEY_CTX form. See ossl_ecx_compute_key(), ossl_ec_public_from_private() DHKEM requires API's to derive a key using a seed (IKM). This did not sit well inside the DHKEM itself as dispatch functions. This functionality fits better inside the EC and ECX keymanagers keygen, since they are just variations of keygen where the private key is generated in a different manner. This should mainly be used for testing purposes. See ossl_ec_generate_key_dhkem(). It supports this by allowing a settable param to be passed to keygen (See OSSL_PKEY_PARAM_DHKEM_IKM). The keygen calls code within ec and ecx dhkem implementation to handle this. See ossl_ecx_dhkem_derive_private() and ossl_ec_dhkem_derive_private(). These 2 functions are also used by the EC/ECX DHKEM implementations to generate the sender ephemeral keys. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19068)
show more ...
|
#
0113ec84 |
| 28-Apr-2022 |
Todd Short |
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
4e62f1a3 |
| 07-Jan-2022 |
Pauli |
Add context dup functions for digests and ciphers Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17529)
|
#
79704a88 |
| 12-Jan-2022 |
Shreenidhi Shedi |
Add a comment to indicate ineffective macro EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from openssl-3.0 onwards CLA: trivial Signed-off-by: Shreenidhi
Add a comment to indicate ineffective macro EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from openssl-3.0 onwards CLA: trivial Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17484)
show more ...
|
#
c6fcd88f |
| 20-Jul-2021 |
Matt Caswell |
Mark the EVP_PKEY_METHOD arg as const on some EVP_PKEY_meth_get_*() funcs Most EVP_PKEY_meth_get_*() functions mark the EVP_PKEY_METHOD argument as const. But 3 did not. We fix those to
Mark the EVP_PKEY_METHOD arg as const on some EVP_PKEY_meth_get_*() funcs Most EVP_PKEY_meth_get_*() functions mark the EVP_PKEY_METHOD argument as const. But 3 did not. We fix those to be consistent. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16128)
show more ...
|
#
ad0a2c01 |
| 13-Jul-2021 |
Richard Levitte |
EVP: Add EVP_PKEY_get0_provider() and EVP_PKEY_CTX_get0_provider() Fixes #16058 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merge
EVP: Add EVP_PKEY_get0_provider() and EVP_PKEY_CTX_get0_provider() Fixes #16058 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16063)
show more ...
|
#
56fdb707 |
| 14-Jul-2021 |
Pauli |
evp: constify some OSSL_PARAM arguments These were missed when the initialisation params were added Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/o
evp: constify some OSSL_PARAM arguments These were missed when the initialisation params were added Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16072)
show more ...
|
#
006de767 |
| 22-Jun-2021 |
Richard Levitte |
EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac() This makes them more consistent with other new interfaces. Fixes #15839 Reviewed-by: David von Oheimb <da
EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac() This makes them more consistent with other new interfaces. Fixes #15839 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15861)
show more ...
|