#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
17513562 |
| 26-Jan-2022 |
Pauli |
indentation fix Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
|
#
5b030ec0 |
| 26-Jan-2022 |
Pauli |
prov: add a safe memdup function for context cloning Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
|
#
86c15ba8 |
| 15-Oct-2021 |
Matt Caswell |
Update provider_util.c to correctly handle ENGINE references provider_util.c failed to free ENGINE references when clearing a cipher or a digest. Additionally ciphers and digests were no
Update provider_util.c to correctly handle ENGINE references provider_util.c failed to free ENGINE references when clearing a cipher or a digest. Additionally ciphers and digests were not copied correctly, which would lead to double-frees if it were not for the previously mentioned leaks. Fixes #16845 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16846)
show more ...
|
#
e59bfbaa |
| 14-Sep-2021 |
Tomas Mraz |
providers: Do not use global EVP_CIPHERs and EVP_MDs Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/o
providers: Do not use global EVP_CIPHERs and EVP_MDs Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16600)
show more ...
|
#
3f773c91 |
| 01-Jul-2021 |
Tomas Mraz |
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
fips module header inclusion fine-tunning Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15974)
show more ...
|
#
0848b943 |
| 31-May-2021 |
Pauli |
providers: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
19ea8a8a |
| 25-Feb-2021 |
Pauli |
prov: update provider util to be less agressive about changing things unnecessarily Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pu
prov: update provider util to be less agressive about changing things unnecessarily Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
2741128e |
| 05-Feb-2021 |
Tomas Mraz |
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications or third party providers. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14086)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
ce64d3ee |
| 18-Sep-2020 |
Matt Caswell |
Move SM2 asymmetric encryption to be available in the default provider Fixes #12908 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/o
Move SM2 asymmetric encryption to be available in the default provider Fixes #12908 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12913)
show more ...
|
#
16fbda84 |
| 29-Aug-2020 |
Shane Lontis |
Separate fips and non fips code for key operations Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
0645110e |
| 29-Aug-2020 |
Shane Lontis |
Add fips checks for ecdsa signatures Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
3f699197 |
| 29-Aug-2020 |
Shane Lontis |
Add fips checks for rsa signatures. In fips mode SHA1 should not be allowed for signing, but may be present for verifying. Add keysize check. Add missing 'ossl_unused' to gettable an
Add fips checks for rsa signatures. In fips mode SHA1 should not be allowed for signing, but may be present for verifying. Add keysize check. Add missing 'ossl_unused' to gettable and settable methods. Update fips related tests that have these restrictions. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
show more ...
|
#
2ef9a7ac |
| 17-Aug-2020 |
Matt Caswell |
Improve code reuse in the provider MAC bridge We reuse concepts such as PROV_CIPHER, and make use of some common code in provider_util.c Reviewed-by: Paul Dale <paul.dale@oracle
Improve code reuse in the provider MAC bridge We reuse concepts such as PROV_CIPHER, and make use of some common code in provider_util.c Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
#
a540ef90 |
| 11-Aug-2020 |
Matt Caswell |
Extend the provider MAC bridge for CMAC The previous commits added support for HMAC, SIPHASH and Poly1305 into the provider MAC bridge. We now extend that for CMAC too. Reviewed
Extend the provider MAC bridge for CMAC The previous commits added support for HMAC, SIPHASH and Poly1305 into the provider MAC bridge. We now extend that for CMAC too. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
865adf97 |
| 18-Jun-2020 |
Matt Caswell |
Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the pr
Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
show more ...
|
#
9bd8d96c |
| 13-Jul-2020 |
Pauli |
deprecate engines in provider code Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
|
#
d9c2fd51 |
| 08-Jun-2020 |
Pauli |
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mu
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11997)
show more ...
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
f844f9eb |
| 13-Apr-2020 |
Richard Levitte |
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1f |
|
#
5fcb97c6 |
| 20-Mar-2020 |
Matt Caswell |
Ignore some fetch failures Some fetch failurs are ok and should be ignored. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Ignore some fetch failures Some fetch failurs are ok and should be ignored. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11405)
show more ...
|
Revision tags: OpenSSL_1_1_1e |
|
#
0d2bfe52 |
| 06-Jan-2020 |
Shane Lontis |
Add AES_CBC_HMAC_SHA ciphers to providers. Also Add ability for providers to dynamically exclude cipher algorithms. Cipher algorithms are only returned from providers if their capable()
Add AES_CBC_HMAC_SHA ciphers to providers. Also Add ability for providers to dynamically exclude cipher algorithms. Cipher algorithms are only returned from providers if their capable() method is either NULL, or the method returns 1. This is mainly required for ciphers that only have hardware implementations. If there is no hardware support, then the algorithm needs to be not available. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10146)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
f6dead1b |
| 17-Oct-2019 |
Robbie Harwood |
[KDF] Add feedback-mode and CMAC support to KBKDF Implement SP800-108 section 5.2 with CMAC support. As a side effect, enable 5.1 with CMAC and 5.2 with HMAC. Add test vectors from RFC
[KDF] Add feedback-mode and CMAC support to KBKDF Implement SP800-108 section 5.2 with CMAC support. As a side effect, enable 5.1 with CMAC and 5.2 with HMAC. Add test vectors from RFC 6803. Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10143)
show more ...
|