#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
01b18775 |
| 10-Mar-2022 |
Tomas Mraz |
DH: Make padding always on when X9.42 KDF is used Fixes #17834 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged
DH: Make padding always on when X9.42 KDF is used Fixes #17834 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17859)
show more ...
|
#
c920020f |
| 07-Feb-2022 |
Jiasheng Jiang |
dh_exch.c: Add check for OPENSSL_strdup Since the OPENSSL_strdup() may return NULL if allocation fails, it should be better to check the return value. Signed-off-by: Jiasheng Ji
dh_exch.c: Add check for OPENSSL_strdup Since the OPENSSL_strdup() may return NULL if allocation fails, it should be better to check the return value. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17651)
show more ...
|
#
c1167f09 |
| 14-Jan-2022 |
Tomas Mraz |
dh_exch.c: Correct gettable parameters for DH key exchange Fixes #17510 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from
dh_exch.c: Correct gettable parameters for DH key exchange Fixes #17510 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17515)
show more ...
|
#
04e3ab64 |
| 29-Nov-2021 |
x2018 |
check the return value of EVP_MD_fetch in ecdh_exch.c:285 & dh_exch.c:347 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://
check the return value of EVP_MD_fetch in ecdh_exch.c:285 & dh_exch.c:347 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17153)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
#
21a0d9f3 |
| 02-Sep-2021 |
slontis |
Fix dh dupctx refcount error Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16495)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
6ce58488 |
| 09-Apr-2021 |
Matt Caswell |
Store some FIPS global variables in the FIPS_GLOBAL structure We had some FIPS global variables that were based on values from the config file. In theory if two instances of the fips mod
Store some FIPS global variables in the FIPS_GLOBAL structure We had some FIPS global variables that were based on values from the config file. In theory if two instances of the fips module are loaded they could be based on different config files which would cause this to fail. Instead we store them in the FIPS_GLOBAL structure. Fixes #14364 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14814)
show more ...
|
#
46eee710 |
| 11-Apr-2021 |
Shane Lontis |
Add domain parameter match check for DH and ECDH key exchange. Fixes #14808 Validation checks were moved into EVP_PKEY_derive_set_peer() which broke an external negative test. O
Add domain parameter match check for DH and ECDH key exchange. Fixes #14808 Validation checks were moved into EVP_PKEY_derive_set_peer() which broke an external negative test. Originally the old code was semi working by checking the peers public key was in the range of other parties p. It was not actually ever checking that the domain parameters were consistent between the 2 parties. It now checks the parameters match as well as validating the peers public key. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14823)
show more ...
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
2b2f4f9b |
| 02-Mar-2021 |
Pauli |
prov: update exchange algorithms to support params on the init call Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
|
#
fb67126e |
| 26-Feb-2021 |
Tomas Mraz |
EVP_PKEY_CTX_get/settable_params: pass provider operation context This allows making the signature operations return different settable params when the context is initialized with EV
EVP_PKEY_CTX_get/settable_params: pass provider operation context This allows making the signature operations return different settable params when the context is initialized with EVP_DigestSign/VerifyInit. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14338)
show more ...
|
#
77b03f0e |
| 01-Mar-2021 |
Tomas Mraz |
Improve error reporting in key exchange provider implementations Added some error reporting in dh_exch.c and unified error reporting with it in other key exchange methods. Revie
Improve error reporting in key exchange provider implementations Added some error reporting in dh_exch.c and unified error reporting with it in other key exchange methods. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
19dbb742 |
| 18-Feb-2021 |
Shane Lontis |
Fix external symbols related to dh keys Partial fix for #12964 This adds ossl_ names for the following symbols: dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_
Fix external symbols related to dh keys Partial fix for #12964 This adds ossl_ names for the following symbols: dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key, dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id, dh_cache_named_group, dh_get0_params, dh_get0_nid, dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata, dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise, dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1, dh_pkey_method, dhx_pkey_method Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
show more ...
|
#
7b676cc8 |
| 17-Feb-2021 |
Shane Lontis |
Fix external symbols related to provider related security checks for keys and digests. Partial fix for #12964 This adds ossl_ names for the following symbols: digest_ge
Fix external symbols related to provider related security checks for keys and digests. Partial fix for #12964 This adds ossl_ names for the following symbols: digest_get_approved_nid, digest_get_approved_nid_with_sha1 digest_is_allowed, digest_md_to_nid, digest_rsa_sign_get_md_nid, securitycheck_enabled, dh_check_key, dsa_check_key, ec_check_key, Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14211)
show more ...
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
ba0a6d1d |
| 24-Jan-2021 |
Richard Levitte |
Clean away unnecessary length related OSSL_PARAM key names This cleans away old misunderstandings of what can be done with OSSL_PARAM. Reviewed-by: Paul Dale <pauli@openssl.org>
Clean away unnecessary length related OSSL_PARAM key names This cleans away old misunderstandings of what can be done with OSSL_PARAM. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13946)
show more ...
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
89cccbea |
| 16-Nov-2020 |
Shane Lontis |
Add EVP_KDF-X942 to the fips module The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X94
Add EVP_KDF-X942 to the fips module The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X942 - this has been made a bit clearer by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an alias of X963KDF. This work was instigated as a result of the ACVP tests optionally being able to use keybits for the supp_pubinfo field. Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this to be disabled. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13418)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
7a810fac |
| 04-Sep-2020 |
Shane Lontis |
Add 'fips-securitychecks' option and plumb this into the actual fips checks Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
850a485f |
| 29-Aug-2020 |
Shane Lontis |
fix provider exchange operations Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
b8237707 |
| 29-Aug-2020 |
Shane Lontis |
Add fips checks for dh key agreement Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
ca94057f |
| 07-Sep-2020 |
Pauli |
exchange: add FIPS error state handling The functions that check for the provider being runnable are: newctx, dupctx, init, derive and set peer. Reviewed-by: Matt Caswell <matt@
exchange: add FIPS error state handling The functions that check for the provider being runnable are: newctx, dupctx, init, derive and set peer. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|