Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
89cccbea |
| 16-Nov-2020 |
Shane Lontis |
Add EVP_KDF-X942 to the fips module The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X94
Add EVP_KDF-X942 to the fips module The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X942 - this has been made a bit clearer by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an alias of X963KDF. This work was instigated as a result of the ACVP tests optionally being able to use keybits for the supp_pubinfo field. Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this to be disabled. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13418)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
7a810fac |
| 04-Sep-2020 |
Shane Lontis |
Add 'fips-securitychecks' option and plumb this into the actual fips checks Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
850a485f |
| 29-Aug-2020 |
Shane Lontis |
fix provider exchange operations Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
b8237707 |
| 29-Aug-2020 |
Shane Lontis |
Add fips checks for dh key agreement Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
|
#
ca94057f |
| 07-Sep-2020 |
Pauli |
exchange: add FIPS error state handling The functions that check for the provider being runnable are: newctx, dupctx, init, derive and set peer. Reviewed-by: Matt Caswell <matt@
exchange: add FIPS error state handling The functions that check for the provider being runnable are: newctx, dupctx, init, derive and set peer. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
116d2510 |
| 04-Aug-2020 |
Shane Lontis |
Add dh_kdf support to provider Similiar to ecdh this supports the legacy kdf inside the provider dh key exchange. The supporting EVP_PKEY_CTX macros have been changed into mehtods and mo
Add dh_kdf support to provider Similiar to ecdh this supports the legacy kdf inside the provider dh key exchange. The supporting EVP_PKEY_CTX macros have been changed into mehtods and moved into dh_ctrl.c New kdfs such as SSKDF should be done as a seperate pass after doing the derive. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12575)
show more ...
|
#
af5e1e85 |
| 05-Aug-2020 |
Pauli |
gettables: provider changes to pass the provider context. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
363b1e5d |
| 20-Jun-2020 |
Dr. Matthias St. Pierre |
Make the naming scheme for dispatched functions more consistent The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core a
Make the naming scheme for dispatched functions more consistent The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core and providers. This change includes in particular all up- and downcalls, i.e., the dispatched functions passed from core to provider and vice versa. - OSSL_core_ -> OSSL_FUNC_core_ - OSSL_provider_ -> OSSL_FUNC_core_ For operations and their function dispatch tables, the following convention is used: Type | Name (evp_generic_fetch(3)) | ---------------------|-----------------------------------| operation | OSSL_OP_FOO | function id | OSSL_FUNC_FOO_FUNCTION_NAME | function "name" | OSSL_FUNC_foo_function_name | function typedef | OSSL_FUNC_foo_function_name_fn | function ptr getter | OSSL_FUNC_foo_function_name | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
show more ...
|
#
23c48d94 |
| 20-Jun-2020 |
Dr. Matthias St. Pierre |
Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
ada66e78 |
| 03-Feb-2020 |
Pauli |
Deprecate the low level Diffie-Hellman functions. Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by
Deprecate the low level Diffie-Hellman functions. Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11024)
show more ...
|
#
8083fd3a |
| 16-Feb-2020 |
Shane Lontis |
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Cas
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
show more ...
|
#
62f49b90 |
| 23-Jan-2020 |
Shane Lontis |
Add DH key exchange to fips provider Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10826)
|
Revision tags: OpenSSL_1_0_2u |
|
#
af3e7e1b |
| 04-Oct-2019 |
Richard Levitte |
Cleanup: move providers/common/include/internal/provider_args.h New name is providers/implementations/include/prov/implementations.h All inclusions are adapted accordingly. Revi
Cleanup: move providers/common/include/internal/provider_args.h New name is providers/implementations/include/prov/implementations.h All inclusions are adapted accordingly. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
show more ...
|
#
5687e357 |
| 04-Oct-2019 |
Richard Levitte |
Providers: move common exchange,kdfs,keymgmt,macs,signature From providers/common/ to providers/implementations/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https:
Providers: move common exchange,kdfs,keymgmt,macs,signature From providers/common/ to providers/implementations/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
show more ...
|