| #
194de849 |
| 31-Jul-2020 |
Matt Caswell |
Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12573)
|
| #
05d2f72e |
| 20-Jul-2020 |
Matt Caswell |
Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12573)
|
| #
ac2d58c7 |
| 03-Jul-2020 |
Matt Caswell |
Implement a EVP_PKEY KDF to KDF provider bridge
Some KDF implementations were available before the current EVP_KDF API.
They were used via EVP_PKEY_derive. There exists a bridge between
Implement a EVP_PKEY KDF to KDF provider bridge
Some KDF implementations were available before the current EVP_KDF API.
They were used via EVP_PKEY_derive. There exists a bridge between the old
API and the EVP_KDF API however this bridge itself uses a legacy
EVP_PKEY_METHOD. This commit implements a provider side bridge without
having to use any legacy code.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12573)
show more ...
|
| #
37d398c1 |
| 03-Aug-2020 |
Richard Levitte |
PROV: Add MSBLOB and PVK to DSA and RSA deserializers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12574)
|
| #
7c664b1f |
| 27-Jul-2020 |
Richard Levitte |
DESERIALIZER: Add deserializers for the rest of our asymmetric key types
To be able to implement this, there was a need for the standard
EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_
DESERIALIZER: Add deserializers for the rest of our asymmetric key types
To be able to implement this, there was a need for the standard
EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for
ED25519, ED448, X25519 and X448, as well as the corresponding
EVP_PKEY_assign_ macros. There was also a need to extend the list of
hard coded names that EVP_PKEY_is_a() recognise.
Along with this, OSSL_FUNC_keymgmt_load() are implemented for all
those key types.
The deserializers for these key types are all implemented generically,
in providers/implementations/serializers/deserializer_der2key.c.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12544)
show more ...
|
| #
a4e55ccc |
| 20-Jul-2020 |
Richard Levitte |
PROV: Add a DER to RSA-PSS deserializer implementation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12492)
|
| #
dcfacbbf |
| 09-Jul-2020 |
Richard Levitte |
PROV: Implement PEM to DER deserializer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/opens
PROV: Implement PEM to DER deserializer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12410)
show more ...
|
| #
1017b8e4 |
| 09-Jul-2020 |
Richard Levitte |
PROV: Implement DER to RSA deserializer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/opens
PROV: Implement DER to RSA deserializer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12410)
show more ...
|
| #
7cc355c2 |
| 08-Jun-2020 |
Shane Lontis |
Add AES_CBC_CTS ciphers to providers
Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS.
CS1, CS2 and CS3 variants are supported.
Only single shot updates are
Add AES_CBC_CTS ciphers to providers
Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS.
CS1, CS2 and CS3 variants are supported.
Only single shot updates are supported.
The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This
would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that
tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly.
The cipher returns the flag EVP_CIPH_FLAG_CTS.
EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12094)
show more ...
|
| #
714a1bb3 |
| 08-May-2020 |
Pauli |
rand: set up EVP and DRBG infrastructure for RAND from providers.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/116
rand: set up EVP and DRBG infrastructure for RAND from providers.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
show more ...
|
| #
8a758e96 |
| 02-May-2020 |
Richard Levitte |
PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
|
| #
95cf6440 |
| 02-May-2020 |
Shane Lontis |
Fix incorrect default keysize for CAST ofb and cfb modes.
Fixes #11459
It was incorrectly using 8 bytes instead of 16 as the default.
This was verified by expanding the macros u
Fix incorrect default keysize for CAST ofb and cfb modes.
Fixes #11459
It was incorrectly using 8 bytes instead of 16 as the default.
This was verified by expanding the macros used in e_cast.c.
The issue occurs if EVP_CIPHER_CTX_set_key_length() is not called.
evp_test.c hides this issue as it always calls EVP_CIPHER_CTX_set_key_length() before
using EVP_CipherInit_ex(...., key, ..).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11707)
show more ...
|
| #
f844f9eb |
| 13-Apr-2020 |
Richard Levitte |
Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.
Fixes #11538
Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.
Fixes #11538
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
show more ...
|
| #
244bc297 |
| 17-Mar-2020 |
Matt Caswell |
Implement serializers for ED25519 and ED448
This is largely based on the existing X25519 and X448 serializers - but
a few adjustments were necessary so that we can identify what type of
Implement serializers for ED25519 and ED448
This is largely based on the existing X25519 and X448 serializers - but
a few adjustments were necessary so that we can identify what type of key
we are using. Previously we used the keylen for this but X25519 and
ED25519 have the same keylen.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11272)
show more ...
|
| #
edd3b7a3 |
| 15-Mar-2020 |
Shane Lontis |
Add ECDSA to providers
Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/opens
Add ECDSA to providers
Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10968)
show more ...
|
| #
3965480c |
| 05-Mar-2020 |
Matt Caswell |
Implement provider support for Ed25519 annd Ed448
At the moment we only provider support for these algorithms in the default
provider. These algorithms only support "one shot" EVP_Digest
Implement provider support for Ed25519 annd Ed448
At the moment we only provider support for these algorithms in the default
provider. These algorithms only support "one shot" EVP_DigestSign() and
EVP_DigestVerify() as per the existing libcrypto versions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
show more ...
|
| #
af6d8dd3 |
| 17-Feb-2020 |
Matt Caswell |
Add Key Management support for EdDSA keys
Support added for Ed25519 and Ed448
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl
Add Key Management support for EdDSA keys
Support added for Ed25519 and Ed448
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11261)
show more ...
|
| #
f552d900 |
| 16-Feb-2020 |
Shane Lontis |
Add Serializers for EC
Provide EC serializers for text, pem and der.
EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by
other KEY
Add Serializers for EC
Provide EC serializers for text, pem and der.
EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by
other KEY types (which normally have a SEQUENCE at the top level).
For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the
code can still be shared with EC.
The EC serializer only supports named curves currently.
NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be
added in another PR. (Probably when deserialization is considered).
EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was
that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non
optional. As this is not the case for any other key the code has been modified.
Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11107)
show more ...
|
| #
8efc4a9c |
| 27-Feb-2020 |
Matt Caswell |
Implement the ECX Serializers
Provide serializers for X25519 and X448 for text, pem and der. There are
no parameter serializers because there are no parameters for these
algorithms.
Implement the ECX Serializers
Provide serializers for X25519 and X448 for text, pem and der. There are
no parameter serializers because there are no parameters for these
algorithms.
Add some documentation about the various import/export types available
Add additional testing for the serializers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11095)
show more ...
|
|
Revision tags: OpenSSL_1_0_2u |
|
| #
6f4b7663 |
| 01-Dec-2019 |
Richard Levitte |
PROV: add RSA signature implementation
This includes legacy PSS controls to params conversion, and an attempt
to generalise the parameter names when they are suitable for more than
o
PROV: add RSA signature implementation
This includes legacy PSS controls to params conversion, and an attempt
to generalise the parameter names when they are suitable for more than
one operation.
Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers
for known RSA+hash function combinations.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
show more ...
|
| #
4fe54d67 |
| 14-Dec-2019 |
Nicola Tuveri |
[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shan
[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
show more ...
|
| #
6f7d2135 |
| 24-Jan-2020 |
Matt Caswell |
Add X25519/X448 Key Exchange to the default provider
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://
Add X25519/X448 Key Exchange to the default provider
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10964)
show more ...
|
| #
90d3cb57 |
| 27-Jan-2020 |
Matt Caswell |
Implement Provider side Key Management for X25519 and X448
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from ht
Implement Provider side Key Management for X25519 and X448
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10964)
show more ...
|
| #
068489a2 |
| 08-Jan-2020 |
Matt Caswell |
Implement the NULL cipher in the default provider
Libssl uses the null cipher in certain situations. It should be
converted to a provided cipher.
Reviewed-by: Shane Lontis <shan
Implement the NULL cipher in the default provider
Libssl uses the null cipher in certain situations. It should be
converted to a provided cipher.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10865)
show more ...
|
| #
0d2bfe52 |
| 06-Jan-2020 |
Shane Lontis |
Add AES_CBC_HMAC_SHA ciphers to providers.
Also Add ability for providers to dynamically exclude cipher algorithms.
Cipher algorithms are only returned from providers if their capable()
Add AES_CBC_HMAC_SHA ciphers to providers.
Also Add ability for providers to dynamically exclude cipher algorithms.
Cipher algorithms are only returned from providers if their capable() method is either NULL,
or the method returns 1.
This is mainly required for ciphers that only have hardware implementations.
If there is no hardware support, then the algorithm needs to be not available.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10146)
show more ...
|
