#
194de849 |
| 31-Jul-2020 |
Matt Caswell |
Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
|
#
05d2f72e |
| 20-Jul-2020 |
Matt Caswell |
Extend the EVP_PKEY KDF to KDF provider bridge to also support HKDF Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
|
#
ac2d58c7 |
| 03-Jul-2020 |
Matt Caswell |
Implement a EVP_PKEY KDF to KDF provider bridge Some KDF implementations were available before the current EVP_KDF API. They were used via EVP_PKEY_derive. There exists a bridge between
Implement a EVP_PKEY KDF to KDF provider bridge Some KDF implementations were available before the current EVP_KDF API. They were used via EVP_PKEY_derive. There exists a bridge between the old API and the EVP_KDF API however this bridge itself uses a legacy EVP_PKEY_METHOD. This commit implements a provider side bridge without having to use any legacy code. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
show more ...
|
#
37d398c1 |
| 03-Aug-2020 |
Richard Levitte |
PROV: Add MSBLOB and PVK to DSA and RSA deserializers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12574)
|
#
7c664b1f |
| 27-Jul-2020 |
Richard Levitte |
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
show more ...
|
#
a4e55ccc |
| 20-Jul-2020 |
Richard Levitte |
PROV: Add a DER to RSA-PSS deserializer implementation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12492)
|
#
dcfacbbf |
| 09-Jul-2020 |
Richard Levitte |
PROV: Implement PEM to DER deserializer Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/opens
PROV: Implement PEM to DER deserializer Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
show more ...
|
#
1017b8e4 |
| 09-Jul-2020 |
Richard Levitte |
PROV: Implement DER to RSA deserializer Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/opens
PROV: Implement DER to RSA deserializer Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12410)
show more ...
|
#
7cc355c2 |
| 08-Jun-2020 |
Shane Lontis |
Add AES_CBC_CTS ciphers to providers Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS. CS1, CS2 and CS3 variants are supported. Only single shot updates are
Add AES_CBC_CTS ciphers to providers Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS. CS1, CS2 and CS3 variants are supported. Only single shot updates are supported. The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly. The cipher returns the flag EVP_CIPH_FLAG_CTS. EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12094)
show more ...
|
#
714a1bb3 |
| 08-May-2020 |
Pauli |
rand: set up EVP and DRBG infrastructure for RAND from providers. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/116
rand: set up EVP and DRBG infrastructure for RAND from providers. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
show more ...
|
#
8a758e96 |
| 02-May-2020 |
Richard Levitte |
PROV & KEYMGMT: Add PSS-parameter support in the RSA KEYMGMT implementation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11710)
|
#
95cf6440 |
| 02-May-2020 |
Shane Lontis |
Fix incorrect default keysize for CAST ofb and cfb modes. Fixes #11459 It was incorrectly using 8 bytes instead of 16 as the default. This was verified by expanding the macros u
Fix incorrect default keysize for CAST ofb and cfb modes. Fixes #11459 It was incorrectly using 8 bytes instead of 16 as the default. This was verified by expanding the macros used in e_cast.c. The issue occurs if EVP_CIPHER_CTX_set_key_length() is not called. evp_test.c hides this issue as it always calls EVP_CIPHER_CTX_set_key_length() before using EVP_CipherInit_ex(...., key, ..). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11707)
show more ...
|
#
f844f9eb |
| 13-Apr-2020 |
Richard Levitte |
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538
Rename FIPS_MODE to FIPS_MODULE This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
show more ...
|
#
244bc297 |
| 17-Mar-2020 |
Matt Caswell |
Implement serializers for ED25519 and ED448 This is largely based on the existing X25519 and X448 serializers - but a few adjustments were necessary so that we can identify what type of
Implement serializers for ED25519 and ED448 This is largely based on the existing X25519 and X448 serializers - but a few adjustments were necessary so that we can identify what type of key we are using. Previously we used the keylen for this but X25519 and ED25519 have the same keylen. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11272)
show more ...
|
#
edd3b7a3 |
| 15-Mar-2020 |
Shane Lontis |
Add ECDSA to providers Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/opens
Add ECDSA to providers Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10968)
show more ...
|
#
3965480c |
| 05-Mar-2020 |
Matt Caswell |
Implement provider support for Ed25519 annd Ed448 At the moment we only provider support for these algorithms in the default provider. These algorithms only support "one shot" EVP_Digest
Implement provider support for Ed25519 annd Ed448 At the moment we only provider support for these algorithms in the default provider. These algorithms only support "one shot" EVP_DigestSign() and EVP_DigestVerify() as per the existing libcrypto versions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11261)
show more ...
|
#
af6d8dd3 |
| 17-Feb-2020 |
Matt Caswell |
Add Key Management support for EdDSA keys Support added for Ed25519 and Ed448 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl
Add Key Management support for EdDSA keys Support added for Ed25519 and Ed448 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11261)
show more ...
|
#
f552d900 |
| 16-Feb-2020 |
Shane Lontis |
Add Serializers for EC Provide EC serializers for text, pem and der. EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by other KEY
Add Serializers for EC Provide EC serializers for text, pem and der. EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by other KEY types (which normally have a SEQUENCE at the top level). For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the code can still be shared with EC. The EC serializer only supports named curves currently. NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be added in another PR. (Probably when deserialization is considered). EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non optional. As this is not the case for any other key the code has been modified. Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11107)
show more ...
|
#
8efc4a9c |
| 27-Feb-2020 |
Matt Caswell |
Implement the ECX Serializers Provide serializers for X25519 and X448 for text, pem and der. There are no parameter serializers because there are no parameters for these algorithms.
Implement the ECX Serializers Provide serializers for X25519 and X448 for text, pem and der. There are no parameter serializers because there are no parameters for these algorithms. Add some documentation about the various import/export types available Add additional testing for the serializers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11095)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
6f4b7663 |
| 01-Dec-2019 |
Richard Levitte |
PROV: add RSA signature implementation This includes legacy PSS controls to params conversion, and an attempt to generalise the parameter names when they are suitable for more than o
PROV: add RSA signature implementation This includes legacy PSS controls to params conversion, and an attempt to generalise the parameter names when they are suitable for more than one operation. Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers for known RSA+hash function combinations. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10557)
show more ...
|
#
4fe54d67 |
| 14-Dec-2019 |
Nicola Tuveri |
[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shan
[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10631)
show more ...
|
#
6f7d2135 |
| 24-Jan-2020 |
Matt Caswell |
Add X25519/X448 Key Exchange to the default provider Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://
Add X25519/X448 Key Exchange to the default provider Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
show more ...
|
#
90d3cb57 |
| 27-Jan-2020 |
Matt Caswell |
Implement Provider side Key Management for X25519 and X448 Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from ht
Implement Provider side Key Management for X25519 and X448 Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
show more ...
|
#
068489a2 |
| 08-Jan-2020 |
Matt Caswell |
Implement the NULL cipher in the default provider Libssl uses the null cipher in certain situations. It should be converted to a provided cipher. Reviewed-by: Shane Lontis <shan
Implement the NULL cipher in the default provider Libssl uses the null cipher in certain situations. It should be converted to a provided cipher. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10865)
show more ...
|
#
0d2bfe52 |
| 06-Jan-2020 |
Shane Lontis |
Add AES_CBC_HMAC_SHA ciphers to providers. Also Add ability for providers to dynamically exclude cipher algorithms. Cipher algorithms are only returned from providers if their capable()
Add AES_CBC_HMAC_SHA ciphers to providers. Also Add ability for providers to dynamically exclude cipher algorithms. Cipher algorithms are only returned from providers if their capable() method is either NULL, or the method returns 1. This is mainly required for ciphers that only have hardware implementations. If there is no hardware support, then the algorithm needs to be not available. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10146)
show more ...
|