#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
f6a296c3 |
| 12-Aug-2024 |
slontis |
Cleanups for FIPS options.. The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related he
Cleanups for FIPS options.. The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related headers have moved to providers/fips/include so that they can use fips_indicator_params.inc. securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes fipscommon.h. fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used. fips_names.h just uses aliases now for existing public names. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25162)
show more ...
|
#
ae87c488 |
| 05-Aug-2024 |
Pauli |
fips: add kbkdf key length check as per SP 800-131a revision 2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://gi
fips: add kbkdf key length check as per SP 800-131a revision 2 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
#
962431d5 |
| 13-Sep-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
that open brace { should be on the previous line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed
that open brace { should be on the previous line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
show more ...
|
#
f35fc4f1 |
| 15-Jul-2024 |
Pauli |
Fix kbkdf bug if MAC is set to KMAC and then something else A context that is set to KMAC sets the is_kmac flag and this cannot be reset. So a user that does kbkdf using KMAC and then wa
Fix kbkdf bug if MAC is set to KMAC and then something else A context that is set to KMAC sets the is_kmac flag and this cannot be reset. So a user that does kbkdf using KMAC and then wants to use HMAC or CMAC will experience a failure. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24883)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
345b42be |
| 13-Apr-2023 |
Pauli |
Update KDFs to use shared functions. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2
Update KDFs to use shared functions. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20724)
show more ...
|
#
1e6bd31e |
| 19-Apr-2023 |
Irak Rigia |
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
show more ...
|
#
344d3b32 |
| 16-Feb-2023 |
Clemens Lang |
kbkdf: Fix kbkdf_dup function pointer type kbkdf_dup should use the appropriate type OSSL_FUNC_kdf_dupctx_fn. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: T
kbkdf: Fix kbkdf_dup function pointer type kbkdf_dup should use the appropriate type OSSL_FUNC_kdf_dupctx_fn. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20314)
show more ...
|
#
211c47ca |
| 15-Dec-2022 |
slontis |
Add KMAC support to KBKDF. Now that ACVP test vectors exist, support has been added for this mode. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Add KMAC support to KBKDF. Now that ACVP test vectors exist, support has been added for this mode. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf Note that the test vectors used fairly large values for the input key and the context, so the contraints for these has been increased from 256 to 512 bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19916)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
d54c52c2 |
| 24-Jan-2022 |
Pauli |
kbkdf: implement ctx dup operation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
|
#
f4f77c2d |
| 07-Dec-2021 |
Gerd Hoffmann |
rename MIN() macro MIN is a rather generic name and results in a name clash when trying to port tianocore over to openssl 3.0. Use the usual ossl prefix and rename the macro to ossl
rename MIN() macro MIN is a rather generic name and results in a name clash when trying to port tianocore over to openssl 3.0. Use the usual ossl prefix and rename the macro to ossl_min() to solve this. CLA: trivial Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17219)
show more ...
|
#
0e9a265e |
| 18-Nov-2021 |
Patrick Uiterwijk |
Support different R_BITS lengths for KBKDF Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Support different R_BITS lengths for KBKDF Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17063)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
c983a0e5 |
| 10-Mar-2021 |
Pauli |
prov: add extra params argument to KDF implementations Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
|
#
3469b388 |
| 26-Feb-2021 |
Pauli |
prov: add extra params argument to KDF implementations Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
#
2524ec1a |
| 25-Feb-2021 |
Pauli |
prov kdf: update to use the extra MAC init arguments Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
#
1e8e5c60 |
| 23-Feb-2021 |
Pauli |
prov: support modified gettable/settable ctx calls for KDFs Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14240)
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
2741128e |
| 05-Feb-2021 |
Tomas Mraz |
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications or third party providers. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14086)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
4757a347 |
| 28-Oct-2020 |
Shane Lontis |
Add support for making all of KBKDF FixedInput fields optional. Added settable integer parameters OSSL_KDF_PARAM_KBKDF_USE_L, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR. This is required for CAV
Add support for making all of KBKDF FixedInput fields optional. Added settable integer parameters OSSL_KDF_PARAM_KBKDF_USE_L, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR. This is required for CAVS tests that only use a combined blob of inputdata. A test showing this use case has been added. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13258)
show more ...
|