| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
fba140c7 |
| 12-Apr-2022 |
Dmitry Belyavskiy |
str[n]casecmp => OPENSSL_strncasecmp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)
|
| #
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.
Since we don't seem to b
Move e_os.h to include/internal
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.
Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
| #
944f822a |
| 05-Dec-2021 |
slontis |
Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY.
The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec wa
Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY.
The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec was working correctly).
This matches the documented behaviour.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17200)
show more ...
|
| #
ee22a374 |
| 29-Sep-2021 |
Richard Levitte |
Adapt our OSSL_FUNC_keymgmt_match() implementations to the EVP_PKEY_eq() fix
The match function (called OSSL_FUNC_keymgmt_match() in our documentation)
in our KEYMGMT implementations wer
Adapt our OSSL_FUNC_keymgmt_match() implementations to the EVP_PKEY_eq() fix
The match function (called OSSL_FUNC_keymgmt_match() in our documentation)
in our KEYMGMT implementations were interpretting the selector bits a
bit too strictly, so they get a bit relaxed to make it reasonable to
match diverse key contents.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
show more ...
|
| #
ea821581 |
| 01-Jun-2021 |
Tomas Mraz |
ed25519 and ed448: fix incorrect OSSL_PKEY_PARAM_MAX_SIZE
Fixes #15552
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Review
ed25519 and ed448: fix incorrect OSSL_PKEY_PARAM_MAX_SIZE
Fixes #15552
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15566)
show more ...
|
| #
965fa9c0 |
| 28-May-2021 |
Pauli |
prov: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
|
| #
6229815a |
| 25-May-2021 |
Rich Salz |
Use <> for #include openssl/xxx
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15
Use <> for #include openssl/xxx
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15468)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
| #
b4f447c0 |
| 08-Apr-2021 |
Tomas Mraz |
Add selection support to the provider keymgmt_dup function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
|
|
Revision tags: openssl-3.0.0-alpha14 |
|
| #
4a9fe33c |
| 07-Apr-2021 |
Tomas Mraz |
Implement provider-side keymgmt_dup function
To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.
Implement provider-side keymgmt_dup function
To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.
Use it when copying everything to an empty EVP_PKEY
which is the case with EVP_PKEY_dup().
Fixes #14658
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
show more ...
|
| #
3f883c7c |
| 07-Apr-2021 |
Shane Lontis |
Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14785)
|
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
054d43ff |
| 09-Mar-2021 |
Shane Lontis |
Add ossl_ ecx symbols
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
|
| #
9a485440 |
| 11-Mar-2021 |
Tomas Mraz |
Make EVP_PKEY_missing_parameters work properly on provided RSA keys
This requires changing semantics of the keymgmt_has()
function a little in the sense that it now returns 1
if the
Make EVP_PKEY_missing_parameters work properly on provided RSA keys
This requires changing semantics of the keymgmt_has()
function a little in the sense that it now returns 1
if the selection has no meaning for the key type. It
was already doing so for ECX keys for example.
The keymgmt_validate function semantics is changed
similarly to allow passing validation on the same
selection that the key returns 1 for.
Fixes #14509
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14511)
show more ...
|
| #
2cf8bb46 |
| 09-Mar-2021 |
Matt Caswell |
Ensure that ECX keys pass EVP_PKEY_param_check()
RSA keys have no parameters and pass EVP_PKEY_param_check(). Previously,
ECX keys had no parammeters and failed EVP_PKEY_param_check(). W
Ensure that ECX keys pass EVP_PKEY_param_check()
RSA keys have no parameters and pass EVP_PKEY_param_check(). Previously,
ECX keys had no parammeters and failed EVP_PKEY_param_check(). We should
be consistent. It makes more sense to always pass, and therefore this
commit implements that behaviour.
Fixes #14482
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14485)
show more ...
|
| #
f9562909 |
| 01-Mar-2021 |
Pauli |
provider: add params argument to key manager's gen_init call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14383)
|
| #
fb67126e |
| 26-Feb-2021 |
Tomas Mraz |
EVP_PKEY_CTX_get/settable_params: pass provider operation context
This allows making the signature operations return different
settable params when the context is initialized with
EV
EVP_PKEY_CTX_get/settable_params: pass provider operation context
This allows making the signature operations return different
settable params when the context is initialized with
EVP_DigestSign/VerifyInit.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14338)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha12 |
|
| #
32ab57cb |
| 18-Feb-2021 |
Shane Lontis |
Fix external symbols related to ec & sm2 keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*
Reviewed-
Fix external symbols related to ec & sm2 keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
show more ...
|
| #
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
|
|
Revision tags: OpenSSL_1_1_1j |
|
| #
899e2564 |
| 09-Feb-2021 |
Matt Caswell |
Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "ful
Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.
Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
| #
f0591559 |
| 20-Nov-2020 |
Shane Lontis |
Add validate method to ECX keymanager
Fixes #11619
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13459)
|
|
Revision tags: openssl-3.0.0-alpha8 |
|
| #
3d914185 |
| 20-Oct-2020 |
Nicola Tuveri |
Constify OSSL_FUNC_keymgmt_has()
The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <
Constify OSSL_FUNC_keymgmt_has()
The keydata argument of OSSL_FUNC_keymgmt_has() should be read-only.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13200)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha7 |
|
| #
5ac8fb58 |
| 09-Oct-2020 |
Matt Caswell |
Rename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key
We do the same thing for the "get1" version. In reality this has broader
use than just TLS (it can also be used
Rename EVP_PKEY_set1_tls_encodedpoint to EVP_PKEY_set1_encoded_public_key
We do the same thing for the "get1" version. In reality this has broader
use than just TLS (it can also be used in CMS), and "encodedpoint" only
makes sense when you are talking about EC based algorithms.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13105)
show more ...
|
| #
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'
This change makes the naming more consistent, because three different terms
were used for the same thing. (The term libctx was used by far most often.)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
| #
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
| #
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_
This stops them leaking into other namespaces in a static build.
They remain internal.
Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_
This stops them leaking into other namespaces in a static build.
They remain internal.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
