#
f4174b6d |
| 22-Mar-2024 |
Jiasheng Jiang |
signature/dsa_sig.c: Add checks for the EVP_MD_get_size() Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t. Fixes: 45a845e4
signature/dsa_sig.c: Add checks for the EVP_MD_get_size() Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t. Fixes: 45a845e40b ("Add EVP_DigestSign/EVP_DigestVerify support for DSA") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23948)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
1e6bd31e |
| 19-Apr-2023 |
Irak Rigia |
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
show more ...
|
#
1d857945 |
| 18-Jan-2023 |
Ingo Franzki |
Allow OSSL_SIGNATURE_PARAM_NONCE_TYPE to be retrieved Context parameter OSSL_SIGNATURE_PARAM_NONCE_TYPE can now also be retrieved for ECDSA and DSA. Signed-off-by: Ingo Franzki
Allow OSSL_SIGNATURE_PARAM_NONCE_TYPE to be retrieved Context parameter OSSL_SIGNATURE_PARAM_NONCE_TYPE can now also be retrieved for ECDSA and DSA. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20070)
show more ...
|
#
f3090fc7 |
| 15-Jul-2022 |
slontis |
Implement deterministic ECDSA sign (RFC6979) This PR is based off the contributions in PR #9223 by Jemmy1228. It has been modified and reworked to: (1) Work with providers (
Implement deterministic ECDSA sign (RFC6979) This PR is based off the contributions in PR #9223 by Jemmy1228. It has been modified and reworked to: (1) Work with providers (2) Support ECDSA and DSA (3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG. A nonce_type is passed around inside the Signing API's, in order to support any future deterministic algorithms. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18809)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
e257d3e7 |
| 02-May-2022 |
JHH20 |
Remove duplicated #include headers CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl
Remove duplicated #include headers CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220)
show more ...
|
#
3ffd23e9 |
| 04-Nov-2021 |
Tomas Mraz |
providers: Allow possible reinitialization in all signature algorithms Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16964)
|
#
033e987c |
| 14-Jul-2021 |
Tomas Mraz |
Signature algos: allow having identical digest in params The flag_allow_md prevents setting a digest in params however this is unnecessarily strict. If the digest is the same as the
Signature algos: allow having identical digest in params The flag_allow_md prevents setting a digest in params however this is unnecessarily strict. If the digest is the same as the one already set, we do not return an error. Fixes #16071 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16076)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
6a2ab4a9 |
| 10-May-2021 |
Tomas Mraz |
Allow arbitrary digests with ECDSA and DSA Unless the FIPS security check is enabled we allow arbitrary digests with ECDSA and DSA. Fixes #14696 Reviewed-by: Paul Dale
Allow arbitrary digests with ECDSA and DSA Unless the FIPS security check is enabled we allow arbitrary digests with ECDSA and DSA. Fixes #14696 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15220)
show more ...
|
Revision tags: openssl-3.0.0-alpha16 |
|
#
5a86dac8 |
| 06-May-2021 |
Richard Levitte |
Rename files in providers/implementations/signatures It was discovered that eddsa.c exist in two places, here and in crypto/ec/curve448/, which would result in a file name clash if they
Rename files in providers/implementations/signatures It was discovered that eddsa.c exist in two places, here and in crypto/ec/curve448/, which would result in a file name clash if they ever end up in the same library. To mitigate, we rename the copy in providers/implementations/signatures to have '_sig' in the file name, and do the same with all other source files in this directory, for consistency. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15171)
show more ...
|