History log of /openssl/providers/implementations/signature/ecdsa_sig.c (Results 1 – 24 of 24)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# f5981c96 20-Sep-2024 slontis

Add utility function ossl_param_is_empty()

Changed all provider implementations that have a set_ctx_params()
to call this function instead of just testing (params == NULL).This
detec

Add utility function ossl_param_is_empty()

Changed all provider implementations that have a set_ctx_params()
to call this function instead of just testing (params == NULL).This
detects the case wherean OSSL_PARAM array contains just a terminator
entry.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25499)

show more ...


# b69ca92a 30-Sep-2024 lan1120

Drop the aid field of the signature prov ctx

Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.or

Drop the aid field of the signature prov ctx

Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23094)

show more ...


# d244abb6 31-Jul-2024 Matt Caswell

Don't restrict the ECDSA settable ctx params unnecessarily

We just allow all possible settables all the time. Some things like the
digest name can't actually be changed in some circumsta

Don't restrict the ECDSA settable ctx params unnecessarily

We just allow all possible settables all the time. Some things like the
digest name can't actually be changed in some circumstances - but we already
have checks for those things. It's still possible to pass a digest of the
same name to one that's already been set for example.

Fixes #25012

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)

show more ...


# 8cc0a97d 31-Jul-2024 Matt Caswell

Complain about a missing digest when doing deterministic ECDSA

We need a digest for the none when doing deterministic ECDSA. Give a
better error message if one hasn't been supplied.

Complain about a missing digest when doing deterministic ECDSA

We need a digest for the none when doing deterministic ECDSA. Give a
better error message if one hasn't been supplied.

See openssl/openssl#25012

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)

show more ...


# 7ed6de99 05-Sep-2024 Tomas Mraz

Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes


# d1c2c054 28-Aug-2024 Richard Levitte

fix: ossl_digest_get_approved_nid() returns NID_undef on invalid digest

We checked using 'md_nid < 0', which is faulty.

Impact: DSA and ECDSA signature provider implementations

fix: ossl_digest_get_approved_nid() returns NID_undef on invalid digest

We checked using 'md_nid < 0', which is faulty.

Impact: DSA and ECDSA signature provider implementations

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24992)

show more ...


# f68ba38e 24-Jul-2024 Richard Levitte

Refactor OpenSSL 'ECDSA' EVP_SIGNATURE to also include ECDSA+hash composites

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-b

Refactor OpenSSL 'ECDSA' EVP_SIGNATURE to also include ECDSA+hash composites

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24992)

show more ...


# 976dd358 26-Aug-2024 slontis

Update code to use EVP_MD_xof()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)


# f6a296c3 12-Aug-2024 slontis

Cleanups for FIPS options..

The options in fipsprov.c are now generated using macros with fips_indicator_params.inc.
This should keep the naming consistent.

Some FIPS related he

Cleanups for FIPS options..

The options in fipsprov.c are now generated using macros with fips_indicator_params.inc.
This should keep the naming consistent.

Some FIPS related headers have moved to providers/fips/include so that
they can use fips_indicator_params.inc.
securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes
fipscommon.h.

fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than
using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used.
fips_names.h just uses aliases now for existing public names.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25162)

show more ...


# b80e2ddb 19-Aug-2024 Pauli

ecdsa: add verify_message param support

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openss

ecdsa: add verify_message param support

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25211)

show more ...


# fc5c86b8 29-Jul-2024 Pauli

fips: support signature-digest-checks in FIPS provider

Fixes #24936

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(M

fips: support signature-digest-checks in FIPS provider

Fixes #24936

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25020)

show more ...


# 5ab9f7e2 29-Jul-2024 Pauli

signatures: disallow XOF digests when doing signatures

Except for Ed448 and RSA PSS where they are mandatory and allow respectively.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.co

signatures: disallow XOF digests when doing signatures

Except for Ed448 and RSA PSS where they are mandatory and allow respectively.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25020)

show more ...


# c13ddf0a 01-Jul-2024 slontis

Change all existing FIPS configurable checks to use FIPS indicators.

This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Fa

Change all existing FIPS configurable checks to use FIPS indicators.

This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Failure of a check causes
either a failure OR the FIPS indicator callback to be triggered.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)

show more ...


# df0ee35b 22-Mar-2024 Jiasheng Jiang

signature/ecdsa_sig.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: edd3b7

signature/ecdsa_sig.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: edd3b7a309 ("Add ECDSA to providers")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23947)

show more ...


# da1c088f 07-Sep-2023 Matt Caswell

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes


# 1e6bd31e 19-Apr-2023 Irak Rigia

Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays

Fixes #20710

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays

Fixes #20710

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20745)

show more ...


# 1d857945 18-Jan-2023 Ingo Franzki

Allow OSSL_SIGNATURE_PARAM_NONCE_TYPE to be retrieved

Context parameter OSSL_SIGNATURE_PARAM_NONCE_TYPE can now also be
retrieved for ECDSA and DSA.

Signed-off-by: Ingo Franzki

Allow OSSL_SIGNATURE_PARAM_NONCE_TYPE to be retrieved

Context parameter OSSL_SIGNATURE_PARAM_NONCE_TYPE can now also be
retrieved for ECDSA and DSA.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20070)

show more ...


# f3090fc7 15-Jul-2022 slontis

Implement deterministic ECDSA sign (RFC6979)

This PR is based off the contributions in PR #9223 by Jemmy1228.

It has been modified and reworked to:
(1) Work with providers
(

Implement deterministic ECDSA sign (RFC6979)

This PR is based off the contributions in PR #9223 by Jemmy1228.

It has been modified and reworked to:
(1) Work with providers
(2) Support ECDSA and DSA
(3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG.

A nonce_type is passed around inside the Signing API's, in order to support any
future deterministic algorithms.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18809)

show more ...


# e077455e 29-Sep-2022 Richard Levitte

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...


# 3ffd23e9 04-Nov-2021 Tomas Mraz

providers: Allow possible reinitialization in all signature algorithms

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)


# 033e987c 14-Jul-2021 Tomas Mraz

Signature algos: allow having identical digest in params

The flag_allow_md prevents setting a digest in params however
this is unnecessarily strict. If the digest is the same as the

Signature algos: allow having identical digest in params

The flag_allow_md prevents setting a digest in params however
this is unnecessarily strict. If the digest is the same as the
one already set, we do not return an error.

Fixes #16071

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)

show more ...


# ed576acd 21-May-2021 Tomas Mraz

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_,

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)

show more ...


Revision tags: openssl-3.0.0-alpha17
# 6a2ab4a9 10-May-2021 Tomas Mraz

Allow arbitrary digests with ECDSA and DSA

Unless the FIPS security check is enabled we allow arbitrary digests
with ECDSA and DSA.

Fixes #14696

Reviewed-by: Paul Dale

Allow arbitrary digests with ECDSA and DSA

Unless the FIPS security check is enabled we allow arbitrary digests
with ECDSA and DSA.

Fixes #14696

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15220)

show more ...


Revision tags: openssl-3.0.0-alpha16
# 5a86dac8 06-May-2021 Richard Levitte

Rename files in providers/implementations/signatures

It was discovered that eddsa.c exist in two places, here and in
crypto/ec/curve448/, which would result in a file name clash if they

Rename files in providers/implementations/signatures

It was discovered that eddsa.c exist in two places, here and in
crypto/ec/curve448/, which would result in a file name clash if they
ever end up in the same library.

To mitigate, we rename the copy in providers/implementations/signatures
to have '_sig' in the file name, and do the same with all other source
files in this directory, for consistency.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)

show more ...