#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
c23ce352 |
| 02-Sep-2024 |
Ingo Franzki |
s390x: Fix prehash-by-caller handling for ED25519 and ED448 In case of prehash or prehash-by-caller is set skip the s390x specific acceleration an fallback to the non-accelerated code pa
s390x: Fix prehash-by-caller handling for ED25519 and ED448 In case of prehash or prehash-by-caller is set skip the s390x specific acceleration an fallback to the non-accelerated code path. Fixes: 66966827740a04249300b0b25735e9d4c9bcab26 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25351)
show more ...
|
#
66966827 |
| 24-Jul-2024 |
Richard Levitte |
Add ED25519 and ED448 support for EVP_PKEY_{sign,verify}_init_ex2() In this mode, only the ph instances are supported, and must be set explicitly through a parameter. The caller is assu
Add ED25519 and ED448 support for EVP_PKEY_{sign,verify}_init_ex2() In this mode, only the ph instances are supported, and must be set explicitly through a parameter. The caller is assumed to pass a prehash to EVP_PKEY_{sign,verify}(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24975)
show more ...
|
#
1751334f |
| 02-Feb-2024 |
Richard Levitte |
Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448 implementations, including ph and ctx var
Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448 implementations, including ph and ctx variants. Tests are added with test_evp stanzas. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24975)
show more ...
|
#
f6a296c3 |
| 12-Aug-2024 |
slontis |
Cleanups for FIPS options.. The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related he
Cleanups for FIPS options.. The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related headers have moved to providers/fips/include so that they can use fips_indicator_params.inc. securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes fipscommon.h. fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used. fips_names.h just uses aliases now for existing public names. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25162)
show more ...
|
#
dcc118cd |
| 16-Aug-2024 |
Pauli |
replace static declarations Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2519
replace static declarations Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25192)
show more ...
|
#
7de47702 |
| 14-Aug-2024 |
Pauli |
Revert "EdDSA: disallow verification from a pregenerated hash when in FIPS" This reverts commit 2d759937e2ee78c27c83f1433f79b33256ab1a39. Reviewed-by: Shane Lontis <shane.lontis@ora
Revert "EdDSA: disallow verification from a pregenerated hash when in FIPS" This reverts commit 2d759937e2ee78c27c83f1433f79b33256ab1a39. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25192)
show more ...
|
#
1348f4b5 |
| 14-Aug-2024 |
Pauli |
Revert "Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only" This reverts commit ca112fccdd34a8538f14ddf8c3569b8331eae357. Reviewed-by: Shane Lontis <shane.lonti
Revert "Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only" This reverts commit ca112fccdd34a8538f14ddf8c3569b8331eae357. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25192)
show more ...
|
#
ca112fcc |
| 14-Aug-2024 |
Tomas Mraz |
Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://
Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25188)
show more ...
|
#
2d759937 |
| 30-Jul-2024 |
Pauli |
EdDSA: disallow verification from a pregenerated hash when in FIPS Also includes an indicator and the capability to bypass via configuration or params. Fixes #24937 Rev
EdDSA: disallow verification from a pregenerated hash when in FIPS Also includes an indicator and the capability to bypass via configuration or params. Fixes #24937 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25032)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
1e6bd31e |
| 19-Apr-2023 |
Irak Rigia |
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
show more ...
|
#
f225fbf9 |
| 17-Jan-2023 |
Juergen Christ |
S390X: Fix Ed448ph CPACF does not support pre-hashing. This was considered correctly for Ed25519ph, but not for Ed448ph which lead to errors in the test_evp suite (test vector 20 -
S390X: Fix Ed448ph CPACF does not support pre-hashing. This was considered correctly for Ed25519ph, but not for Ed448ph which lead to errors in the test_evp suite (test vector 20 - pre-hashing without context string). Fix this by using the non-accelerated version of Ed448 also if no context string is provided, but pre-hashing is performed. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20067)
show more ...
|
#
836080a8 |
| 16-Oct-2022 |
James Muir |
Support all five EdDSA instances from RFC 8032 Fixes #6277 Description: Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519, Ed25519ctx, Ed25519ph, Ed448, E
Support all five EdDSA instances from RFC 8032 Fixes #6277 Description: Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519, Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs. The desired EdDSA instance is specified via an OSSL_PARAM. All instances, except for Ed25519, allow context strings as input. Context strings are passed via an OSSL_PARAM. For Ed25519ctx, the context string must be nonempty. Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that the full message (not a digest) must be passed to sign and verify operations. Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input message is hashed before sign and verify. Testing: All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt (thanks to Shane Lontis for showing how to do that). Those 21 test vectors are exercised by evp_test.c and cover all five instances. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19705)
show more ...
|
#
f5a10d5c |
| 28-Oct-2022 |
Wangchong Zhou |
Check for private key existence before calling eddsa sign functions Fixes #19524 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merg
Check for private key existence before calling eddsa sign functions Fixes #19524 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19525)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
bbedc052 |
| 01-Aug-2022 |
Sebastian Andrzej Siewior |
providers: Set the size of EC signature on s390. The s390x provides its custom implementation for the creation of the ed448 and ed25519 signatures. Unfortunately it does not set the size
providers: Set the size of EC signature on s390. The s390x provides its custom implementation for the creation of the ed448 and ed25519 signatures. Unfortunately it does not set the size. Users that rely of this return parameter end up with wrong values and will compare wrong sizes of signature. Set the proper size of the returned signature on success. Set an error if the signing operation fails. Fixes: #18912 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18928)
show more ...
|
#
e257d3e7 |
| 02-May-2022 |
JHH20 |
Remove duplicated #include headers CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl
Remove duplicated #include headers CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220)
show more ...
|
#
3ffd23e9 |
| 04-Nov-2021 |
Tomas Mraz |
providers: Allow possible reinitialization in all signature algorithms Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16964)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
5a86dac8 |
| 06-May-2021 |
Richard Levitte |
Rename files in providers/implementations/signatures It was discovered that eddsa.c exist in two places, here and in crypto/ec/curve448/, which would result in a file name clash if they
Rename files in providers/implementations/signatures It was discovered that eddsa.c exist in two places, here and in crypto/ec/curve448/, which would result in a file name clash if they ever end up in the same library. To mitigate, we rename the copy in providers/implementations/signatures to have '_sig' in the file name, and do the same with all other source files in this directory, for consistency. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15171)
show more ...
|