#
bb1aab38 |
| 22-Aug-2024 |
slontis |
FIPS: Add EDDSA public key validation. EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to determine if the public key is a valid point on the curve. The FIPS A
FIPS: Add EDDSA public key validation. EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to determine if the public key is a valid point on the curve. The FIPS ACVP tests require public key validation tests. See https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/EDDSA-KeyVer-1.0/internalProjection.json Note that this is NOT required to be called before EDDSA signature verification since it is done internally. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25265)
show more ...
|
#
fe1ce91f |
| 19-Aug-2024 |
Pauli |
acvptest: add positive and negative tests for verify message param Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https:
acvptest: add positive and negative tests for verify message param Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25211)
show more ...
|
#
4c37778a |
| 19-Aug-2024 |
slontis |
CI: Fix GCM IV check in acvp_test for crosstest Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/
CI: Fix GCM IV check in acvp_test for crosstest Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25223)
show more ...
|
#
563c51ce |
| 14-Aug-2024 |
slontis |
Add an indicator for AES GCM that returns if the iv has been generated internally. This is not using a strict check since there may be applications that require the IV to be generate
Add an indicator for AES GCM that returns if the iv has been generated internally. This is not using a strict check since there may be applications that require the IV to be generated externally (e.g. java). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25178)
show more ...
|
#
878f74eb |
| 06-Aug-2024 |
pohsingwu |
Setup padding mode correctly in acvp_test Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/opens
Setup padding mode correctly in acvp_test Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25115)
show more ...
|
#
f98e49b3 |
| 24-Jul-2024 |
slontis |
Add FIPS DSA Keygen tests Adjust the existing tests to disable DSA keygen in FIPS mode. Allow evp_test to load DSA 'KeyParams' that can then be used to perform a DSA KeyGen.
Add FIPS DSA Keygen tests Adjust the existing tests to disable DSA keygen in FIPS mode. Allow evp_test to load DSA 'KeyParams' that can then be used to perform a DSA KeyGen. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24978)
show more ...
|
#
85caa417 |
| 04-Jul-2024 |
slontis |
Disable DSA signing in the FIPS provider. This is a FIPS 140-3 requirement. This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0, OR OSSL_SIGNATU
Disable DSA signing in the FIPS provider. This is a FIPS 140-3 requirement. This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0, OR OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK is set to 0 in the dsa signing context. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24799)
show more ...
|
#
2cba2e16 |
| 24-May-2022 |
Peiwei Hu |
Fix the checks of EVP_PKEY_CTX_set/get_* functions Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/open
Fix the checks of EVP_PKEY_CTX_set/get_* functions Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18399)
show more ...
|
#
d649c51a |
| 21-May-2022 |
Peiwei Hu |
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
show more ...
|
#
588080cb |
| 01-Apr-2022 |
Pauli |
Fix coverity 1503330 use after free This is a false positive resulting from confusion over up_ref/free. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <sh
Fix coverity 1503330 use after free This is a false positive resulting from confusion over up_ref/free. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18014)
show more ...
|
#
ec9135a6 |
| 15-Dec-2021 |
Peiwei Hu |
get_ecdsa_sig_rs_bytes: free value of d2i_ECDSA_SIG() before return Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <t
get_ecdsa_sig_rs_bytes: free value of d2i_ECDSA_SIG() before return Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17280)
show more ...
|
#
0650ac43 |
| 14-Nov-2021 |
Peiwei Hu |
Fix EVP_PKEY_decrypt return check Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17028)
|
#
6e0b05f3 |
| 14-Nov-2021 |
Peiwei Hu |
EVP_PKEY_paramgen_init: fix return check Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merg
EVP_PKEY_paramgen_init: fix return check Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17030)
show more ...
|
#
098f2627 |
| 01-Nov-2021 |
PW Hu |
Fix incorrect return check of BN_bn2binpad Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Fix incorrect return check of BN_bn2binpad Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16942)
show more ...
|
#
884400d7 |
| 11-Oct-2021 |
slontis |
Fix tests to check for negative results when calling EVP_PKEY_fromdata_init Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16801)
|
#
1b327433 |
| 11-Oct-2021 |
Matt Caswell |
Fix acvp_test sig_gen Ensure we set the size of the signature buffer before we call EVP_DigestSign() Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.
Fix acvp_test sig_gen Ensure we set the size of the signature buffer before we call EVP_DigestSign() Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
#
d9c29baf |
| 17-Jul-2021 |
Pauli |
test: fix use after scope problem in ACVP test Repeat after me: thou shall not use an auto scope variable as a parameter that is used out of scope. Fixes GitHub CI #
test: fix use after scope problem in ACVP test Repeat after me: thou shall not use an auto scope variable as a parameter that is used out of scope. Fixes GitHub CI #6305 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16103)
show more ...
|
#
59f66d8c |
| 14-Jul-2021 |
Tomas Mraz |
acvp_test: Fix incorrect parenthesis Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16076)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
#
e2311445 |
| 27-May-2021 |
Shane Lontis |
Fix aes cfb1 so that it can operate in bit mode. The code to handle the cipher operation was already in the provider. It just needed a OSSL_PARAM in order to set this into the algorithm.
Fix aes cfb1 so that it can operate in bit mode. The code to handle the cipher operation was already in the provider. It just needed a OSSL_PARAM in order to set this into the algorithm. EVP_CIPHER_CTX_set_flags() has been modified to pass the OSSL_PARAM. Issue reported by Mark Powers from Acumen. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15496)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
a1f63873 |
| 13-May-2021 |
Shane Lontis |
Fix compiler error when using config option 'enable-acvp-tests' Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15264)
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
f9253152 |
| 20-Mar-2021 |
Dr. David von Oheimb |
Add convenience functions and macros for asymmetric key generation Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen(). Also export auxiliary function OSSL_EC_curve_nid
Add convenience functions and macros for asymmetric key generation Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen(). Also export auxiliary function OSSL_EC_curve_nid2name() and improve deprecation info on RSA and EC key generation/management functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14695)
show more ...
|
#
af9fb19a |
| 14-Apr-2021 |
MichaM |
Fix typos CLA: trivial Signed-off-by: MichaM <contact-micha+github@posteo.de> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
Fix typos CLA: trivial Signed-off-by: MichaM <contact-micha+github@posteo.de> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14879)
show more ...
|
#
e494fac7 |
| 15-Apr-2021 |
Pauli |
Fix naming for EVP_RAND_CTX_gettable functions. Change: EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settabl
Fix naming for EVP_RAND_CTX_gettable functions. Change: EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settable_params Which brings them in line with the other similar functions for other algorithm types. Fixes #14880 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14893)
show more ...
|
#
3f883c7c |
| 07-Apr-2021 |
Shane Lontis |
Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free(). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14785)
|