| #
bb1aab38 |
| 22-Aug-2024 |
slontis |
FIPS: Add EDDSA public key validation.
EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to
determine if the public key is a valid point on the curve.
The FIPS A
FIPS: Add EDDSA public key validation.
EVP_PKEY_public_check() can be used by ED25519 and ED448 in order to
determine if the public key is a valid point on the curve.
The FIPS ACVP tests require public key validation tests.
See https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/EDDSA-KeyVer-1.0/internalProjection.json
Note that this is NOT required to be called before EDDSA signature verification
since it is done internally.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25265)
show more ...
|
| #
fe1ce91f |
| 19-Aug-2024 |
Pauli |
acvptest: add positive and negative tests for verify message param
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https:
acvptest: add positive and negative tests for verify message param
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25211)
show more ...
|
| #
4c37778a |
| 19-Aug-2024 |
slontis |
CI: Fix GCM IV check in acvp_test for crosstest
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/
CI: Fix GCM IV check in acvp_test for crosstest
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25223)
show more ...
|
| #
563c51ce |
| 14-Aug-2024 |
slontis |
Add an indicator for AES GCM that returns if the iv has been generated
internally.
This is not using a strict check since there may be applications that
require the IV to be generate
Add an indicator for AES GCM that returns if the iv has been generated
internally.
This is not using a strict check since there may be applications that
require the IV to be generated externally (e.g. java).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25178)
show more ...
|
| #
878f74eb |
| 06-Aug-2024 |
pohsingwu |
Setup padding mode correctly in acvp_test
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/opens
Setup padding mode correctly in acvp_test
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25115)
show more ...
|
| #
f98e49b3 |
| 24-Jul-2024 |
slontis |
Add FIPS DSA Keygen tests
Adjust the existing tests to disable DSA keygen in FIPS mode.
Allow evp_test to load DSA 'KeyParams' that can then be used to
perform a DSA KeyGen.
Add FIPS DSA Keygen tests
Adjust the existing tests to disable DSA keygen in FIPS mode.
Allow evp_test to load DSA 'KeyParams' that can then be used to
perform a DSA KeyGen.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24978)
show more ...
|
| #
85caa417 |
| 04-Jul-2024 |
slontis |
Disable DSA signing in the FIPS provider.
This is a FIPS 140-3 requirement.
This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0,
OR OSSL_SIGNATU
Disable DSA signing in the FIPS provider.
This is a FIPS 140-3 requirement.
This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0,
OR OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK is set to 0 in the dsa signing context.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24799)
show more ...
|
| #
2cba2e16 |
| 24-May-2022 |
Peiwei Hu |
Fix the checks of EVP_PKEY_CTX_set/get_* functions
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/open
Fix the checks of EVP_PKEY_CTX_set/get_* functions
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18399)
show more ...
|
| #
d649c51a |
| 21-May-2022 |
Peiwei Hu |
Fix check of EVP_CIPHER_CTX_ctrl
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from
Fix check of EVP_CIPHER_CTX_ctrl
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18368)
show more ...
|
| #
588080cb |
| 01-Apr-2022 |
Pauli |
Fix coverity 1503330 use after free
This is a false positive resulting from confusion over up_ref/free.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <sh
Fix coverity 1503330 use after free
This is a false positive resulting from confusion over up_ref/free.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)
show more ...
|
| #
ec9135a6 |
| 15-Dec-2021 |
Peiwei Hu |
get_ecdsa_sig_rs_bytes: free value of d2i_ECDSA_SIG() before return
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <t
get_ecdsa_sig_rs_bytes: free value of d2i_ECDSA_SIG() before return
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17280)
show more ...
|
| #
0650ac43 |
| 14-Nov-2021 |
Peiwei Hu |
Fix EVP_PKEY_decrypt return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
|
| #
6e0b05f3 |
| 14-Nov-2021 |
Peiwei Hu |
EVP_PKEY_paramgen_init: fix return check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merg
EVP_PKEY_paramgen_init: fix return check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17030)
show more ...
|
| #
098f2627 |
| 01-Nov-2021 |
PW Hu |
Fix incorrect return check of BN_bn2binpad
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1
Fix incorrect return check of BN_bn2binpad
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16942)
show more ...
|
| #
884400d7 |
| 11-Oct-2021 |
slontis |
Fix tests to check for negative results when calling EVP_PKEY_fromdata_init
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16801)
|
| #
1b327433 |
| 11-Oct-2021 |
Matt Caswell |
Fix acvp_test sig_gen
Ensure we set the size of the signature buffer before we call
EVP_DigestSign()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.
Fix acvp_test sig_gen
Ensure we set the size of the signature buffer before we call
EVP_DigestSign()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
show more ...
|
| #
d9c29baf |
| 17-Jul-2021 |
Pauli |
test: fix use after scope problem in ACVP test
Repeat after me:
thou shall not use an auto scope variable as a parameter
that is used out of scope.
Fixes GitHub CI #
test: fix use after scope problem in ACVP test
Repeat after me:
thou shall not use an auto scope variable as a parameter
that is used out of scope.
Fixes GitHub CI #6305
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16103)
show more ...
|
| #
59f66d8c |
| 14-Jul-2021 |
Tomas Mraz |
acvp_test: Fix incorrect parenthesis
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
|
| #
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
| #
e2311445 |
| 27-May-2021 |
Shane Lontis |
Fix aes cfb1 so that it can operate in bit mode.
The code to handle the cipher operation was already in the provider.
It just needed a OSSL_PARAM in order to set this into the algorithm.
Fix aes cfb1 so that it can operate in bit mode.
The code to handle the cipher operation was already in the provider.
It just needed a OSSL_PARAM in order to set this into the algorithm.
EVP_CIPHER_CTX_set_flags() has been modified to pass the OSSL_PARAM.
Issue reported by Mark Powers from Acumen.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17 |
|
| #
a1f63873 |
| 13-May-2021 |
Shane Lontis |
Fix compiler error when using config option 'enable-acvp-tests'
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15264)
|
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
| #
f9253152 |
| 20-Mar-2021 |
Dr. David von Oheimb |
Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid
Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
show more ...
|
| #
af9fb19a |
| 14-Apr-2021 |
MichaM |
Fix typos
CLA: trivial
Signed-off-by: MichaM <contact-micha+github@posteo.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Fix typos
CLA: trivial
Signed-off-by: MichaM <contact-micha+github@posteo.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14879)
show more ...
|
| #
e494fac7 |
| 15-Apr-2021 |
Pauli |
Fix naming for EVP_RAND_CTX_gettable functions.
Change:
EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params
EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settabl
Fix naming for EVP_RAND_CTX_gettable functions.
Change:
EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params
EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settable_params
Which brings them in line with the other similar functions for other algorithm
types.
Fixes #14880
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14893)
show more ...
|
| #
3f883c7c |
| 07-Apr-2021 |
Shane Lontis |
Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14785)
|
