#
f4887d72 |
| 11-Sep-2024 |
Jonathan M. Wilbur |
doc: support the roleSpecCertIdentifier X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/o
doc: support the roleSpecCertIdentifier X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25428)
show more ...
|
#
ac645995 |
| 11-Sep-2024 |
Dmitry Belyavskiy |
EVP_get_default_properties - make update Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
EVP_get_default_properties - make update Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25434)
show more ...
|
#
a6e0d6d5 |
| 21-Aug-2024 |
Jonathan M. Wilbur |
feat: support the authorityAttributeIdentifier X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://githu
feat: support the authorityAttributeIdentifier X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25244)
show more ...
|
#
3e3a2bfc |
| 05-Sep-2024 |
Tomas Mraz |
libcrypto/libssl.num: Set the numbers for 3_4_0 symbols Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzg
libcrypto/libssl.num: Set the numbers for 3_4_0 symbols Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25393)
show more ...
|
#
14c45338 |
| 26-Aug-2024 |
slontis |
EVP_MD_size() updates For SHAKE algorithms we now return 0 from EVP_MD_size(). So all the places that check for < 0 needed to change to <= 0 (Otherwise the behaviour will be to diges
EVP_MD_size() updates For SHAKE algorithms we now return 0 from EVP_MD_size(). So all the places that check for < 0 needed to change to <= 0 (Otherwise the behaviour will be to digest nothing in most cases). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285)
show more ...
|
#
033dcce2 |
| 25-Jul-2024 |
Richard Levitte |
feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor() This should be sufficient to cover the intent with the following legacy ctrls: - EVP_PKEY_CTRL_PKC
feat: Implement EVP_PKEY_CTX_{set,get}_algor_params() and EVP_PKEY_CTX_get_algor() This should be sufficient to cover the intent with the following legacy ctrls: - EVP_PKEY_CTRL_PKCS7_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_PKCS7_SIGN (through EVP_SIGNATURE implementations) - EVP_PKEY_CTRL_CMS_ENCRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_DECRYPT (through EVP_ASYM_CIPHER implementations) - EVP_PKEY_CTRL_CMS_SIGN (through EVP_SIGNATURE implementations) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000)
show more ...
|
#
258aaa97 |
| 25-Jul-2024 |
Richard Levitte |
feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor() EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can be used instead of EVP_
feat: Implement EVP_CIPHER_CTX_{set,get}_algor_params() and EVP_CIPHER_CTX_get_algor() EVP_CIPHER_CTX_set_algor_params() and EVP_CIPHER_CTX_set_algor_params() can be used instead of EVP_CIPHER_asn1_to_param() and EVP_CIPHER_param_to_asn1(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000)
show more ...
|
#
e675aabb |
| 18-Jan-2024 |
Richard Levitte |
Implement functionality for direct use of composite signature algorithms The following API groups are extended with a new init function, as well as an update and final function, to allow
Implement functionality for direct use of composite signature algorithms The following API groups are extended with a new init function, as well as an update and final function, to allow the use of explicitly fetched signature implementations for any composite signature algorithm, like "sha1WithRSAEncryption": - EVP_PKEY_sign - EVP_PKEY_verify - EVP_PKEY_verify_recover To support this, providers are required to add a few new functions, not the least one that declares what key types an signature implementation supports. While at this, the validity check in evp_signature_from_algorithm() is also refactored; the SIGNATURE provider functionality is too complex for counters. It's better, or at least more readable, to check function combinations. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
show more ...
|
#
fe79159b |
| 07-Jun-2024 |
Dmitry Belyavskiy |
Implementation of the RFC 9579, PBMAC1 in PKCS#12 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openss
Implementation of the RFC 9579, PBMAC1 in PKCS#12 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24577)
show more ...
|
#
d9346c59 |
| 24-Jul-2024 |
slontis |
Add KeyManagement keygen parameter getter/gettable functions. Added OSSL_FUNC_keymgmt_gen_get_params() and OSSL_FUNC_keymgmt_gen_gettable_params() This will allow a FIPS indicat
Add KeyManagement keygen parameter getter/gettable functions. Added OSSL_FUNC_keymgmt_gen_get_params() and OSSL_FUNC_keymgmt_gen_gettable_params() This will allow a FIPS indicator parameter to be queried after keygen. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24978)
show more ...
|
#
34e8ddfc |
| 10-Jul-2024 |
Jonathan M. Wilbur |
doc: the basicAttConstraints X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/open
doc: the basicAttConstraints X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24847)
show more ...
|
#
04f7729c |
| 12-Jul-2024 |
Neil Horman |
Add an OPENSSL_strtoul wrapper utility function to give us sane checking on strtoul conversions Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@o
Add an OPENSSL_strtoul wrapper utility function to give us sane checking on strtoul conversions Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24861)
show more ...
|
#
06da1473 |
| 03-Jul-2024 |
slontis |
Add FIPS indicators to evp_test evp_test code needed to be modified to defer setting algorithm contexts until the run phase. The parse functions also defer setting into the context u
Add FIPS indicators to evp_test evp_test code needed to be modified to defer setting algorithm contexts until the run phase. The parse functions also defer setting into the context until the run phase, which allows the context to initialize in a controlled order. This allows params to be passed into the algorithm init function. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
#
4925af7b |
| 04-Jul-2024 |
Dr. David von Oheimb |
add X509v3_add_extensions() Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24792)
|
#
2c1ef172 |
| 21-Jun-2024 |
erbsland-dev |
Add and Update Documentation for TS_VERIFY_CTX Functions Mark the existing `TS_VERIFY_CTX_set_certs` function as deprecated in the documentation. Add missing documentation for the de
Add and Update Documentation for TS_VERIFY_CTX Functions Mark the existing `TS_VERIFY_CTX_set_certs` function as deprecated in the documentation. Add missing documentation for the deprecated functions `TS_VERIFY_CTX_set_data`, `TS_VERIFY_CTX_set_imprint`, and `TS_VERIFY_CTX_set_store`. Write missing documentation for the following functions: - `TS_VERIFY_CTX_new` - `TS_VERIFY_CTX_init` - `TS_VERIFY_CTX_free` - `TS_VERIFY_CTX_cleanup` - `TS_VERIFY_CTX_set_flags` - `TS_VERIFY_CTX_add_flags` - `TS_VERIFY_CTX_set0_data` - `TS_VERIFY_CTX_set0_imprint` - `TS_VERIFY_CTX_set0_store` - `TS_VERIFY_CTX_set0_certs` Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24701)
show more ...
|
#
2ef6fa1c |
| 28-Jun-2024 |
Jonathan M. Wilbur |
feat: support userNotice X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/
feat: support userNotice X.509v3 extension Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24761)
show more ...
|
#
16beec98 |
| 28-Jun-2024 |
Georgi Valkov |
threads_win: fix build error with VS2010 x86 InterlockedAnd64 and InterlockedAdd64 are not available on VS2010 x86. We already have implemented replacements for other functions, such as
threads_win: fix build error with VS2010 x86 InterlockedAnd64 and InterlockedAdd64 are not available on VS2010 x86. We already have implemented replacements for other functions, such as InterlockedOr64. Apply the same approach to fix the errors. A CRYPTO_RWLOCK rw_lock is added to rcu_lock_st. Replace InterlockedOr64 and InterlockedOr with CRYPTO_atomic_load and CRYPTO_atomic_load_int, using the existing design pattern. Add documentation and tests for the new atomic functions CRYPTO_atomic_add64, CRYPTO_atomic_and Fixes: libcrypto.lib(libcrypto-lib-threads_win.obj) : error LNK2019: unresolved external symbol _InterlockedAdd64 referenced in function _get_hold_current_qp libcrypto.lib(libcrypto-lib-threads_win.obj) : error LNK2019: unresolved external symbol _InterlockedOr referenced in function _get_hold_current_qp libcrypto.lib(libcrypto-lib-threads_win.obj) : error LNK2019: unresolved external symbol _InterlockedAnd64 referenced in function _update_qp libcrypto.lib(libcrypto-lib-threads_win.obj) : error LNK2019: unresolved external symbol _InterlockedOr64 referenced in function _ossl_synchronize_rcu Signed-off-by: Georgi Valkov <gvalkov@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24405)
show more ...
|
#
be5adfd6 |
| 18-Jun-2024 |
Jonathan M. Wilbur |
Support subjectDirectoryAttributes and associatedInformation exts Added tests for SDA and AI extensions. Added internal function ossl_print_attribute_value() with documentation.
Support subjectDirectoryAttributes and associatedInformation exts Added tests for SDA and AI extensions. Added internal function ossl_print_attribute_value() with documentation. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24669)
show more ...
|
#
6a3579e1 |
| 15-May-2024 |
Rajeev Ranjan |
CMP: add support for requesting cert template using genm/genp Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from ht
CMP: add support for requesting cert template using genm/genp Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24409)
show more ...
|
#
58301e24 |
| 01-Jun-2024 |
Jonathan M. Wilbur |
Add support for targetingInformation X.509v3 extension Support for the targetingInformation X.509v3 extension defined in ITU-T Recommendation X.509 (2019), Section 17.1.2.2. This extensi
Add support for targetingInformation X.509v3 extension Support for the targetingInformation X.509v3 extension defined in ITU-T Recommendation X.509 (2019), Section 17.1.2.2. This extension is used in attribute certificates. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22206)
show more ...
|
#
da9342ed |
| 16-May-2024 |
sashan |
Move stack of compression methods from libssl to OSSL_LIB_CTX The compression methods are now a global variable in libssl. This change moves it into OSSL library context. It is
Move stack of compression methods from libssl to OSSL_LIB_CTX The compression methods are now a global variable in libssl. This change moves it into OSSL library context. It is necessary to eliminate atexit call from libssl. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24414)
show more ...
|
#
21819f78 |
| 26-Apr-2024 |
Tomas Mraz |
Make conf_diagnostics apply also to the SSL conf errors Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/opens
Make conf_diagnostics apply also to the SSL conf errors Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24275)
show more ...
|
#
ee28152e |
| 07-Mar-2024 |
Rajeev Ranjan |
CMP: Improvements of the support for requesting CRL Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <
CMP: Improvements of the support for requesting CRL Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23768)
show more ...
|
#
40a200f9 |
| 03-Dec-2022 |
Dr. David von Oheimb |
CMP: add support for genm with crlStatusList and genp with crls Introduce the capability to retrieve and update Certificate Revocation Lists (CRLs) in the CMP client, as specified in sec
CMP: add support for genm with crlStatusList and genp with crls Introduce the capability to retrieve and update Certificate Revocation Lists (CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483. To request a CRL update, the CMP client can send a genm message with the option -infotype crlStatusList. The server will respond with a genp message containing the updated CRL, using the -infoType id-it-crls. The client can then save the CRL in a specified file using the -crlout parameter. Co-authored-by: Rajeev Ranjan <ranjan.rajeev@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23768)
show more ...
|
#
dab96a4f |
| 03-Jun-2021 |
Damian Hobson-Garcia |
x509_acert: Load attributes from config file section Several of the attribute values defined for use by attribute certificates use multi-valued data in an ASN.1 SEQUENCE. Allow reading o
x509_acert: Load attributes from config file section Several of the attribute values defined for use by attribute certificates use multi-valued data in an ASN.1 SEQUENCE. Allow reading of these values from a configuration file, similar to how generic X.509 extensions are handled. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15857)
show more ...
|