#
86e5ac6d |
| 08-Oct-2020 |
Richard Levitte |
make ordinals Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13092)
|
#
db554ae1 |
| 02-Oct-2020 |
Jordan Montgomery |
Expose PKCS7_get_octet_string and PKCS7_type_is_other Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public interface. Fixes #11139 Reviewed-by: Tim Hudson <tjh@o
Expose PKCS7_get_octet_string and PKCS7_type_is_other Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public interface. Fixes #11139 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13059)
show more ...
|
#
746f3674 |
| 24-Sep-2020 |
Matt Caswell |
Fix some things the rename script didn't quite get right The previous commit ran an automated rename throughout the codebase. There are a small number of things it didn't quite get right
Fix some things the rename script didn't quite get right The previous commit ran an automated rename throughout the codebase. There are a small number of things it didn't quite get right so we fix those in this commit. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
#
3786d748 |
| 24-Sep-2020 |
jwalch |
en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management Fixes #12635 As discussed in the issue, supporting the set0-like semantics long-term is not necessarily desirable, although
en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management Fixes #12635 As discussed in the issue, supporting the set0-like semantics long-term is not necessarily desirable, although necessary for short-term compatibility concerns. So I've deprecated the original method and added an equivalent that is explicitly labelled as set1. I tried to audit existing usages of the (now-deprecated) API and update them to use set1 if that appeared to align with their expectations. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12917)
show more ...
|
#
fa9e541d |
| 22-Sep-2020 |
Shane Lontis |
Remove openssl provider app Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12943)
|
#
14711fff |
| 18-Sep-2020 |
Richard Levitte |
EVP: Enforce that EVP_PKEY_set_alias_type() only works with legacy keys This also deprecates the function, as it is not necessary any more, and should fall out of use. Reviewed-
EVP: Enforce that EVP_PKEY_set_alias_type() only works with legacy keys This also deprecates the function, as it is not necessary any more, and should fall out of use. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12920)
show more ...
|
#
25b16562 |
| 25-Sep-2020 |
Richard Levitte |
Hide ECX_KEY again ECX_KEY was not meant for public consumption, it was only to be accessed indirectly via EVP routines. However, we still need internal access for our decoders.
Hide ECX_KEY again ECX_KEY was not meant for public consumption, it was only to be accessed indirectly via EVP routines. However, we still need internal access for our decoders. This partially reverts 7c664b1f1b5f60bf896f5fdea5c08c401c541dfe Fixes #12880 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12956)
show more ...
|
#
c9452d74 |
| 21-Sep-2020 |
Pauli |
kdf/mac: add name query calls for KDFs and MACs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12931)
|
#
a3163561 |
| 21-Sep-2020 |
Shane Lontis |
Fix merge error with libcrypto.num Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12929)
|
#
48b62fb3 |
| 14-Sep-2020 |
Richard Levitte |
DECODER: Some cleanups, and aligning with OSSL_ENCODER Mostly source nits, but also removing a couple of OSSL_DECODER_PARAM macros that are never used or even make sense. Also,
DECODER: Some cleanups, and aligning with OSSL_ENCODER Mostly source nits, but also removing a couple of OSSL_DECODER_PARAM macros that are never used or even make sense. Also, some function names weren't quite consistent. They were made a bit more consistent in the OSSL_ENCODER API, now we bring that back to OSSL_DECODER. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
#
ae12eac0 |
| 14-Sep-2020 |
Richard Levitte |
TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() This adds the convenience function EVP_PKEY_typenames_do_all(), which does the same as EVP_KEYMGMT_names_do
TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() This adds the convenience function EVP_PKEY_typenames_do_all(), which does the same as EVP_KEYMGMT_names_do_all(), but without having to expose all the internal ways to find out if the internal EVP_PKEY key is legacy or provider-native. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
#
b8975c68 |
| 14-Sep-2020 |
Richard Levitte |
ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER OSSL_ENCODER was developed before OSSL_DECODER, so the idea of chaining and the resulting API came later. This series
ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER OSSL_ENCODER was developed before OSSL_DECODER, so the idea of chaining and the resulting API came later. This series of changes brings the same sort of API and functionality back to OSSL_ENCODER, making the two APIs more consistent with each other. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
#
08e9684c |
| 18-Sep-2020 |
David Benjamin |
Deprecate ASN1_STRING_length_set in OpenSSL 3.0. Fixes #12885 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> GH: #12922
|
#
80f4fd18 |
| 19-Sep-2020 |
Shane Lontis |
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750)
show more ...
|
#
fe2f8aec |
| 21-Aug-2020 |
Tomas Mraz |
EC_KEY: add EC_KEY_decoded_from_explicit_params() The function returns 1 when the encoding of a decoded EC key used explicit encoding of the curve parameters. Reviewed-by: David
EC_KEY: add EC_KEY_decoded_from_explicit_params() The function returns 1 when the encoding of a decoded EC key used explicit encoding of the curve parameters. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12683)
show more ...
|
#
d8025f4a |
| 13-Sep-2020 |
Matt Caswell |
Correctly display the signing/hmac algorithm in the dgst app In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce output like this: HMAC-SHA1(README.md)= 55315
Correctly display the signing/hmac algorithm in the dgst app In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce output like this: HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1 Prior to this change master would instead display this like so: SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1 The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get the algorithm name from the EVP_PKEY. This doesn't work with provider based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name() function, and an equivalent EVP_KEYMGMT_get0_first_name() function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12850)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
eb750219 |
| 02-Jun-2020 |
Tim Hudson |
undeprecate EVP_PKEY_cmp and EVP_PKEY_cmp_parameters Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openss
undeprecate EVP_PKEY_cmp and EVP_PKEY_cmp_parameters Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12013)
show more ...
|
#
4f14a378 |
| 12-Sep-2020 |
Dr. Matthias St. Pierre |
prov/drbg: cleanup some RAND_DRBG leftovers These are leftovers from the RAND_DRBG removal (#12509). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.co
prov/drbg: cleanup some RAND_DRBG leftovers These are leftovers from the RAND_DRBG removal (#12509). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12866)
show more ...
|
#
7229a2f4 |
| 10-Sep-2020 |
Richard Levitte |
EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers Fixes #12852 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.c
EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers Fixes #12852 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12853)
show more ...
|
#
b250fc7b |
| 26-May-2020 |
Pauli |
Deprecate SHA and MD5 again. This reverts commit a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl
Deprecate SHA and MD5 again. This reverts commit a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11961)
show more ...
|
#
924663c3 |
| 06-Sep-2020 |
Jakub Zelenka |
Add CMS AuthEnvelopedData with AES-GCM support Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM parameter as defined in RFC 5084. Reviewed-by: Shane Lontis <shane.l
Add CMS AuthEnvelopedData with AES-GCM support Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM parameter as defined in RFC 5084. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8024)
show more ...
|
#
8d6481f5 |
| 04-Sep-2020 |
Richard Levitte |
EVP: Move the functions and controls for setting and getting distid Those functions were located in the EC files, but is really broader than that, even thought currently only used for SM
EVP: Move the functions and controls for setting and getting distid Those functions were located in the EC files, but is really broader than that, even thought currently only used for SM2. They should therefore be in a more central location, which was also indicated by diverse TODOs. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12789)
show more ...
|
#
86df26b3 |
| 02-Sep-2020 |
Richard Levitte |
EVP: Add support for delayed EVP_PKEY operation parameters They get called "delayed parameters" because they may make it to the implementation at a later time than when they're given.
EVP: Add support for delayed EVP_PKEY operation parameters They get called "delayed parameters" because they may make it to the implementation at a later time than when they're given. This currently only covers the distinguished ID, as that's the only EVP_PKEY operation parameter so far that has been possible to give before the operation has been initialized. This includes a re-implementation of EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id(), and EVP_PKEY_CTX_get1_id_len(). Also, the more rigorous controls of keytype and optype are restored. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12789)
show more ...
|
#
bef76386 |
| 04-Sep-2020 |
jwalch |
Cleanup deprecation of ENGINE_setup_bsd_cryptodev CLA: trivial Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https:/
Cleanup deprecation of ENGINE_setup_bsd_cryptodev CLA: trivial Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12793)
show more ...
|
#
0b86eefd |
| 28-Aug-2020 |
Dr. David von Oheimb |
OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12
OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12788)
show more ...
|