#
f6a296c3 |
| 12-Aug-2024 |
slontis |
Cleanups for FIPS options.. The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related he
Cleanups for FIPS options.. The options in fipsprov.c are now generated using macros with fips_indicator_params.inc. This should keep the naming consistent. Some FIPS related headers have moved to providers/fips/include so that they can use fips_indicator_params.inc. securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes fipscommon.h. fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used. fips_names.h just uses aliases now for existing public names. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25162)
show more ...
|
#
09416667 |
| 25-Jul-2024 |
Richard Levitte |
Amend the design of AlgorithmIdentifier parameter passing I realised that any application that passes AlgorithmIdentifier parameters to and from a provider may also be interested in the
Amend the design of AlgorithmIdentifier parameter passing I realised that any application that passes AlgorithmIdentifier parameters to and from a provider may also be interested in the full AlgorithmIdentifier of the implementation invocation. Likewise, any application that wants to get the full AlgorithmIdentifier from an implementation invocation may also want to pass AlgorithmIdentifier parameters to that same implementation invocation. These amendments should be useful to cover all intended uses of the legacy ctrls for PKCS7 and CMS: - EVP_PKEY_CTRL_PKCS7_ENCRYPT - EVP_PKEY_CTRL_PKCS7_DECRYPT - EVP_PKEY_CTRL_PKCS7_SIGN - EVP_PKEY_CTRL_CMS_ENCRYPT - EVP_PKEY_CTRL_CMS_DECRYPT - EVP_PKEY_CTRL_CMS_SIGN It should also cover a number of other cases that were previously implemented through EVP_PKEY_ASN1_METHOD, as well as all sorts of other cases where the application has had to assemble a X509_ALGOR on their own. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25000)
show more ...
|
#
38f1e18e |
| 16-Aug-2024 |
Pauli |
param: add OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE parameter name Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https:
param: add OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE parameter name Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25211)
show more ...
|
#
ea396c70 |
| 05-Aug-2024 |
slontis |
Add FIPS KMAC key check This adds a FIPS indicator for KMAC key size. Note that 112 bits keys are still smaller than the sizes required to reach 128 bits for KMAC128 and 256 bits
Add FIPS KMAC key check This adds a FIPS indicator for KMAC key size. Note that 112 bits keys are still smaller than the sizes required to reach 128 bits for KMAC128 and 256 bits for KMAC256 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049)
show more ...
|
#
390f00a1 |
| 31-Jul-2024 |
slontis |
Add HMAC FIPS keysize check. HMAC has been changed to use a FIPS indicator for its key check. HKDF and Single Step use a salt rather than a key when using HMAC, so we need a mec
Add HMAC FIPS keysize check. HMAC has been changed to use a FIPS indicator for its key check. HKDF and Single Step use a salt rather than a key when using HMAC, so we need a mechanism to bypass this check in HMAC. A seperate 'internal' query table has been added to the FIPS provider for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore the key check. If a KDF requires the key check then it must do the check itself. The normal MAC dipatch table is used if the user fetches HMAC directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049)
show more ...
|
#
e675aabb |
| 18-Jan-2024 |
Richard Levitte |
Implement functionality for direct use of composite signature algorithms The following API groups are extended with a new init function, as well as an update and final function, to allow
Implement functionality for direct use of composite signature algorithms The following API groups are extended with a new init function, as well as an update and final function, to allow the use of explicitly fetched signature implementations for any composite signature algorithm, like "sha1WithRSAEncryption": - EVP_PKEY_sign - EVP_PKEY_verify - EVP_PKEY_verify_recover To support this, providers are required to add a few new functions, not the least one that declares what key types an signature implementation supports. While at this, the validity check in evp_signature_from_algorithm() is also refactored; the SIGNATURE provider functionality is too complex for counters. It's better, or at least more readable, to check function combinations. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
show more ...
|
#
563c51ce |
| 14-Aug-2024 |
slontis |
Add an indicator for AES GCM that returns if the iv has been generated internally. This is not using a strict check since there may be applications that require the IV to be generate
Add an indicator for AES GCM that returns if the iv has been generated internally. This is not using a strict check since there may be applications that require the IV to be generated externally (e.g. java). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25178)
show more ...
|
#
3e7334f3 |
| 14-Aug-2024 |
Pauli |
Revert "param: add OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED" This reverts commit 5abd7e5f796a9564c5f020053833deee1b9f7c6e. Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Revert "param: add OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED" This reverts commit 5abd7e5f796a9564c5f020053833deee1b9f7c6e. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25192)
show more ...
|
#
05681e0e |
| 08-Aug-2024 |
slontis |
Add FIPS Indicator for ECDH cofactor. FIPS KAS requires use of ECC CDH. The EC 'B' and 'K' curves have a cofactor that is not 1, and this MUST be multiplied by the private key w
Add FIPS Indicator for ECDH cofactor. FIPS KAS requires use of ECC CDH. The EC 'B' and 'K' curves have a cofactor that is not 1, and this MUST be multiplied by the private key when deriving the shared secret. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25139)
show more ...
|
#
f3c03be3 |
| 07-Aug-2024 |
pohsingwu |
Restrict salt length for RSA-PSS in the FIPS provider Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/o
Restrict salt length for RSA-PSS in the FIPS provider Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25115)
show more ...
|
#
c2b8af89 |
| 05-Aug-2024 |
Pauli |
params: add kbkdf key check param Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull
params: add kbkdf key check param Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25095)
show more ...
|
#
61ac0ca1 |
| 31-Jul-2024 |
Pauli |
param: add ASYM_CIPHER_PARAM_PKCS15_PADDING_DISABLED Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://githu
param: add ASYM_CIPHER_PARAM_PKCS15_PADDING_DISABLED Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25070)
show more ...
|
#
5abd7e5f |
| 30-Jul-2024 |
Pauli |
param: add OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/
param: add OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25032)
show more ...
|
#
49a35f0f |
| 24-Jul-2024 |
slontis |
Disallow DSA Keygen in the FIPS provider This uses a FIPS indicator. Since DSA KeyGen is only useful for DSA signing, it reuses the DSA signing FIPS configuration option and settable
Disallow DSA Keygen in the FIPS provider This uses a FIPS indicator. Since DSA KeyGen is only useful for DSA signing, it reuses the DSA signing FIPS configuration option and settable ctx name. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24978)
show more ...
|
#
aa3830c3 |
| 26-Jul-2024 |
pohsingwu |
Add new configurable item `pbkdf2-lower-bound-check` Since FIPS provider performs lower bound check by default from v3.0, the default value for new configurable item will be one.
Add new configurable item `pbkdf2-lower-bound-check` Since FIPS provider performs lower bound check by default from v3.0, the default value for new configurable item will be one. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24120)
show more ...
|
#
ed7a8bfd |
| 30-Jul-2024 |
Tomas Mraz |
ssl_evp_cipher_fetch(): Avoid using 3DES from the FIPS provider Avoid using a fetched cipher that is decrypt-only which is the case for 3DES from the fips provider. Add a decryp
ssl_evp_cipher_fetch(): Avoid using 3DES from the FIPS provider Avoid using a fetched cipher that is decrypt-only which is the case for 3DES from the fips provider. Add a decrypt-only parameter to the EVP_CIPHER and test it in libssl when fetching. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25028)
show more ...
|
#
1b838621 |
| 02-Jun-2024 |
pohsingwu |
Restrict the length of key-derivation key used in KDFs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/o
Restrict the length of key-derivation key used in KDFs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23900)
show more ...
|
#
07e4d7f4 |
| 29-Jul-2024 |
slontis |
Add RSA Signature restrictions for X9.31 padding in the FIPS provider. In FIPS 140-3, RSA Signing with X9.31 padding is not approved, but verification is allowed for legacy purposes. An
Add RSA Signature restrictions for X9.31 padding in the FIPS provider. In FIPS 140-3, RSA Signing with X9.31 padding is not approved, but verification is allowed for legacy purposes. An indicator has been added for RSA signing with X9.31 padding. A strict restriction on the size of the RSA modulus has been added i.e. It must be 1024 + 256 * s (which is part of the ANSI X9.31 spec). Added implementation comments to the X9.31 padding code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24021)
show more ...
|
#
bc431587 |
| 22-Jul-2024 |
slontis |
Add FIPS indicator support for Triple-DES encryption. This leaves 3DES with the FIPS query "FIPS=yes", which allows Triple-DES to be used for Decryption by default. Disallow CMA
Add FIPS indicator support for Triple-DES encryption. This leaves 3DES with the FIPS query "FIPS=yes", which allows Triple-DES to be used for Decryption by default. Disallow CMAC using Triple-DES in FIPS. This does not use a FIPS indicator. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24960)
show more ...
|
#
3f15ec76 |
| 17-Jul-2024 |
Pauli |
paramnames: add params for no-short-mac option Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/op
paramnames: add params for no-short-mac option Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24917)
show more ...
|
#
85caa417 |
| 04-Jul-2024 |
slontis |
Disable DSA signing in the FIPS provider. This is a FIPS 140-3 requirement. This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0, OR OSSL_SIGNATU
Disable DSA signing in the FIPS provider. This is a FIPS 140-3 requirement. This uses a FIP indicator if either the FIPS configurable "dsa_sign_disabled" is set to 0, OR OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK is set to 0 in the dsa signing context. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24799)
show more ...
|
#
6d47e819 |
| 02-Jun-2024 |
pohsingwu |
Restrict digest algorithm used in KDFs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/
Restrict digest algorithm used in KDFs Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23889)
show more ...
|
#
924321a5 |
| 11-Jul-2024 |
Pauli |
Add FIPS indicator for TEST-RAND The indicator is always non-FIPS, since this is used for internal tasks and hasn't been validated. Reviewed-by: Shane Lontis <shane.lontis@oracl
Add FIPS indicator for TEST-RAND The indicator is always non-FIPS, since this is used for internal tasks and hasn't been validated. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24851)
show more ...
|
#
c13ddf0a |
| 01-Jul-2024 |
slontis |
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Fa
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Failure of a check causes either a failure OR the FIPS indicator callback to be triggered. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
show more ...
|
#
21dfb975 |
| 04-Jul-2024 |
Stephen Farrell |
Extend TLSv1.3 record layer padding API calls Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages a
Extend TLSv1.3 record layer padding API calls Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages and application data messages. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24796)
show more ...
|