| d8171446 | 15-Apr-2020 |
Pauli |
ecx: check for errors creating public keys from private ones.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11371) |
| c1e48c51 | 02-Apr-2020 |
Pauli |
s390: ECX key generation fixes.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11371) |
| 43cd3701 | 17-Mar-2020 |
Pauli |
ecx: add key generation support.
Specifically for x25519, x448, ed25519 and ed448.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/p
ecx: add key generation support.
Specifically for x25519, x448, ed25519 and ed448.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11371)
show more ...
|
| 1ee1e551 | 20-Mar-2020 |
Pauli |
Add ECX to FIPS provider as non-FIPS algorithms
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11371) |
| 8a5cb596 | 15-Apr-2020 |
Richard Levitte |
TEST: Add a test of keygen with an empty template in test/evp_extra_test.c
We do it with RSA, which may seem strange. However, an RSA "template"
is generally ignored, so this is safe.
TEST: Add a test of keygen with an empty template in test/evp_extra_test.c
We do it with RSA, which may seem strange. However, an RSA "template"
is generally ignored, so this is safe. This is modelled after the test
code given in github issue #11549.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11550)
show more ...
|
| d0ddf9b4 | 15-Apr-2020 |
Richard Levitte |
EVP: Fix calls to evp_pkey_export_to_provider()
The calls weren't quite right, as this function has changed its behaviour.
We also change the internal documentation of this function, and
EVP: Fix calls to evp_pkey_export_to_provider()
The calls weren't quite right, as this function has changed its behaviour.
We also change the internal documentation of this function, and document
evp_pkey_downgrade().
Fixes #11549
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11550)
show more ...
|
| 6f892296 | 07-Apr-2020 |
Nikolay Morozov |
TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support
For GOST2012-GOST8912-GOST8912 IANA introduce signature Signature Algorithm parametrs
https://www.iana.org/assignments/tls-parameter
TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support
For GOST2012-GOST8912-GOST8912 IANA introduce signature Signature Algorithm parametrs
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11482)
show more ...
|
| 7525c930 | 09-Apr-2020 |
Matt Caswell |
Document X509_verify_ex() and X509_REQ_verify_ex()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.c
Document X509_verify_ex() and X509_REQ_verify_ex()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11507)
show more ...
|
| 465f34ed | 06-Apr-2020 |
Matt Caswell |
Introduce an internal version of X509_check_issued()
The internal version is library context aware.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <
Introduce an internal version of X509_check_issued()
The internal version is library context aware.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11507)
show more ...
|
| 08202174 | 03-Apr-2020 |
Matt Caswell |
Create a libctx aware X509_verify_ex()
This is the same as X509_verify() except that it takes a libctx and propq
parameter and signature verification is done using those.
Review
Create a libctx aware X509_verify_ex()
This is the same as X509_verify() except that it takes a libctx and propq
parameter and signature verification is done using those.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11507)
show more ...
|
| b27ed819 | 05-Mar-2020 |
Rich Salz |
Put sys-specific files in build.info
Don't wrap whole files in if[n]def, test in build.info if they
should be compiled. rand_win isn't done as there are multiple
ways to say "this i
Put sys-specific files in build.info
Don't wrap whole files in if[n]def, test in build.info if they
should be compiled. rand_win isn't done as there are multiple
ways to say "this is windows."
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11263)
show more ...
|
| 705536e2 | 05-Mar-2020 |
Rich Salz |
Use build.info, not ifdef for crypto modules
Don't wrap conditionally-compiled files in global ifndef tests.
Instead, test if the feature is disabled and, if so, do not
compile it.
Use build.info, not ifdef for crypto modules
Don't wrap conditionally-compiled files in global ifndef tests.
Instead, test if the feature is disabled and, if so, do not
compile it.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11263)
show more ...
|
| 7165593c | 15-Apr-2020 |
Shane Lontis |
Add DH keygen to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11332) |
| b03ec3b5 | 15-Apr-2020 |
Shane Lontis |
Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.
Rev
Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
show more ...
|
| 09b36540 | 13-Apr-2020 |
Matt Caswell |
Make sure we always send an alert in libssl if we hit a fatal error
We had a spot where a fatal error was occurring but we hadn't sent an
alert. This results in a later assertion failure
Make sure we always send an alert in libssl if we hit a fatal error
We had a spot where a fatal error was occurring but we hadn't sent an
alert. This results in a later assertion failure.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11537)
show more ...
|
| e395ba22 | 10-Apr-2020 |
Matt Caswell |
When calling EC_POINT_point2buf we must use a libctx
In a similar way to commit 76e23fc5 we must ensure that we use a libctx
whenever we call EC_POINT_point2buf because it can end up usi
When calling EC_POINT_point2buf we must use a libctx
In a similar way to commit 76e23fc5 we must ensure that we use a libctx
whenever we call EC_POINT_point2buf because it can end up using crypto
algorithms.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11535)
show more ...
|
| 137b274a | 08-Apr-2020 |
Matt Caswell |
Document the new libctx aware private key functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11494) |
| d6a2bdf7 | 06-Apr-2020 |
Matt Caswell |
Make sure we use the libctx in libssl when loading PrivateKeys
Since loading a private key might require algorithm fetches we should
make sure the correct libctx is used.
Review
Make sure we use the libctx in libssl when loading PrivateKeys
Since loading a private key might require algorithm fetches we should
make sure the correct libctx is used.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11494)
show more ...
|
| 1531241c | 06-Apr-2020 |
Matt Caswell |
Teach PEM_read_bio_PrivateKey about libctx
Now that d2i_PrivateKey_ex() and other similar functions exist we should
use it when loading a PEM PrivateKey.
Reviewed-by: Shane Lont
Teach PEM_read_bio_PrivateKey about libctx
Now that d2i_PrivateKey_ex() and other similar functions exist we should
use it when loading a PEM PrivateKey.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11494)
show more ...
|
| 8755b085 | 06-Apr-2020 |
Matt Caswell |
Teach the OSSL_STORE code about libctx
We restrict this to just the PrivateKey loading code at the moment.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https
Teach the OSSL_STORE code about libctx
We restrict this to just the PrivateKey loading code at the moment.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11494)
show more ...
|
| f13fdeb3 | 06-Apr-2020 |
Matt Caswell |
Use the libctx in Ed448 private key decoding
The Ed448 private key deconding needs to use a library ctx. So we
implement a priv_decode_with_libctx function for it.
Reviewed-by:
Use the libctx in Ed448 private key decoding
The Ed448 private key deconding needs to use a library ctx. So we
implement a priv_decode_with_libctx function for it.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11494)
show more ...
|
| 472a88b7 | 06-Apr-2020 |
Matt Caswell |
Teach d2i_PrivateKey et al about libctx
The Ed448 private key decoding makes algorithm fetches. Therefore we teach
d2i_PrivateKey et al about libctx and make sure it is passed through th
Teach d2i_PrivateKey et al about libctx
The Ed448 private key decoding makes algorithm fetches. Therefore we teach
d2i_PrivateKey et al about libctx and make sure it is passed through the
layers.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11494)
show more ...
|
| ca59b00b | 14-Apr-2020 |
Tomas Mraz |
Fix no-pic static builds
The cipher_tdes_common causes build failure as being duplicated
in libcrypto static builds.
[extended tests]
Reviewed-by: Richard Levitte <levi
Fix no-pic static builds
The cipher_tdes_common causes build failure as being duplicated
in libcrypto static builds.
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11544)
show more ...
|
| 49276c35 | 11-Apr-2020 |
Richard Levitte |
EVP: fix memleak in evp_pkey_downgrade()
The EVP_KEYMGMT pointer in the pkey is removed when downgrading, but
wasn't necessarily freed when need, thus leaving an incorrect
reference
EVP: fix memleak in evp_pkey_downgrade()
The EVP_KEYMGMT pointer in the pkey is removed when downgrading, but
wasn't necessarily freed when need, thus leaving an incorrect
reference count.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11328)
show more ...
|
| 813d3171 | 19-Mar-2020 |
Richard Levitte |
EVP: Add a temporary SM2 hack to key generation
The reason to do this is many-fold. We need EC key generation for
other work. However, SM2 are currently closely related to EC keys
EVP: Add a temporary SM2 hack to key generation
The reason to do this is many-fold. We need EC key generation for
other work. However, SM2 are currently closely related to EC keys
with legacy methods, but not with provider methods.
To avoid having to wait on provider support for SM2, we temporarly
do an extra check for what the legacy methods identify as SM2 keys
(either the EVP_PKEY_SM2 pkey id was used, or the SM2 curve), and
redirect to legacy code in one case, and in the other case, we
forcedly downgrade provider side EC keys with SM2 curves to legacy
SM2 keys, using available tools.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11328)
show more ...
|
