| a3163561 | 21-Sep-2020 |
Shane Lontis |
Fix merge error with libcrypto.num
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12929) |
| b1415dc1 | 15-Sep-2020 |
Richard Levitte |
util/find-doc-nits: Add a regexp for C symbols and use it
Our matching of C symbols here was inconsistent and could therefore
give false negatives when the SYNOPSIS was parsed. Now we h
util/find-doc-nits: Add a regexp for C symbols and use it
Our matching of C symbols here was inconsistent and could therefore
give false negatives when the SYNOPSIS was parsed. Now we have
$C_symbol, which is a simple regexp that matches the common C symbol.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
| 48b62fb3 | 14-Sep-2020 |
Richard Levitte |
DECODER: Some cleanups, and aligning with OSSL_ENCODER
Mostly source nits, but also removing a couple of OSSL_DECODER_PARAM
macros that are never used or even make sense.
Also,
DECODER: Some cleanups, and aligning with OSSL_ENCODER
Mostly source nits, but also removing a couple of OSSL_DECODER_PARAM
macros that are never used or even make sense.
Also, some function names weren't quite consistent. They were made a
bit more consistent in the OSSL_ENCODER API, now we bring that back to
OSSL_DECODER.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
| ae12eac0 | 14-Sep-2020 |
Richard Levitte |
TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY()
This adds the convenience function EVP_PKEY_typenames_do_all(), which
does the same as EVP_KEYMGMT_names_do
TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY()
This adds the convenience function EVP_PKEY_typenames_do_all(), which
does the same as EVP_KEYMGMT_names_do_all(), but without having to
expose all the internal ways to find out if the internal EVP_PKEY key
is legacy or provider-native.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
| 97bb8dff | 14-Sep-2020 |
Richard Levitte |
ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873) |
| 111dc4b0 | 14-Sep-2020 |
Richard Levitte |
ENCODER: Refactor our provider encoder implementations
This only refactors them for the changed API, there's not yet a
separate DER to PEM encoder and therefore no chaining possibility
ENCODER: Refactor our provider encoder implementations
This only refactors them for the changed API, there's not yet a
separate DER to PEM encoder and therefore no chaining possibility
yet.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
| b8975c68 | 14-Sep-2020 |
Richard Levitte |
ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER
OSSL_ENCODER was developed before OSSL_DECODER, so the idea of
chaining and the resulting API came later. This series
ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER
OSSL_ENCODER was developed before OSSL_DECODER, so the idea of
chaining and the resulting API came later. This series of changes
brings the same sort of API and functionality back to OSSL_ENCODER,
making the two APIs more consistent with each other.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
| 5a6d6fe6 | 14-Sep-2020 |
Richard Levitte |
ENCODER: Redefine the libcrypto <-> provider interface
This is part of an effort to make OSSL_ENCODER work more like OSSL_DECODER.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com
ENCODER: Redefine the libcrypto <-> provider interface
This is part of an effort to make OSSL_ENCODER work more like OSSL_DECODER.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)
show more ...
|
| 4a71bee6 | 18-Aug-2020 |
Dr. David von Oheimb |
ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12669) |
| b5f82567 | 10-Sep-2020 |
Henry N <12493969+HenryNe@users.noreply.github.com> |
Fix: ecp_nistz256-armv4.S bad arguments
Fix this error:
crypto/ec/ecp_nistz256-armv4.S:3853: Error: bad arguments to instruction -- `orr r11,r10'
crypto/ec/ecp_nistz256-armv4.S:
Fix: ecp_nistz256-armv4.S bad arguments
Fix this error:
crypto/ec/ecp_nistz256-armv4.S:3853: Error: bad arguments to instruction -- `orr r11,r10'
crypto/ec/ecp_nistz256-armv4.S:3854: Error: bad arguments to instruction -- `orr r11,r12'
crypto/ec/ecp_nistz256-armv4.S:3855: Error: bad arguments to instruction -- `orrs r11,r14'
CLA: trivial
Fixes #12848
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
GH: #12854
show more ...
|
| 08e9684c | 18-Sep-2020 |
David Benjamin |
Deprecate ASN1_STRING_length_set in OpenSSL 3.0.
Fixes #12885
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
GH: #12922 |
| 28a5f5b3 | 18-Sep-2020 |
Richard Levitte |
util/mkerr.h: Restore header file rename
With '-internal', we commonly write the reason code macros to header
file renamed 'name.h' to 'nameerr.h'. That renaming was removed by
mist
util/mkerr.h: Restore header file rename
With '-internal', we commonly write the reason code macros to header
file renamed 'name.h' to 'nameerr.h'. That renaming was removed by
mistake, this restores it.
Fixes #12891
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12910)
show more ...
|
| 7889e7ae | 15-Sep-2020 |
Shane Lontis |
Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback().
This was written before the ec key contained a library context,
now that it contains a libctx it can
Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback().
This was written before the ec key contained a library context,
now that it contains a libctx it can be passed correctly to the callback.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12877)
show more ...
|
| f8e74747 | 15-Sep-2020 |
Shane Lontis |
Add a copy of OSSL_SELF_TEST_get_callback() to the fips module.
The user can set up a self test callback that should be activated when a keygen operation (e.g ec) occurs for the fips module.
Add a copy of OSSL_SELF_TEST_get_callback() to the fips module.
The user can set up a self test callback that should be activated when a keygen operation (e.g ec) occurs for the fips module.
The callback information is stored inside the applications library context, but this was not being triggered since the
library context used for the key generation operation was the internal library context used by the fips module (which is not
the same as the application's library context). During the keygen operation the OSSL_SELF_TEST_get_callback() function is used
to retrieve the callback info.
By having a seperate copy of OSSL_SELF_TEST_get_callback() for the fips module we can ensure that the parent library context
is used instead.
The core OSSL_SELF_TEST_get_callback() function pointer is passed across the boundary during the fips modules entry point
such that the fips version of the function can call it after changing the libctx.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12877)
show more ...
|
| 80f4fd18 | 19-Sep-2020 |
Shane Lontis |
Add KEM (Key encapsulation mechanism) support to providers
SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover.
As these are simple KEM operations another
Add KEM (Key encapsulation mechanism) support to providers
SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover.
As these are simple KEM operations another operation type has been added that can support future extensions.
Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate()
Added EVP_KEM_* functions.
Added OSSL_FUNC_kem_* dispatch functions
Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to
"RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value.
This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations.
The design of the public API's resulted from contributions from @romen & @levitte.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12750)
show more ...
|
| 28833f14 | 17-Sep-2020 |
Matt Caswell |
Update the EdDSA docs with information about Algorithm Identifiers
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884) |
| 4c6348c2 | 15-Sep-2020 |
Matt Caswell |
Make sure we properly test for EdDSA with alg ids
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884) |
| d12a2fe4 | 15-Sep-2020 |
Matt Caswell |
Teach EdDSA signature algorithms about AlgorithmIdentifiers
The other signature algorithms know how to create their own
AlgorithmIdentifiers, but the EdDSA algorithms missed this.
Teach EdDSA signature algorithms about AlgorithmIdentifiers
The other signature algorithms know how to create their own
AlgorithmIdentifiers, but the EdDSA algorithms missed this.
Fixes #11875
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)
show more ...
|
| 991a6bb5 | 05-Sep-2020 |
Shane Lontis |
Add option to fipsinstall to disable fips security checks at run time.
Changes merged from a patch by @richsalz.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from h
Add option to fipsinstall to disable fips security checks at run time.
Changes merged from a patch by @richsalz.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
show more ...
|
| 7a810fac | 04-Sep-2020 |
Shane Lontis |
Add 'fips-securitychecks' option and plumb this into the actual fips checks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745) |
| 850a485f | 29-Aug-2020 |
Shane Lontis |
fix provider exchange operations
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745) |
| 49ed5ba8 | 29-Aug-2020 |
Shane Lontis |
fix provider signatures
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745) |
| 16fbda84 | 29-Aug-2020 |
Shane Lontis |
Separate fips and non fips code for key operations
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745) |
| a88d105e | 29-Aug-2020 |
Shane Lontis |
Add missing 'ossl_unused' tags to some gettable and settable methods.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745) |
| f85a9d26 | 29-Aug-2020 |
Shane Lontis |
Add error message to genpkey app for the '-genparam' option
The ordering of this option is important so inform the user if they do it incorrectly.
Reviewed-by: Tomas Mraz <tmraz@fed
Add error message to genpkey app for the '-genparam' option
The ordering of this option is important so inform the user if they do it incorrectly.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
show more ...
|
