Age | Commit message (Collapse) | Author |
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
... and therefore all options must be given before the final file/URI arg.
This is essentially a backport of the doc portion of #20156 to 3.0 and 3.1,
where the missing error checking/reporting likely will not be added.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20179)
|
|
Add missing `I` to `<b>`
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20169)
(cherry picked from commit 0414899887b98f973067f286ac126d8b529873e3)
|
|
Fixes #20084
In the 3.0 provider implementation the generic code that handles IV's
only allows a 12 byte IV. Older code intentionally added the ability for
the IV to be truncated.
As this truncation is unsafe, the documentation has been updated to
state that this in no longer allowed. The code has been updated to
produce an error when the iv length is set to any value other than 12.
NOTE: It appears that this additional padding may have originated from the code
which uses a 12 byte IV, that is then passed to CHACHA which zero pads it to 16 bytes.
Note that legacy behaviour in e_chacha20_poly1305.c has not been
updated.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20151)
(cherry picked from commit a01152370676e7e11fb461cff8628eb50fa41b81)
|
|
Fixes #20130
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20136)
(cherry picked from commit d4c5d8ff483d99f94d649fb67f1f26fce9694c92)
|
|
The lab tried doing a RSA decryption primitive using just n (using p, q) and d.
This failed for 2 reasons:
(1) e is required when importing
(2) Internally e is used for blinding.
Note n and e can be calculated using:
n = pq
e = (1/d) mod (p-1)(q-1)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20133)
(cherry picked from commit 6e3b1c81736b1829584e3f40c2d00040fe1aa881)
|
|
Fixes #19730
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19732)
(cherry picked from commit a4aa977d3a8049d5386dc583e16c17727c712eaa)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)
(cherry picked from commit bfd5680e6be789fd554acf2ad34428816a644eec)
|
|
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20095)
(cherry picked from commit 61222b95ff20f6a7bb20668e43b657561efdb922)
|
|
X509_VERIFY_PARAM_clear_flags doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20052)
(cherry picked from commit ec6cbda0f2e435ae0efaec308dc5569c75bb759b)
|
|
Clarify behavior of OSSL_CMP_CTX_set_option() when given (negative)
values for OSSL_CMP_OPT_MSG_TIMEOUT or OSSL_CMP_OPT_TOTAL_TIMEOUT.
Fix doc of -msg_timeout and -total_timeout in openssl-cmp.pod.in
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
(cherry picked from commit 5acd4007a0646ef1f9d0015ce438b891d1b24a62)
|
|
Current man page indicates the function returns an int while it returns
a long.
Fixes #20096.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20097)
(cherry picked from commit 2bde260ac0e30da39f4453e972c461cd9d1342e0)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
(cherry picked from commit 69d6ecb7c320bafe0d30a88949eb22e19704221a)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
(cherry picked from commit 9866200bbe8eb65628f3f3e6eb290c48efb5a8ac)
|
|
CLA: trivial
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20038)
(cherry picked from commit ed77c14d91ec008d4d78d7293f37bd4aa60071f0)
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20019)
(cherry picked from commit ae61bd34e676036f22e44e8184d1ba649a990619)
|
|
is used.
Fixes #19934
The existing code was looking for the digest size, and then returned
zero.
The example code in EVP_KDF-SS.pod has been corrected to not use a
digest.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19935)
(cherry picked from commit e8add4d379075a6daef2591edd830297d469b9f4)
|
|
* capitalize `X509_NAME`
* add missing suffixes to `i2d_TYPE`
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20016)
(cherry picked from commit 5adca946c3b6f779eb593bff6dbefe0a85238d84)
|
|
Fixes #8630
The remaining functions are at least as old as 0.9.8 so it is
not worth documenting this.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19956)
(cherry picked from commit 8d927e55b751ba1af6c08cd4e37d565a43c56157)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19962)
(cherry picked from commit 3be76745e55eab9ea976f7a23e6c8ecd3bb8136c)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19913)
(cherry picked from commit 69e18a4d93ee5f50bcbf62268b4a59df29d67a02)
|
|
Fixes #19829
Examples added for setting/getting ECDSA SIG related r and s values
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19936)
(cherry picked from commit c99209264de98da94937b073a42219bada9ff7f5)
|
|
UNCOMPRESSED
Originally the code to im/export the EC pubkey was meant to be consumed
only by the im/export functions when crossing the provider boundary.
Having our providers exporting to a COMPRESSED format octet string made
sense to avoid memory waste, as it wasn't exposed outside the provider
API, and providers had all tools available to convert across the three
formats.
Later on, with #13139 deprecating the `EC_KEY_*` functions, more state
was added among the params imported/exported on an EC provider-native
key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it
did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`).
Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently
exposed directly to users outside the provider API, and the choice of
COMPRESSED over UNCOMPRESSED as the default became less sensible in
light of usability, given the latter is more often needed by
applications and protocols.
This commit fixes it, by using `EC_KEY_get_conv_form()` to get the
point format from the internal state (an `EC_KEY` under the hood) of the
provider-side object, and using it on
`EVP_PKEY_export()`/`EVP_PKEY_todata()` to format
`OSSL_PKEY_PARAM_PUB_KEY`.
The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered
if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via
`EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the
more specialized methods.
For symmetry, this commit also alters `ec_pkey_export_to()` in
`crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC
keys: it exclusively used COMPRESSED format, and now it honors the
conversion format specified in the EC_KEY object being exported to a
provider when this function is called.
Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the
change in behavior for our providers.
Fixes #16595
(cherry picked from commit 926db476bc669fdcc4c4d2f1cb547060bdbfa153)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19901)
|
|
This is necessary to pass new ACVP tests and to
fix the CI failure in FIPS provider compat CI
Partial cherry pick of 211c47ca1b1ac129dcee59d383cae44e36532bb9
Original-author: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19937)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19816)
(cherry picked from commit dd1f28427b375931fda45180619c8f5971cd6bca)
|
|
Fixes #19782
Clarify that EVP_Q_MAC() can be used as an alternative that allows
setting of the libctx.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19855)
(cherry picked from commit d1ebd99397e18de367918c201c25c389f1f07005)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19859)
|
|
Do not accept password-based if expected signature-based and no secret is available and
do not accept signature-based if expected password-based and no trust anchors available.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19729)
(cherry picked from commit fc93335760686ad7cf3633d457caf18b0ac83ea2)
|
|
The types OSSL_DISPATCH, OSSL_ITEM, OSSL_ALGORITHM, OSSL_PARAM,
OSSL_CALLBACK, and OSSL_PASSPHRASE_CALLBACK are described in their own
manual page, so we change every mention of them to links to those pages.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19842)
(cherry picked from commit 318a9dfa5f7bd1237d2697ad950697d241b8b49f)
|
|
This expands on some of the core type descriptions, and also makes it
easier to find the documentation for each type, at least on Unix, with
a simple call like "man OSSL_ALGORITHM".
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19842)
(cherry picked from commit 801e54d65ca5d87f3b003477f26597541b95b55b)
|
|
Fixes openssl#19771
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19787)
(cherry picked from commit a63fa5f711f1f97e623348656b42717d6904ee3e)
(cherry picked from commit f3e9308fe1b692c424feaa256fbecce958cef1f4)
|
|
Fixes GH #19786
Also simplify the CSPRNG must be seeded argument.
Since version 1.1.1, the CSPRNG is seeded automatically on first use,
so it's not the responsibility of the programmer anymore. Still, he
needs to be aware that the seeding might fail.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19789)
(cherry picked from commit 328dc33365f8bd9c097bc95c3632467f690502a4)
|
|
Fixes #19790
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19792)
(cherry picked from commit 8f48a978e5cce483eadfd0df20e34480f205511c)
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19776)
|
|
Fixes #19728
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19753)
(cherry picked from commit 0dbd3a81e46dd7ea9f7832307fdd0b2ac207a5bf)
|
|
Fixup for glitch while handling merge conflict in OSSL_CMP_CTX_new.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit a2ede0396addd13f7fe9a629b450a14892152a83)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit a2ede0396addd13f7fe9a629b450a14892152a83)
|
|
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit 1c04866c671db4a6db0a1784399b351ea061bc16)
|
|
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19746)
(cherry picked from commit 0b7ad5d928f9ee749cfc670ad08067a961217fea)
|
|
There is no reason preventing this API to support SM2,
which gives us a simple method to do SM2 key gen.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19736)
(cherry picked from commit 3f32d29ad464591ed968a1e430111e1525280f4c)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
(cherry picked from commit cba0e2afd6a222aa041e05f8455e83c9e959d05b)
|
|
On this occasion, replace magic constants by mnemonic ones; update doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
(cherry picked from commit 19ddcc4cbb43464493a4b82332a1ab96da823451)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)
(cherry picked from commit 4741c80c0556653c74252ec91425dcb74066b2ec)
|
|
Removed fields from missingcrypto.txt that are no longer missing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19692)
(cherry picked from commit ad60cd522b4f717a69c690f68f1591371a048591)
|
|
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19670)
(cherry picked from commit ec7689186f3ea5c1a4d1564089cd8df287dfcf3c)
|
|
Change function prototypes and explain how to use the selection
argument.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
(cherry picked from commit 504427eb5f32108dd64ff7858012863fe47b369b)
|
|
i2d_XXX_bio and i2d_XXX_fp return either 0 or 1.
Other i2d_XXX functions return the number of bytes or negative on error.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18427)
(cherry picked from commit 943051d0f9ce8dcb38707774a5757a5dc436704f)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19443)
(cherry picked from commit c8c678e7d91ca2cea41c6c574cf7656a9404646f)
|
|
Fixes openssl#19133
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19370)
(cherry picked from commit 2eb75291c1357cdaf852e0da613edc14f3d5ae4f)
|