#
66a7c9f3 |
| 29-Jun-2021 |
Tomas Mraz |
pem_read_bio_key: Add passphrase caching to avoid asking for password twice Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15949)
|
#
fbbd4253 |
| 29-Jun-2021 |
Tomas Mraz |
pem_read_bio_key_decoder: Avoid spurious error on unknown PEM data Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15949)
|
#
b2f1b365 |
| 28-May-2021 |
Matt Caswell |
Actually use a legacy route in pem_read_bio_key_legacy() The function pem_read_bio_key_legacy() is a fallback route if we failed to load a key via a provider. We should be using the lega
Actually use a legacy route in pem_read_bio_key_legacy() The function pem_read_bio_key_legacy() is a fallback route if we failed to load a key via a provider. We should be using the legacy specific d2i functions to force legacy otherwise we end up using a provider anyway Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15504)
show more ...
|
#
e73a08b4 |
| 31-May-2021 |
Pauli |
pem: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
#
07f65429 |
| 24-May-2021 |
Tomas Mraz |
Fix possible infinite loop in pem_read_bio_key_decoder() There could be an infinite loop if no read happened. Fixes #15426 Reviewed-by: Paul Dale <pauli@openssl.org> (M
Fix possible infinite loop in pem_read_bio_key_decoder() There could be an infinite loop if no read happened. Fixes #15426 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15441)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
8a709c5e |
| 19-May-2021 |
Tomas Mraz |
pem_read_bio_key_legacy: Do not obscure real error if there is one Fixes #15170 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
pem_read_bio_key_legacy: Do not obscure real error if there is one Fixes #15170 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15355)
show more ...
|
Revision tags: openssl-3.0.0-alpha16 |
|
#
7bc027d7 |
| 27-Apr-2021 |
Tomas Mraz |
Fallback to legacy pem decoding if OSSL_DECODER fails Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15045)
|
#
b4c4a2c6 |
| 27-Apr-2021 |
Tomas Mraz |
Implement pem_read_key directly through OSSL_DECODER Using OSSL_STORE is too heavy and breaks things. There were also needed various fixes mainly for missing proper handling of
Implement pem_read_key directly through OSSL_DECODER Using OSSL_STORE is too heavy and breaks things. There were also needed various fixes mainly for missing proper handling of the SM2 keys in the OSSL_DECODER. Fixes #14788 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15045)
show more ...
|
#
d382e796 |
| 30-Apr-2021 |
Tomas Mraz |
Make the -inform option to be respected if possible Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. Th
Make the -inform option to be respected if possible Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
show more ...
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
b78c0166 |
| 09-Mar-2021 |
Shane Lontis |
Add ossl_pem_check_suffix symbol Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
fe75766c |
| 11-Feb-2021 |
Tomas Mraz |
Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY Additional renames done in encoder and decoder implementation to follow the style. Fixes #13622
Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY Additional renames done in encoder and decoder implementation to follow the style. Fixes #13622 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14155)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
9256e8a2 |
| 14-Sep-2020 |
Richard Levitte |
PEM: Add a more generic way to implement PEM _ex functions for libctx This also adds the following functions, for completeness: PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_e
PEM: Add a more generic way to implement PEM _ex functions for libctx This also adds the following functions, for completeness: PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_ex(), PEM_write_PUBKEY_ex, PEM_write_bio_PUBKEY_ex Fixes #13542 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13547)
show more ...
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
#
8d8fee64 |
| 28-Oct-2020 |
Richard Levitte |
PEM: Have pem_read_bio_key() set the OSSL_STORE expected type Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
|
#
35426b2f |
| 28-Oct-2020 |
Richard Levitte |
Restore the legacy implementation of PEM_read_bio_DHparams() It was an overstep to have it got through OSSL_STORE just to extract a DH pointer from the resulting EVP_PKEY. This
Restore the legacy implementation of PEM_read_bio_DHparams() It was an overstep to have it got through OSSL_STORE just to extract a DH pointer from the resulting EVP_PKEY. This partially reverts 1427d33cee59d6fe54efe1b5a322a1d7c8c03c20 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
show more ...
|
#
00eae3f9 |
| 08-Nov-2020 |
Richard Levitte |
PEM: Always use PEM_def_callback() when cb == NULL in pem_read_bio_key() Too many other functions depend on this being done. Fixes #13340 Reviewed-by: Paul Dale <paul.dale@
PEM: Always use PEM_def_callback() when cb == NULL in pem_read_bio_key() Too many other functions depend on this being done. Fixes #13340 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13346)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
4ce1025a |
| 27-Aug-2020 |
Richard Levitte |
PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys PEM_write_bio_PrivateKey_traditional() didn't handle provider-native keys very well. Originally, it would si
PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys PEM_write_bio_PrivateKey_traditional() didn't handle provider-native keys very well. Originally, it would simply use the corresponding encoder, which is likely to output modern PEM (not "traditional"). PEM_write_bio_PrivateKey_traditional() is now changed to try and get a legacy copy of the input EVP_PKEY, and use that copy for traditional output, if it has such support. Internally, evp_pkey_copy_downgraded() is added, to be used when evp_pkey_downgrade() is too intrusive for what it's needed for. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12738)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
a1447076 |
| 23-Jul-2020 |
Richard Levitte |
STORE: Deprecate legacy / ENGINE functions Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12587)
|
#
87d91d22 |
| 27-Aug-2020 |
Richard Levitte |
Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 PEM_write_bio_PrivateKey_traditional() uses i2d_PrivateKey() to do the actual encoding to DER. However, i2d_PrivateKey()
Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 PEM_write_bio_PrivateKey_traditional() uses i2d_PrivateKey() to do the actual encoding to DER. However, i2d_PrivateKey() is a generic function that will do what it can to produce output according to what the associated EVP_PKEY_ASN1_METHOD offers. If that method offers a function 'old_priv_encode', which is expected to produce the "traditional" encoded form, then i2d_PrivateKey() uses that. If not, i2d_PrivateKey() will go on and used more modern methods, which are all expected to produce PKCS#8. To ensure that PEM_write_bio_PrivateKey_traditional() never produces more modern encoded forms, an extra check that 'old_priv_encode' is non-NULL is added. If it is NULL, an error is returned. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12728)
show more ...
|
#
ece9304c |
| 16-Aug-2020 |
Richard Levitte |
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openss
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
show more ...
|
#
6e5ccd58 |
| 18-Aug-2020 |
Richard Levitte |
PEM: Add more library context aware PEM readers PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to complete PEM_read_bio_PrivateKey_ex(). They are all refactored to
PEM: Add more library context aware PEM readers PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to complete PEM_read_bio_PrivateKey_ex(). They are all refactored to be wrappers around the same internal function. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12673)
show more ...
|
#
6725682d |
| 24-Jul-2020 |
Shane Lontis |
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
6ab6ecfd |
| 12-Oct-2018 |
Richard Levitte |
OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO This capability existed internally, and is now made public. Reviewed-by: David von Oheimb <david.von.oheimb@sie
OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO This capability existed internally, and is now made public. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11756)
show more ...
|