#
96e67808 |
| 23-Jan-2023 |
Simo Sorce |
Allow to pass a passprase callback at store open Some PKCS11 modules require authentication early on to be able to preload objects, which we want to do to avoid costly roundtrips when th
Allow to pass a passprase callback at store open Some PKCS11 modules require authentication early on to be able to preload objects, which we want to do to avoid costly roundtrips when the HSM is actually reached over a network (Cloud HSM). Unfortunately at open time we can't interact with the user becaue the callbacks are only passed at object load time. later on. This patch corrects this issue by providing a more feature rich open call for providers. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20131)
show more ...
|
#
0a8807b4 |
| 28-Aug-2023 |
Dmitry Belyavskiy |
Store: API for deletion Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21901)
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
2a1f467c |
| 21-Jun-2023 |
Pauli |
store: update to structure based atomics Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull
store: update to structure based atomics Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21260)
show more ...
|
#
5317b6ee |
| 22-Mar-2022 |
Hugo Landau |
Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/op
Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17937)
show more ...
|
#
16ff70a5 |
| 04-May-2022 |
Pauli |
Remove the _fetch_by_number functions These functions are unused and untested. They are also implemented rather inefficiently. If we ever needed them in the future, they'd almost surel
Remove the _fetch_by_number functions These functions are unused and untested. They are also implemented rather inefficiently. If we ever needed them in the future, they'd almost surely need to be rewritten more efficiently. Fixes #18227 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18237)
show more ...
|
#
6870c1e7 |
| 23-Jun-2021 |
Randall S. Becker |
Defined out MUTEX attributes not available on NonStop SPT Threads. Standard Posix Threads (SPT) Threads are an older separate branch of pthreads that do not support some of the capabilit
Defined out MUTEX attributes not available on NonStop SPT Threads. Standard Posix Threads (SPT) Threads are an older separate branch of pthreads that do not support some of the capabilities in the current Posix User Threads (PUT). The change also includes a rename of the close field of OSSL_STORE_LOADER which was causing preprocessor conflicts. Fixes #15885 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15886)
show more ...
|
#
c6472fec |
| 31-May-2021 |
Pauli |
store: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
3c2bdd7d |
| 08-Apr-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
|
Revision tags: OpenSSL_1_1_1k |
|
#
309a78aa |
| 16-Mar-2021 |
Richard Levitte |
CORE: Add an algorithm_description field to OSSL_ALGORITHM This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well as the generic use of OBJ_nid2ln() as a one line descript
CORE: Add an algorithm_description field to OSSL_ALGORITHM This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well as the generic use of OBJ_nid2ln() as a one line description. We also add the base functionality to make use of this field. Fixes #14514 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14656)
show more ...
|
#
12b4e582 |
| 11-Mar-2021 |
Tomas Mraz |
Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto Calling OPENSSL_init_crypto(0, NULL) is a no-op and will not properly initialize thread local handling. Only t
Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto Calling OPENSSL_init_crypto(0, NULL) is a no-op and will not properly initialize thread local handling. Only the calls that are needed to initialize thread locals are kept, the rest of the no-op calls are removed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14497)
show more ...
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
d8652be0 |
| 24-Sep-2020 |
Matt Caswell |
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fro
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
#
a1447076 |
| 23-Jul-2020 |
Richard Levitte |
STORE: Deprecate legacy / ENGINE functions Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12587)
|
#
16feca71 |
| 23-Jul-2020 |
Richard Levitte |
STORE: Move the built-in 'file:' loader to become an engine module From this point on, this engine must be specifically specified. To replace the internal EMBEDDED hack with somethi
STORE: Move the built-in 'file:' loader to become an engine module From this point on, this engine must be specifically specified. To replace the internal EMBEDDED hack with something unique for the new module, functions to create application specific OSSL_STORE_INFO types were added. Furthermore, the following function had to be exported: ossl_do_blob_header() ossl_do_PVK_header() asn1_d2i_read_bio() Finally, evp_pkcs82pkey_int() has become public under a new name, EVP_PKCS82PKEY_with_libctx() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12587)
show more ...
|
#
34b80d06 |
| 22-Jul-2020 |
Richard Levitte |
STORE: Modify to support loading with provider based loaders This adds the needed code to make the OSSL_STORE API functions handle provided STORE implementations. This also modi
STORE: Modify to support loading with provider based loaders This adds the needed code to make the OSSL_STORE API functions handle provided STORE implementations. This also modifies OSSL_STORE_attach() for have the URI, the library context and the properties in the same order as OSSL_STORE_open_with_libctx(). The most notable change, though, is how this creates a division of labor between libcrypto and any storemgmt implementation that wants to pass X.509, X.509 CRL, etc structures back to libcrypto. Since those structures aren't directly supported in the libcrypto <-> provider interface (asymmetric keys being the only exception so far), we resort to a libcrypto object callback that can handle passed data in DER form and does its part of figuring out what the DER content actually is. This also adds the internal x509_crl_set0_libctx(), which works just like x509_set0_libctx(), but for X509_CRL. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
show more ...
|
#
c4fc564d |
| 22-Jul-2020 |
Richard Levitte |
STORE: Add the base functions to support provider based loaders This includes fixing a bug that could only be discovered when no loaders were registered. Reviewed-by: Shane Lont
STORE: Add the base functions to support provider based loaders This includes fixing a bug that could only be discovered when no loaders were registered. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
show more ...
|
#
2274d22d |
| 30-Jul-2020 |
Richard Levitte |
STORE: Distinguish public keys from private keys While public keys and private keys use the same type (EVP_PKEY), just with different contents, callers still need to distinguish between
STORE: Distinguish public keys from private keys While public keys and private keys use the same type (EVP_PKEY), just with different contents, callers still need to distinguish between the two to be able to know what functions to call with them (for example, to be able to choose between EVP_PKEY_print_private() and EVP_PKEY_print_public()). The OSSL_STORE backend knows what it loaded, so it has the capacity to inform. Note that the same as usual still applies, that a private key EVP_PKEY contains the public parts, but not necessarily the other way around. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12673)
show more ...
|
#
6725682d |
| 24-Jul-2020 |
Shane Lontis |
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
6ab6ecfd |
| 12-Oct-2018 |
Richard Levitte |
OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO This capability existed internally, and is now made public. Reviewed-by: David von Oheimb <david.von.oheimb@sie
OSSL_STORE: Make it possible to attach an OSSL_STORE to an opened BIO This capability existed internally, and is now made public. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11756)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
8755b085 |
| 06-Apr-2020 |
Matt Caswell |
Teach the OSSL_STORE code about libctx We restrict this to just the PrivateKey loading code at the moment. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https
Teach the OSSL_STORE code about libctx We restrict this to just the PrivateKey loading code at the moment. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11494)
show more ...
|
#
8cc86b81 |
| 23-Mar-2020 |
Dr. David von Oheimb |
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which does not break compatibility Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10504)
show more ...
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|