#
08ae9fa6 |
| 18-Jul-2022 |
K1 |
Support decode SM2 parameters Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18819)
|
#
eab9dbbd |
| 25-Apr-2022 |
Nathan Sidwell |
Header file cleanup for C++20 header-units C++20 adds 'header units' as a stepping-stone to modules. Header units are regular header-files that have a 'self-contained' property -- t
Header file cleanup for C++20 header-units C++20 adds 'header units' as a stepping-stone to modules. Header units are regular header-files that have a 'self-contained' property -- they do not require previously-included headers to provide typedefs and what not. This addresses 2 problems discovered when using clang modules (as a proxy for C++20 header-units). a) Some headers that pay attention to OPENSSL_NO_STDIO to determine whether to declare certain FILE*-taking functions do not #include <stdio.h> themselves, relying on their includer already having done that. That breaks the above mentioned encapuslation requirement. Fixed by conditionally including stdio.h in those headers. I chose to always include stdio.h in such headers, even when they included another such header that transitively included stdio. That way they do not rely on an artifact of that intermediate header's behaviour. b) Some headers have #includes inside 'extern "C" { ... }' regions. That has a bad code-smell, but GCC and clang have extensions to permit it with implementation-defined effects. Clang needs annotation on the included files to know that they themselves are entirely inside a similar region. GCC behavesq as-if there's an extern "C++" region wrapping the included header (which must therefore wrap its contents in extern "C", if that is what it wants. In effect the includer's extern "C" region is just misleading. I didn't audit all the headers for this, only those I noticed when addressing #a. \#a is necessary to build the headers as a set of clang-modules. #b is not necessary, but as I mentioned, avoids potentially implementation-defined behaviour. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18221)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
169eca60 |
| 15-Mar-2021 |
Jon Spillett |
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dal
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14587)
show more ...
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
5b5eea4b |
| 15-Oct-2020 |
Shane Lontis |
Deprecate EC_KEY + Update ec apps to use EVP_PKEY Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@open
Deprecate EC_KEY + Update ec apps to use EVP_PKEY Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
show more ...
|
#
3a1ee3c1 |
| 17-Dec-2020 |
Richard Levitte |
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedor
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13700)
show more ...
|
#
52c8535a |
| 20-Oct-2020 |
Pauli |
dsa: provider and library deprecation changes Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/ope
dsa: provider and library deprecation changes Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13638)
show more ...
|
#
a158f8cf |
| 09-Dec-2020 |
Richard Levitte |
PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4' All these functions are usable with RSA keys, there's no reason why they should be unaccessible when DSA or RC4 are disabl
PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4' All these functions are usable with RSA keys, there's no reason why they should be unaccessible when DSA or RC4 are disabled. When DSA is disabled, it's not possible to use these functions for DSA EVP_PKEYs. That's fine, and supported. When RC4 is disabled, it's not possible to use these functions to write encrypted PVK output. That doesn't even depend on the definition of OPENSSL_NO_RC4, but if the RC4 algorithm is accessible via EVP, something that isn't known when building libcrypto. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13648)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
9256e8a2 |
| 14-Sep-2020 |
Richard Levitte |
PEM: Add a more generic way to implement PEM _ex functions for libctx This also adds the following functions, for completeness: PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_e
PEM: Add a more generic way to implement PEM _ex functions for libctx This also adds the following functions, for completeness: PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_ex(), PEM_write_PUBKEY_ex, PEM_write_bio_PUBKEY_ex Fixes #13542 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13547)
show more ...
|
#
4d8e8a2d |
| 14-Oct-2020 |
Matt Caswell |
Deprecate the DHparams and DHxparams PEM routines The functions return a DH object and therefore need to be deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merge
Deprecate the DHparams and DHxparams PEM routines The functions return a DH object and therefore need to be deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13138)
show more ...
|
#
d7e498ac |
| 04-Oct-2020 |
Richard Levitte |
Deprecate RSA harder This deprecates all functions that deal with the types RSA and RSA_METHOD Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/open
Deprecate RSA harder This deprecates all functions that deal with the types RSA and RSA_METHOD Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13096)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
3ad9c478 |
| 04-Oct-2020 |
Richard Levitte |
Add PEM declaration macros that take attributes This makes it possible to easily deprecated selections of PEM functions. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merge
Add PEM declaration macros that take attributes This makes it possible to easily deprecated selections of PEM functions. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13074)
show more ...
|
#
d8652be0 |
| 24-Sep-2020 |
Matt Caswell |
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fro
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
#
6e5ccd58 |
| 18-Aug-2020 |
Richard Levitte |
PEM: Add more library context aware PEM readers PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to complete PEM_read_bio_PrivateKey_ex(). They are all refactored to
PEM: Add more library context aware PEM readers PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to complete PEM_read_bio_PrivateKey_ex(). They are all refactored to be wrappers around the same internal function. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12673)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
6725682d |
| 24-Jul-2020 |
Shane Lontis |
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g |
|
#
1531241c |
| 06-Apr-2020 |
Matt Caswell |
Teach PEM_read_bio_PrivateKey about libctx Now that d2i_PrivateKey_ex() and other similar functions exist we should use it when loading a PEM PrivateKey. Reviewed-by: Shane Lont
Teach PEM_read_bio_PrivateKey about libctx Now that d2i_PrivateKey_ex() and other similar functions exist we should use it when loading a PEM PrivateKey. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11494)
show more ...
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
cb58d81e |
| 18-Nov-2019 |
Richard Levitte |
PROV SERIALIZER: add common functionality to serialize keys To support generic output of public keys wrapped in a X509_PUBKEY, additional PEM and i2d/d2i routines are added for that type
PROV SERIALIZER: add common functionality to serialize keys To support generic output of public keys wrapped in a X509_PUBKEY, additional PEM and i2d/d2i routines are added for that type. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
show more ...
|
#
f864a939 |
| 18-Nov-2019 |
Richard Levitte |
SERIALIZER: add hooks in PEM_write_bio_ and PEM_write_fp_ routines Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
|
#
0d003c52 |
| 18-Nov-2019 |
Richard Levitte |
SERIALIZER: New API for serialization of objects through providers Serialization is needed to be able to take a provider object (such as the provider side key data) and output it in PEM
SERIALIZER: New API for serialization of objects through providers Serialization is needed to be able to take a provider object (such as the provider side key data) and output it in PEM form, DER form, text form (for display), and possibly other future forms (XML? JSON? JWK?) The idea is that a serializer should be able to handle objects it has intimate knowledge of, as well as object data in OSSL_PARAM form. The latter will allow libcrypto to serialize some object with a different provider than the one holding the data, if exporting of that data is allowed and there is a serializer that can handle it. We will provide serializers for the types of objects we know about, which should be useful together with any other provider that provides implementations of the same type of object. Serializers are selected by method name and a couple of additional properties: - format used to tell what format the output should be in. Possibilities could include "format=text", "format=pem", "format=der", "format=pem-pkcs1" (traditional), "format=der-pkcs1" (traditional) - type used to tell exactly what type of data should be output, for example "type=public" (the public part of a key), "type=private" (the private part of a key), "type=domainparams" (domain parameters). This also adds a passphrase callback function type, OSSL_PASSPHRASE_CALLBACK, which is a bit like OSSL_CALLBACK, but it takes a few extra arguments to place the result in. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
show more ...
|
#
de0799b0 |
| 15-Nov-2019 |
Richard Levitte |
PEM: constify PEM_write_ routines There's no reason why the object to be written, or the key string given by the caller should be non-const. This makes the IMPLEMENT_PEM_..._con
PEM: constify PEM_write_ routines There's no reason why the object to be written, or the key string given by the caller should be non-const. This makes the IMPLEMENT_PEM_..._const and DECLARE_PEM_..._const macros superfluous, so we keep them around but mark them deprecated. In all places where IMPLEMENT_PEM_..._const and DECLARE_PEM_..._const are used, they are replaced with the corresponding macros without '_const'. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10452)
show more ...
|
#
936c2b9e |
| 05-Nov-2019 |
Richard Levitte |
Update source files for deprecation at 3.0 Previous macros suggested that from 3.0, we're only allowed to deprecate things at a major version. However, there's no policy stating thi
Update source files for deprecation at 3.0 Previous macros suggested that from 3.0, we're only allowed to deprecate things at a major version. However, there's no policy stating this, but there is for removal, saying that to remove something, it must have been deprecated for 5 years, and that removal can only happen at a major version. Meanwhile, the semantic versioning rule is that deprecation should trigger a MINOR version update, which is reflected in the macro names as of this change. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
show more ...
|
#
d86167ec |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Add legacy include guards to public header files For every public header file, the old include guard definition needs to be added in addition to the new one include/openssl/file
Add legacy include guards to public header files For every public header file, the old include guard definition needs to be added in addition to the new one include/openssl/file.h: #ifndef OPENSSL_FILE_H # define OPENSSL_FILE_H # pragma once # include <openssl/macros.h> # if !OPENSSL_API_3 # define HEADER_FILE_H # endif ... This is going to ensure that applications which use the old include guards externally, for example like this #ifndef HEADER_FILE_H # include <openssl/file.h> #endif will not fail to compile. In addition to the legacy guard, the public header files also receive a '# pragma once' directive. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
ae4186b0 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Fix header file include guard names Make the include guards consistent by renaming them systematically according to the naming conventions below For the public header files (in
Fix header file include guard names Make the include guards consistent by renaming them systematically according to the naming conventions below For the public header files (in the 'include/openssl' directory), the guard names try to match the path specified in the include directives, with all letters converted to upper case and '/' and '.' replaced by '_'. For the private header files files, an extra 'OSSL_' is added as prefix. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|