#
c4e91674 |
| 28-May-2021 |
Tomas Mraz |
Rename also the OSSL_PROVIDER_name() function Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
f12a5690 |
| 21-Apr-2021 |
Matt Caswell |
Add the concept of a child OSSL_LIB_CTX Add a child OSSL_LIB_CTX that will mirror the providers loaded into the parent libctx. This is useful for providers that want to use algorithms
Add the concept of a child OSSL_LIB_CTX Add a child OSSL_LIB_CTX that will mirror the providers loaded into the parent libctx. This is useful for providers that want to use algorithms from other providers and just need to inherit the providers used by the application. Fixes #14925 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
b0001d0c |
| 25-Sep-2020 |
Pauli |
provider: add an unquery function to allow providers to clean up. Without this, a provider has no way to know that an application has finished with the array it returned earlier. A non
provider: add an unquery function to allow providers to clean up. Without this, a provider has no way to know that an application has finished with the array it returned earlier. A non-caching provider requires this information. Fixes #12974 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12974)
show more ...
|
#
299f5ff3 |
| 17-Feb-2021 |
Pauli |
provider: add option to load a provider without disabling the fallbacks. Add an argument to PROVIDER_try_load() that permits a provider to be loaded without changing the fallback status.
provider: add option to load a provider without disabling the fallbacks. Add an argument to PROVIDER_try_load() that permits a provider to be loaded without changing the fallback status. This is useful when an additional provider needs to be loaded without perturbing any other setup. E.g. adding mock providers as part of unit testing. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652)
show more ...
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
#
d59068bd |
| 06-Feb-2021 |
FdaSilvaYY |
include/openssl: add a few missing #pragma once directives Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from htt
include/openssl: add a few missing #pragma once directives Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14096)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
ebe3f24b |
| 13-Aug-2020 |
Pauli |
provider: disable fall-backs if OSSL_PROVIDER_load() fails. If an attempt is made to load a provider and it fails, the fall-back mechanism should be disabled to prevent the user getting
provider: disable fall-backs if OSSL_PROVIDER_load() fails. If an attempt is made to load a provider and it fails, the fall-back mechanism should be disabled to prevent the user getting some weird happening. E.g. a failure to load the FIPS provider should not allow the default to load as a fall-back. The OSSL_PROVIDER_try_load() call has been added, to allow a provider to be loaded without disabling the fall-back mechanism if it fails. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12625)
show more ...
|
#
04cb5ec0 |
| 09-Aug-2020 |
Shane Lontis |
Add 'on demand self test' and status test to providers The default and legacy providers currently return 1 for status and self test checks. Added test to show the 3 different stages the
Add 'on demand self test' and status test to providers The default and legacy providers currently return 1 for status and self test checks. Added test to show the 3 different stages the self test can be run (for installation, loading and on demand). For the fips provider: - If the on demand self test fails, then any subsequent fetches should also fail. To implement this the cached algorithms are flushed on failure. - getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11752)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
82ec09ec |
| 18-May-2020 |
Matt Caswell |
Add the OSSL_PROVIDER_get_capabilities() API function Provide a function to applications to query the capabilities that a provider can perform. Reviewed-by: Shane Lontis <shane.
Add the OSSL_PROVIDER_get_capabilities() API function Provide a function to applications to query the capabilities that a provider can perform. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
Revision tags: openssl-3.0.0-alpha2 |
|
#
d01d3752 |
| 08-May-2020 |
Matt Caswell |
Implement OSSL_PROVIDER_get0_provider_ctx() Implement a function which enables us to get hold of the provider ctx for a loaded provider. Reviewed-by: Shane Lontis <shane.lontis@
Implement OSSL_PROVIDER_get0_provider_ctx() Implement a function which enables us to get hold of the provider ctx for a loaded provider. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11834)
show more ...
|
#
5f603a28 |
| 04-May-2020 |
Matt Caswell |
Enable applications to directly call a provider's query operation This is useful to get hold of the low-level dispatch tables. This could be used to create a new provider based on an exi
Enable applications to directly call a provider's query operation This is useful to get hold of the low-level dispatch tables. This could be used to create a new provider based on an existing one. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11834)
show more ...
|
#
a7ad40c5 |
| 18-May-2020 |
Richard Levitte |
Add OSSL_PROVIDER_do_all() This allows applications to iterate over all loaded providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/op
Add OSSL_PROVIDER_do_all() This allows applications to iterate over all loaded providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11858)
show more ...
|
Revision tags: openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
6bd4e3f2 |
| 25-Feb-2020 |
Pauli |
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option t
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
ae4186b0 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Fix header file include guard names Make the include guards consistent by renaming them systematically according to the naming conventions below For the public header files (in
Fix header file include guard names Make the include guards consistent by renaming them systematically according to the naming conventions below For the public header files (in the 'include/openssl' directory), the guard names try to match the path specified in the include directives, with all letters converted to upper case and '/' and '.' replaced by '_'. For the private header files files, an extra 'OSSL_' is added as prefix. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
dca97d00 |
| 14-Aug-2019 |
Richard Levitte |
Rename provider and core get_param_types functions It was argued that names like SOMETHING_set_param_types were confusing, and a rename has been proposed to SOMETHING_settable_params, an
Rename provider and core get_param_types functions It was argued that names like SOMETHING_set_param_types were confusing, and a rename has been proposed to SOMETHING_settable_params, and by consequence, SOMETHING_get_param_types is renamed SOMETHING_gettable_params. This changes implements this change for the dispatched provider and core functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9591)
show more ...
|
#
36f5ec55 |
| 17-Jul-2019 |
Richard Levitte |
Add functions to see if a provider is available for use. Public function OSSL_PROVIDER_available() takes a library context and a provider name, and returns 1 if it's available for use, i
Add functions to see if a provider is available for use. Public function OSSL_PROVIDER_available() takes a library context and a provider name, and returns 1 if it's available for use, i.e. if it's possible to fetch implementations from it, otherwise 0. Internal function ossl_provider_activated() returns 1 if the given OSSL_PROVIDER is activated, otherwise 0. To make this possible, the activation of fallbacks got refactored out to a separate function, which ended up simplifying the code. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9398)
show more ...
|
#
26175013 |
| 11-Jul-2019 |
Richard Levitte |
Replace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9346)
|
#
b37066fd |
| 10-Jul-2019 |
Richard Levitte |
Add OSSL_PROVIDER_name() Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9356)
|
#
4e7991b4 |
| 24-Jun-2019 |
Pauli |
Change OSSL_PARAM return size to not be a pointer. Instead of referencing the return size from the OSSL_PARAM structure, make the size a field within the structure. Reviewed-by:
Change OSSL_PARAM return size to not be a pointer. Instead of referencing the return size from the OSSL_PARAM structure, make the size a field within the structure. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9135)
show more ...
|
#
24626a47 |
| 31-May-2019 |
Richard Levitte |
Constify OSSL_PROVIDER getter input parameters Some OSSL_PROVIDER getters took a non-const OSSL_PROVIDER parameter. There's no reason to do so. Reviewed-by: Tomas Mraz <tmraz@fe
Constify OSSL_PROVIDER getter input parameters Some OSSL_PROVIDER getters took a non-const OSSL_PROVIDER parameter. There's no reason to do so. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9054)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
3374dc03 |
| 19-Feb-2019 |
Richard Levitte |
Replumbing: New public API to load or add providers Adding a provider means creating an internal provier object and adding it to the store. This allows the addition of built in provider
Replumbing: New public API to load or add providers Adding a provider means creating an internal provier object and adding it to the store. This allows the addition of built in providers, be it in the OpenSSL libraries or in any application. "Loading" a provider is defined broadly. A built in provider is already "loaded" in essence and only needs activating, while a provider in a dynamically loadable module requires actually loading the module itself. In this API, "loading" a provider does both. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
show more ...
|