#
8c7c1c84 |
| 08-Jun-2021 |
Matt Caswell |
Add a generic SubjectPublicKeyInfo decoder Previously all the SubjectPublicKeyInfo decoders were specific to a key type. We would iterate over all them until a match was found for the co
Add a generic SubjectPublicKeyInfo decoder Previously all the SubjectPublicKeyInfo decoders were specific to a key type. We would iterate over all them until a match was found for the correct key type. Each one would fully decode the key before then testing whether it was a match or not - throwing it away if not. This was very inefficient. Instead we introduce a generic SubjectPublicKeyInfo decoder which figures out what type of key is contained within it, before subsequently passing on the data to a key type specific SubjectPublicKeyInfo decoder. Fixes #15646 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15662)
show more ...
|
#
6a2b8ff3 |
| 27-May-2021 |
Richard Levitte |
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8 This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo", which is sensible considering we already have
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8 This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo", which is sensible considering we already have "SubjectPublicKeyInfo". We also add "EncryptedPrivateKeyInfo", and use it for a special decoder that detects and decrypts an EncryptedPrivateKeyInfo structured DER blob into a PrivateKeyInfo structured DER blob and passes that on to the next decoder implementation. The result of this change is that PKCS#8 decryption should only happen once per decoding instead of once for every expected key type. Furthermore, this new decoder implementation sets the data type to the OID of the algorithmIdentifier field, thus reducing how many decoder implementations are tentativaly run further down the call chain. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15498)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
202cbdd2 |
| 05-May-2021 |
Tomas Mraz |
A few cleanups of the provider build.infos Remove a TODO that is no longer relevant and drop some more non-fips sources from the fips checksums. Reviewed-by: Paul Dale <pauli@op
A few cleanups of the provider build.infos Remove a TODO that is no longer relevant and drop some more non-fips sources from the fips checksums. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15191)
show more ...
|
#
848af5e8 |
| 06-May-2021 |
Richard Levitte |
Drop libimplementations.a libimplementations.a was a nice idea, but had a few flaws: 1. The idea to have common code in libimplementations.a and FIPS sensitive helper funct
Drop libimplementations.a libimplementations.a was a nice idea, but had a few flaws: 1. The idea to have common code in libimplementations.a and FIPS sensitive helper functions in libfips.a / libnonfips.a didn't catch on, and we saw full implementation ending up in them instead and not appearing in libimplementations.a at all. 2. Because more or less ALL algorithm implementations were included in libimplementations.a (the idea being that the appropriate objects from it would be selected automatically by the linker when building the shared libraries), it's very hard to find only the implementation source that should go into the FIPS module, with the result that the FIPS checksum mechanism include source files that it shouldn't To mitigate, we drop libimplementations.a, but retain the idea of collecting implementations in static libraries. With that, we not have: libfips.a Includes all implementations that should become part of the FIPS provider. liblegacy.a Includes all implementations that should become part of the legacy provider. libdefault.a Includes all implementations that should become part of the default and base providers. With this, libnonfips.a becomes irrelevant and is dropped. libcommon.a is retained to include common provider code that can be used uniformly by all providers. Fixes #15157 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15171)
show more ...
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
f4e46b81 |
| 15-Mar-2021 |
Richard Levitte |
PROV: Add type specific MSBLOB and PVK decoding for the MS->key decoders To make this cleaner, decoder_ms2key.c is split into decoder_msblob2key.c and decoder_pvk2key.c. This re
PROV: Add type specific MSBLOB and PVK decoding for the MS->key decoders To make this cleaner, decoder_ms2key.c is split into decoder_msblob2key.c and decoder_pvk2key.c. This required a great deal of refactoring of crypto/pem/pvkfmt.c, to make cleaner internal functions that our decoder implementations can use. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
show more ...
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
c8182743 |
| 23-Feb-2021 |
Richard Levitte |
PROV: Implement an EC key -> blob encoder, to get the public key Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/op
PROV: Implement an EC key -> blob encoder, to get the public key Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/14291)
show more ...
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
0cc0164d |
| 09-Dec-2020 |
Richard Levitte |
PROV: Add MSBLOB and PVK encoders This allows 15-test_rsa.t to succeed, and provides the same OSSL_ENCODER support for these formats as for all other formats supported in OpenSSL.
PROV: Add MSBLOB and PVK encoders This allows 15-test_rsa.t to succeed, and provides the same OSSL_ENCODER support for these formats as for all other formats supported in OpenSSL. Fixes #13379 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13645)
show more ...
|
#
2e1bc081 |
| 09-Dec-2020 |
Richard Levitte |
Remove unnecessary guards around MSBLOB and PVK readers and writers The OPENSSL_NO_RC4 guard remain around protected PVK tests in test/endecoder_test.c. Reviewed-by: Paul Dale <
Remove unnecessary guards around MSBLOB and PVK readers and writers The OPENSSL_NO_RC4 guard remain around protected PVK tests in test/endecoder_test.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13648)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
8ae40cf5 |
| 07-Sep-2020 |
Richard Levitte |
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them ha
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
show more ...
|
#
ece9304c |
| 16-Aug-2020 |
Richard Levitte |
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openss
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
show more ...
|