#
08ae9fa6 |
| 18-Jul-2022 |
K1 |
Support decode SM2 parameters Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18819)
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
352a0bca |
| 29-Nov-2021 |
x2018 |
Check the return value of ossl_bio_new_from_core_bio() There are missing checks of its return value in 8 different spots. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-b
Check the return value of ossl_bio_new_from_core_bio() There are missing checks of its return value in 8 different spots. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17154)
show more ...
|
#
98408852 |
| 30-Aug-2021 |
Richard Levitte |
PEM to DER decoder: Specify object type and data structure more consistently The data structure wasn't given for recognised certificates or CRLs. It's better, though, to specify it for t
PEM to DER decoder: Specify object type and data structure more consistently The data structure wasn't given for recognised certificates or CRLs. It's better, though, to specify it for those objects as well, so they can be used to filter what actually gets decoded, which will be helpful for our OSSL_STORE 'file:' scheme implementation. Fixes #16224 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16466)
show more ...
|
#
16561896 |
| 28-Jun-2021 |
Richard Levitte |
PROV: Have our PEM->DER decoder only recognise our PEM names This is to avoid creating confusion where other PEM decoder implementations may know better what PEM names that are unknown t
PROV: Have our PEM->DER decoder only recognise our PEM names This is to avoid creating confusion where other PEM decoder implementations may know better what PEM names that are unknown to us actually mean. Fixes #15929 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15930)
show more ...
|
#
6a2b8ff3 |
| 27-May-2021 |
Richard Levitte |
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8 This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo", which is sensible considering we already have
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8 This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo", which is sensible considering we already have "SubjectPublicKeyInfo". We also add "EncryptedPrivateKeyInfo", and use it for a special decoder that detects and decrypts an EncryptedPrivateKeyInfo structured DER blob into a PrivateKeyInfo structured DER blob and passes that on to the next decoder implementation. The result of this change is that PKCS#8 decryption should only happen once per decoding instead of once for every expected key type. Furthermore, this new decoder implementation sets the data type to the OID of the algorithmIdentifier field, thus reducing how many decoder implementations are tentativaly run further down the call chain. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15498)
show more ...
|
#
6462a4f0 |
| 01-Jun-2021 |
Richard Levitte |
PROV: drop get_params() and gettable_params() from all decoder implementations They aren't needed at all any more, since the properties contain the same information. This also d
PROV: drop get_params() and gettable_params() from all decoder implementations They aren't needed at all any more, since the properties contain the same information. This also drops the parameter names OSSL_DECODER_PARAM_INPUT_TYPE and OSSL_DECODER_PARAM_INPUT_STRUCTURE. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15570)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
#
9cc97ddf |
| 12-Apr-2021 |
Richard Levitte |
Adapt our decoder implementations to the new way to indicate succes / failure This includes the special decoder used in our STOREMGMT 'file:' implementation Reviewed-by: Tomas Mraz
Adapt our decoder implementations to the new way to indicate succes / failure This includes the special decoder used in our STOREMGMT 'file:' implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14834)
show more ...
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
9500c823 |
| 24-Feb-2021 |
Shane Lontis |
Fix misc external ossl_ symbols. Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
#
70793dbb |
| 13-Feb-2021 |
Matt Caswell |
Pass the object type and data structure from the pem2der decoder The pem2der decoder can infer certain information about the endoded der data based on the PEM headers. This information s
Pass the object type and data structure from the pem2der decoder The pem2der decoder can infer certain information about the endoded der data based on the PEM headers. This information should be passed to the next decoders in the chain to ensure we end up loading the correct type of thing. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14191)
show more ...
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
#
2741128e |
| 05-Feb-2021 |
Tomas Mraz |
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications or third party providers. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14086)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
2c090c1d |
| 26-Oct-2020 |
Richard Levitte |
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH a
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
show more ...
|
Revision tags: openssl-3.0.0-alpha7 |
|
#
ecadfdad |
| 02-Oct-2020 |
Richard Levitte |
DECODER: Handle abstract object data type The PEM->DER decoder passes the data type of its contents, something that decoder_process() ignored. On the other hand, the PEM->DER de
DECODER: Handle abstract object data type The PEM->DER decoder passes the data type of its contents, something that decoder_process() ignored. On the other hand, the PEM->DER decoder passed nonsense. Both issues are fixed here. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13060)
show more ...
|
#
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
8ae40cf5 |
| 07-Sep-2020 |
Richard Levitte |
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them ha
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
14c8a3d1 |
| 22-Jul-2020 |
Richard Levitte |
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract objects work. In essence, an abstract object is an OSSL_PARAM array with well defined parameter keys and values: - an object type, which is a number indicating what kind of libcrypto structure the object in question can be used with. The currently possible numbers are defined in <openssl/core_object.h>. - an object data type, which is a string that indicates more closely what the contents of the object are. - the object data, an octet string. The exact encoding used depends on the context in which it's used. For example, the decoder sub-system accepts any encoding, as long as there is a decoder implementation that takes that as input. If central code is to handle the data directly, DER encoding is assumed. (*) - an object reference, also an octet string. This octet string is not the object contents, just a mere reference to a provider-native object. (**) - an object description, which is a human readable text string that can be displayed if some software desires to do so. The intent is that certain provider-native operations (called X here) are able to return any sort of object that belong with other operations, or an object that has no provider support otherwise. (*) A future extension might be to be able to specify encoding. (**) The possible mechanisms for dealing with object references are: - An object loading function in the target operation. The exact target operation is determined by the object type (for example, OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT) and the implementation to be fetched by its object data type (for an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched). This loading function is only useful for this if the implementations that are involved (X and KEYMGMT, for example) are from the same provider. - An object exporter function in the operation X implementation. That exporter function can be used to export the object data in OSSL_PARAM form that can be imported by a target operation's import function. This can be used when it's not possible to fetch the target operation implementation from the same provider. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
show more ...
|
#
ece9304c |
| 16-Aug-2020 |
Richard Levitte |
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openss
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
show more ...
|