Skip to content
  1. Apr 03, 2019
    • Richard Levitte's avatar
      Replumbing: add a configuration module for providers · abbc2c40
      Richard Levitte authored
      
      
      This configuration module supports a configuration structure pretty
      much like the engine configuration module, i.e. something like this:
      
          openssl_conf = openssl_init
      
          [openssl_init]
          providers = provider_section
      
          [provider_section]
          # Configure the provider named "foo"
          foo = foo_section
          # Configure the provider named "bar"
          bar = bar_section
      
          [foo_section]
          # Override name given in the provider section
          identity = myfoo
          # The exact path of the module.  This is platform specific
          module_path = /opt/openssl/modules/foo.so
          # Whether it should be automatically activated.  Value is unimportant
          activate = whatever
      
          # Anything else goes as well, and becomes parameters that the
          # provider can get
          what = 1
          # sub-sections will be followed as well
          ever = ever_section
      
          [ever_section]
          cookie = monster
      
      All the configurations in a provider section and its sub-sections
      become parameters for the provider to get, i.e. the "foo" provider
      will be able to get values for the following keys (with associated
      values shown):
      
          identity            => myfoo
          module_path         => /opt/openssl/modules/foo.so
          activate            => whatever
          what                => 1
          ever.cookie         => monster
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/8549)
      abbc2c40
    • Richard Levitte's avatar
      Replumbing: add functionality to set provider parameters · ac1055ef
      Richard Levitte authored
      
      
      Provider parameters are parameters set by the core that the provider
      can retrieve.  The primary use it to support making OpenSSL
      configuration data available to the provider.
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/8549)
      ac1055ef
    • Pauli's avatar
      AES-XTS block limit. · 5516c19b
      Pauli authored
      
      
      Limit the number of AES blocks in a data unit to 2^20 or less.
      This corresponds to the mandates in IEEE Std 1619-2018 and NIST SP 800-38E.
      
      Note: that this is a change from IEEE Std 1619-2007 which only recommended
      this limit.
      
      Reviewed-by: default avatarMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
      (Merged from https://github.com/openssl/openssl/pull/8627)
      5516c19b
  2. Apr 02, 2019
  3. Apr 01, 2019
  4. Mar 31, 2019
  5. Mar 30, 2019
  6. Mar 29, 2019