[openssl/openssl] 96e678: Allow to pass a passprase callback at store open

Simo Sorce noreply at github.com
Tue Sep 19 10:27:45 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 96e678087de25c4bb19ef01492bd04002c3fe315
      https://github.com/openssl/openssl/commit/96e678087de25c4bb19ef01492bd04002c3fe315
  Author: Simo Sorce <simo at redhat.com>
  Date:   2023-09-19 (Tue, 19 Sep 2023)

  Changed paths:
    M crypto/store/store_lib.c
    M crypto/store/store_local.h
    M crypto/store/store_meth.c
    M include/openssl/core_dispatch.h

  Log Message:
  -----------
  Allow to pass a passprase callback at store open

Some PKCS11 modules require authentication early on to be able to
preload objects, which we want to do to avoid costly roundtrips when the
HSM is actually reached over a network (Cloud HSM).

Unfortunately at open time we can't interact with the user becaue the
callbacks are only passed at object load time. later on.

This patch corrects this issue by providing a more feature rich open
call for providers.

Signed-off-by: Simo Sorce <simo at redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20131)


  Commit: 64129008fb822758778f7dd29cec6a0a4582e4d2
      https://github.com/openssl/openssl/commit/64129008fb822758778f7dd29cec6a0a4582e4d2
  Author: Simo Sorce <simo at redhat.com>
  Date:   2023-09-19 (Tue, 19 Sep 2023)

  Changed paths:
    M test/fake_rsaprov.c
    M test/fake_rsaprov.h
    M test/provider_pkey_test.c

  Log Message:
  -----------
  Add Test to verify open_ex password checking works

Signed-off-by: Simo Sorce <simo at redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20131)


  Commit: e40d538ad72c8e496b1dfe7d93c6002ce48351f5
      https://github.com/openssl/openssl/commit/e40d538ad72c8e496b1dfe7d93c6002ce48351f5
  Author: Simo Sorce <simo at redhat.com>
  Date:   2023-09-19 (Tue, 19 Sep 2023)

  Changed paths:
    M doc/man7/provider-storemgmt.pod

  Log Message:
  -----------
  Add provider documentation for the new open_ex

Signed-off-by: Simo Sorce <simo at redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20131)


Compare: https://github.com/openssl/openssl/compare/19937db0f276...e40d538ad72c

More information about the openssl-commits mailing list