#
7b1a3a50 |
| 18-Aug-2020 |
Dr. David von Oheimb |
cmp_vfy.c: Fix bug: must verify msg signature also in 3GPP mode Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808)
|
#
eeccc237 |
| 26-Apr-2020 |
Dr. David von Oheimb |
Introduce X509_add_cert[s] simplifying various additions to cert lists Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12615)
|
#
c4a9e3eb |
| 29-May-2020 |
Dr. David von Oheimb |
Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() as checking expected_sender and adding caPubs is not part of msg validation. Also constify a couple of internal and pu
Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() as checking expected_sender and adding caPubs is not part of msg validation. Also constify a couple of internal and public functions related to cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
show more ...
|
#
12bbcee2 |
| 29-May-2020 |
Dr. David von Oheimb |
Make CMP server use same protection for response as for request Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> (M
Make CMP server use same protection for response as for request Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
show more ...
|
#
430efff1 |
| 28-May-2020 |
Dr. David von Oheimb |
Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() Bugfix: allow using extraCerts contained in msg already while checking signature Improve function name, si
Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() Bugfix: allow using extraCerts contained in msg already while checking signature Improve function name, simplify its return value, and update its documentation Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
show more ...
|
#
ca6f1ba9 |
| 28-May-2020 |
Dr. David von Oheimb |
Improve cert checking diagnostics of OSSL_CMP_validate_msg() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
|
#
7aa70fd5 |
| 27-May-2020 |
Dr. David von Oheimb |
Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
|
#
032b13c7 |
| 27-May-2020 |
Dr. David von Oheimb |
Correct error reason of verify_signature() in cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
|
#
6d934add |
| 20-May-2020 |
Dr. David von Oheimb |
Check expected sender not only for signature-protected CMP messages Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
|
#
b27ff9b8 |
| 19-May-2020 |
Dr. David von Oheimb |
Streamline the approach to set CMP message recipient and expected sender Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
852c2ed2 |
| 19-Dec-2019 |
Rich Salz |
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
show more ...
|
#
e599d0ae |
| 24-Mar-2020 |
Dr. David von Oheimb |
Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/ Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https:
Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/ Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11386)
show more ...
|
#
642f60d8 |
| 23-Mar-2020 |
Dr. David von Oheimb |
Rename CMP_PROTECTEDPART to OSSL_CMP_PROTECTEDPART for consistency Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.
Rename CMP_PROTECTEDPART to OSSL_CMP_PROTECTEDPART for consistency Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11386)
show more ...
|
#
d8039304 |
| 31-Mar-2020 |
Dr. David von Oheimb |
Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11448)
show more ...
|
#
a1e4c8ef |
| 30-Mar-2020 |
Dr. David von Oheimb |
Fix bugs in 3GPP exception checking and improve diagnostics in crypt/cmp/cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.co
Fix bugs in 3GPP exception checking and improve diagnostics in crypt/cmp/cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11448)
show more ...
|
#
7e765f46 |
| 10-Mar-2020 |
Dr. David von Oheimb |
Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer
Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11300)
show more ...
|
#
31b28ad9 |
| 15-Feb-2020 |
Dr. David von Oheimb |
chunk 7 of CMP contribution to OpenSSL add CMP message validation and related tests; while doing so: * add ERR_add_error_mem_bio() to crypto/err/err_prn.c * move ossl_cmp_add_error_t
chunk 7 of CMP contribution to OpenSSL add CMP message validation and related tests; while doing so: * add ERR_add_error_mem_bio() to crypto/err/err_prn.c * move ossl_cmp_add_error_txt() as ERR_add_error_txt() to crypto/err/err_prn.c * add X509_STORE_CTX_print_verify_cb() to crypto/x509/t_x509.c, adding internally x509_print_ex_brief(), print_certs(), and print_store_certs() * move {ossl_cmp_,}X509_STORE_get1_certs() to crypto/x509/x509_lu.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620)
show more ...
|