#
bc64c5a6 |
| 02-Sep-2020 |
Dr. David von Oheimb |
X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/op
X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12769)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
eeccc237 |
| 26-Apr-2020 |
Dr. David von Oheimb |
Introduce X509_add_cert[s] simplifying various additions to cert lists Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12615)
|
#
c74aaa39 |
| 25-May-2020 |
Dr. David von Oheimb |
Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl
Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11953)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
852c2ed2 |
| 19-Dec-2019 |
Rich Salz |
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
show more ...
|
#
e0331eb8 |
| 08-Apr-2020 |
Dr. David von Oheimb |
Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no serialNumber Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from h
Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no serialNumber Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11386)
show more ...
|
#
8cc86b81 |
| 23-Mar-2020 |
Dr. David von Oheimb |
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which does not break compatibility Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10504)
show more ...
|
#
7e06a675 |
| 04-Jan-2020 |
Bernd Edlinger |
Fix error handling in x509v3_cache_extensions and related functions Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extension
Fix error handling in x509v3_cache_extensions and related functions Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extensions. [extended tests] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10755)
show more ...
|
#
47b4ccea |
| 10-Oct-2019 |
Richard Levitte |
Stop using EVP_MD_CTX_FLAG_NON_FIPS_ALLOW This is a flag that has lost its relevance. The new mechanism to do the same thing is to fetch the needed digest explicitly with "-fips" as
Stop using EVP_MD_CTX_FLAG_NON_FIPS_ALLOW This is a flag that has lost its relevance. The new mechanism to do the same thing is to fetch the needed digest explicitly with "-fips" as property query, i.e. we remove any requirement for that property to be set when fetching, even if the default property query string requires its presence. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10138)
show more ...
|
#
25f2138b |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: W
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
cae665df |
| 16-Aug-2019 |
Bernd Edlinger |
Fix error handling in X509_chain_up_ref Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pu
Fix error handling in X509_chain_up_ref Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9614)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
3e4b43b9 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/x509/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Following the license change, modify the boilerplates in crypto/x509/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7824)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7 |
|
#
83cf7abf |
| 29-May-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6371)
|
#
511190b6 |
| 16-May-2018 |
Matt Caswell |
Fix undefined behaviour in X509_NAME_cmp() If the lengths of both names is 0 then don't attempt to do a memcmp. Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovs
Fix undefined behaviour in X509_NAME_cmp() If the lengths of both names is 0 then don't attempt to do a memcmp. Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6291)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
26a7d938 |
| 17-Oct-2017 |
KaoruToda |
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
show more ...
|
#
a1df06b3 |
| 20-Aug-2017 |
Pauli |
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause probl
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0 |
|
#
68c12bfc |
| 18-Aug-2016 |
Dr. Stephen Henson |
Add X509_get0_serialNumber() and constify OCSP_cert_to_id() Reviewed-by: Matt Caswell <matt@openssl.org>
|
Revision tags: OpenSSL_1_1_0-pre6 |
|
#
22293ea1 |
| 30-Jul-2016 |
Richard J. Moore |
Ignore the serial number for now and just do the rest. Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/open
Ignore the serial number for now and just do the rest. Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1367)
show more ...
|
#
1421aead |
| 30-Jul-2016 |
Richard J. Moore |
Make some more X509 functions const. Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Make some more X509 functions const. Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1367)
show more ...
|
#
fdaf7bee |
| 08-Jul-2016 |
FdaSilvaYY |
Constify ... X509_REVOKED_get0_extensions X509_check_private_key Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from htt
Constify ... X509_REVOKED_get0_extensions X509_check_private_key Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
show more ...
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
b1322259 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h |
|
#
87a8405b |
| 28-Apr-2016 |
David Benjamin |
Avoid overflow issues in X509_cmp. The length is a long, so returning the difference does not quite work. Thanks to Torbjörn Granlund for noticing. Reviewed-by: Rich Salz <
Avoid overflow issues in X509_cmp. The length is a long, so returning the difference does not quite work. Thanks to Torbjörn Granlund for noticing. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre5 |
|
#
29fa0a1a |
| 22-Mar-2016 |
Dr. Stephen Henson |
Make X509_PUBKEY opaque Reviewed-by: Matt Caswell <matt@openssl.org>
|
Revision tags: OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
#
0d4fb843 |
| 05-Feb-2016 |
FdaSilvaYY |
GH601: Various spelling fixes. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
#
6e328256 |
| 17-Jan-2016 |
Viktor Dukhovni |
Check Suite-B constraints with EE DANE records When DANE-EE(3) matches or either of DANE-EE/PKIX-EE fails, we don't build a chain at all, but rather succeed or fail with just the leaf
Check Suite-B constraints with EE DANE records When DANE-EE(3) matches or either of DANE-EE/PKIX-EE fails, we don't build a chain at all, but rather succeed or fail with just the leaf certificate. In either case also check for Suite-B violations. As unlikely as it may seem that anyone would enable both DANE and Suite-B, we should do what the application asks. Took the opportunity to eliminate the "cb" variables in x509_vfy.c, just call ctx->verify_cb(ok, ctx) Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|