#
72a99ef6 |
| 13-Oct-2023 |
Dr. David von Oheimb |
CMS_add1_signer(): add missing ERR_raise() calls Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl
CMS_add1_signer(): add missing ERR_raise() calls Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22390)
show more ...
|
#
bf3f8f2c |
| 06-Dec-2022 |
Matt Caswell |
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no associated OID then we should report an err
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no associated OID then we should report an error rather than continuing on regardless. Continuing on still ends up failing - but later on and with a more cryptic error message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19918)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
07342bad |
| 28-Apr-2021 |
Viktor Söderqvist |
CMS sign digest CLI changes: New parameter -digest to CLI command openssl cms, to provide pre-computed digest for use with -sign. API changes: New function CMS_final_digest(), l
CMS sign digest CLI changes: New parameter -digest to CLI command openssl cms, to provide pre-computed digest for use with -sign. API changes: New function CMS_final_digest(), like CMS_final() but uses a pre-computed digest instead of computing it from the data. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/15348)
show more ...
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
63b64f19 |
| 12-Mar-2021 |
Dr. David von Oheimb |
TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: Tomas Mraz <to
TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14503)
show more ...
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
e337b824 |
| 12-Nov-2020 |
Richard Levitte |
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from htt
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13392)
show more ...
|
#
14a6c6a4 |
| 12-Nov-2020 |
Richard Levitte |
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from ht
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
0b3a4ef2 |
| 06-Oct-2020 |
Matt Caswell |
Move CMS enveloping code out of the algorithms and into CMS There is quite a large amount of algorithm specific CMS code sitting in the algorithm directories. However, this seems to brea
Move CMS enveloping code out of the algorithms and into CMS There is quite a large amount of algorithm specific CMS code sitting in the algorithm directories. However, this seems to break layering. Algorithms really have no business knowing anything about CMS. Really it should be the other way around. Where there is algorithm specific CMS code it is the CMS layer that should know how to handle different algorithms. Therefore we move this code into the CMS layer. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
924663c3 |
| 06-Sep-2020 |
Jakub Zelenka |
Add CMS AuthEnvelopedData with AES-GCM support Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM parameter as defined in RFC 5084. Reviewed-by: Shane Lontis <shane.l
Add CMS AuthEnvelopedData with AES-GCM support Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM parameter as defined in RFC 5084. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8024)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
9e3c510b |
| 12-Jun-2019 |
FdaSilvaYY |
crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto
crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8098)
show more ...
|
#
9bf475fc |
| 13-Apr-2020 |
Dr. Matthias St. Pierre |
mkerr: remove legacy guards from generated error headers In pull request #9333, legacy guards were added to the generated error headers, but the mkerr.pl script was not adjusted accordin
mkerr: remove legacy guards from generated error headers In pull request #9333, legacy guards were added to the generated error headers, but the mkerr.pl script was not adjusted accordingly. So the legacy guards were removed by subsequent `make update` calls. Fixing the mkerr.pl script properly was disproportionately complicated by the fact that adding legacy guards only made sense for files which already existed in version 1.1.1. To keep things simple, it was decided to drop the legacy guards from the generated headers entirely. Fixes #10569 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11541)
show more ...
|
#
aec8de1a |
| 08-Apr-2020 |
Richard Levitte |
CMS KARI: Temporarly downgrade newly generated EVP_PKEYs to legacy The EVP_PKEY_ASN1_METHOD code used by CMS_RecipientInfo_kari_decrypt() and cms_RecipientInfo_kari_encrypt() is quite co
CMS KARI: Temporarly downgrade newly generated EVP_PKEYs to legacy The EVP_PKEY_ASN1_METHOD code used by CMS_RecipientInfo_kari_decrypt() and cms_RecipientInfo_kari_encrypt() is quite complex and needs more careful thought to work with provider side keys. Unfortunately, we need to get key generation in place, among others for ECC keys, so we add a temporary hack, similar to what's already done in TLS code, that downgrades a provider side EVP_PKEY to become EVP_PKEY_ASN1_METHOD / EVP_PKEY_METHOD based. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11501)
show more ...
|
#
71434aed |
| 20-Jan-2020 |
Dmitry Belyavskiy |
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/p
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
show more ...
|
#
936c2b9e |
| 05-Nov-2019 |
Richard Levitte |
Update source files for deprecation at 3.0 Previous macros suggested that from 3.0, we're only allowed to deprecate things at a major version. However, there's no policy stating thi
Update source files for deprecation at 3.0 Previous macros suggested that from 3.0, we're only allowed to deprecate things at a major version. However, there's no policy stating this, but there is for removal, saying that to remove something, it must have been deprecated for 5 years, and that removal can only happen at a major version. Meanwhile, the semantic versioning rule is that deprecation should trigger a MINOR version update, which is reflected in the macro names as of this change. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
show more ...
|
#
d86167ec |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Add legacy include guards to public header files For every public header file, the old include guard definition needs to be added in addition to the new one include/openssl/file
Add legacy include guards to public header files For every public header file, the old include guard definition needs to be added in addition to the new one include/openssl/file.h: #ifndef OPENSSL_FILE_H # define OPENSSL_FILE_H # pragma once # include <openssl/macros.h> # if !OPENSSL_API_3 # define HEADER_FILE_H # endif ... This is going to ensure that applications which use the old include guards externally, for example like this #ifndef HEADER_FILE_H # include <openssl/file.h> #endif will not fail to compile. In addition to the legacy guard, the public header files also receive a '# pragma once' directive. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
ae4186b0 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Fix header file include guard names Make the include guards consistent by renaming them systematically according to the naming conventions below For the public header files (in
Fix header file include guard names Make the include guards consistent by renaming them systematically according to the naming conventions below For the public header files (in the 'include/openssl' directory), the guard names try to match the path specified in the include directives, with all letters converted to upper case and '/' and '.' replaced by '_'. For the private header files files, an extra 'OSSL_' is added as prefix. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
cbfa5b03 |
| 11-Jul-2019 |
Rich Salz |
Regenerate mkerr files Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9058)
|
#
19e512a8 |
| 03-Jun-2019 |
Shane Lontis |
Add the content type attribute to additional CMS signerinfo. Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not
Add the content type attribute to additional CMS signerinfo. Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8944)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
2a6a5607 |
| 05-Mar-2019 |
Rich Salz |
Add regenerated header files Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/83
Add regenerated header files Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8397)
show more ...
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
e85d19c6 |
| 12-Dec-2018 |
Antonio Iacono |
crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES) A CAdES Basic Electronic Signature (CAdES-BES) contains, among other specifications, a collection of Signing Ce
crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES) A CAdES Basic Electronic Signature (CAdES-BES) contains, among other specifications, a collection of Signing Certificate reference attributes, stored in the signedData ether as ESS signing-certificate or as ESS signing-certificate-v2. These are described in detail in Section 5.7.2 of RFC 5126 - CMS Advanced Electronic Signatures (CAdES). This patch adds support for adding ESS signing-certificate[-v2] attributes to CMS signedData. Although it implements only a small part of the RFC, it is sufficient many cases to enable the `openssl cms` app to create signatures which comply with legal requirements of some European States (e.g Italy). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7893)
show more ...
|
#
48f4ad77 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in include/ and crypto/include/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/77
Following the license change, modify the boilerplates in include/ and crypto/include/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7770)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5 |
|
#
cdb10bae |
| 03-Apr-2018 |
Rich Salz |
Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.co
Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
#
a699b8e4 |
| 08-Feb-2018 |
FdaSilvaYY |
Small simplification in mkerr.pl As suggested in https://github.com/openssl/openssl/pull/5275 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@op
Small simplification in mkerr.pl As suggested in https://github.com/openssl/openssl/pull/5275 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5288)
show more ...
|
#
048ebccb |
| 07-Feb-2018 |
Richard Levitte |
make update ERROR_REBUILD=-rebuild Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5275)
|
Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
52df25cf |
| 07-Jun-2017 |
Rich Salz |
make error tables const and separate header file Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-interna
make error tables const and separate header file Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
show more ...
|