#
c7340583 |
| 23-Aug-2022 |
FdaSilvaYY |
crypto/*: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname
crypto/*: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
e0c5184a |
| 21-Oct-2021 |
Tomas Mraz |
X509_dup: Avoid duplicating the embedded EVP_PKEY The EVP_PKEY will be recreated from scratch which is OK. Fixes #16606 Reviewed-by: Matt Caswell <matt@openssl.org> (Me
X509_dup: Avoid duplicating the embedded EVP_PKEY The EVP_PKEY will be recreated from scratch which is OK. Fixes #16606 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16648)
show more ...
|
#
49a54634 |
| 10-Jun-2021 |
Dr. David von Oheimb |
d2i_X509: revert calling X509v3_cache_extensions() Fixes #13754 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15705)
|
#
7be04a3a |
| 27-May-2021 |
Matt Caswell |
Give ASN.1 objects the ability to report their libctx/propq Some ASN.1 objects have an embedded libctx/propq. If they have one we give the ASN.1 code the ability to find these values and
Give ASN.1 objects the ability to report their libctx/propq Some ASN.1 objects have an embedded libctx/propq. If they have one we give the ASN.1 code the ability to find these values and use them where needed. This is used for OSSL_CMP_MSG_dup() and X509_dup(). Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
show more ...
|
#
6282d6c2 |
| 27-May-2021 |
Matt Caswell |
Make sure X509_dup() also dup's any associated EVP_PKEY Otherwise we can end up with a blank EVP_PKEY. If it is later recreated it can end up with the wrong libctx/propq. Review
Make sure X509_dup() also dup's any associated EVP_PKEY Otherwise we can end up with a blank EVP_PKEY. If it is later recreated it can end up with the wrong libctx/propq. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
show more ...
|
#
c8a9af97 |
| 21-May-2021 |
Matt Caswell |
Teach the ASN.1 code how to create embedded objects with libctx/propq An ASN.1 object such as an X509 may have embedded objects in it such as an X509_PUBKEY. If there is a libctx/propq i
Teach the ASN.1 code how to create embedded objects with libctx/propq An ASN.1 object such as an X509 may have embedded objects in it such as an X509_PUBKEY. If there is a libctx/propq in use then we need to make sure we pass these down to the constructors of these embedded objects. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
66ddc075 |
| 12-May-2021 |
Pauli |
x509: fix a dangling pointer If object was pointer was passed and an error occured the object was freed & the pointer returned. Fix this to NULL out the caller's pointer before returnin
x509: fix a dangling pointer If object was pointer was passed and an error occured the object was freed & the pointer returned. Fix this to NULL out the caller's pointer before returning. Fixes #15115 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15238)
show more ...
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
1c0eede9 |
| 28-Dec-2020 |
Dr. David von Oheimb |
Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain() Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14128)
|
#
4669015d |
| 09-Mar-2021 |
Shane Lontis |
Add ossl_ x509 symbols Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
#
b54cab31 |
| 09-Mar-2021 |
Shane Lontis |
Add ossl_ symbol to x509 policy Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
3339606a |
| 30-Dec-2020 |
Dr. David von Oheimb |
d2i_X509(): Make deallocation behavior consistent with d2i_X509_AUX() Partly fixes #13754 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/opens
d2i_X509(): Make deallocation behavior consistent with d2i_X509_AUX() Partly fixes #13754 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13755)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
22b9230f |
| 21-Aug-2020 |
Shane Lontis |
Fix X509 propq so it does not use references Fixes #13486 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https:/
Fix X509 propq so it does not use references Fixes #13486 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12700)
show more ...
|
#
ee46dfbf |
| 19-Aug-2020 |
Dr. David von Oheimb |
X509_dup: fix copying of libctx and propq using new ASN1_OP_DUP_POST cb operation Fixes #12680 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/
X509_dup: fix copying of libctx and propq using new ASN1_OP_DUP_POST cb operation Fixes #12680 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12687)
show more ...
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
d8652be0 |
| 24-Sep-2020 |
Matt Caswell |
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fro
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
#
e144fd36 |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in x509v3.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull
Fix safestack issues in x509v3.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
4cdf44c4 |
| 12-Aug-2020 |
Dr. David von Oheimb |
x_x509.c: Simplify X509_new_with_libctx() using x509_set0_libctx() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808)
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
dcc679cd |
| 25-Jul-2020 |
Shane Lontis |
Add internal method x509_set0_libctx(). This should only be called during (or right after) using d2iXXX on a object that contains embedded certificate(s) that require a non default libra
Add internal method x509_set0_libctx(). This should only be called during (or right after) using d2iXXX on a object that contains embedded certificate(s) that require a non default library context. X509_new_with_libctx() should be used if possible. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
show more ...
|
#
6725682d |
| 24-Jul-2020 |
Shane Lontis |
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
01659135 |
| 27-Apr-2020 |
Richard Levitte |
include/openssl/x509v3.h: restore previous stack definition arrangement It turned out that configuration options may affect the definition and use of diverse stacks and how they relate t
include/openssl/x509v3.h: restore previous stack definition arrangement It turned out that configuration options may affect the definition and use of diverse stacks and how they relate to the underlying types. For example, the configuration option 'no-rfc3779' results in a build error around STACK_OF(IPAddressFamily) and related stacks. Previously, STACK_OF definitions were located near the definition of the underlying type, which are also affected by configuration options, which made this easier to maintain. We relocate the new stack definitions back to those locations for that reason. We apply the same type of relocation in other header files as well, following the general rule that it's better to use DEFINE_OR_DECLARE_STACK_OF after the type it defines a stack for has been defined. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11655)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
852c2ed2 |
| 19-Dec-2019 |
Rich Salz |
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|