|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
| #
c0452248 |
| 20-Apr-2017 |
Rich Salz |
Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returni
Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.
Raise errors if empty or malformed files are read when loading certificates
and CRLs.
Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}
Refactor these two routines into one.
Bring the unit test for duplicate certificates up to date using the test
framework.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
show more ...
|
| #
43ae5eed |
| 05-Apr-2017 |
Matt Caswell |
Implement a new custom extensions API
The old custom extensions API was not TLSv1.3 aware. Extensions are used
extensively in TLSv1.3 and they can appear in many different types of
m
Implement a new custom extensions API
The old custom extensions API was not TLSv1.3 aware. Extensions are used
extensively in TLSv1.3 and they can appear in many different types of
messages. Therefore we need a new API to be able to cope with that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
show more ...
|
| #
86135bed |
| 31-Mar-2017 |
Dr. Stephen Henson |
Constify SSL_dup_CA_list()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
|
| #
fa7c2637 |
| 13-Mar-2017 |
Dr. Stephen Henson |
New certificate_authorities functions
Add functions to add/retrieve the certificate_authorities. The older
client_CA functions mainly just call the new versions now.
Rename fiel
New certificate_authorities functions
Add functions to add/retrieve the certificate_authorities. The older
client_CA functions mainly just call the new versions now.
Rename fields sice new extension can be generated by client and server.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
show more ...
|
| #
f8f16d8e |
| 16-Mar-2017 |
Dr. Stephen Henson |
Remove obsolete version test when returning CA names.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2969)
|
| #
75c13e78 |
| 23-Feb-2017 |
Dr. Stephen Henson |
Tidy up certificate type handling.
The certificate types used to be held in a fixed length array or (if
it was too long) a malloced buffer. This was done to retain binary
compatibili
Tidy up certificate type handling.
The certificate types used to be held in a fixed length array or (if
it was too long) a malloced buffer. This was done to retain binary
compatibility. The code can be simplified now SSL is opaque by always
using a malloced buffer.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2733)
show more ...
|
|
Revision tags: OpenSSL_1_1_0e |
|
| #
d0ff28f8 |
| 10-Feb-2017 |
Dr. Stephen Henson |
Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN
The original intent of SSL_PKEY_RSA_SIGN and SSL_PKEY_RSA_ENC was to
support two different keys for RSA signing and decrypt. However this
Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN
The original intent of SSL_PKEY_RSA_SIGN and SSL_PKEY_RSA_ENC was to
support two different keys for RSA signing and decrypt. However this
was never implemented and we only ever set one key and the other was
always NULL. Replace with single SSL_PKEY_RSA type.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2587)
show more ...
|
|
Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
| #
703bcee0 |
| 14-Dec-2016 |
Matt Caswell |
Convert Sigalgs processing to use ints
In TLSv1.2 an individual sig alg is represented by 1 byte for the hash
and 1 byte for the signature. In TLSv1.3 each sig alg is represented by
Convert Sigalgs processing to use ints
In TLSv1.2 an individual sig alg is represented by 1 byte for the hash
and 1 byte for the signature. In TLSv1.3 each sig alg is represented by
two bytes, where the two bytes together represent a single hash and
signature combination. This converts the internal representation of sigalgs
to use a single int for the pair, rather than a pair of bytes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
show more ...
|
| #
e96e0f8e |
| 02-Dec-2016 |
Matt Caswell |
Create Certificate messages in TLS1.3 format
Also updates TLSProxy to be able to understand the format and parse the
contained extensions.
Reviewed-by: Rich Salz <rsalz@openssl.
Create Certificate messages in TLS1.3 format
Also updates TLSProxy to be able to understand the format and parse the
contained extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
| #
2f545ae4 |
| 27-Aug-2016 |
Kurt Roeckx |
Add support for reference counting using C11 atomics
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1500
|
| #
418a18a2 |
| 20-Sep-2016 |
Matt Caswell |
Style tweaks following review feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
c49e1912 |
| 14-Sep-2016 |
Matt Caswell |
Convert Certificate message construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0 |
|
| #
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre6 |
|
| #
c2e4e5d2 |
| 19-Jul-2016 |
Richard Levitte |
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
That way, we have a way to check if the init function was successful
or not.
Reviewed-by: Kurt Roeckx <kurt
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
That way, we have a way to check if the init function was successful
or not.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
| #
9d6daf99 |
| 01-Jul-2016 |
Andreas Karlsson |
Fix broken loading of client CAs
The SSL_load_client_CA_file() failed to load any CAs due to an
inccorrect assumption about the return value of lh_*_insert(). The
return value when i
Fix broken loading of client CAs
The SSL_load_client_CA_file() failed to load any CAs due to an
inccorrect assumption about the return value of lh_*_insert(). The
return value when inserting into a hash is the old value of the key.
The bug was introduced in 3c82e437bb3af822ea13cd5a24bab0745c556246.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1279)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_13 |
|
| #
3c82e437 |
| 03-Jun-2016 |
FdaSilvaYY |
Add checks on sk_TYPE_push() returned result
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
4379d5ce |
| 26-May-2016 |
Todd Short |
Fix ssl_cert_set0_chain invalid pointer
When setting the certificate chain, if a certificate doesn't pass
security checks, then chain may point to a freed STACK_OF(X509)
Reviewe
Fix ssl_cert_set0_chain invalid pointer
When setting the certificate chain, if a certificate doesn't pass
security checks, then chain may point to a freed STACK_OF(X509)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
| #
a98810bf |
| 13-Feb-2016 |
FdaSilvaYY |
Fix some malloc failure crashes on X509_STORE_CTX_set_ex_data
from BoringSSL 306ece31bcaaed49e0240a2e5555f8901ebb2d45
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Mat
Fix some malloc failure crashes on X509_STORE_CTX_set_ex_data
from BoringSSL 306ece31bcaaed49e0240a2e5555f8901ebb2d45
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
| #
5c4328f0 |
| 15-May-2016 |
Viktor Dukhovni |
Fold threads.h into crypto.h making API public
Document thread-safe lock creation
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
8483a003 |
| 10-Mar-2016 |
FdaSilvaYY |
various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
|
| #
446ba8de |
| 25-Apr-2016 |
Matt Caswell |
Ensure we check i2d_X509 return val
The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.
Issue reported by Yuan Jochen Kang.
Ensure we check i2d_X509 return val
The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
show more ...
|
| #
f0e0fd51 |
| 15-Apr-2016 |
Rich Salz |
Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: Rich
Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
| #
e771eea6 |
| 04-Apr-2016 |
Rich Salz |
Revert "various spelling fixes"
This reverts commit 620d540bd47a96fb6905fbbdd8ea5167a8841a3e.
It wasn't reviewed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
620d540b |
| 10-Mar-2016 |
FdaSilvaYY |
various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
