Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
#
c0452248 |
| 20-Apr-2017 |
Rich Salz |
Ignore dups in X509_STORE_add_* X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returni
Ignore dups in X509_STORE_add_* X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2830)
show more ...
|
#
43ae5eed |
| 05-Apr-2017 |
Matt Caswell |
Implement a new custom extensions API The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of m
Implement a new custom extensions API The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of messages. Therefore we need a new API to be able to cope with that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
show more ...
|
#
86135bed |
| 31-Mar-2017 |
Dr. Stephen Henson |
Constify SSL_dup_CA_list() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
|
#
fa7c2637 |
| 13-Mar-2017 |
Dr. Stephen Henson |
New certificate_authorities functions Add functions to add/retrieve the certificate_authorities. The older client_CA functions mainly just call the new versions now. Rename fiel
New certificate_authorities functions Add functions to add/retrieve the certificate_authorities. The older client_CA functions mainly just call the new versions now. Rename fields sice new extension can be generated by client and server. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
show more ...
|
#
f8f16d8e |
| 16-Mar-2017 |
Dr. Stephen Henson |
Remove obsolete version test when returning CA names. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2969)
|
#
75c13e78 |
| 23-Feb-2017 |
Dr. Stephen Henson |
Tidy up certificate type handling. The certificate types used to be held in a fixed length array or (if it was too long) a malloced buffer. This was done to retain binary compatibili
Tidy up certificate type handling. The certificate types used to be held in a fixed length array or (if it was too long) a malloced buffer. This was done to retain binary compatibility. The code can be simplified now SSL is opaque by always using a malloced buffer. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2733)
show more ...
|
Revision tags: OpenSSL_1_1_0e |
|
#
d0ff28f8 |
| 10-Feb-2017 |
Dr. Stephen Henson |
Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN The original intent of SSL_PKEY_RSA_SIGN and SSL_PKEY_RSA_ENC was to support two different keys for RSA signing and decrypt. However this
Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN The original intent of SSL_PKEY_RSA_SIGN and SSL_PKEY_RSA_ENC was to support two different keys for RSA signing and decrypt. However this was never implemented and we only ever set one key and the other was always NULL. Replace with single SSL_PKEY_RSA type. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2587)
show more ...
|
Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
#
703bcee0 |
| 14-Dec-2016 |
Matt Caswell |
Convert Sigalgs processing to use ints In TLSv1.2 an individual sig alg is represented by 1 byte for the hash and 1 byte for the signature. In TLSv1.3 each sig alg is represented by
Convert Sigalgs processing to use ints In TLSv1.2 an individual sig alg is represented by 1 byte for the hash and 1 byte for the signature. In TLSv1.3 each sig alg is represented by two bytes, where the two bytes together represent a single hash and signature combination. This converts the internal representation of sigalgs to use a single int for the pair, rather than a pair of bytes. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
show more ...
|
#
e96e0f8e |
| 02-Dec-2016 |
Matt Caswell |
Create Certificate messages in TLS1.3 format Also updates TLSProxy to be able to understand the format and parse the contained extensions. Reviewed-by: Rich Salz <rsalz@openssl.
Create Certificate messages in TLS1.3 format Also updates TLSProxy to be able to understand the format and parse the contained extensions. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2020)
show more ...
|
Revision tags: OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
#
2f545ae4 |
| 27-Aug-2016 |
Kurt Roeckx |
Add support for reference counting using C11 atomics Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1500
|
#
418a18a2 |
| 20-Sep-2016 |
Matt Caswell |
Style tweaks following review feedback Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
c49e1912 |
| 14-Sep-2016 |
Matt Caswell |
Convert Certificate message construction to WPACKET Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL_1_1_0 |
|
#
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre6 |
|
#
c2e4e5d2 |
| 19-Jul-2016 |
Richard Levitte |
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead That way, we have a way to check if the init function was successful or not. Reviewed-by: Kurt Roeckx <kurt
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead That way, we have a way to check if the init function was successful or not. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
#
9d6daf99 |
| 01-Jul-2016 |
Andreas Karlsson |
Fix broken loading of client CAs The SSL_load_client_CA_file() failed to load any CAs due to an inccorrect assumption about the return value of lh_*_insert(). The return value when i
Fix broken loading of client CAs The SSL_load_client_CA_file() failed to load any CAs due to an inccorrect assumption about the return value of lh_*_insert(). The return value when inserting into a hash is the old value of the key. The bug was introduced in 3c82e437bb3af822ea13cd5a24bab0745c556246. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1279)
show more ...
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
3c82e437 |
| 03-Jun-2016 |
FdaSilvaYY |
Add checks on sk_TYPE_push() returned result Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
4379d5ce |
| 26-May-2016 |
Todd Short |
Fix ssl_cert_set0_chain invalid pointer When setting the certificate chain, if a certificate doesn't pass security checks, then chain may point to a freed STACK_OF(X509) Reviewe
Fix ssl_cert_set0_chain invalid pointer When setting the certificate chain, if a certificate doesn't pass security checks, then chain may point to a freed STACK_OF(X509) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
#
a98810bf |
| 13-Feb-2016 |
FdaSilvaYY |
Fix some malloc failure crashes on X509_STORE_CTX_set_ex_data from BoringSSL 306ece31bcaaed49e0240a2e5555f8901ebb2d45 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Mat
Fix some malloc failure crashes on X509_STORE_CTX_set_ex_data from BoringSSL 306ece31bcaaed49e0240a2e5555f8901ebb2d45 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
#
5c4328f0 |
| 15-May-2016 |
Viktor Dukhovni |
Fold threads.h into crypto.h making API public Document thread-safe lock creation Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
8483a003 |
| 10-Mar-2016 |
FdaSilvaYY |
various spelling fixes Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
|
#
446ba8de |
| 25-Apr-2016 |
Matt Caswell |
Ensure we check i2d_X509 return val The i2d_X509() function can return a negative value on error. Therefore we should make sure we check it. Issue reported by Yuan Jochen Kang.
Ensure we check i2d_X509 return val The i2d_X509() function can return a negative value on error. Therefore we should make sure we check it. Issue reported by Yuan Jochen Kang. Reviewed-by: Emilia Käsper <emilia@openssl.org>
show more ...
|
#
f0e0fd51 |
| 15-Apr-2016 |
Rich Salz |
Make many X509_xxx types opaque. Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Rich
Make many X509_xxx types opaque. Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
#
e771eea6 |
| 04-Apr-2016 |
Rich Salz |
Revert "various spelling fixes" This reverts commit 620d540bd47a96fb6905fbbdd8ea5167a8841a3e. It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
620d540b |
| 10-Mar-2016 |
FdaSilvaYY |
various spelling fixes Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|