openssl - Mirror of https://github.com/openssl/openssl

Age	Commit message (Collapse)	Author
2024-01-17	cmp_vfy.c/check_msg_all_certs(): remove needless trace output in case 3GPP ↵	Dr. David von Oheimb
	mode is not enabled Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19948)
2024-01-17	ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender ↵	Dr. David von Oheimb
	name Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19948)
2024-01-17	CMP app and doc: add -no_cache_extracerts option / ↵	Dr. David von Oheimb
	OSSL_CMP_OPT_NO_CACHE_EXTRACERTS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19948)
2023-12-29	Fix new typos found by codespell	Dimitri Papadopoulos
	Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23133)
2023-12-21	crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ↵	Dr. David von Oheimb
	ossl_cmp_asn1_get_int() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20727)
2023-12-21	cmp_server.c,apps/lib/cmp_mock_srv.c: move polling state checks to cmp_server.c	Rajeev Ranjan
	Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20727)
2023-12-21	crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery	Dr. David von Oheimb
	Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20727)
2023-12-21	crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of ↵	Rajeev Ranjan
	responses Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20727)
2023-12-19	CMP lib and app: add optional certProfile request message header and ↵	Dr. David von Oheimb
	respective -profile option Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21281)
2023-10-10	CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS	Dr. David von Oheimb
	Fixes #21120 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21176)
2023-09-21	cmp_vfy.c: Use verification callback if cert_acceptable() finds expired cert	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21656)
2023-09-07	Copyright year updates	Matt Caswell
	Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-09-05	CMP: generalize ossl_cmp_calc_protection() to handle Edwards curves correctly	Dr. David von Oheimb
	Fixes #21564 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21884)
2023-08-18	cmp_genm.c: Remove superfluous store_ctx != 0 check	Tomas Mraz
	This really cannot be ever called with NULL store_ctx and the check confuses Coverity. Fixes Coverity 1538865 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21755)
2023-08-03	crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ↵	Dr. David von Oheimb
	ossl_cmp_asn1_get_int() Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21579)
2023-07-17	CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
2023-07-17	rename OSSL_CMP_get{,1}_caCerts and improve OSSL_CMP_exec_certreq.pod	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
2023-07-10	CMP: support specifying certificate to be revoked via issuer and serial number	Rajeev Ranjan
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21116)
2023-06-06	allow to disable http	Vladimír Kotal
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
2023-06-01	cmp_client.c: add comment on certConf and add 'ossl_unused' to two functions	Dr. David von Oheimb
	Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01	CMP: add support for genm/genp messages with id-it-caCerts	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19231)
2023-05-30	cmp_http.c: Remove obsolete comment w.r.t. ERR_clear_error()	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17354)
2023-05-12	CMP client: fix checking new cert enrolled with oldcert and without private key	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
2023-05-12	CMP client: fix error response on -csr without private key, also in docs	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
2023-04-18	crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210	Dr. David von Oheimb
	Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20298)
2023-03-25	CMP add: fix -reqin option, which requires adding ↵	Dr. David von Oheimb
	OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
2023-03-21	nit: tidy-up code, and fix a typo.	FdaSilvaYY
	Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20436)
2023-03-20	cmp_msg.c: free memory of certStatus before goto err	JAVAID Mohammad-Habib
	CLA: trivial Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20406)
2023-02-13	OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled cert	Dr. David von Oheimb
	Also add corresponding tests and to this end update credentials Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20160)
2023-02-08	CMP cert_response(): add missing rejection status on client rejecting new cert	Dr. David von Oheimb
	Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08	OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent ↵	Dr. David von Oheimb
	request of a transaction Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08	cmp_ctx.c: fix wrong comments on OSSL_CMP_CTX_set1_{recipient,issuer}	Dr. David von Oheimb
	Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08	CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonce	Dr. David von Oheimb
	Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08	ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)	Dr. David von Oheimb
	Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-01-26	Fix Coverity 1520485: logically dead code	Pauli
	The check is unnecessary as the condition is already checked before the switch statement. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20121)
2023-01-23	cmp_client.c: fix handling of total_timeout for RR and GENM transactions	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391)
2023-01-23	cmp_client_test.c: add tests for end_time being initialized for RR/GENM	Dr. David von Oheimb
	To this end, tweak the internal handling of ctx->total_timeout. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391)
2022-12-08	OSSL_CMP_validate_msg(): make sure to reject protection type mismatch	Dr. David von Oheimb
	Do not accept password-based if expected signature-based and no secret is available and do not accept signature-based if expected password-based and no trust anchors available. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19729)
2022-12-07	Compensate for CMP-related TODOs removed by PR #15539	Dr. David von Oheimb
	Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/16006)
2022-11-25	add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-25	OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs	Dr. David von Oheimb
	Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-25	CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-24	CMP: fix handling of unset or missing failInfo PKI status information	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205)
2022-11-24	CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages	Dr. David von Oheimb
	On this occasion, replace magic constants by mnemonic ones; update doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205)
2022-11-24	CMP+CRMF: fix formatting nits in crypto/, include/, and test/	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19230)
2022-11-23	CMP: add API functions OSSL_CMP_CTX_get0_libctx() and OSSL_CMP_CTX_get0_propq()	Dr. David von Oheimb
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19715)
2022-10-12	crypto/*: Fix various typos, repeated words, align some spelling to LDP.	FdaSilvaYY
	partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-12	crypto: Fix various typos, repeated words, align some spelling to LDP.	FdaSilvaYY
	partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - file name -> filename - host name -> hostname Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-06	Rename ossl_sleep calls to OSSL_sleep everywhere	Richard Levitte
	Also, remove inclusions of internal/e_os.h where it seems no longer necessary. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19330)
2022-10-05	Stop raising ERR_R_MALLOC_FAILURE in most places	Richard Levitte
	Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)