openssl - openssl

	Commit message (Collapse)	Author	Age	Files	Lines
*	CMP: add support for genm with crlStatusList and genp with crls	Dr. David von Oheimb	2024-05-01	1	-30/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Introduce the capability to retrieve and update Certificate Revocation Lists (CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483. To request a CRL update, the CMP client can send a genm message with the option -infotype crlStatusList. The server will respond with a genp message containing the updated CRL, using the -infoType id-it-crls. The client can then save the CRL in a specified file using the -crlout parameter. Co-authored-by: Rajeev Ranjan <ranjan.rajeev@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23768)
*	CMP lib and app: add optional certProfile request message header and ↵	Dr. David von Oheimb	2023-12-19	1	-0/+10
\| \| \| \| \| \| \| \| \| \| \|	respective -profile option Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21281)
*	Update copyright year	Matt Caswell	2022-05-03	1	-1/+1
\| \| \| \| \|	Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
*	CMP: add subject of any provided CSR as default message sender	Dr. David von Oheimb	2022-02-22	1	-1/+2
\| \| \| \| \|	Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17723)
*	CMP check_msg_find_cert(): improve diagnostics on transactionID mismatch	Dr. David von Oheimb	2021-12-09	1	-2/+1
\| \| \| \| \| \| \|	On this occasion, make use of i2s_ASN1_OCTET_STRING() wherever possible Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17224)
*	Fix CMP code to not assume NUL terminated strings	Matt Caswell	2021-08-24	1	-1/+2
\| \| \| \| \| \| \| \| \| \|	ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
*	add zero strenght arguments to BN and RAND RNG calls	Pauli	2021-05-29	1	-1/+1
\| \| \| \| \|	Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
*	Update copyright year	Matt Caswell	2021-03-11	1	-1/+1
\| \| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
*	cmp_hdr.c: Fix minor Coverity issue CID 1473605	Dr. David von Oheimb	2021-03-09	1	-3/+0
\| \| \| \| \|	Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14460)
*	CMP: On NULL-DN subject or issuer input omit field in cert template	Dr. David von Oheimb	2021-03-02	1	-7/+17
\| \| \| \| \| \| \| \| \|	Also improve diagnostics on inconsistent cert request input in apps/cmp.c, add trace output for transactionIDs on new sessions, and update the documentation in openssl-cmp.pod.in. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14018)
*	Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call	Richard Levitte	2020-11-13	1	-3/+3
\| \| \| \| \| \| \| \| \| \|	This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
*	Fix safestack issues in cmp.h	Matt Caswell	2020-09-13	1	-2/+0
\| \| \| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
*	Fix safestack issues in asn1.h	Matt Caswell	2020-09-13	1	-1/+0
\| \| \| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
*	Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt	Dr. David von Oheimb	2020-08-21	1	-2/+1
\| \| \| \| \|	Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808)
*	cmp_hdr.c: Adapt ossl_cmp_hdr_init() to use OPENSSL_CTX for random number ↵	Dr. David von Oheimb	2020-08-21	1	-20/+9
\| \| \| \| \| \| \|	generation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808)
*	Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender	Dr. David von Oheimb	2020-06-13	1	-4/+0
\| \| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
*	Make CMP server use same protection for response as for request	Dr. David von Oheimb	2020-06-13	1	-0/+8
\| \| \| \| \| \| \|	Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
*	Allow subject of CMP -oldcert as sender unless protection cert is given	Dr. David von Oheimb	2020-06-13	1	-4/+5
\| \| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
*	Streamline the approach to set CMP message recipient and expected sender	Dr. David von Oheimb	2020-06-13	1	-11/+10
\| \| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
*	Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert()	Dr. David von Oheimb	2020-05-13	1	-4/+4
\| \| \| \| \| \| \| \|	Also update documentation and example code in openssl-cmp.pod.in Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470)
*	Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID()	Dr. David von Oheimb	2020-05-13	1	-16/+22
\| \| \| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470)
*	In OpenSSL builds, declare STACK for datatypes ...	Rich Salz	2020-04-24	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	... and only define them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
*	Update copyright year	Matt Caswell	2020-04-23	1	-1/+1
\| \| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
*	Constify various mostly X509-related parameter types in crypto/ and apps/	Dr. David von Oheimb	2020-03-23	1	-2/+2
\| \| \| \| \| \| \| \| \|	in particular X509_NAME, X509_STORE{,_CTX}, and ASN1_INTEGER *, also some result types of new functions, which does not break compatibility Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10504)
*	Fix handling of CMP msg senderKID and improve doc of related CTX functions	Dr. David von Oheimb	2020-03-10	1	-16/+20
\| \| \| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11142)
*	Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c for ↵	Dr. David von Oheimb	2020-03-10	1	-23/+5
\| \| \| \| \| \| \| \| \| \| \| \| \|	testing Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11142)
*	chunk 5 of CMP contribution to OpenSSL	Dr. David von Oheimb	2019-10-29	1	-0/+377
	Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10036)