[openssl/openssl] 40a200: CMP: add support for genm with crlStatusList and g...
Tomáš Mráz
noreply at github.com
Thu May 2 07:59:10 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 40a200f9e781381d72d234c886e38bcfce36bbc8
https://github.com/openssl/openssl/commit/40a200f9e781381d72d234c886e38bcfce36bbc8
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: 2024-05-01 (Wed, 01 May 2024)
Changed paths:
M CHANGES.md
M apps/cmp.c
M apps/include/cmp_mock_srv.h
M apps/lib/cmp_mock_srv.c
M crypto/cmp/cmp_asn.c
M crypto/cmp/cmp_err.c
M crypto/cmp/cmp_genm.c
M crypto/cmp/cmp_hdr.c
M crypto/cmp/cmp_local.h
M crypto/err/openssl.txt
M crypto/x509/v3_crld.c
M crypto/x509/v3_genn.c
M doc/build.info
M doc/man1/openssl-cmp.pod.in
A doc/man3/GENERAL_NAME.pod
M doc/man3/OSSL_CMP_ITAV_new_caCerts.pod
M doc/man3/OSSL_CMP_exec_certreq.pod
M doc/man3/X509_dup.pod
M include/openssl/cmp.h.in
M include/openssl/cmperr.h
M include/openssl/x509v3.h.in
A test/recipes/80-test_cmp_http_data/Mock/newcrl.pem
A test/recipes/80-test_cmp_http_data/Mock/oldcrl.pem
M test/recipes/80-test_cmp_http_data/Mock/server.cnf
M test/recipes/80-test_cmp_http_data/test_commands.csv
M util/libcrypto.num
M util/other.syms
Log Message:
-----------
CMP: add support for genm with crlStatusList and genp with crls
Introduce the capability to retrieve and update Certificate Revocation Lists
(CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483.
To request a CRL update, the CMP client can send a genm message with the
option -infotype crlStatusList. The server will respond with a genp message
containing the updated CRL, using the -infoType id-it-crls. The client can
then save the CRL in a specified file using the -crlout parameter.
Co-authored-by: Rajeev Ranjan <ranjan.rajeev at siemens.com>
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23768)
Commit: ee28152e86641e0299fdb3151716bb0451b2bc53
https://github.com/openssl/openssl/commit/ee28152e86641e0299fdb3151716bb0451b2bc53
Author: Rajeev Ranjan <ranjan.rajeev at siemens.com>
Date: 2024-05-01 (Wed, 01 May 2024)
Changed paths:
M CHANGES.md
M apps/cmp.c
M apps/lib/cmp_mock_srv.c
M crypto/cmp/cmp_genm.c
M crypto/x509/v3_genn.c
M doc/man1/openssl-cmp.pod.in
M doc/man3/GENERAL_NAME.pod
M doc/man3/OSSL_CMP_ITAV_new_caCerts.pod
M doc/man3/OSSL_CMP_exec_certreq.pod
M util/libcrypto.num
Log Message:
-----------
CMP: Improvements of the support for requesting CRL
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23768)
Commit: f4601b6de709a89120c86ad825b70f65b332deed
https://github.com/openssl/openssl/commit/f4601b6de709a89120c86ad825b70f65b332deed
Author: sapph2c <arn4006 at g.rit.edu>
Date: 2024-05-01 (Wed, 01 May 2024)
Changed paths:
M doc/internal/man3/ossl_ht_new.pod
M doc/man3/EVP_PKEY_decrypt.pod
M doc/man3/RSA_public_encrypt.pod
Log Message:
-----------
Fixed typos in ossl_ht_new.pod, EVP_PKEY_decrypt.pod, and RSA_public_encrypt.pod
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24304)
Commit: fd6be6c55b627204bffd203f563318778e67c388
https://github.com/openssl/openssl/commit/fd6be6c55b627204bffd203f563318778e67c388
Author: sapph2c <arn4006 at g.rit.edu>
Date: 2024-05-01 (Wed, 01 May 2024)
Changed paths:
M doc/man3/CRYPTO_THREAD_run_once.pod
Log Message:
-----------
Fixed typo in CRYPTO_THREAD_run_once.pod
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24303)
Commit: d7d1bdcb6aa3d5000bf7f5ebc5518be5c91fd5a5
https://github.com/openssl/openssl/commit/d7d1bdcb6aa3d5000bf7f5ebc5518be5c91fd5a5
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_rand.c
M include/internal/constant_time.h
Log Message:
-----------
Make BN_generate_dsa_nonce() constant time and non-biased
Co-authored-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24265)
Commit: 2d285fa873028f6cff9484a0cdf690fe05d7fb16
https://github.com/openssl/openssl/commit/2d285fa873028f6cff9484a0cdf690fe05d7fb16
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_rand.c
M crypto/bn/bn_shift.c
M crypto/deterministic_nonce.c
M include/crypto/bn.h
M include/internal/constant_time.h
Log Message:
-----------
Make ossl_gen_deterministic_nonce_rfc6979() constant time
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24265)
Commit: 13b3ca5c998e6db4f7251a56c43541cb1a422bd0
https://github.com/openssl/openssl/commit/13b3ca5c998e6db4f7251a56c43541cb1a422bd0
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
M crypto/dsa/dsa_ossl.c
M crypto/ec/ecdsa_ossl.c
M include/crypto/bn.h
Log Message:
-----------
Add ossl_bn_priv_rand_range_fixed_top() and use it for EC/DSA
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24265)
Commit: 9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2
https://github.com/openssl/openssl/commit/9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
M crypto/dsa/dsa_ossl.c
M crypto/ec/ecdsa_ossl.c
M include/crypto/bn.h
Log Message:
-----------
Rename BN_generate_dsa_nonce() to ossl_bn_gen_dsa_nonce_fixed_top()
And create a new BN_generate_dsa_nonce() that corrects the BIGNUM top.
We do this to avoid leaking fixed top numbers via the public API.
Also add a slight optimization in ossl_bn_gen_dsa_nonce_fixed_top()
and make it LE/BE agnostic.
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24265)
Commit: 8a1f65468064e39f65ef4918c62db73a9eef80e4
https://github.com/openssl/openssl/commit/8a1f65468064e39f65ef4918c62db73a9eef80e4
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M providers/fips/self_test_data.inc
Log Message:
-----------
Adjust FIPS EC/DSA self test data for different nonce generation
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24265)
Commit: a380ae85be287045b1eaa64d23942101a426c080
https://github.com/openssl/openssl/commit/a380ae85be287045b1eaa64d23942101a426c080
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
M crypto/deterministic_nonce.c
Log Message:
-----------
Correct top for EC/DSA nonces if BN_DEBUG is on
Otherwise following operations would bail out in bn_check_top().
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24265)
Compare: https://github.com/openssl/openssl/compare/1848c561ec39...a380ae85be28
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list