mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
0d4c52320d
openssl/crypto/x509
History
Tobias Nießen 6894e20b50 Fix infinite verification loops due to has_san_id 
Where name constraints apply, X509_verify() would incorrectly report an
internal error in the event that a certificate has no SAN extension.

CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2021-12-14 13:48:34 +00:00
..
build.info x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 2021-06-08 07:47:18 +02:00
by_dir.c Corrected missing definitions from NonStop SPT build. 2021-04-01 15:52:25 +02:00
by_file.c Update copyright year 2021-05-20 14:22:33 +01:00
by_store.c Make the -inform option to be respected if possible 2021-05-06 11:43:32 +01:00
ext_dat.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_cache.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
pcy_data.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_lib.c Fix safestack issues in x509v3.h 2020-09-13 11:09:45 +01:00
pcy_local.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_map.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_node.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
pcy_tree.c Add ossl_ symbol to x509 policy 2021-03-18 17:52:37 +10:00
standard_exts.h Update copyright year 2021-04-08 13:04:41 +01:00
t_crl.c Update copyright year 2021-05-06 13:03:23 +01:00
t_req.c Add X509 version constants. 2021-04-28 11:40:06 +02:00
t_x509.c remove redundant ERR_raise 2021-12-10 15:20:29 +11:00
v3_addr.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3_admis.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
v3_admis.h
v3_akeya.c
v3_akid.c CMP check_msg_find_cert(): improve diagnostics on transactionID mismatch 2021-12-09 18:05:26 +01:00
v3_asid.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_bcons.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3_bitst.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_conf.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_cpols.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_crld.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_enum.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_extku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_genn.c Correctly compare EdiPartyName in GENERAL_NAME_cmp() 2020-12-08 10:16:50 +00:00
v3_ia5.c Add more negative checks for integers passed to OPENSSL_malloc(). 2021-04-16 12:10:08 +10:00
v3_info.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_int.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_ist.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_lib.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
v3_ncons.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_pci.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_pcia.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
v3_pcons.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pmaps.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_prn.c Fix safestack issues in conf.h 2020-09-13 11:11:20 +01:00
v3_purp.c Improve the documentation of cert path building and validation 2021-06-08 07:47:41 +02:00
v3_san.c X509V3_set_ctx(): Clarify subject/req parameter for constructing SAN email addresses from subject DN 2021-12-07 15:14:49 +01:00
v3_skid.c X509V3_set_ctx(): Clarify use of subject/req parameter for constructing SKID by hash of pubkey 2021-12-07 15:13:26 +01:00
v3_sxnet.c x509: remove dead call to strlen() 2021-11-09 20:02:14 +10:00
v3_tlsf.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_utf8.c Add ossl_v3 symbols 2021-03-18 17:52:37 +10:00
v3_utl.c Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and HAS_CASE_SUFFIX() 2021-11-17 15:48:37 +01:00
v3err.c Update copyright year 2021-06-17 13:24:59 +01:00
x509_att.c Update copyright year 2021-04-08 13:04:41 +01:00
x509_cmp.c Fix: invoking X509_self_signed improperly 2021-11-09 08:50:40 +01:00
x509_d2.c Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 2020-10-15 11:59:53 +01:00
x509_def.c
x509_err.c Update copyright year 2021-06-17 13:24:59 +01:00
x509_ext.c
x509_local.h Update copyright year 2021-04-08 13:04:41 +01:00
x509_lu.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
x509_meth.c Update copyright year 2020-11-26 14:18:57 +00:00
x509_obj.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_r2x.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_req.c Fix usages of const EVP_MD. 2021-03-22 15:40:04 +01:00
x509_set.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
x509_trust.c x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 2021-06-08 07:47:18 +02:00
x509_txt.c Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
x509_v3.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_vfy.c Fix infinite verification loops due to has_san_id 2021-12-14 13:48:34 +00:00
x509_vpm.c Inherit hostflags verify params even without hosts 2021-04-09 08:32:38 +10:00
x509cset.c Update copyright year 2021-04-08 13:04:41 +01:00
x509name.c CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data() 2020-11-13 09:35:31 +01:00
x509rset.c
x509spki.c Update copyright year 2021-04-22 14:38:44 +01:00
x509type.c Update copyright year 2021-06-17 13:24:59 +01:00
x_all.c X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default 2021-06-16 14:30:35 +01:00
x_attrib.c Fix NULL pointer access caused by X509_ATTRIBUTE_create() 2020-12-21 15:25:59 +01:00
x_crl.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
x_exten.c
x_name.c Fix: invoking x509_name_cannon improperly 2021-11-09 10:05:09 +10:00
x_pubkey.c X509_PUBKEY_dup: Do not just up-ref the EVP_PKEY 2021-10-25 14:32:43 +02:00
x_req.c Ensure libctx/propq is propagated when handling X509_REQ 2021-06-05 17:39:27 +10:00
x_x509.c X509_dup: Avoid duplicating the embedded EVP_PKEY 2021-10-25 14:32:43 +02:00
x_x509a.c Update copyright year 2021-07-29 15:41:35 +01:00