git.ipfire.org Git - thirdparty/openssl.git/commit

author	Daniel Kubec <kubec@openssl.org>
	Mon, 2 Mar 2026 16:56:52 +0000 (17:56 +0100)
committer	Neil Horman <nhorman@openssl.org>
	Tue, 17 Mar 2026 13:43:00 +0000 (09:43 -0400)
commit	25c2f88caaaa53db5f116206207d1d760c9d2c53
tree	d171fdb63b1a557ae4d2f778defe902f04b115f3	tree \| snapshot
parent	35dc6c353bfeac6f94ba294cc336e1455d6b4453	commit \| diff

x509: add EXFLAG_DUPLICATE and cheap O(1) extension duplicate check

In ossl_x509v3_cache_extensions(), introduce EXFLAG_DUPLICATE flag to
signal duplicate X.509 extensions. Add O(1) duplicate detection
using a bitset with minimal stack memory footprint, in compliance with
RFC 5280 Section 4.2.

Fixes #26325

Co-authored-by: Tomáš Mráz <tm@t8m.info>
Co-authored-by: David von Oheimb <DDvO@users.noreply.github.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Mar 17 13:43:13 2026
(Merged from https://github.com/openssl/openssl/pull/30233)

CHANGES.md		diff \| blob \| blame \| history
crypto/x509/v3_purp.c		diff \| blob \| blame \| history
crypto/x509/x509_txt.c		diff \| blob \| blame \| history
crypto/x509/x509_vfy.c		diff \| blob \| blame \| history
doc/man1/openssl-verification-options.pod		diff \| blob \| blame \| history
doc/man3/X509_STORE_CTX_get_error.pod		diff \| blob \| blame \| history
include/openssl/x509_vfy.h.in		diff \| blob \| blame \| history
include/openssl/x509v3.h.in		diff \| blob \| blame \| history
test/x509_internal_test.c		diff \| blob \| blame \| history