Commit Graph

1418 Commits

Author SHA1 Message Date
Tomas Mraz
8d380f85da ASN1_item_verify_ctx(): Return -1 on fatal errors
Fixes #24575

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24576)
2024-06-21 10:03:42 +02:00
shridhar kalavagunta
57bb112c07 Move ossl_asn1_string_to_time_t() to libtestutil
It is not used anywhere else than in tests.

Fixes #22965

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23269)
2024-05-07 12:07:49 +02:00
Damian Hobson-Garcia
7dcee34c8f Add RFC 5755 attribute certificate support
Add support for attribute certificates (v2) as described
in RFC 5755 profile.

Attribute certificates provide a mechanism to manage authorization
information separately from the identity information provided by
public key certificates.

This initial patch adds the ASN.1 definitions
and I/O API.  Accessor functions for the certificate fields
will be added in subsequent patches.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
2024-04-24 14:05:32 +01:00
Richard Levitte
491bbb444c VMS: Move defining _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED to config target
For all other platforms that need these macros defined, that's how it's
done, so we have VMS follow suit.  That avoids a crash between in source
definitions and command line definitions on some other platforms.

Fixes #24075

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24083)

(cherry picked from commit 7f04bb065d)
2024-04-11 13:06:49 +02:00
Richard Levitte
b646179229 Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
2024-04-09 13:43:26 +02:00
Richard Levitte
a19553cd87 Diverse small VMS build fixups
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24008)

(cherry picked from commit 1a4b029af5)
2024-04-04 18:16:05 +02:00
Job Snijders
eadd8c4727 Add appropriate lower bound checks for GeneralizedTime and UTCTime
ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTime
can be encoded in BER/CER/DER. Following from these constraints
a minimum length can be derived.

Checking the length in this context can potentially help prevent
applications from interpreting an invalid GeneralizedTime as a
valid UTCTime.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23483)
2024-02-25 09:17:41 +01:00
Paul Dreik
5b2d8bc28a prevent integer overflow in ossl_asn1_time_from_tm
this could be triggered by the following code (assuming 64 bit time_t):

time_t t = 67768011791126057ULL;
ASN1_TIME* at = ASN1_TIME_set(NULL, t);

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)
2024-01-18 17:00:57 +01:00
Neil Horman
0981c20f8e Fix NULL pointer deref when parsing the stable section
When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min

Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value.  As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.

Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)
2024-01-12 10:37:22 +01:00
Bernd Edlinger
73ebaac827 Fix error handling in ASN1_mbstring_ncopy
Sometimes the error handling returns an ASN1_STRING
object in *out although that was not passed in by the
caller, and sometimes the error handling deletes the
ASN1_STRING but forgets to clear the *out parameter.
Therefore the caller has no chance to know, if the leaked
object in *out shall be deleted or not.
This may cause a use-after-free error e.g. in asn1_str2type:

==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0
READ of size 8 at 0x603000073280 thread T0
    #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354
    #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204
    #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199
    #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20
    #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740
    #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137
    #6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
    #7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
    #8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
    #9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
    #10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
    #11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
    #12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
    #13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
    #14 0x564ed19d5f25 in req_main apps/req.c:806
    #15 0x564ed19b8de0 in do_cmd apps/openssl.c:564
    #16 0x564ed1985165 in main apps/openssl.c:183
    #17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
    #18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd)

0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288)
freed by thread T0 here:
    #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
    #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311
    #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300
    #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191
    #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
    #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
    #6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
    #7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
    #8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
    #9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
    #10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
    #11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
    #12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
    #13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
    #14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
    #15 0x564ed19d5f25 in req_main apps/req.c:806
    #16 0x564ed19b8de0 in do_cmd apps/openssl.c:564
    #17 0x564ed1985165 in main apps/openssl.c:183
    #18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221
    #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198
    #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236
    #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
    #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150
    #6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
    #7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
    #8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
    #9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
    #10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
    #11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
    #12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
    #13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
    #14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
    #15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
    #16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
    #17 0x564ed19d5f25 in req_main apps/req.c:806
    #18 0x564ed19b8de0 in do_cmd apps/openssl.c:564
    #19 0x564ed1985165 in main apps/openssl.c:183
    #20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23138)
2023-12-29 10:23:29 +01:00
Neil Horman
a552c23c65 Harden asn1 oid loader to invalid inputs
In the event that a config file contains this sequence:
=======
openssl_conf = openssl_init

config_diagnostics = 1

[openssl_init]
oid_section = oids

[oids]
testoid1 = 1.2.3.4.1
testoid2 = A Very Long OID Name, 1.2.3.4.2
testoid3 = ,1.2.3.4.3
======

The leading comma in testoid3 can cause a heap buffer overflow, as the
parsing code will move the string pointer back 1 character, thereby
pointing to an invalid memory space

correct the parser to detect this condition and handle it by treating it
as if the comma doesn't exist (i.e. an empty long oid name)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22957)
2023-12-13 11:10:36 -05:00
Tomas Mraz
80f32964a5 Do not include crypto/asn1.h from internal/cryptlib.h
This is unnecessary and conceptualy wrong as
headers from internal should not include headers from crypto

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22432)
2023-10-19 10:15:56 +02:00
Matt Caswell
da1c088f59 Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 09:59:15 +01:00
slontis
3859a02725 Change PBES2 KDF default salt length to 16 bytes.
The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2
requires a salt length of 128 bits.
This affects OpenSSL command line applications such as "genrsa" and "pkcs8"
and API's such as PEM_write_bio_PrivateKey() that are reliant on the
default salt length.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
2023-09-04 14:15:34 +10:00
atishkov
c791e399ab asn1: add ASN1_STRING_set() check result
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21587)
2023-08-04 13:29:17 -04:00
Pauli
cb8e64131e no_autoload: make the no-autoload-config option work again.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21621)
2023-08-04 11:57:27 +10:00
Marcin Kolny
66f61ece72 Add more fixes for WebAssembly/WASI build
* force use timegm - WASI does not have timezone tables
* use basic implementation for `OPENSSL_issetugid()` - WASI doesn't support forking processes

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21389)
2023-07-12 10:50:09 +10:00
Pauli
420ad86a0e asn1: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Vladimír Kotal
f52aec3526 log actual NID causing the 'unknown message digest algorithm error'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21214)
2023-06-18 16:58:54 +10:00
Yi Li
4032cd9a14 configure: introduce no-ecx to remove ECX related feature
This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)
2023-06-14 13:06:22 +10:00
Tomas Mraz
a33842efa5 Coverity 1528492: Fix possible memory leak if t == NULL 2023-06-10 19:23:59 -04:00
Tomas Mraz
0c6c378287 Coverity 1528496: remove assignment of unused value
ctx is used only within the loop and always assigned at start
2023-06-10 19:23:59 -04:00
Dr. David von Oheimb
23450cfb92 SMIME_crlf_copy(): check for NULL pointer arguments
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21058)
2023-06-01 09:56:20 +02:00
mlitre
1258a8e436 Add negative integer check when using ASN1_BIT_STRING
The negative integer check is done to prevent potential overflow.
Fixes #20719.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20862)
2023-05-04 09:08:23 +10:00
Pauli
0feb90ba60 asn1: sort stacks before using find
a_strnid.c doesn't have a lock for the sort.  This is no worse than the
existing code which sorted silently without a lock.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
2023-05-01 17:14:42 +10:00
Matt Caswell
dba97d4c71 Improve the performance of d2i_AutoPrivateKey and friends
Probe first to see if we have a PKCS8 file to improve decoder performance.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20416)
2023-03-15 08:39:25 +11:00
ndossche
5df5032ab0 Fix incomplete error check on ASN1_item_i2d()
According to the documentation and my analysis tool
ASN1_item_i2d() can return a negative value on error,
but this is not checked. Fix it by changing the error check condition.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20251)
2023-02-28 14:34:57 +11:00
Niels Dossche
826374921a Fix BIO_set_indent() check
This function returns an errorcode <= 0, but only < 0 is checked. Other
callers that check the return value perform this check correctly. Fix it
by changing the check to <= 0.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20186)
2023-02-08 17:03:52 +01:00
Matt Caswell
9cc85002a1 Fix a UAF resulting from a bug in BIO_new_NDEF
If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-02-07 17:05:10 +01:00
slontis
fe2a7341b5 PKCS12 - Add additional libctx and propq support.
Fixes #19718
Fixes #19716

Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and
ASN1_item_unpack_ex().

parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX.
PKCS12_free() needed to be manually constructed in order to free the propq.

pkcs12_api_test.c changed so that it actually tests the libctx, propq.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19942)
2023-01-16 17:17:31 +01:00
Matt Caswell
0f48050b5a Fix BIO_f_asn1() to properly report some errors
Some things that may go wrong in asn1_bio_write() are serious errors
that should be reported as -1, rather than 0 (which just means "we wrote
no data").

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
2022-12-22 11:01:06 +01:00
Matt Caswell
9e5bd8923b Fix SMIME_crlf_copy() to properly report an error
If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not
correctly reporting the error. We modify it to properly propagate the
error condition.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19918)
2022-12-22 11:01:06 +01:00
J.W. Jagersma
1555c86e5f Cast values to match printf format strings.
For some reason djgpp uses '(unsigned) long int' for (u)int32_t.  This
causes errors with -Werror=format, even though these types are in
practice identical.

Obvious solution: cast to the types indicated by the format string.

For asn1_time_test.c I changed the format string to %lli since time_t
may be 'long long' some platforms.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19322)
2022-11-14 07:47:53 +00:00
FdaSilvaYY
1567a821a4 crypto: Fix various typos, repeated words, align some spelling to LDP.
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- file name -> filename
- host name -> hostname

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-12 16:55:01 +11:00
Richard Levitte
e077455e9e Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
2022-10-05 14:02:03 +02:00
J.W. Jagersma
cffb65f2ff djgpp: Set TZ=UTC to convert UTC timestamp to time_t
Since djgpp has neither a timezone variable or timegm(), this horrible
method must be used.  It is the only one I could find that produces
accurate results, and is recommended as portable alternative to
timegm() by the GNU libc manual.  Reference:

https://www.gnu.org/software/libc/manual/html_node/Broken_002ddown-Time.html#index-timegm

Now, a much nicer alternative solution could be:

    timestamp_local = mktime(timestamp_tm);
    timestamp_utc = timestamp_local + timestamp_tm->tm_gmtoff
                                    - (timestamp_tm->tm_isdst ? 3600 : 0);

This works due to the fact that mktime() populates the tm_gmtoff and
tm_isdst fields in the source timestamp.  It is accurate everywhere in
the world, *except* on Lord Howe Island, Australia, where a 30 minute
DST offset is used.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19274)
2022-09-29 12:00:30 +02:00
Alon Bar-Lev
67c0460b89 Handle SMIME_crlf_copy return code
Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.

This patch handles the SMIME_crlf_copy return code in all occurrences.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)
2022-07-28 10:05:59 +01:00
Dr. David von Oheimb
6097eb2152 libcrypto and test: rename asn1_string_to_time_t to ossl_asn1_string_to_time_t
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18668)
2022-07-19 08:44:19 +02:00
Dr. David von Oheimb
7c310e872e libcrypto refactoring: introduce and use ossl_asn1_string_set_bits_left()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18668)
2022-07-19 08:44:19 +02:00
Dr. David von Oheimb
33847508d5 libcrypto refactoring: make more use of ASN1_STRING_set0()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18668)
2022-07-19 08:44:19 +02:00
Dr. David von Oheimb
e2f6960fc5 CMS: Export CMS_EnvelopedData and add CMS_EnvelopedData_decrypt()
Also document CMS_decrypt_set1_password() and fix CMS_EnvelopedData_create.pod.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18301)
2022-06-28 17:51:21 +02:00
Jiasheng Jiang
8547cd6790 crypto/asn1/a_time.c: Add check for OPENSSL_malloc
As the potential failure of the OPENSSL_malloc(),
timestamp_tm could be NULL and be used in ASN1_TIME_to_tm()
without check.
Therefore, it should be better to check the return value of
OPENSSL_malloc() and return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18575)
2022-06-17 08:51:11 +02:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Dmitry Belyavskiy
fba140c735 str[n]casecmp => OPENSSL_strncasecmp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)
2022-04-22 11:34:41 +02:00
John Baldwin
0176fc78d0 asn1_string_to_time_t: Use timegm on FreeBSD.
FreeBSD does not provide a global timezone variable containing the
offset to UTC.  Instead, FreeBSD's libc includes a legacy timezone
function dating back to Version 7 AT&T UNIX.  As a result,
asn1_string_to_time_t currently fails to compile on FreeBSD as it
subtracts a function from a time_t value:

../crypto/asn1/a_time.c:625:37: error: invalid operands to binary expression ('time_t' (aka 'long') and 'char *(int, int)')
    timestamp_utc = timestamp_local - timezone;
                    ~~~~~~~~~~~~~~~ ^ ~~~~~~~~
1 error generated.

However, FreeBSD's libc does include a non-standard (but widely
available) timegm function which converts a struct tm directly to a
UTC time_t value.  Use this on FreeBSD instead of mktime.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17765)
2022-03-03 13:33:12 +00:00
Armin Fuerst
065121ff19 Add tests for do_updatedb
Fixes #13944

Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.

Added function "asn1_string_to_time_t" including tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17645)
2022-02-14 10:18:46 +01:00
Richard Levitte
d5f9166bac Move e_os.h to include/internal
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform.  It simply fails to build.

Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)
2022-02-05 05:31:09 +01:00
Dr. David von Oheimb
04bc3c1277 Fix malloc failure handling of X509_ALGOR_set0()
Also update and slightly extend the respective documentation and simplify some code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16251)
2022-01-14 18:47:20 +01:00
Dr. David von Oheimb
9944df112f asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)
2022-01-07 10:42:44 +01:00
Bernd Edlinger
fd84b9c3e9 Fix copyright year issues
Fixes: #13765

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)
2022-01-06 09:27:02 +01:00