mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-06 13:26:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,767 Commits 34 Branches 385 Tags 420 MiB
26e4bac4db
Commit Graph

155 Commits

Author SHA1 Message Date
Dr. David von Oheimb
8c5c2fa544 CMP: prevent misleading PKIStatusInfo output if not response available 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
 2020-11-20 13:36:30 +01:00
Dr. David von Oheimb
6fd8313589 apps/cmp.c: Improve diagnostics on -server URL parse error 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
 2020-11-20 13:36:30 +01:00
Dr. David von Oheimb
0e7bc901bf apps/cmp.c: Add diagnostics on config file section(s) used 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
 2020-11-20 13:36:30 +01:00
Dr. David von Oheimb
3c9d6266ed apps/cmp.c: Improve order of -path option: just after -server 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)
 2020-11-10 13:25:45 +01:00
Richard Levitte
b78c777ee3 APPS: Implement load_keyparams() to load key parameters 
'openssl dsaparam' is affected as an obvious usage example.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191)
 2020-10-22 12:14:32 +10:00
Dr. David von Oheimb
55c61473b5 Correct and simplify use of ERR_clear_error() etc. for loading DSO libs 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13045)
 2020-10-08 16:57:34 +02:00
Xiaofei Bai
ebcae87f6b FIX strncpy warning in apps/cmp.c. 
bugfix: #12872

strncpy here has compiling warning of -Wstringop-truncation, change
into BIO_snprintf as before.

Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12889)
 2020-09-17 14:19:09 +02:00
Matt Caswell
798f932980 Fix safestack issues in cmp.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:10:40 +01:00
Matt Caswell
e6623cfbff Fix safestack issues in x509.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:09:45 +01:00
Dr. David von Oheimb
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man page) 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
b0a4cbead3 apps/cmp.c: Improve safeguard assertion on consistency of cmp_options[] and cmp_vars[] 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12836)
 2020-09-11 08:06:47 +10:00
Dr. David von Oheimb
5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
 2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
 2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824)
 2020-09-10 07:12:20 +02:00
Dr. David von Oheimb
a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 
* Use strenghtened cert chain building, verifying chain using optional trust store
  while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
 2020-09-10 07:07:55 +02:00
Dr. David von Oheimb
b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806)
 2020-09-08 23:24:42 +02:00
Dr. David von Oheimb
d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
 2020-09-08 15:36:24 +02:00
Dr. David von Oheimb
6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
 2020-09-08 15:36:24 +02:00
Dr. David von Oheimb
0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)
 2020-09-05 19:33:33 +02:00
Dr. David von Oheimb
15076c26d7 Strengthen chain building for CMP 
* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Extend the tests in cmp_protect_test.c and the documentation accordingly

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12791)
 2020-09-05 18:11:12 +02:00
Dr. David von Oheimb
39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 
Also simplify certificate saving in apps/cmp.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790)
 2020-09-05 18:10:03 +02:00
Dr. David von Oheimb
2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751)
 2020-09-02 14:00:10 +02:00
Dr. David von Oheimb
1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
  in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
  OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)
 2020-09-01 18:53:41 +02:00
Dr. David von Oheimb
6d1f50b520 Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new() 
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
b3c5aadf4c apps: make use of OSSL_STORE for generalized certs and CRLs loading 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
 2020-08-20 14:55:34 +02:00
Pauli
3b1fd0b003 cmp: handle error return from OBJ_obj2txt() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12678)
 2020-08-20 16:07:10 +10:00
Dr. David von Oheimb
eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12615)
 2020-08-12 13:54:37 +02:00
Dr. David von Oheimb
aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c 
Fixes #12268

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
 2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
57c05c57c3 apps: Correct and extend diagnostics of parse_name() 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
 2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
 2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
1202de4481 Add OSSL_CMP_MSG_write(), use it in apps/cmp.c 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:14:51 +02:00
Dr. David von Oheimb
fafa56a14f Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c 
Fixes #12403

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:14:49 +02:00
Dr. David von Oheimb
87d20a9651 apps/cmp.c: Improve documentation of -recipient option 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:10:07 +02:00
Dr. David von Oheimb
bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12422)
 2020-07-22 07:27:42 +02:00
Pauli
9283e9bd11 cmp: remove NULL check. 
Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
 2020-07-05 13:20:09 +10:00
Dr. David von Oheimb
19765f5bcf apps/cmp.c: Add workaround for Coverity false positive; rename e -> engine 
CID 1463570:    (USE_AFTER_FREE)
CID 1463570:    (USE_AFTER_FREE)
Passing freed pointer "e" as an argument to "release_engine".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
 2020-06-25 07:49:41 +10:00
Dr. David von Oheimb
33c41876ed apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by Coverity 
CID 1463578:  Resource leaks  (RESOURCE_LEAK)
CID 1463575:  Resource leaks  (RESOURCE_LEAK)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
 2020-06-25 07:49:41 +10:00
Dr. David von Oheimb
11baa470a2 Fix CMP -days option range checking and test failing with enable-ubsan 
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
 2020-06-22 16:39:26 +02:00
Dr. David von Oheimb
5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
50e09788d5 Fix use of -no-proxy option of CMP app 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
5a2ba207ed Add request URL path checking and status responses to HTTP server 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
David von Oheimb
538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/4277)
 2020-05-15 20:24:11 +02:00
Dr. David von Oheimb
6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c 
This also adds the more flexible and general load_key_cert_crl()
as well as helper functions get_passwd(), cleanse(), and clear_free()
to be used also in apps/cmp.c etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11755)
 2020-05-15 20:20:08 +02:00
Matt Caswell
454afd9866 Update copyright year 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)
 2020-05-15 14:09:49 +01:00
Dr. David von Oheimb
63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 
Also update documentation and example code in openssl-cmp.pod.in

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
 2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
 2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
6b326fc396 Improve CMP documentation regarding use of untrusted certs 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
 2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface 
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
 2020-05-13 19:42:00 +02:00