2
0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Commit Graph

34 Commits

Author SHA1 Message Date
Dr. David von Oheimb
e0f1ec3b2e CMP client: fix checking new cert enrolled with oldcert and without private key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
2023-05-12 10:46:27 +02:00
Dr. David von Oheimb
25b18e629d crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20298)
2023-04-18 07:26:11 +02:00
Danny Carpenter
8835940db5 adding provider_unload functions for cmp_ tests
CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20731)
2023-04-16 22:23:24 +10:00
Dr. David von Oheimb
6f88876d4e cmp_client_test.c: add tests for errors reported by server on subsequent requests in a transaction
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08 17:05:47 +01:00
Dr. David von Oheimb
b908ec0f21 cmp_client_test.c: add tests for end_time being initialized for RR/GENM
To this end, tweak the internal handling of ctx->total_timeout.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
2023-01-23 10:54:29 +01:00
Dr. David von Oheimb
6ea44d07a7 cmp_client_test.c: add tests for OSSL_CMP_CTX_get_status
This is a follow-up of , adding test cases as requested.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19760)
2022-11-30 15:58:15 +01:00
Dr. David von Oheimb
1c04866c67 OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-25 09:19:34 +01:00
Dr. David von Oheimb
357bfe7345 CMP+CRMF: fix formatting nits in crypto/, include/, and test/
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)
2022-11-24 13:45:06 +01:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Dr. David von Oheimb
b971d4198d CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()
Fixes 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)
2022-01-04 17:04:56 +01:00
Dr. David von Oheimb
79b2a2f2ee add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
2021-12-21 12:11:49 +01:00
Dr. David von Oheimb
574246ae02 cmp_client_test.c: Remove needless dependency on NDEBUG
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16052)
2021-09-24 16:35:05 +02:00
Matt Caswell
d2b6c06274 Ensure libctx/propq is propagated when handling X509_REQ
When we create via d2i or dup an X509_REQ we should ensure that the libctx
is properly propagated. We also ensure we create X509_REQ objects with the
proper libctx assigned in the CMP tests.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)
2021-06-05 17:39:27 +10:00
Pauli
fd009d763a test: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
2021-06-02 16:30:15 +10:00
Pauli
23e97567be test: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
2021-05-29 17:17:12 +10:00
Dr. David von Oheimb
ee56cec733 CMP test server: move apps/{,lib/}cmp_mock_srv.c and apps/{,include/}cmp_mock_srv.h
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15343)
2021-05-20 16:23:27 +02:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Dr. David von Oheimb
3d46c81a7d CMP: Allow PKCS#10 input also for ir, cr, kur, and rr messages
Also update documentation regarding sources of certs and keys,
improve type of OSSL_CMP_exec_RR_ses(),
add tests for CSR-based cert revocation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13841)
2021-01-21 17:53:26 +01:00
Dr. David von Oheimb
0b7368dda0 TEST: move cert, key, and CSR loading aux functions to new testutil/load.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13762)
2021-01-13 09:09:36 +01:00
Dr. David von Oheimb
bca7ad6efd Use adapted test_get_libctx() for simpler test setup and better error reporting
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13001)
2020-12-10 11:01:26 +01:00
Dr. David von Oheimb
20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13568)
2020-12-01 07:49:38 +01:00
Dr. Matthias St. Pierre
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 11:59:53 +01:00
Matt Caswell
798f932980 Fix safestack issues in cmp.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:10:40 +01:00
Matt Caswell
e6623cfbff Fix safestack issues in x509.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:09:45 +01:00
Dr. David von Oheimb
7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12655)
2020-09-10 07:35:07 +02:00
Richard Levitte
9afa0748cf TEST: Fix CMP tests so they load keys in the current library context
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12705)
2020-08-24 18:20:29 +02:00
Dr. David von Oheimb
b0248cbc3e Add libctx/provider support to cmp_client_test
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new()
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
299e0f1eae Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq()
Fixes 

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
2020-07-30 09:38:08 +02:00
Dr. David von Oheimb
430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update()
Bugfix: allow using extraCerts contained in msg already while checking signature
Improve function name, simplify its return value, and update its documentation

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert()
Also update documentation and example code in openssl-cmp.pod.in

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
2020-05-13 19:42:00 +02:00
Rich Salz
852c2ed260 In OpenSSL builds, declare STACK for datatypes ...
... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this.  Most of all, ParseC needed to be more
consistent.  The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns.  There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)
2020-04-24 16:42:46 +02:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Dr. David von Oheimb
7e765f46a6 Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11300)
2020-03-25 14:10:18 +01:00