mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-27 06:21:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,594 Commits 34 Branches 385 Tags 621 MiB
3348713ad3
Commit Graph

210 Commits

Author SHA1 Message Date
Dimitri Papadopoulos
164a541b93 Fix new typos found by codespell 
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23133)
 2023-12-29 10:12:05 +01:00
Dr. David von Oheimb
1d61a03794 crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ossl_cmp_asn1_get_int() 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 23:06:42 +01:00
Rajeev Ranjan
b14ec830f5 cmp_server.c,apps/lib/cmp_mock_srv.c: move polling state checks to cmp_server.c 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 23:06:42 +01:00
Dr. David von Oheimb
bedffe1731 crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 23:06:42 +01:00
Rajeev Ranjan
192bfec487 crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 22:53:35 +01:00
Dr. David von Oheimb
7c6577ba9f CMP lib and app: add optional certProfile request message header and respective -profile option 
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
 2023-12-19 13:07:19 +01:00
Dr. David von Oheimb
ac0677bd23 CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS 
Fixes #21120

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)
 2023-10-10 20:36:06 +02:00
Dr. David von Oheimb
080bd08fd3 cmp_vfy.c: Use verification callback if cert_acceptable() finds expired cert 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21656)
 2023-09-21 11:15:49 +10:00
Matt Caswell
da1c088f59 Copyright year updates 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2023-09-07 09:59:15 +01:00
Dr. David von Oheimb
e664ef78b9 CMP: generalize ossl_cmp_calc_protection() to handle Edwards curves correctly 
Fixes #21564

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21884)
 2023-09-05 13:25:41 +02:00
Tomas Mraz
2b2eedfdd6 cmp_genm.c: Remove superfluous store_ctx != 0 check 
This really cannot be ever called with NULL store_ctx
and the check confuses Coverity.

Fixes Coverity 1538865

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
 2023-08-18 15:06:18 +02:00
Dr. David von Oheimb
2c8d9f19e3 crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ossl_cmp_asn1_get_int() 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21579)
 2023-08-03 09:29:41 +02:00
Dr. David von Oheimb
01b0485131 CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
 2023-07-17 08:48:36 +10:00
Dr. David von Oheimb
ec5a9cd11b rename OSSL_CMP_get{,1}_caCerts and improve OSSL_CMP_exec_certreq.pod 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
 2023-07-17 08:48:26 +10:00
Rajeev Ranjan
1d32ec20fe CMP: support specifying certificate to be revoked via issuer and serial number 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21116)
 2023-07-10 08:03:38 +02:00
Vladimír Kotal
3ca28c9e81 allow to disable http 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21108)
 2023-06-06 11:05:02 +10:00
Dr. David von Oheimb
afe7a4311d cmp_client.c: add comment on certConf and add 'ossl_unused' to two functions 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
 2023-06-01 10:03:06 +02:00
Dr. David von Oheimb
d477484d33 CMP: add support for genm/genp messages with id-it-caCerts 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19231)
 2023-06-01 09:39:12 +02:00
Dr. David von Oheimb
3179995f11 cmp_http.c: Remove obsolete comment w.r.t. ERR_clear_error() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
 2023-05-30 22:02:10 +02:00
Dr. David von Oheimb
e0f1ec3b2e CMP client: fix checking new cert enrolled with oldcert and without private key 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
 2023-05-12 10:46:27 +02:00
Dr. David von Oheimb
2d6585986f CMP client: fix error response on -csr without private key, also in docs 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
 2023-05-12 10:46:27 +02:00
Dr. David von Oheimb
25b18e629d crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20298)
 2023-04-18 07:26:11 +02:00
Dr. David von Oheimb
4b0c27d445 CMP add: fix -reqin option, which requires adding OSSL_CMP_MSG_update_recipNonce() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
 2023-03-25 09:55:26 +01:00
FdaSilvaYY
f42d6b7ae6 nit: tidy-up code, and fix a typo. 
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20436)
 2023-03-21 10:57:24 +01:00
JAVAID Mohammad-Habib
c9c99018a8 cmp_msg.c: free memory of certStatus before goto err 
CLA: trivial

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20406)
 2023-03-20 19:02:44 +01:00
Dr. David von Oheimb
6b58f498b3 OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled cert 
Also add corresponding tests and to this end update credentials

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20160)
 2023-02-13 11:56:10 +01:00
Dr. David von Oheimb
e7041bfea7 CMP cert_response(): add missing rejection status on client rejecting new cert 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
 2023-02-08 17:05:47 +01:00
Dr. David von Oheimb
036a444fdc OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent request of a transaction 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
 2023-02-08 17:05:47 +01:00
Dr. David von Oheimb
8c29fa21a7 cmp_ctx.c: fix wrong comments on OSSL_CMP_CTX_set1_{recipient,issuer} 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
 2023-02-08 17:05:47 +01:00
Dr. David von Oheimb
ed9c6f363e CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonce 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
 2023-02-08 17:05:47 +01:00
Dr. David von Oheimb
7f7dafe98b ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0) 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
 2023-02-08 17:05:47 +01:00
Pauli
01a17b24f6 Fix Coverity 1520485: logically dead code 
The check is unnecessary as the condition is already checked
before the switch statement.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20121)
 2023-01-26 10:25:33 +01:00
Dr. David von Oheimb
d7d1d0928a cmp_client.c: fix handling of total_timeout for RR and GENM transactions 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
 2023-01-23 10:54:29 +01:00
Dr. David von Oheimb
b908ec0f21 cmp_client_test.c: add tests for end_time being initialized for RR/GENM 
To this end, tweak the internal handling of ctx->total_timeout.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
 2023-01-23 10:54:29 +01:00
Dr. David von Oheimb
fc93335760 OSSL_CMP_validate_msg(): make sure to reject protection type mismatch 
Do not accept password-based if expected signature-based and no secret is available and
do not accept signature-based if expected password-based and no trust anchors available.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19729)
 2022-12-08 08:19:45 +01:00
Dr. David von Oheimb
084d3afd26 Compensate for CMP-related TODOs removed by PR #15539 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16006)
 2022-12-07 21:57:36 +01:00
Dr. David von Oheimb
a2ede0396a add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
 2022-11-25 09:19:37 +01:00
Dr. David von Oheimb
1c04866c67 OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs 
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
 2022-11-25 09:19:34 +01:00
Dr. David von Oheimb
7e3034939b CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
 2022-11-25 09:15:37 +01:00
Dr. David von Oheimb
cba0e2afd6 CMP: fix handling of unset or missing failInfo PKI status information 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
 2022-11-24 14:01:47 +01:00
Dr. David von Oheimb
19ddcc4cbb CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages 
On this occasion, replace magic constants by mnemonic ones; update doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
 2022-11-24 14:00:46 +01:00
Dr. David von Oheimb
357bfe7345 CMP+CRMF: fix formatting nits in crypto/, include/, and test/ 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)
 2022-11-24 13:45:06 +01:00
Dr. David von Oheimb
2da163cb73 CMP: add API functions OSSL_CMP_CTX_get0_libctx() and OSSL_CMP_CTX_get0_propq() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19715)
 2022-11-23 10:57:52 +01:00
FdaSilvaYY
c734058309 crypto/*: Fix various typos, repeated words, align some spelling to LDP. 
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
 2022-10-12 16:55:01 +11:00
FdaSilvaYY
1567a821a4 crypto: Fix various typos, repeated words, align some spelling to LDP. 
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- file name -> filename
- host name -> hostname

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
 2022-10-12 16:55:01 +11:00
Richard Levitte
5139dec255 Rename ossl_sleep calls to OSSL_sleep everywhere 
Also, remove inclusions of internal/e_os.h where it seems no longer
necessary.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19330)
 2022-10-06 08:01:09 +02:00
Richard Levitte
e077455e9e Stop raising ERR_R_MALLOC_FAILURE in most places 
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
 2022-10-05 14:02:03 +02:00
Graham Woodward
b85d53c167 Fix missing null check 
Don't add 1 if strchr returns NULL

PR update

Fixes #19279

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19282)
 2022-09-30 22:42:17 +02:00
Dr. David von Oheimb
7af110f9f5 CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18929)
 2022-08-24 11:29:40 +02:00
Dr. David von Oheimb
aeadd2981b CMP: fix crash in check_transactionID_or_nonce() on 'actual' being NULL 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18929)
 2022-08-24 11:29:40 +02:00