mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
26,839 Commits 34 Branches 390 Tags 491 MiB
69d9245996
Commit Graph

65 Commits

Author SHA1 Message Date
Dr. David von Oheimb
6d1f50b520 Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
cac30a69bc cmp_msg.c: Copy libctx and propq of CMP_CTX to newly enrolled certificate 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
28e9f62b2d cmp_util.c: Add OPENSSL_CTX parameter to ossl_cmp_build_cert_chain(), improve its doc 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
1930b58642 cmp_hdr.c: Adapt ossl_cmp_hdr_init() to use OPENSSL_CTX for random number generation 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
2300083887 crypto/cmp: Prevent misleading errors in case x509v3_cache_extensions() fails 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
97e00da902 Add OPENSSL_CTX parameter to OSSL_CRMF_pbmp_new() and improve its doc 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new() 
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
7b1a3a5062 cmp_vfy.c: Fix bug: must verify msg signature also in 3GPP mode 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:10 +02:00
Dr. David von Oheimb
eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12615)
 2020-08-12 13:54:37 +02:00
Dr. David von Oheimb
1202de4481 Add OSSL_CMP_MSG_write(), use it in apps/cmp.c 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:14:51 +02:00
Dr. David von Oheimb
fafa56a14f Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c 
Fixes #12403

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:14:49 +02:00
Dr. David von Oheimb
593d6554f8 Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM() 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
 2020-07-30 09:38:08 +02:00
Dr. David von Oheimb
299e0f1eae Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq() 
Fixes #12395

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
 2020-07-30 09:38:08 +02:00
Dr. David von Oheimb
1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12375)
 2020-07-16 15:48:53 +02:00
Dr. David von Oheimb
0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
 2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
11baa470a2 Fix CMP -days option range checking and test failing with enable-ubsan 
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
 2020-06-22 16:39:26 +02:00
Dr. David von Oheimb
c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 
as checking expected_sender and adding caPubs is not part of msg validation.
Also constify a couple of internal and public functions related to cmp_vfy.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
12bbcee21b Make CMP server use same protection for response as for request 
Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() 
Bugfix: allow using extraCerts contained in msg already while checking signature
Improve function name, simplify its return value, and update its documentation

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
032b13c784 Correct error reason of verify_signature() in cmp_vfy.c 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
6d934add34 Check expected sender not only for signature-protected CMP messages 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
b27ff9b87c Streamline the approach to set CMP message recipient and expected sender 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
6e15b81c34 Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h 
fixes #11818

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11911)
 2020-05-24 17:39:37 +02:00
Dr. David von Oheimb
63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 
Also update documentation and example code in openssl-cmp.pod.in

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
 2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
 2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
9253f8346a Constify 'req' parameter of OSSL_HTTP_post_asn1() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11736)
 2020-05-09 16:57:08 +02:00
Dr. David von Oheimb
045229cfe8 Fix bug in OSSL_CMP_SRV_process_request() on transaction renewal 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11736)
 2020-05-09 16:57:08 +02:00
Rich Salz
852c2ed260 In OpenSSL builds, declare STACK for datatypes ... 
... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this.  Most of all, ParseC needed to be more
consistent.  The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns.  There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)
 2020-04-24 16:42:46 +02:00
Matt Caswell
33388b44b6 Update copyright year 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
 2020-04-23 13:55:52 +01:00
Matt Caswell
555ed96812 Fix no-err 
This fixes an assertion failure that can occur in the CMP code in the
event of a no-err build. The "improve_location_name" function assumed
that the fallback argument was always populated with something. However
in a no-err build this is not the case.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11584)
 2020-04-22 10:41:58 +01:00
Dr. David von Oheimb
753283cd23 Add CMP error reason 'missing reference cert' 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11386)
 2020-04-18 19:54:17 +02:00
Dr. David von Oheimb
e599d0aecd Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/ 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11386)
 2020-04-18 19:54:17 +02:00
Dr. David von Oheimb
642f60d840 Rename CMP_PROTECTEDPART to OSSL_CMP_PROTECTEDPART for consistency 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11386)
 2020-04-18 19:54:17 +02:00
Dr. David von Oheimb
d803930448 Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11448)
 2020-04-07 12:14:16 +02:00
Dr. David von Oheimb
a1e4c8ef81 Fix bugs in 3GPP exception checking and improve diagnostics in crypt/cmp/cmp_vfy.c 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11448)
 2020-04-07 12:14:16 +02:00
Dr. David von Oheimb
4b1fe471ac HTTP client: make server/proxy and port params more consistent; minor other improvements 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11404)
 2020-04-02 18:31:06 +02:00
Dr. David von Oheimb
afe554c2d2 Chunk 10 of CMP contribution to OpenSSL: CMP http client and related tests 
Also improve the generic HTTP client w.r.t. proxy and no_proxy options.

    Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
    Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
    Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
    Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11404)
 2020-04-02 18:17:00 +02:00
Bernd Edlinger
b5f7aa5ce7 Fix a printf format error in cmp_client.c 
The value is of type uint64 but the format
%ld is not suitable for that, need to use %jd.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11454)
 2020-04-02 09:19:25 +02:00
Dr. David von Oheimb
7e765f46a6 Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests 
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11300)
 2020-03-25 14:10:18 +01:00
Dr. David von Oheimb
8cc86b81ac Constify various mostly X509-related parameter types in crypto/ and apps/ 
in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *,
also some result types of new functions, which does not break compatibility

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/10504)
 2020-03-23 08:30:37 +01:00
Dr. David von Oheimb
ae8483d24d Rename OSSL_{d2i,i2d}_CMP_MSG_bio to {d2i,id2}_OSSL_CMP_MSG_bio 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11307)
 2020-03-18 13:53:42 +01:00
Dr. David von Oheimb
44387c9000 Move OSSL_CMP_X509_digest() to x_all.c, renaming it to X509_digest_sig() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
 2020-03-10 16:09:44 +01:00
Dr. David von Oheimb
cfca56dfae Fix handling of CMP msg senderKID and improve doc of related CTX functions 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
 2020-03-10 16:09:44 +01:00