mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
27,178 Commits 33 Branches 385 Tags 484 MiB
8dbef010e7
Commit Graph

27178 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shane Lontis
5e8cd0a4f4 Fix coverity issue: CID 1466479 - Resource leak in apps/pkcs12.c 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
 2020-09-12 15:57:24 +10:00
Shane Lontis
97f7a6d42e Fix coverity issue: CID 1466482 - Resource leak in OSSL_STORE_SEARCH_by_key_fingerprint() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
 2020-09-12 15:57:24 +10:00
Shane Lontis
9951eaf467 Fix coverity issue: CID 1466483 - Improper use of Negative value in dh_ctrl.c 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
 2020-09-12 15:57:24 +10:00
Shane Lontis
0f0b7dfbe5 Fix coverity issue: CID 1466484 - Remove dead code in PKCS7_dataInit() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
 2020-09-12 15:57:24 +10:00
Shane Lontis
6e417f951c Fix coverity issue: CID 1466485 - Explicit NULL dereference in OSSL_STORE_find() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
 2020-09-12 15:57:23 +10:00
Shane Lontis
3481694946 Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE 
Note that although this is a false positive currently, it could become possible if any of the methods called
change behaviour - so it is safer to add the fix than to ignore it. Added a simple test so that I could prove this was the case.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
 2020-09-12 15:57:23 +10:00
Richard Levitte
c1aba0763c OSSL_DECODER 'decode' function must never be NULL. 
The conditions for a valid implementation allowed the 'decode'
function to be NULL or the 'export_object' was NULL.  That condition
is changed so that 'decode' is checked to be non-NULL by itself.

Fixes #12819

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12849)
 2020-09-12 03:53:32 +02:00
Richard Levitte
c88f6f0e40 TEST: skip POSIX errcode zero in tesst/recipes/02-test_errstr.t 
On most systems, there is no E macro for errcode zero in <errno.h>,
which means that it seldom comes up here.  However, reports indicate
that some platforms do have an E macro for errcode zero.
With perl, errcode zero is a bit special.  Perl consistently gives
the empty string for that one, while the C strerror() may give back
something else.  The easiest way to deal with that possible mismatch
is to skip this errcode.

Fixes #12798

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12799)
 2020-09-12 03:51:21 +02:00
Biswapriyo Nath
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined 
CLA: trivial

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12620)
 2020-09-11 20:07:26 +03:00
Chris Novakovic
64713cb10d apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified 
When generating a CRL using the "ca" utility, allow values for the
lastUpdate and nextUpdate fields to be specified using the command line
options -crl_lastupdate and -crl_nextupdate respectively.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12784)
 2020-09-11 14:32:27 +03:00
Dr. David von Oheimb
0e60ce6334 Improve robustness and performance of building Unix static libraries 
This is a fixup of 385deae79f, which solved #12116

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12821)
 2020-09-11 12:21:57 +02:00
Dr. David von Oheimb
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man page) 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
1cd77e2eca OSSL_CMP_CTX_new.pod: improve doc of OSSL_CMP_CTX_get1_{extraCertsIn,caPubs} 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
4d2b2889da openssl-cmp.pod.in: Update Insta Demo CA port number in case needed 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
82bdd64193 check_chain_extensions(): Require X.509 v3 if extensions are present 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
 2020-09-11 07:43:52 +02:00
Dr. David von Oheimb
e41a2c4c60 check_chain_extensions(): Change exclusion condition w.r.t. RFC 6818 section 2 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
 2020-09-11 07:43:34 +02:00
Dr. David von Oheimb
d72c8b457b x509_vfy.c: Make sure that strict checks are not done for self-issued EE certs 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
 2020-09-11 07:42:23 +02:00
Dr. David von Oheimb
bb377c8d6c check_chain_extensions(): Add check that CA cert includes key usage extension 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
 2020-09-11 07:42:22 +02:00
Dr. David von Oheimb
da6c691d6d check_chain_extensions(): Add check that on empty Subject the SAN must be marked critical 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
 2020-09-11 07:42:22 +02:00
Dr. David von Oheimb
89f13ca434 check_chain_extensions(): Add check that AKID and SKID are not marked critical 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
 2020-09-11 07:42:22 +02:00
Dr. David von Oheimb
8a639b9d72 check_chain_extensions(): Add check that Basic Constraints of CA cert are marked critical 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
 2020-09-11 07:42:22 +02:00
Dr. David von Oheimb
1e41dadfa7 Extend X509 cert checks and error reporting in v3_{purp,crld}.c and x509_{set,vfy}.c 
add various checks for malformedness to static check_chain_extensions() in x509_vfc.c
improve error reporting of X509v3_cache_extensions() in v3_purp.c
add error reporting to x509_init_sig_info() in x509_set.c
improve static setup_dp() and related functions in v3_purp.c and v3_crld.c
add test case for non-conforming cert from https://tools.ietf.org/html/rfc8410#section-10.2

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
 2020-09-11 07:42:22 +02:00
Dr. David von Oheimb
b0a4cbead3 apps/cmp.c: Improve safeguard assertion on consistency of cmp_options[] and cmp_vars[] 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12836)
 2020-09-11 08:06:47 +10:00
Dr. David von Oheimb
d3dbc9b500 apps_ui.c: Correct password prompt for ui_method 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12493)
 2020-09-10 22:01:07 +02:00
Dr. David von Oheimb
591ceeddb3 apps_ui.c: Correct handling of empty password from -passin 
This is done in analogy to commit ca3245a619

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12493)
 2020-09-10 22:01:07 +02:00
Dr. David von Oheimb
f84de16f39 apps_ui.c: Improve error handling and return value of setup_ui_method() 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12493)
 2020-09-10 22:01:07 +02:00
Shane Lontis
9a62ccbe8a Fix fipsinstall module path 
If a path is specified with the -module option it will use this path to load the library when the provider is activated,
instead of also having to set the environment variable OPENSSL_MODULES.

Added a platform specific opt_path_end() function that uses existing functionality used by opt_progname().

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12761)
 2020-09-11 03:50:09 +10:00
Richard Levitte
9f604ca13d STORE: Fix OSSL_STORE_attach() to check |ui_method| before use 
ossl_pw_set_ui_method() demands that the passed |ui_method| be
non-NULL, and OSSL_STORE_attach() didn't check it beforehand.

While we're at it, we remove the passphrase caching that's set at the
library level, and trust the implementations to deal with that on
their own as needed.

Fixes #12830

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12831)
 2020-09-10 13:39:30 +02:00
Dr. David von Oheimb
5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
 2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
5fdcde816f X509_NAME_cmp(): Clearly document its semantics, referencing relevant RFCs 
Fixes #12765

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
 2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
a8e2a9f569 X509_NAME_add_entry_by_txt.pod: Improve documentation w.r.t. multi-valued RDNs (containing sets of AVAs) 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
 2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
bc64c5a69b X509_NAME_cmp: restrict normal return values to {-1,0,1} to avoid confusion with -2 for error 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
 2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
2aa91df406 X509_NAME_oneline(): Fix output of multi-valued RDNs, escaping '/' and '+' in values 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
 2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
115786793c X509_NAME_print_ex.pod: re-format lines to fit within 80 chars limit 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
 2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
388f2d9f6c app_load_config_bio(): fix crash on error 
It turns out that the CONF_modules_load(conf, NULL, 0) call is just wrong.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12817)
 2020-09-10 12:03:51 +02:00
Matt Caswell
3101ab603c Fix an EVP_MD_CTX leak 
If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same
EVP_MD_CTX with a provided MD then we end up leaking the md_data.

We need to ensure we free the md_data if we change to a provided MD.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12779)
 2020-09-10 11:35:42 +02:00
Richard Levitte
b830e00429 Diverse build.info: Adjust paths 
Fixes #12815

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12816)
 2020-09-10 09:50:56 +02:00
Dr. David von Oheimb
bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
 2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
 2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
 2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
7eb48cfc66 test/cmp_{client,msg}_test.c: minor code cleanup 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12655)
 2020-09-10 07:35:07 +02:00
Dr. David von Oheimb
eb5087fc7c test/recipes/81-test_cmp_cli_data/Mock/server.cnf: minor cleanup 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12655)
 2020-09-10 07:35:07 +02:00
Dr. David von Oheimb
4245fd64c8 81-test_cmp_cli: Make test output files all different according to #11080 
Also some minor improvements mostly of test cases regarding PKCS#10 CSR input

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12655)
 2020-09-10 07:35:07 +02:00
Dr. David von Oheimb
57371e1674 81-test_cmp_cli.t: Stop unlinking test output files according to #11080 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12655)
 2020-09-10 07:35:07 +02:00
Dr. David von Oheimb
c4adc5ba5b apps.c: Fix mem leaks on error in load_certs() and load_crls() 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12823)
 2020-09-10 07:15:00 +02:00
Dr. David von Oheimb
a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824)
 2020-09-10 07:12:20 +02:00
Dr. David von Oheimb
87495d56a9 apps.c: Fix diagnostics and return value of load_key_certs_crls() on error 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824)
 2020-09-10 07:12:20 +02:00