mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-06 13:26:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
27,631 Commits 34 Branches 385 Tags 420 MiB
902161e8ec
Commit Graph

59 Commits

Author SHA1 Message Date
Richard Levitte
f91d003a0e APPS: Adapt load_key() and load_pubkey() for the engine: loader 
These two functions react when the FORMAT_ENGINE format is given, and
use the passed ENGINE |e| and the passed key argument to form a URI
suitable for the engine: loader.

Co-authored-by: David von Oheimb <david.von.oheimb@siemens.com>

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13570)
 2020-12-02 20:19:31 +01:00
Richard Levitte
467f441bc6 APPS: Modify apps/cmp.c to use set_base_ui_method() for its -batch option 
Fixes #13511

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13512)
 2020-11-26 17:04:21 +01:00
Dr. David von Oheimb
931d5b4b27 apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE 
Also make clear we cannot use get_ui_method() at this point.

Fixes #13494

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13497)
 2020-11-25 13:33:50 +01:00
Dr. David von Oheimb
68f9d9223b apps/cmp.c: Improve description of key loaded due to -newkew option 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13497)
 2020-11-25 13:33:50 +01:00
Dr. David von Oheimb
8c5c2fa544 CMP: prevent misleading PKIStatusInfo output if not response available 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
 2020-11-20 13:36:30 +01:00
Dr. David von Oheimb
6fd8313589 apps/cmp.c: Improve diagnostics on -server URL parse error 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
 2020-11-20 13:36:30 +01:00
Dr. David von Oheimb
0e7bc901bf apps/cmp.c: Add diagnostics on config file section(s) used 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
 2020-11-20 13:36:30 +01:00
Dr. David von Oheimb
3c9d6266ed apps/cmp.c: Improve order of -path option: just after -server 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)
 2020-11-10 13:25:45 +01:00
Richard Levitte
b78c777ee3 APPS: Implement load_keyparams() to load key parameters 
'openssl dsaparam' is affected as an obvious usage example.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191)
 2020-10-22 12:14:32 +10:00
Dr. David von Oheimb
55c61473b5 Correct and simplify use of ERR_clear_error() etc. for loading DSO libs 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13045)
 2020-10-08 16:57:34 +02:00
Xiaofei Bai
ebcae87f6b FIX strncpy warning in apps/cmp.c. 
bugfix: #12872

strncpy here has compiling warning of -Wstringop-truncation, change
into BIO_snprintf as before.

Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12889)
 2020-09-17 14:19:09 +02:00
Matt Caswell
798f932980 Fix safestack issues in cmp.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:10:40 +01:00
Matt Caswell
e6623cfbff Fix safestack issues in x509.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:09:45 +01:00
Dr. David von Oheimb
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man page) 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
 2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
b0a4cbead3 apps/cmp.c: Improve safeguard assertion on consistency of cmp_options[] and cmp_vars[] 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12836)
 2020-09-11 08:06:47 +10:00
Dr. David von Oheimb
5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
 2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
 2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824)
 2020-09-10 07:12:20 +02:00
Dr. David von Oheimb
a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 
* Use strenghtened cert chain building, verifying chain using optional trust store
  while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
 2020-09-10 07:07:55 +02:00
Dr. David von Oheimb
b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806)
 2020-09-08 23:24:42 +02:00
Dr. David von Oheimb
d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
 2020-09-08 15:36:24 +02:00
Dr. David von Oheimb
6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint() 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
 2020-09-08 15:36:24 +02:00
Dr. David von Oheimb
0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)
 2020-09-05 19:33:33 +02:00
Dr. David von Oheimb
15076c26d7 Strengthen chain building for CMP 
* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Extend the tests in cmp_protect_test.c and the documentation accordingly

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12791)
 2020-09-05 18:11:12 +02:00
Dr. David von Oheimb
39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 
Also simplify certificate saving in apps/cmp.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790)
 2020-09-05 18:10:03 +02:00
Dr. David von Oheimb
2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751)
 2020-09-02 14:00:10 +02:00
Dr. David von Oheimb
1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
  in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
  OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)
 2020-09-01 18:53:41 +02:00
Dr. David von Oheimb
6d1f50b520 Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new() 
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
b3c5aadf4c apps: make use of OSSL_STORE for generalized certs and CRLs loading 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
 2020-08-20 14:55:34 +02:00
Pauli
3b1fd0b003 cmp: handle error return from OBJ_obj2txt() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12678)
 2020-08-20 16:07:10 +10:00
Dr. David von Oheimb
eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12615)
 2020-08-12 13:54:37 +02:00
Dr. David von Oheimb
aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c 
Fixes #12268

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
 2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
57c05c57c3 apps: Correct and extend diagnostics of parse_name() 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
 2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
 2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
1202de4481 Add OSSL_CMP_MSG_write(), use it in apps/cmp.c 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:14:51 +02:00
Dr. David von Oheimb
fafa56a14f Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c 
Fixes #12403

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:14:49 +02:00
Dr. David von Oheimb
87d20a9651 apps/cmp.c: Improve documentation of -recipient option 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:10:07 +02:00
Dr. David von Oheimb
bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12422)
 2020-07-22 07:27:42 +02:00
Pauli
9283e9bd11 cmp: remove NULL check. 
Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
 2020-07-05 13:20:09 +10:00
Dr. David von Oheimb
19765f5bcf apps/cmp.c: Add workaround for Coverity false positive; rename e -> engine 
CID 1463570:    (USE_AFTER_FREE)
CID 1463570:    (USE_AFTER_FREE)
Passing freed pointer "e" as an argument to "release_engine".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
 2020-06-25 07:49:41 +10:00
Dr. David von Oheimb
33c41876ed apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by Coverity 
CID 1463578:  Resource leaks  (RESOURCE_LEAK)
CID 1463575:  Resource leaks  (RESOURCE_LEAK)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
 2020-06-25 07:49:41 +10:00
Dr. David von Oheimb
11baa470a2 Fix CMP -days option range checking and test failing with enable-ubsan 
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
 2020-06-22 16:39:26 +02:00
Dr. David von Oheimb
5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
50e09788d5 Fix use of -no-proxy option of CMP app 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
5a2ba207ed Add request URL path checking and status responses to HTTP server 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
 2020-06-13 15:13:21 +02:00