Richard Levitte
b78c777ee3
APPS: Implement load_keyparams() to load key parameters
...
'openssl dsaparam' is affected as an obvious usage example.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191 )
2020-10-22 12:14:32 +10:00
Dr. David von Oheimb
55c61473b5
Correct and simplify use of ERR_clear_error() etc. for loading DSO libs
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13045 )
2020-10-08 16:57:34 +02:00
Xiaofei Bai
ebcae87f6b
FIX strncpy warning in apps/cmp.c.
...
bugfix: #12872
strncpy here has compiling warning of -Wstringop-truncation, change
into BIO_snprintf as before.
Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12889 )
2020-09-17 14:19:09 +02:00
Matt Caswell
798f932980
Fix safestack issues in cmp.h
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781 )
2020-09-13 11:10:40 +01:00
Matt Caswell
e6623cfbff
Fix safestack issues in x509.h
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781 )
2020-09-13 11:09:45 +01:00
Dr. David von Oheimb
5ea4c6e553
apps/cmp.c: Improve example given for -geninfo option (also in man page)
...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825 )
2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
62261446b2
apps/cmp.c: Improve user guidance on missing -subject etc. options
...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825 )
2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
7a7d6b514f
apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass
...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825 )
2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
ef2d3588e8
apps/cmp.c: Improve documentation of -secret, -cert, and -key options
...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825 )
2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
b0a4cbead3
apps/cmp.c: Improve safeguard assertion on consistency of cmp_options[] and cmp_vars[]
...
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12836 )
2020-09-11 08:06:47 +10:00
Dr. David von Oheimb
5a0991d0d9
Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps
...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769 )
2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
bb30bce22b
bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822 )
2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
a877d2629b
apps/cmp.c: clear leftover errors on loading libengines.so etc.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824 )
2020-09-10 07:12:20 +02:00
Dr. David von Oheimb
a0745e2be6
Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs
...
* Use strenghtened cert chain building, verifying chain using optional trust store
while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741 )
2020-09-10 07:07:55 +02:00
Dr. David von Oheimb
b434b2c08d
Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options
...
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806 )
2020-09-08 23:24:42 +02:00
Dr. David von Oheimb
d96486dc80
apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option
...
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786 )
2020-09-08 15:36:24 +02:00
Dr. David von Oheimb
6e477a60e4
apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint()
...
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786 )
2020-09-08 15:36:24 +02:00
Dr. David von Oheimb
0b86eefd43
OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788 )
2020-09-05 19:33:33 +02:00
Dr. David von Oheimb
15076c26d7
Strengthen chain building for CMP
...
* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Extend the tests in cmp_protect_test.c and the documentation accordingly
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12791 )
2020-09-05 18:11:12 +02:00
Dr. David von Oheimb
39082af2fa
Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout
...
Also simplify certificate saving in apps/cmp.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790 )
2020-09-05 18:10:03 +02:00
Dr. David von Oheimb
2c0e356ef7
apps/cmp.c: Clean up loading of certificates and CRLs
...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751 )
2020-09-02 14:00:10 +02:00
Dr. David von Oheimb
1a5ae1da14
Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp
...
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739 )
2020-09-01 18:53:41 +02:00
Dr. David von Oheimb
6d1f50b520
Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt
...
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808 )
2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
1a7cd250ad
Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new()
...
Also remove not really to-the-point error message if call fails in apps/cmp.c
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808 )
2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
b3c5aadf4c
apps: make use of OSSL_STORE for generalized certs and CRLs loading
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647 )
2020-08-20 14:55:34 +02:00
Pauli
3b1fd0b003
cmp: handle error return from OBJ_obj2txt()
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12678 )
2020-08-20 16:07:10 +10:00
Dr. David von Oheimb
eeccc23723
Introduce X509_add_cert[s] simplifying various additions to cert lists
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12615 )
2020-08-12 13:54:37 +02:00
Dr. David von Oheimb
aff8c0a411
Fix error message on setting cert validity period in apps/cmp.c
...
Fixes #12268
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296 )
2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
57c05c57c3
apps: Correct and extend diagnostics of parse_name()
...
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296 )
2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
8f7e897995
apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
...
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296 )
2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
1202de4481
Add OSSL_CMP_MSG_write(), use it in apps/cmp.c
...
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421 )
2020-07-30 20:14:51 +02:00
Dr. David von Oheimb
fafa56a14f
Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c
...
Fixes #12403
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421 )
2020-07-30 20:14:49 +02:00
Dr. David von Oheimb
87d20a9651
apps/cmp.c: Improve documentation of -recipient option
...
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421 )
2020-07-30 20:10:07 +02:00
Dr. David von Oheimb
bf19b64aae
Fix UI method setup, which should be independent of (deprecated) engine use
...
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12422 )
2020-07-22 07:27:42 +02:00
Pauli
9283e9bd11
cmp: remove NULL check.
...
Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309 )
2020-07-05 13:20:09 +10:00
Dr. David von Oheimb
19765f5bcf
apps/cmp.c: Add workaround for Coverity false positive; rename e -> engine
...
CID 1463570: (USE_AFTER_FREE)
CID 1463570: (USE_AFTER_FREE)
Passing freed pointer "e" as an argument to "release_engine".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231 )
2020-06-25 07:49:41 +10:00
Dr. David von Oheimb
33c41876ed
apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by Coverity
...
CID 1463578: Resource leaks (RESOURCE_LEAK)
CID 1463575: Resource leaks (RESOURCE_LEAK)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231 )
2020-06-25 07:49:41 +10:00
Dr. David von Oheimb
11baa470a2
Fix CMP -days option range checking and test failing with enable-ubsan
...
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175 )
2020-06-22 16:39:26 +02:00
Dr. David von Oheimb
5e7be6e666
Remove extra newline from CMP mock server error and add TODO on using request template
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998 )
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
8b22c283b8
Improve description of CMP untrusted certs and msg 'sender' field
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998 )
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
50e09788d5
Fix use of -no-proxy option of CMP app
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998 )
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
5a2ba207ed
Add request URL path checking and status responses to HTTP server
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998 )
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
7e998a0fdc
Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998 )
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
0d17c2f4bc
Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998 )
2020-06-13 15:13:21 +02:00
David von Oheimb
538404d218
Add 'methods' parameter to setup_engine() in apps.c for individual method defaults
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/4277 )
2020-05-15 20:24:11 +02:00
Dr. David von Oheimb
6d382c74b3
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c
...
This also adds the more flexible and general load_key_cert_crl()
as well as helper functions get_passwd(), cleanse(), and clear_free()
to be used also in apps/cmp.c etc.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11755 )
2020-05-15 20:20:08 +02:00
Matt Caswell
454afd9866
Update copyright year
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839 )
2020-05-15 14:09:49 +01:00
Dr. David von Oheimb
63f1883dca
Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert()
...
Also update documentation and example code in openssl-cmp.pod.in
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470 )
2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
143be4748e
Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID()
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470 )
2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
6b326fc396
Improve CMP documentation regarding use of untrusted certs
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470 )
2020-05-13 19:42:00 +02:00