Commit Graph

51 Commits

Author SHA1 Message Date
Richard Levitte
b78c777ee3 APPS: Implement load_keyparams() to load key parameters
'openssl dsaparam' is affected as an obvious usage example.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191)
2020-10-22 12:14:32 +10:00
Dr. David von Oheimb
55c61473b5 Correct and simplify use of ERR_clear_error() etc. for loading DSO libs
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13045)
2020-10-08 16:57:34 +02:00
Xiaofei Bai
ebcae87f6b FIX strncpy warning in apps/cmp.c.
bugfix: #12872

strncpy here has compiling warning of -Wstringop-truncation, change
into BIO_snprintf as before.

Change-Id: I362872c4ad328cadd4c7a5a5da3165655fa26c0d

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12889)
2020-09-17 14:19:09 +02:00
Matt Caswell
798f932980 Fix safestack issues in cmp.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:10:40 +01:00
Matt Caswell
e6623cfbff Fix safestack issues in x509.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:09:45 +01:00
Dr. David von Oheimb
5ea4c6e553 apps/cmp.c: Improve example given for -geninfo option (also in man page)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
62261446b2 apps/cmp.c: Improve user guidance on missing -subject etc. options
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
7a7d6b514f apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
ef2d3588e8 apps/cmp.c: Improve documentation of -secret, -cert, and -key options
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
2020-09-11 12:17:58 +02:00
Dr. David von Oheimb
b0a4cbead3 apps/cmp.c: Improve safeguard assertion on consistency of cmp_options[] and cmp_vars[]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12836)
2020-09-11 08:06:47 +10:00
Dr. David von Oheimb
5a0991d0d9 Add/harmonize multi-valued RDN support and doc of ca, cmp, req, storeutl, and x509 apps
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12769)
2020-09-10 12:07:33 +02:00
Dr. David von Oheimb
bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
a877d2629b apps/cmp.c: clear leftover errors on loading libengines.so etc.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12824)
2020-09-10 07:12:20 +02:00
Dr. David von Oheimb
a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs
* Use strenghtened cert chain building, verifying chain using optional trust store
  while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
2020-09-10 07:07:55 +02:00
Dr. David von Oheimb
b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806)
2020-09-08 23:24:42 +02:00
Dr. David von Oheimb
d96486dc80 apps/cmp.c: Allow default HTTP path (aka CMP alias) given with -server option
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
2020-09-08 15:36:24 +02:00
Dr. David von Oheimb
6e477a60e4 apps/cmp.c: Use enhanced OSSL_HTTP_parse_url(), removing parse_addr() and atoint()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12786)
2020-09-08 15:36:24 +02:00
Dr. David von Oheimb
0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)
2020-09-05 19:33:33 +02:00
Dr. David von Oheimb
15076c26d7 Strengthen chain building for CMP
* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Extend the tests in cmp_protect_test.c and the documentation accordingly

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12791)
2020-09-05 18:11:12 +02:00
Dr. David von Oheimb
39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout
Also simplify certificate saving in apps/cmp.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790)
2020-09-05 18:10:03 +02:00
Dr. David von Oheimb
2c0e356ef7 apps/cmp.c: Clean up loading of certificates and CRLs
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12751)
2020-09-02 14:00:10 +02:00
Dr. David von Oheimb
1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
  in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
  OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)
2020-09-01 18:53:41 +02:00
Dr. David von Oheimb
6d1f50b520 Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new()
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
b3c5aadf4c apps: make use of OSSL_STORE for generalized certs and CRLs loading
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
2020-08-20 14:55:34 +02:00
Pauli
3b1fd0b003 cmp: handle error return from OBJ_obj2txt()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12678)
2020-08-20 16:07:10 +10:00
Dr. David von Oheimb
eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12615)
2020-08-12 13:54:37 +02:00
Dr. David von Oheimb
aff8c0a411 Fix error message on setting cert validity period in apps/cmp.c
Fixes #12268

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
57c05c57c3 apps: Correct and extend diagnostics of parse_name()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
8f7e897995 apps/cmp.c: Defer diagnostic output on server+proxy to be contacted
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12296)
2020-08-04 09:17:47 +02:00
Dr. David von Oheimb
1202de4481 Add OSSL_CMP_MSG_write(), use it in apps/cmp.c
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
2020-07-30 20:14:51 +02:00
Dr. David von Oheimb
fafa56a14f Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c
Fixes #12403

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
2020-07-30 20:14:49 +02:00
Dr. David von Oheimb
87d20a9651 apps/cmp.c: Improve documentation of -recipient option
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
2020-07-30 20:10:07 +02:00
Dr. David von Oheimb
bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12422)
2020-07-22 07:27:42 +02:00
Pauli
9283e9bd11 cmp: remove NULL check.
Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
2020-07-05 13:20:09 +10:00
Dr. David von Oheimb
19765f5bcf apps/cmp.c: Add workaround for Coverity false positive; rename e -> engine
CID 1463570:    (USE_AFTER_FREE)
CID 1463570:    (USE_AFTER_FREE)
Passing freed pointer "e" as an argument to "release_engine".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
2020-06-25 07:49:41 +10:00
Dr. David von Oheimb
33c41876ed apps/cmp.c: Fix memory leaks in handle_opt_geninfo() found by Coverity
CID 1463578:  Resource leaks  (RESOURCE_LEAK)
CID 1463575:  Resource leaks  (RESOURCE_LEAK)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12231)
2020-06-25 07:49:41 +10:00
Dr. David von Oheimb
11baa470a2 Fix CMP -days option range checking and test failing with enable-ubsan
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
2020-06-22 16:39:26 +02:00
Dr. David von Oheimb
5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
50e09788d5 Fix use of -no-proxy option of CMP app
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
5a2ba207ed Add request URL path checking and status responses to HTTP server
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
David von Oheimb
538404d218 Add 'methods' parameter to setup_engine() in apps.c for individual method defaults
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/4277)
2020-05-15 20:24:11 +02:00
Dr. David von Oheimb
6d382c74b3 Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c
This also adds the more flexible and general load_key_cert_crl()
as well as helper functions get_passwd(), cleanse(), and clear_free()
to be used also in apps/cmp.c etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11755)
2020-05-15 20:20:08 +02:00
Matt Caswell
454afd9866 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)
2020-05-15 14:09:49 +01:00
Dr. David von Oheimb
63f1883dca Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert()
Also update documentation and example code in openssl-cmp.pod.in

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
143be4748e Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
2020-05-13 19:42:00 +02:00
Dr. David von Oheimb
6b326fc396 Improve CMP documentation regarding use of untrusted certs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
2020-05-13 19:42:00 +02:00