Commit Graph

192 Commits

Author SHA1 Message Date
Pauli
8aa82b3370 fuzz: add punycode decoder fuzz test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19591)
2022-11-11 08:14:48 +11:00
Job Snijders
fcae2ae4f6 Add Content Type OID for RPKI id-ct-signedTAL
References: draft-ietf-sidrops-signed-tal
Title: "RPKI Signed Object for Trust Anchor Key"

OID permanently assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19221)
2022-10-03 11:49:04 +11:00
Graham Woodward
e869c867c1 Allow PKCS12 export to set arbitrary bag attributes
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19025)
2022-09-23 17:40:02 +01:00
K1
48963ff6d0 Add support for PBE using hmacWithSM3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19204)
2022-09-15 17:03:56 +02:00
Lutz Jaenicke
5f7d4e9111 Objects: Add OIDs needed for CAdES-Processing
Add objects from ETSI-specification(s) used in CAdES processing.
Main document referenced is ETSI EN 319 122-1 V1.2.1.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18655)
2022-06-28 17:12:06 +02:00
Jiasheng Jiang
1cb35ce06a fuzz/asn1.c: Add check for ASN1_item_i2d
As the potential failure of the ASN1_item_i2d,
it should be better to check the return value.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18647)
2022-06-28 17:10:11 +02:00
Dr. David von Oheimb
34959f7a22 objects.txt: Add newly registered OIDs according to CMP Updates, for use in extended CMPv2
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15778)
2022-05-04 13:23:31 +02:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
tangyiqun
edba19760f check return value of functions that call BIO_new()
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17850)
2022-03-16 11:05:54 +01:00
Jiasheng Jiang
885d97fbf8 fuzz/fuzz_rand.c: Add check for OSSL_LIB_CTX_new
As the potential failure of the OPENSSL_zalloc(), the OSSL_LIB_CTX_new()
could return NULL.
Therefore, it should be better to check it and return error if fails in
order to guarantee the success of the initialization.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17738)
2022-02-28 12:15:41 +01:00
Jiasheng Jiang
d43597c718 fuzz/asn1.c: Add missing check for BIO_new
Since the BIO_new may fail, the 'bio' could be NULL pointer and be used.
Therefore, it should be better to check it and skip the print if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17690)
2022-02-20 13:04:24 +01:00
Dr. David von Oheimb
0088ef48c3 Update troublesome copyright years of auto-generated files to 2022
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17398)
2022-01-03 13:41:16 +01:00
Job Snijders
b0c1214e1e Add OID for RPKI id-ct-ASPA
References: draft-ietf-sidrops-aspa-profile
"A Profile for Autonomous System Provider Authorization" (ASPA)

OID permanently assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17002)
2021-11-11 13:02:29 +01:00
Tianjia Zhang
a596d38a8c obj: Add SM4 GCM/CCM OID
Add the following OID:

  SM4-GCM: 1.2.156.10197.1.104.8
  SM4-CCM: 1.2.156.10197.1.104.9

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16731)
2021-10-05 12:47:37 +02:00
Tavis Ormandy
415e6ac804 increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
2021-09-23 14:04:43 +02:00
Matt Caswell
4b8a8bb752 Fix the error handling in i2v_AUTHORITY_KEYID
Previously if an error path is entered a leak could result.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
2021-08-24 14:22:07 +01:00
Matt Caswell
38fc02a708 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
2021-06-17 13:24:59 +01:00
Dr. David von Oheimb
f42b3b70d8 fuzz/asn1parse.c: Clean up non-portable code and catch malloc failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15722)
2021-06-15 14:23:29 +02:00
Tomas Mraz
541d4f1995 fuzz/asn1parse: Use BIO_s_mem() as fallback output
/dev/null is not available everywhere.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15672)
2021-06-11 09:51:14 +02:00
Pauli
fb6ad22e36 fuzz: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
2021-06-02 16:30:15 +10:00
Rich Salz
449bdf3746 Use "" for include internal/xxx
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15468)
2021-05-27 09:56:41 +10:00
Job Snijders
7303c58217 Add OID for RPKI id-ct-signedChecklist
References: draft-ietf-sidrops-rpki-rsc - Resource Public Key Infrastructure
(RPKI) object profile for Signed Checklist (RSC)

OID listed under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1

CLA: Trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15207)
2021-05-12 15:06:22 +10:00
Rich Salz
c37b947957 Add a local perl module to get year last changed
This is used for generating a more-correct copyright statement
for the "build_generated" targets.

Fixes: #13765

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13791)
2021-03-31 13:59:53 +02:00
Matt Caswell
8020d79b40 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
2021-03-11 13:27:36 +00:00
Pauli
b98d550d80 prov: update rand implementations to have a params argument for the instantiate call
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
2021-02-28 17:25:49 +10:00
Pauli
db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14240)
2021-02-26 18:09:04 +10:00
Pauli
de2ea978b5 RAND_METHOD deprecation: fuzzer
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)
2021-02-23 23:24:13 +10:00
Pauli
ac60c84fc4 RAND_METHOD deprecation: documentation
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)
2021-02-23 23:24:13 +10:00
Matt Caswell
a28d06f3e9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
2021-02-18 15:05:17 +00:00
Matt Caswell
55869f594f Test that X509_issuer_and_serial_hash doesn't crash
Provide a certificate with a bad issuer and check that
X509_issuer_and_serial_hash doesn't crash.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
2021-02-16 11:32:32 +00:00
Job Snijders
f2d785364c Add OID for draft-ietf-opsawg-finding-geofeeds detached CMS signature
RFC 8805 Geofeed files can be authenticated with RPKI

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14050)
2021-02-12 12:34:19 +10:00
Job Snijders
d3372c2f35 Add some PKIX-RPKI objects
References:

RFC6482 - A Profile for Route Origin Authorizations (ROAs)
RFC6484 - Certificate Policy (CP) for the RPKI
RFC6493 - The RPKI Ghostbusters Record
RFC8182 - The RPKI Repository Delta Protocol (RRDP)
RFC8360 - RPKI Validation Reconsidered
draft-ietf-sidrops-rpki-rta - A profile for RTAs

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13948)
2021-02-02 10:32:27 +01:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Richard Levitte
6ed4022cd1 Fix 'no-deprecated'
Some of the handling of no-deprecated stuff wasn't quite complete, or
even plain wrong.

This restores i2d_PublicKey() to be able to handle EVP_PKEYs with
legacy internal keys.

This also refactors the DSA key tests in test/evp_extra_test.c to use
EVP functionality entirely.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)
2020-12-19 17:02:12 +01:00
Pauli
575b36ecef dsa: fuzzer deprecation changes
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)
2020-12-17 21:09:54 +01:00
Dr. David von Oheimb
e3a4d3bb61 fuzz/server.c: Fix build error on OPENSSL_NO_{DSA,EC,DEPECATED_3_0}
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13110)
2020-12-04 16:20:53 +01:00
Matt Caswell
61b0fead5e Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.

Issue found by OSSFuzz.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
2020-12-02 10:28:45 +00:00
Matt Caswell
bb64795f96 Remove fuzzing of deprecated functions in a no-deprecated build
d2i_DHparams and i2d_DHparam as well as the equivalent DHX functions are
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
2020-11-27 11:04:54 +00:00
Richard Levitte
d7e498ac55 Deprecate RSA harder
This deprecates all functions that deal with the types RSA and RSA_METHOD

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13096)
2020-11-18 23:38:34 +01:00
Richard Levitte
9311d0c471 Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-13 09:35:02 +01:00
Nicola Tuveri
a7da4d488d [test/recipes] Split test_fuzz into separate recipes
When using `HARNESS_JOBS` to run the tests in parallel, no matter the
level of parallelism that can be used, the monolithic `test_fuzz` takes
a long time to run, conditioning the duration of the whole build.

This commit splits the single `test_fuzz` recipe into separate recipes
for each fuzzer.
The previous mechanism to select individual fuzz tests using the
`FUZZ_TESTS` environment variable is also dropped (and documentation
updated).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13307)
2020-11-12 16:27:17 +02:00
Matt Caswell
eec0ad10b9 Update copyright year
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13144)
2020-10-15 14:10:06 +01:00
Dmitry Belyavskiy
856198aac7 Some OIDs used in Russian X.509 certificates.
OBJ_OGRNIP denotes a specific legal status of the certificate owner.
OBJ_classSignTool* denotes a level of certification of the software
created the certificate.

http://www.garant.ru/products/ipo/prime/doc/70033464/ is the relevant
link (in Russian).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8309)
2020-10-05 12:14:17 +03:00
Matt Caswell
798f932980 Fix safestack issues in cmp.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:10:40 +01:00
Matt Caswell
6ac1cd10ba Fix safestack issues in ssl.h
We fix 3 problems with safestack:
- Including an openssl header file without linking against libcrypto
  can cause compilation failures (even if the app does not otherwise need
  to link against libcrypto). See issue #8102
- Recent changes means that applications in no-deprecated builds will need
  to include additional macro calls in the source code for all stacks that
  they need to use - which is an API break. This changes avoids that
  necessity.
- It is not possible to write code using stacks that works in both a
  no-deprecated and a normal build of OpenSSL. See issue #12707.

Fixes #12707
Contains a partial fix for #8102. A similar PR will be needed for hash to
fully fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:09:45 +01:00
Biswapriyo Nath
c9352933fe fuzz/test-corpus: check if PATH_MAX is already defined
CLA: trivial

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12620)
2020-09-11 20:07:26 +03:00
Dr. David von Oheimb
15633d74dc Add 4 new OIDs for PKIX key purposes and 3 new CMP information types
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12807)
2020-09-08 23:22:29 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new()
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
299e0f1eae Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq()
Fixes #12395

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
2020-07-30 09:38:08 +02:00