mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
28,535 Commits 30 Branches 390 Tags 502 MiB
eb27d75788
Commit Graph

102 Commits

Author SHA1 Message Date
Matt Caswell
8020d79b40 Update copyright year 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
 2021-03-11 13:27:36 +00:00
Dr. David von Oheimb
4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14460)
 2021-03-09 11:02:41 +01:00
Dr. David von Oheimb
dd5fa5f5af CMP: On NULL-DN subject or issuer input omit field in cert template 
Also improve diagnostics on inconsistent cert request input in apps/cmp.c,
add trace output for transactionIDs on new sessions,
and update the documentation in openssl-cmp.pod.in.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14018)
 2021-03-02 11:05:34 +01:00
Dr. David von Oheimb
7f90026b3f Handle NULL result of ERR_reason_error_string() in some apps 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13920)
 2021-02-22 08:49:52 +01:00
Dr. David von Oheimb
5e128ed120 CMP: Fix total_timeout behavior; small doc and diagnostic improvements 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14019)
 2021-02-19 16:58:22 +01:00
Dr. David von Oheimb
c1be4d617c Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14039)
 2021-02-18 16:50:12 +01:00
Dr. David von Oheimb
daf1300b80 Add internal X509_add_certs_new(), which simplifies matters 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14039)
 2021-02-18 16:50:12 +01:00
Matt Caswell
a28d06f3e9 Update copyright year 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
 2021-02-18 15:05:17 +00:00
Dr. David von Oheimb
d53b437f99 Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack 
This simplifies many usages

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14040)
 2021-02-04 07:28:11 +01:00
Richard Levitte
4333b89f50 Update copyright year 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
 2021-01-28 13:54:57 +01:00
Dr. David von Oheimb
3d46c81a7d CMP: Allow PKCS#10 input also for ir, cr, kur, and rr messages 
Also update documentation regarding sources of certs and keys,
improve type of OSSL_CMP_exec_RR_ses(),
add tests for CSR-based cert revocation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13841)
 2021-01-21 17:53:26 +01:00
Ankita Shetty
4c0d49ed41 cmp_client.c: Fix indentation and remove empty line 
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13488)
 2020-12-02 12:35:16 +01:00
Ankita Shetty
a676c53c7f cmp_client.c: Remove dead code of variable 'txt' in cert_response() 
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13488)
 2020-12-02 12:35:16 +01:00
Richard Levitte
14a6c6a4e1 ERR: Rebuild all generated error headers and source files 
This is the result of 'make errors ERROR_REBUILD=-rebuild'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13390)
 2020-11-24 15:22:33 +01:00
Dr. David von Oheimb
f87ead9801 ossl_cmp_certreq_new(): Fix POPO key mismatch in case newPkey is just public key 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
 2020-11-20 13:36:30 +01:00
Dr. David von Oheimb
8c5c2fa544 CMP: prevent misleading PKIStatusInfo output if not response available 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
 2020-11-20 13:36:30 +01:00
Richard Levitte
a150f8e1fc CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data() 
This is not done absolutely everywhere, as there are places where
the use of ERR_add_error_data() is quite complex, but at least the
simple cases are done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
 2020-11-13 09:35:31 +01:00
Richard Levitte
9311d0c471 Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 
This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
 2020-11-13 09:35:02 +01:00
Dr. David von Oheimb
d718521fca cmp_msg.c: Use issuer of reference cert as default issuer entry in certTemplate 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13357)
 2020-11-11 10:51:04 +01:00
Dr. Matthias St. Pierre
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
 2020-10-15 11:59:53 +01:00
Matt Caswell
d8652be06e Run the withlibctx.pl script 
Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)
 2020-10-01 09:25:20 +01:00
Matt Caswell
e74e562f1c Fix safestack issues in conf.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:11:20 +01:00
Matt Caswell
98c35dc48d Fix safestack issues in crmf.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:10:41 +01:00
Matt Caswell
c5a5581127 Fix safestack issues in x509_vfy.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:10:41 +01:00
Matt Caswell
798f932980 Fix safestack issues in cmp.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:10:40 +01:00
Matt Caswell
b4780134df Fix safestack issues in asn1.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:10:40 +01:00
Matt Caswell
e144fd36ce Fix safestack issues in x509v3.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:09:45 +01:00
Matt Caswell
e6623cfbff Fix safestack issues in x509.h 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
 2020-09-13 11:09:45 +01:00
Dr. David von Oheimb
bb30bce22b bugfix in apps/cmp.c and cmp_client.c: inconsistencies on retrieving extraCerts in code and doc 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
 2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
543a802fab bugfix in ossl_cmp_msg_protect(): set senderKID and extend extraCerts also for unprotected CMP requests 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
 2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
6199478101 bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
 2020-09-10 07:40:45 +02:00
Dr. David von Oheimb
a0745e2be6 Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs 
* Use strenghtened cert chain building, verifying chain using optional trust store
  while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
 2020-09-10 07:07:55 +02:00
Dr. David von Oheimb
b434b2c08d Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806)
 2020-09-08 23:24:42 +02:00
Dr. David von Oheimb
0b86eefd43 OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)
 2020-09-05 19:33:33 +02:00
Dr. David von Oheimb
15076c26d7 Strengthen chain building for CMP 
* Add -own_trusted option to CMP app
* Add OSSL_CMP_CTX_build_cert_chain()
* Add optional trust store arg to ossl_cmp_build_cert_chain()
* Extend the tests in cmp_protect_test.c and the documentation accordingly

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12791)
 2020-09-05 18:11:12 +02:00
Dr. David von Oheimb
39082af2fa Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout 
Also simplify certificate saving in apps/cmp.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790)
 2020-09-05 18:10:03 +02:00
Dr. David von Oheimb
1a5ae1da14 Add -verbosity option to apps/cmp.c and add log output also in crypto/cmp 
* In the cmp app so far the -verbosity option had been missing.
* Extend log output helpful for debugging CMP applications
  in setup_ssl_ctx() of the cmp app, ossl_cmp_msg_add_extraCerts(),
  OSSL_CMP_validate_msg(), and OSSL_CMP_MSG_http_perform().
* Correct suppression of log output with insufficient severity.
* Add logging/severity level OSSL_CMP_LOG_TRACE = OSSL_CMP_LOG_MAX.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12739)
 2020-09-01 18:53:41 +02:00
Dr. David von Oheimb
6d1f50b520 Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:13 +02:00
Dr. David von Oheimb
cac30a69bc cmp_msg.c: Copy libctx and propq of CMP_CTX to newly enrolled certificate 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
28e9f62b2d cmp_util.c: Add OPENSSL_CTX parameter to ossl_cmp_build_cert_chain(), improve its doc 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
1930b58642 cmp_hdr.c: Adapt ossl_cmp_hdr_init() to use OPENSSL_CTX for random number generation 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:12 +02:00
Dr. David von Oheimb
2300083887 crypto/cmp: Prevent misleading errors in case x509v3_cache_extensions() fails 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
97e00da902 Add OPENSSL_CTX parameter to OSSL_CRMF_pbmp_new() and improve its doc 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
1a7cd250ad Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new() 
Also remove not really to-the-point error message if call fails in apps/cmp.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:11 +02:00
Dr. David von Oheimb
7b1a3a5062 cmp_vfy.c: Fix bug: must verify msg signature also in 3GPP mode 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
 2020-08-21 09:04:10 +02:00
Dr. David von Oheimb
eeccc23723 Introduce X509_add_cert[s] simplifying various additions to cert lists 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12615)
 2020-08-12 13:54:37 +02:00
Dr. David von Oheimb
1202de4481 Add OSSL_CMP_MSG_write(), use it in apps/cmp.c 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:14:51 +02:00
Dr. David von Oheimb
fafa56a14f Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c 
Fixes #12403

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
 2020-07-30 20:14:49 +02:00
Dr. David von Oheimb
593d6554f8 Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM() 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
 2020-07-30 09:38:08 +02:00
Dr. David von Oheimb
299e0f1eae Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq() 
Fixes #12395

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
 2020-07-30 09:38:08 +02:00