root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
36,346 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

167 Commits

Author SHA1 Message Date
openssl-machine b426d08003 Copyright year updates 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
 2025-07-01 11:55:48 +00:00
JiashengJiang 612f2b0fa4 apps/cmp.c: Free bio on error to avoid memory leak
GitHub CI / check_update (push) Waiting to run Details
GitHub CI / check_docs (push) Waiting to run Details
GitHub CI / check-ansi (push) Waiting to run Details
GitHub CI / basic_gcc (push) Waiting to run Details
GitHub CI / basic_clang (push) Waiting to run Details
GitHub CI / linux-arm64 (push) Waiting to run Details
GitHub CI / freebsd-x86_64 (push) Waiting to run Details
GitHub CI / minimal (push) Waiting to run Details
GitHub CI / no-deprecated (push) Waiting to run Details
GitHub CI / no-shared-ubuntu (push) Waiting to run Details
GitHub CI / no-shared-macos (macos-13) (push) Waiting to run Details
GitHub CI / no-shared-macos (macos-14) (push) Waiting to run Details
GitHub CI / non-caching (push) Waiting to run Details
GitHub CI / address_ub_sanitizer (push) Waiting to run Details
GitHub CI / fuzz_tests (push) Waiting to run Details
GitHub CI / memory_sanitizer (push) Waiting to run Details
GitHub CI / threads_sanitizer (push) Waiting to run Details
GitHub CI / enable_non-default_options (push) Waiting to run Details
GitHub CI / full_featured (push) Waiting to run Details
GitHub CI / no-legacy (push) Waiting to run Details
GitHub CI / legacy (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run Details
GitHub CI / external-tests (push) Waiting to run Details
GitHub CI / external-test-pyca (3.9, 1.51.0) (push) Waiting to run Details
GitHub CI / external-test-cf-quiche (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Waiting to run Details
CIFuzz / Fuzzing (push) Waiting to run Details
Run-checker CI / run-checker (enable-ssl-trace) (push) Waiting to run Details
Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run Details
Run-checker CI / run-checker (no-cmp) (push) Waiting to run Details
Run-checker CI / run-checker (no-cms) (push) Waiting to run Details
Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run Details
Run-checker CI / run-checker (no-dgram) (push) Waiting to run Details
Run-checker CI / run-checker (no-dh) (push) Waiting to run Details
Run-checker CI / run-checker (no-dtls) (push) Waiting to run Details
Run-checker CI / run-checker (no-ec) (push) Waiting to run Details
Run-checker CI / run-checker (no-ecx) (push) Waiting to run Details
Run-checker CI / run-checker (no-http) (push) Waiting to run Details
Run-checker CI / run-checker (no-legacy) (push) Waiting to run Details
Run-checker CI / run-checker (no-quic) (push) Waiting to run Details
Run-checker CI / run-checker (no-sock) (push) Waiting to run Details
Run-checker CI / run-checker (no-stdio) (push) Waiting to run Details
Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run Details
Run-checker CI / run-checker (no-threads) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run Details
Run-checker CI / run-checker (no-ui) (push) Waiting to run Details
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details
Run-checker merge / run-checker (enable-pie) (push) Waiting to run Details
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run Details
Run-checker merge / run-checker (enable-zlib) (push) Waiting to run Details
Run-checker merge / run-checker (no-ct) (push) Waiting to run Details
Run-checker merge / run-checker (no-dso) (push) Waiting to run Details
Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run Details
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to run Details
Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run Details
Run-checker merge / run-checker (no-err) (push) Waiting to run Details
Run-checker merge / run-checker (no-filenames) (push) Waiting to run Details
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run Details
Run-checker merge / run-checker (no-module) (push) Waiting to run Details
Run-checker merge / run-checker (no-ocsp) (push) Waiting to run Details
Run-checker merge / run-checker (no-pinshared) (push) Waiting to run Details
Run-checker merge / run-checker (no-srp) (push) Waiting to run Details
Run-checker merge / run-checker (no-srtp) (push) Waiting to run Details
Run-checker merge / run-checker (no-ts) (push) Waiting to run Details
Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Waiting to run Details
Windows GitHub CI / plain (windows-2022) (push) Waiting to run Details
Windows GitHub CI / minimal (windows-2019) (push) Waiting to run Details
Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run Details
Windows Compression GitHub CI / zstd (push) Has been cancelled Details
Windows Compression GitHub CI / brotli (push) Has been cancelled Details 
Call BIO_free() to release bio if ASN1_i2d_bio_of() fails, preventing a memory leak.

Fixes: 6a3579e190 ("CMP: add support for requesting cert template using genm/genp")
Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27647)

(cherry picked from commit e0ae801728)
 2025-05-27 19:52:21 +02:00
Dr. David von Oheimb e472530da5 APPS/cmp.c: fix char encoding of subject, issuer, sender, and recipient DN 
Fixes #27572

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27592)

(cherry picked from commit 35e431ed6d)
 2025-05-13 14:09:09 +02:00
Rajeev Ranjan 6a3579e190 CMP: add support for requesting cert template using genm/genp 
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24409)
 2024-06-20 13:38:13 +02:00
Dr. David von Oheimb 5aec3f4a72 CMP app: fix combination of -certout and -chainout with equal filename argument 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24267)
 2024-06-18 13:52:57 -04:00
Rajeev Ranjan ee28152e86 CMP: Improvements of the support for requesting CRL 
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23768)
 2024-05-01 14:59:39 +02:00
Dr. David von Oheimb 40a200f9e7 CMP: add support for genm with crlStatusList and genp with crls 
Introduce the capability to retrieve and update Certificate Revocation Lists
(CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483.

To request a CRL update, the CMP client can send a genm message with the
option -infotype crlStatusList. The server will respond with a genp message
containing the updated CRL, using the -infoType id-it-crls. The client can
then save the CRL in a specified file using the -crlout parameter.

Co-authored-by: Rajeev Ranjan <ranjan.rajeev@siemens.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23768)
 2024-05-01 14:58:35 +02:00
Richard Levitte b646179229 Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
 2024-04-09 13:43:26 +02:00
Dr. David von Oheimb d6d9277b2e apps/cmp: improve -reqin option to read fallback public key from first request message file given 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
 2024-03-06 08:49:28 +01:00
Dr. David von Oheimb 904ee65290 apps/cmp: extend documentation and diagnostics for using -reqin in special situations 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
 2024-03-06 08:49:28 +01:00
Dr. David von Oheimb 2fbe23bbbe apps/cmp: add -reqout_only option for dumping/saving just the initial CMP request message 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
 2024-03-06 08:49:28 +01:00
Dr. David von Oheimb a143e4e3c9 apps/cmp.c: refactor to fix some coding style nits and more convenient source-level debugging 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
 2024-03-06 08:48:48 +01:00
Dr. David von Oheimb 1caaf073b0 CMP app and doc: add -no_cache_extracerts option / OSSL_CMP_OPT_NO_CACHE_EXTRACERTS 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
 2024-01-17 15:03:41 +01:00
Dr. David von Oheimb fd514375e2 CMP app: make -ignore_keyusage apply also for mock server 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
 2024-01-17 15:03:40 +01:00
Dr. David von Oheimb 0739dd0022 CMP app: make -geninfo option accept multiple ITAVs and support string values besides integers 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
 2023-12-19 13:07:19 +01:00
Dr. David von Oheimb 7c6577ba9f CMP lib and app: add optional certProfile request message header and respective -profile option 
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
 2023-12-19 13:07:19 +01:00
Dr. David von Oheimb ac0677bd23 CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS 
Fixes #21120

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)
 2023-10-10 20:36:06 +02:00
Dr. David von Oheimb 4a9299ac50 apps/cmp.c: -tls_used may be implied by -server https:...; improve related checks and doc 
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)
 2023-10-10 20:36:05 +02:00
Dimitri Papadopoulos ad31628cfe Remove repeated words 
Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21468)
 2023-09-11 10:15:30 +02:00
Matt Caswell da1c088f59 Copyright year updates 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2023-09-07 09:59:15 +01:00
Dr. David von Oheimb 374945a9aa apps/cmp.c: fix bug not allowing to reset -csr and -serial option values 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21659)
 2023-09-05 11:47:59 +01:00
Dr. David von Oheimb 01b0485131 CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
 2023-07-17 08:48:36 +10:00
Dr. David von Oheimb ec5a9cd11b rename OSSL_CMP_get{,1}_caCerts and improve OSSL_CMP_exec_certreq.pod 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)
 2023-07-17 08:48:26 +10:00
Rajeev Ranjan 1d32ec20fe CMP: support specifying certificate to be revoked via issuer and serial number 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21116)
 2023-07-10 08:03:38 +02:00
Dimitri Papadopoulos 6ea4da6e4d Fix new typos found by codespell 
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21210)
 2023-06-18 16:53:09 +10:00
Michael Baentsch 8a2e74d053 Cast the argument to unsigned char when calling isspace() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21151)
 2023-06-09 17:30:28 +02:00
Vladimír Kotal 3ca28c9e81 allow to disable http 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21108)
 2023-06-06 11:05:02 +10:00
Dr. David von Oheimb dea5e2632c apps/cmp.c: make management of http_cb_arg pointer more robust 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
 2023-06-01 10:03:06 +02:00
Dr. David von Oheimb 6ed117b32c apps/cmp.c: improve warnings on option use 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
 2023-06-01 10:03:06 +02:00
Dr. David von Oheimb d477484d33 CMP: add support for genm/genp messages with id-it-caCerts 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19231)
 2023-06-01 09:39:12 +02:00
Dr. David von Oheimb da7f81d393 APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
 2023-05-25 09:04:35 +02:00
Dr. David von Oheimb 2d6585986f CMP client: fix error response on -csr without private key, also in docs 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
 2023-05-12 10:46:27 +02:00
Dr. David von Oheimb 20d4dc8898 CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFO 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)
 2023-05-10 18:35:51 +01:00
Dr. David von Oheimb 30b9a6ec89 CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port) 
Fixes #20031

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)
 2023-05-10 18:35:38 +01:00
Tianjia Zhang a75f707fca apps: silent warning when loading CSR files with vfyopt option 
When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:

  Warning: CSR self-signature does not match the contents

This happens especially when the SM2 algorithm is used and the
distid parameter is added. Pass the vfyopts parameter to the
do_X509_REQ_verify() function to eliminate the warning message.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20799)
 2023-05-03 09:48:17 +02:00
Dr. David von Oheimb 1f757df1f3 APPS/cmp: prevent HTTP client failure on -rspin option with too few filenames 
The logic for handling inconsistent use of -rspin etc., -port, -server,
and -use_mock_srv options proved faulty.  This is fixed here, updating and
correcting also the documentation and diagnostics of the involved options.

In particular, the case that -rspin (or -rspout. reqin, -reqout) does not
provide enough message file names was not properly described and handled.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20295)
 2023-04-28 08:42:20 +02:00
Dr. David von Oheimb 4b0c27d445 CMP add: fix -reqin option, which requires adding OSSL_CMP_MSG_update_recipNonce() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
 2023-03-25 09:55:26 +01:00
Dr. David von Oheimb f1e144f277 apps/cmp.c: make sure that last -reqin argument is actually used 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
 2023-03-25 09:55:04 +01:00
Dr. David von Oheimb 77aa006976 CMP app: improve doc and help output on -{req,rsp}{in,out} options 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
 2023-03-25 09:55:04 +01:00
Dr. David von Oheimb 6b58f498b3 OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled cert 
Also add corresponding tests and to this end update credentials

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20160)
 2023-02-13 11:56:10 +01:00
Dr. David von Oheimb 6f88876d4e cmp_client_test.c: add tests for errors reported by server on subsequent requests in a transaction 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
 2023-02-08 17:05:47 +01:00
Dr. David von Oheimb 260878f7aa CMP app and doc: improve texts on (un-)trusted certs, srvCert, etc. 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19946)
 2023-02-08 16:29:00 +01:00
FdaSilvaYY 4a6e5a11c7 Fix windows builds 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20109)
 2023-01-24 11:03:19 +00:00
Dr. David von Oheimb 60c3d732b7 CMP app: fix file output of certs and cert lists on non-existing cert(s) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20035)
 2023-01-16 08:32:52 +01:00
Dr. David von Oheimb 19ddcc4cbb CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages 
On this occasion, replace magic constants by mnemonic ones; update doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
 2022-11-24 14:00:46 +01:00
Richard Levitte 5139dec255 Rename ossl_sleep calls to OSSL_sleep everywhere 
Also, remove inclusions of internal/e_os.h where it seems no longer
necessary.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19330)
 2022-10-06 08:01:09 +02:00
Dr. David von Oheimb 200d844782 APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too 
Also add related references to FR #15725.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)
 2022-09-20 20:59:50 +02:00
Dr. David von Oheimb 8aff29f020 APPS HTTP server: trace requests and responses when enabled 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18434)
 2022-09-07 23:04:25 +02:00
Dr. David von Oheimb b6fbef1159 Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg() 
Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(),
and add respective tests as well as the -srvcertout CLI option using the new function.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18656)
 2022-07-20 11:40:37 +02:00
Dr. David von Oheimb 8c094747d7 apps/cmp.c: fix cleanup of CMP_CTX vs. APP_HTTP_TLS_INFO in its http_cb_arg field 
Prevent crashes on error by making sure the info is freed after OSSL_CMP_CTX_free(),
which may call OSSL_HTTP_close() and thus indirectly reference the info.
Moreover, should not attempt to reference the cmp_ctx variable when NULL.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18702)
 2022-07-11 11:03:28 +02:00