summaryrefslogtreecommitdiffstats
path: root/crypto/cmp
AgeCommit message (Collapse)Author
2023-09-19Copyright year updatesRichard Levitte
Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes
2023-08-03crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ↵Dr. David von Oheimb
ossl_cmp_asn1_get_int() Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21579) (cherry picked from commit 2c8d9f19e351a84d4329fbe2f68a4a8a49cad3ef)
2023-05-30Update copyright yearTomas Mraz
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2023-05-12CMP client: fix checking new cert enrolled with oldcert and without private keyDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832) (cherry picked from commit e0f1ec3b2ec1b137695abc3199a62def5965351f)
2023-05-12CMP client: fix error response on -csr without private key, also in docsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832) (cherry picked from commit 2d6585986f3b754750b25e7a296a08e7129a5320)
2023-04-18CMP cert_response(): add missing rejection status on client rejecting new certDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20257) (cherry picked from commit 44e816bd540c8687c1b4995febbde2626a655338)
2023-04-18OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent ↵Dr. David von Oheimb
request of a transaction Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20257) (cherry picked from commit 7cd91d221f630f18eb2cc5c01c4204e31c0a15aa)
2023-04-18cmp_ctx.c: fix wrong comments on OSSL_CMP_CTX_set1_{recipient,issuer}Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20257) (cherry picked from commit 56d5c55de779f35d4e66ae4b791ef1488ab1f57a)
2023-04-18CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonceDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20257) (cherry picked from commit 40eea44884dff96ffd753bfe66c025145a69191b)
2023-04-18ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20257) (cherry picked from commit 2eb7a11035144b5556b81aa7e8233927165a5880)
2023-04-18crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210Dr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20298) (cherry picked from commit 25b18e629d5cab40f88b33fd9ecf0d69e08c7707)
2023-03-25CMP add: fix -reqin option, which requires adding ↵Dr. David von Oheimb
OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204) (cherry picked from commit b75d56dee09ac6f1fdb75169da891668cf181066)
2023-03-21nit: tidy-up code, and fix a typo.FdaSilvaYY
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20436) (cherry picked from commit f42d6b7ae62a2b2914b144153af56096f9b4a6d5)
2023-03-20cmp_msg.c: free memory of certStatus before goto errJAVAID Mohammad-Habib
CLA: trivial Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20406) (cherry picked from commit c9c99018a887bfac1fe5a5ae6dcd8a5647494504)
2023-03-14Update copyright yearMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/20508)
2023-02-13OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled certDr. David von Oheimb
Also add corresponding tests and to this end update credentials Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20160) (cherry picked from commit 6b58f498b3f5d8e4c9197c3c5228fb450e33aaaf)
2023-01-26Fix Coverity 1520485: logically dead codePauli
The check is unnecessary as the condition is already checked before the switch statement. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20121) (cherry picked from commit 01a17b24f6649fc192ba6bb9ea34e28ce9678e6c)
2023-01-23cmp_client.c: fix handling of total_timeout for RR and GENM transactionsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391) (cherry picked from commit d7d1d0928af2f14e7e187fa8c78115d0d1aa28eb)
2023-01-23cmp_client_test.c: add tests for end_time being initialized for RR/GENMDr. David von Oheimb
To this end, tweak the internal handling of ctx->total_timeout. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391) (cherry picked from commit b908ec0f217da0a23f9d81442f81d44c94c98f23)
2022-12-12OSSL_CMP_validate_msg(): make sure to reject protection type mismatchDr. David von Oheimb
Do not accept password-based if expected signature-based and no secret is available and do not accept signature-based if expected password-based and no trust anchors available. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19861)
2022-12-01Update copyright yearTomas Mraz
Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19803)
2022-11-25add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() functionDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit a2ede0396addd13f7fe9a629b450a14892152a83)
2022-11-25OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVsDr. David von Oheimb
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit 1c04866c671db4a6db0a1784399b351ea061bc16)
2022-11-25CMP: fix gen_new() in cmp_msg.c checking wrong ITAVsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit 7e3034939b40ee15013bdba9ff6178de6bcc26d4)
2022-11-24CMP: fix handling of unset or missing failInfo PKI status informationDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205) (cherry picked from commit cba0e2afd6a222aa041e05f8455e83c9e959d05b)
2022-11-24CMP: fix status held in OSSL_CMP_CTX, in particular for genp messagesDr. David von Oheimb
On this occasion, replace magic constants by mnemonic ones; update doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205) (cherry picked from commit 19ddcc4cbb43464493a4b82332a1ab96da823451)
2022-11-23crypto: Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY
partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - file name -> filename - host name -> hostname Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059) (cherry picked from commit 1567a821a4616f59748fa8982724f88e542867d6)
2022-11-21Remove duplicated #include headersJHH20
CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220) (cherry picked from commit e257d3e76ffb848b7607b04057257323dc51c3b4)
2022-11-11Move e_os.h to include/internalRichard Levitte
Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641) (cherry picked from commit d5f9166bacfb3757dfd6117310ad54ab749b11f9) Reviewed-by: Hugo Landau <hlandau@openssl.org>
2022-11-09Fix typosDimitris Apostolou
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17392) (cherry picked from commit e304aa87b35fac5ea97c405dd3c21549faa45e78)
2022-10-11Update copyright yearMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19382)
2022-09-30Fix missing null check in ossl_cmp_log_parse_metadata()Graham Woodward
Don't add 1 if strchr returns NULL Fixes #19279 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19282) (cherry picked from commit b85d53c1670e47273827bba508daff310c3263ab)
2022-08-24CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and ↵Dr. David von Oheimb
its doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18929) (cherry picked from commit 7af110f9f5fb9b039cc09b63768a0b989a7bf5ad)
2022-07-11cmp_http.c: extend comment in keep_alive()Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18702) (cherry picked from commit 93d9d6097685dc29e654db15c091c550aef16d5b)
2022-07-05Update copyright yearRichard Levitte
Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes
2022-06-29Fix memory leak in cmp_calc_protection()slontis
Triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18670)
2022-03-15Update copyright yearMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2022-03-12OSSL_CMP_CTX_setup_CRM(): Fix handling of defaults from CSR and refcertDr. David von Oheimb
Also update and complete related documentation. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17726) (cherry picked from commit c8c923454b52d64234c941553d81143918e502ea)
2021-12-09OSSL_CMP_MSG_read(): Fix mem leak on file read errorDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17225) (cherry picked from commit d580c2790f9f304533a3eda2a9cf6b8eb22830c3)
2021-11-17cmp_server.c: Log received request type before checking detailsDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16051)
2021-10-12cmp_vfy.c, encoder_lib.c: Fix potential leak of a BIOTomas Mraz
Fixes #16787 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16804) (cherry picked from commit 374d5cf2f6b8bdf87c04b5e293a7d291f2c23203)
2021-09-07Update copyright yearRichard Levitte
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16534)
2021-08-24Fix CMP code to not assume NUL terminated stringsMatt Caswell
ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
2021-06-30OSSL_CRMF_{CERTTEMPLATE,CERTID}_get0_serialNumber(): Make result const for ↵Dr. David von Oheimb
consistency Also make doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod consistent with crmf.h.in regarding const results Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15790)
2021-06-30CMP: Add missing getter functions to CRMF API and CMP APIDr. David von Oheimb
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15790)
2021-06-29ossl_cmp_error_new(): Fix Coverity issue 1486534, and consequently also ↵Dr. David von Oheimb
issues 1486536 and 1486533 The issues are due to an integer overflow that may happen on '(ERR_SYSTEM_FLAG << 1)'. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15938)
2021-06-25CMP: Improve reporting of error codes and related strings via 'error' msgDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15879)
2021-06-25CMP: Clean up internal message creation API and its documentationDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15879)
2021-06-23cmp_server.c: Fix check: certConf not allowed after transaction is closedDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15848)
2021-06-23cmp_client.c: Print checkAfter value from pollRep before it may get modifiedDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15848)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-10 18:56:20 +0000