summaryrefslogtreecommitdiffstats
path: root/crypto/cmp
AgeCommit message (Collapse)Author
2023-06-06allow to disable httpVladimír Kotal
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
2023-06-01cmp_client.c: add comment on certConf and add 'ossl_unused' to two functionsDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21086)
2023-06-01CMP: add support for genm/genp messages with id-it-caCertsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19231)
2023-05-30cmp_http.c: Remove obsolete comment w.r.t. ERR_clear_error()Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17354)
2023-05-12CMP client: fix checking new cert enrolled with oldcert and without private keyDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
2023-05-12CMP client: fix error response on -csr without private key, also in docsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
2023-04-18crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210Dr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20298)
2023-03-25CMP add: fix -reqin option, which requires adding ↵Dr. David von Oheimb
OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
2023-03-21nit: tidy-up code, and fix a typo.FdaSilvaYY
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20436)
2023-03-20cmp_msg.c: free memory of certStatus before goto errJAVAID Mohammad-Habib
CLA: trivial Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20406)
2023-02-13OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled certDr. David von Oheimb
Also add corresponding tests and to this end update credentials Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20160)
2023-02-08CMP cert_response(): add missing rejection status on client rejecting new certDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent ↵Dr. David von Oheimb
request of a transaction Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08cmp_ctx.c: fix wrong comments on OSSL_CMP_CTX_set1_{recipient,issuer}Dr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08CMP check_transactionID_or_nonce(): fix reason code on unmatched recipNonceDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-02-08ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0)Dr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20190)
2023-01-26Fix Coverity 1520485: logically dead codePauli
The check is unnecessary as the condition is already checked before the switch statement. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20121)
2023-01-23cmp_client.c: fix handling of total_timeout for RR and GENM transactionsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391)
2023-01-23cmp_client_test.c: add tests for end_time being initialized for RR/GENMDr. David von Oheimb
To this end, tweak the internal handling of ctx->total_timeout. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391)
2022-12-08OSSL_CMP_validate_msg(): make sure to reject protection type mismatchDr. David von Oheimb
Do not accept password-based if expected signature-based and no secret is available and do not accept signature-based if expected password-based and no trust anchors available. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19729)
2022-12-07Compensate for CMP-related TODOs removed by PR #15539Dr. David von Oheimb
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/16006)
2022-11-25add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() functionDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-25OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVsDr. David von Oheimb
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-25CMP: fix gen_new() in cmp_msg.c checking wrong ITAVsDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
2022-11-24CMP: fix handling of unset or missing failInfo PKI status informationDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205)
2022-11-24CMP: fix status held in OSSL_CMP_CTX, in particular for genp messagesDr. David von Oheimb
On this occasion, replace magic constants by mnemonic ones; update doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205)
2022-11-24CMP+CRMF: fix formatting nits in crypto/, include/, and test/Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19230)
2022-11-23CMP: add API functions OSSL_CMP_CTX_get0_libctx() and OSSL_CMP_CTX_get0_propq()Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19715)
2022-10-12crypto/*: Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY
partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-12crypto: Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY
partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - file name -> filename - host name -> hostname Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-06Rename ossl_sleep calls to OSSL_sleep everywhereRichard Levitte
Also, remove inclusions of internal/e_os.h where it seems no longer necessary. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19330)
2022-10-05Stop raising ERR_R_MALLOC_FAILURE in most placesRichard Levitte
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
2022-09-30Fix missing null checkGraham Woodward
Don't add 1 if strchr returns NULL PR update Fixes #19279 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19282)
2022-08-24CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and ↵Dr. David von Oheimb
its doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18929)
2022-08-24CMP: fix crash in check_transactionID_or_nonce() on 'actual' being NULLDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18929)
2022-07-20Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg()Dr. David von Oheimb
Also change ossl_cmp_ctx_set0_validatedSrvCert() to ossl_cmp_ctx_set1_validatedSrvCert(), and add respective tests as well as the -srvcertout CLI option using the new function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18656)
2022-07-19libcrypto refactoring: introduce and use ossl_asn1_string_set_bits_left()Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18668)
2022-07-11cmp_http.c: extend comment in keep_alive()Dr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18702)
2022-07-01CMP: implement optional hashAlg field of certConf CMPv3 messageDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18294)
2022-07-01CMP: introduce version 3, while version 2 stays the defaultDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18294)
2022-06-29Fix memory leak in cmp_calc_protection()slontis
Triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18670)
2022-05-04Remove duplicated #include headersJHH20
CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220)
2022-05-03Update copyright yearMatt Caswell
Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
2022-03-12OSSL_CMP_CTX_setup_CRM(): Fix handling of defaults from CSR and refcertDr. David von Oheimb
Also update and complete related documentation. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17726)
2022-02-22CMP: add subject of any provided CSR as default message senderDr. David von Oheimb
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17723)
2022-02-05Move e_os.h to include/internalRichard Levitte
Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
2022-01-07asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying codeDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17363)
2022-01-05Fix typosDimitris Apostolou
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17392)
2021-12-30OSSL_CMP_CTX: rename get/set function for trustedStoreDr. David von Oheimb
This makes the naming more consistent, in a backward-compatible way Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17277)
2021-12-21add OSSL_STACK_OF_X509_free() for commonly used patternDr. David von Oheimb
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 18:04:16 +0000