mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-23 10:03:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

CMP+CRMF: fix formatting nits in crypto/, include/, and test/

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)
This commit is contained in:
Dr. David von Oheimb 2022-09-17 21:51:48 +02:00 committed by Dr. David von Oheimb
parent cd715b7e7f
commit 357bfe7345
21 changed files with 52 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/cmp/cmp_asn.c
View File

@ -28,7 +28,6 @@ ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
@ -36,19 +35,16 @@ ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
@ -59,7 +55,6 @@ ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
@ -255,7 +250,6 @@ ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
OSSL_CMP_CERTORENCCERT),
@ -266,20 +260,17 @@ ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
OSSL_CMP_REVDETAILS)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
@ -288,7 +279,6 @@ ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
@ -298,7 +288,6 @@ ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)

5
crypto/cmp/cmp_client.c
View File

@ -487,6 +487,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
{
X509_STORE *out_trusted = OSSL_CMP_CTX_get_certConf_cb_arg(ctx);
STACK_OF(X509) *chain = NULL;
(void)text; /* make (artificial) use of var to prevent compiler warning */
if (fail_info != 0) /* accept any error flagged by CMP core library */
@ -702,7 +703,6 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
const OSSL_CRMF_MSG *crm)
{
OSSL_CMP_MSG *rep = NULL;
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
@ -809,7 +809,8 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
OSSL_CRMF_CERTTEMPLATE *tmpl =
sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails;
const X509_NAME *issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl);
const ASN1_INTEGER *serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl);
const ASN1_INTEGER *serial =
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl);
if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) != num_RevDetails) {
ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT);

2
crypto/cmp/cmp_local.h
View File

@ -25,7 +25,7 @@
# include <openssl/x509v3.h>
# include "crypto/x509.h"
#define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL)
# define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL)
/*
* this structure is used to store the context for CMP sessions

25
crypto/cmp/cmp_msg.c
View File

@ -59,7 +59,6 @@ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
return 1;
}
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
{
if (msg == NULL) {
@ -332,9 +331,9 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
&& (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL)
goto err;
if (!ctx->SubjectAltName_nodefault && !HAS_SAN(ctx) && refcert != NULL
&& (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert),
NID_subject_alt_name, NULL, NULL))
!= NULL
&& (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert),
NID_subject_alt_name, NULL, NULL))
!= NULL
&& !add1_extension(&exts, NID_subject_alt_name, crit, default_sans))
goto err;
if (ctx->reqExtensions != NULL /* augment/override existing ones */
@ -543,15 +542,15 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
/* Fill the template from the contents of the certificate to be revoked */
ret = ctx->oldCert != NULL
? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
NULL /* pubkey would be redundant */,
NULL /* subject would be redundant */,
X509_get_issuer_name(ctx->oldCert),
X509_get0_serialNumber(ctx->oldCert))
: OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
X509_REQ_get0_pubkey(ctx->p10CSR),
X509_REQ_get_subject_name(ctx->p10CSR),
NULL, NULL);
? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
NULL /* pubkey would be redundant */,
NULL /* subject would be redundant */,
X509_get_issuer_name(ctx->oldCert),
X509_get0_serialNumber(ctx->oldCert))
: OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
X509_REQ_get0_pubkey(ctx->p10CSR),
X509_REQ_get_subject_name(ctx->p10CSR),
NULL, NULL);
if (!ret)
goto err;

2
crypto/cmp/cmp_protect.c
View File

@ -92,7 +92,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
if ((prot = ASN1_BIT_STRING_new()) == NULL)
goto end;
/* OpenSSL defaults all bit strings to be encoded as ASN.1 NamedBitList */
/* OpenSSL by default encodes all bit strings as ASN.1 NamedBitList */
ossl_asn1_string_set_bits_left(prot, 0);
if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) {
ASN1_BIT_STRING_free(prot);

10
crypto/cmp/cmp_status.c
View File

@ -180,11 +180,11 @@ char *snprint_PKIStatusInfo_parts(int status, int fail_info,
|| (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL)
return NULL;
#define ADVANCE_BUFFER \
if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \
return NULL; \
write_ptr += printed_chars; \
bufsize -= printed_chars;
#define ADVANCE_BUFFER \
if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \
return NULL; \
write_ptr += printed_chars; \
bufsize -= printed_chars;
printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string);
ADVANCE_BUFFER;

3
crypto/cmp/cmp_util.c
View File

@ -189,7 +189,7 @@ void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn)
BIO_free(bio);
}
#else
/* ERR_raise(ERR_LIB_CMP, CMP_R_NO_STDIO) makes no sense during error printing */
/* ERR_raise(..., CMP_R_NO_STDIO) would make no sense here */
#endif
} else {
if (log_fn(component, file, line, OSSL_CMP_LOG_ERR, msg) <= 0)
@ -243,6 +243,7 @@ int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt,
const ASN1_OCTET_STRING *src)
{
ASN1_OCTET_STRING *new;
if (tgt == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;

2
crypto/cmp/cmp_vfy.c
View File

@ -329,6 +329,7 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx,
ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip,
OSSL_CMP_CERTREQID);
X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey);
/*
* maybe better use get_cert_status() from cmp_client.c, which catches
* errors
@ -421,6 +422,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
: "no trusted store");
} else {
STACK_OF(X509) *trusted = X509_STORE_get1_all_certs(ctx->trusted);
ret = check_msg_with_certs(ctx, trusted,
mode_3gpp ? "self-issued extraCerts"
: "certs in trusted store",

24
crypto/crmf/crmf_asn.c
View File

@ -26,14 +26,14 @@ ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO) = {
} ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO)
ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) = {
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.string, ASN1_UTF8STRING),
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.generalName, GENERAL_NAME)
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER,
value.string, ASN1_UTF8STRING),
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER,
value.generalName, GENERAL_NAME)
} ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = {
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID, privateKey, OSSL_CRMF_PRIVATEKEYINFO),
ASN1_OPT(OSSL_CRMF_ENCKEYWITHID, identifier,
@ -41,7 +41,6 @@ ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = {
} ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID)
ASN1_SEQUENCE(OSSL_CRMF_CERTID) = {
ASN1_SIMPLE(OSSL_CRMF_CERTID, issuer, GENERAL_NAME),
ASN1_SIMPLE(OSSL_CRMF_CERTID, serialNumber, ASN1_INTEGER)
@ -49,7 +48,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTID) = {
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = {
ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR, 0),
ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR, 1),
@ -66,7 +64,6 @@ ASN1_SEQUENCE(OSSL_CRMF_SINGLEPUBINFO) = {
} ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = {
ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER),
ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO, pubInfos,
@ -75,14 +72,12 @@ ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = {
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO)
ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE) = {
ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, algId, X509_ALGOR),
ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, value, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE)
ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = {
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0),
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1),
@ -92,7 +87,6 @@ ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = {
} ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY)
ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = {
ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING),
ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, owf, X509_ALGOR),
@ -101,7 +95,6 @@ ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = {
} ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = {
ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender,
GENERAL_NAME, 0),
@ -110,7 +103,6 @@ ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = {
} ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = {
ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, authInfo,
OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO),
@ -118,7 +110,6 @@ ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = {
} ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT)
ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = {
ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY, poposkInput,
OSSL_CRMF_POPOSIGNINGKEYINPUT, 0),
@ -127,7 +118,6 @@ ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = {
} ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY)
ASN1_CHOICE(OSSL_CRMF_POPO) = {
ASN1_IMP(OSSL_CRMF_POPO, value.raVerified, ASN1_NULL, 0),
ASN1_IMP(OSSL_CRMF_POPO, value.signature, OSSL_CRMF_POPOSIGNINGKEY, 1),
@ -136,7 +126,6 @@ ASN1_CHOICE(OSSL_CRMF_POPO) = {
} ASN1_CHOICE_END(OSSL_CRMF_POPO)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
ASN1_ADB_TEMPLATE(attributetypeandvalue_default) =
ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
@ -165,7 +154,6 @@ ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
} ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0,
&attributetypeandvalue_default_tt, NULL);
ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT),
ASN1_ADB_OBJECT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
@ -174,14 +162,12 @@ ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY) = {
ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0),
ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1)
} ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0),
/*
@ -208,7 +194,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
} ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = {
ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certReqId, ASN1_INTEGER),
ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certTemplate, OSSL_CRMF_CERTTEMPLATE),
@ -218,7 +203,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = {
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST)
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST)
ASN1_SEQUENCE(OSSL_CRMF_MSG) = {
ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST),
ASN1_OPT(OSSL_CRMF_MSG, popo, OSSL_CRMF_POPO),

19
crypto/crmf/crmf_lib.c
View File

@ -81,7 +81,6 @@ int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \
return 0; \
}
/*-
* Pushes the given control attribute into the controls stack of a CertRequest
* (section 6)
@ -244,7 +243,6 @@ IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs, ASN1_UTF8STRING, regInfo)
/* id-regInfo-certReq to regInfo (section 7.2) */
IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo)
/* retrieves the certificate template of crm */
OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
{
@ -255,7 +253,6 @@ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
return crm->certReq->certTemplate;
}
int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
ASN1_TIME *notBefore, ASN1_TIME *notAfter)
{
@ -275,7 +272,6 @@ int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
return 1;
}
int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid)
{
if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) {
@ -315,7 +311,6 @@ int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm)
return crmf_asn1_get_int(crm->certReq->certReqId);
}
int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
X509_EXTENSIONS *exts)
{
@ -336,7 +331,6 @@ int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
return 1;
}
int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm,
X509_EXTENSION *ext)
{
@ -396,7 +390,6 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
NULL, pkey, digest, libctx, propq);
}
int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
EVP_PKEY *pkey, const EVP_MD *digest,
OSSL_LIB_CTX *libctx, const char *propq)
@ -537,7 +530,7 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
}
const X509_PUBKEY
*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl)
*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl)
{
return tmpl != NULL ? tmpl->publicKey : NULL;
}
@ -550,20 +543,20 @@ const ASN1_INTEGER
}
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl)
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl)
{
return tmpl != NULL ? tmpl->subject : NULL;
}
/* retrieves the issuer name of the given cert template or NULL on error */
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
{
return tmpl != NULL ? tmpl->issuer : NULL;
}
X509_EXTENSIONS
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl)
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl)
{
return tmpl != NULL ? tmpl->extensions : NULL;
}
@ -576,7 +569,8 @@ const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
}
/* retrieves the serialNumber of the given CertId or NULL on error */
const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid)
const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID
*cid)
{
return cid != NULL ? cid->serialNumber : NULL;
}
@ -609,7 +603,6 @@ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
return 1;
}
/*-
* Decrypts the certificate in the given encryptedValue using private key pkey.
* This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.

1
crypto/crmf/crmf_local.h
View File

@ -126,7 +126,6 @@ struct ossl_crmf_singlepubinfo_st {
DEFINE_STACK_OF(OSSL_CRMF_SINGLEPUBINFO)
typedef STACK_OF(OSSL_CRMF_SINGLEPUBINFO) OSSL_CRMF_PUBINFOS;
/*-
* PKIPublicationInfo ::= SEQUENCE {
* action INTEGER {

3
crypto/crmf/crmf_pbm.c
View File

@ -11,7 +11,6 @@
* CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
*/
#include <string.h>
#include <openssl/rand.h>
@ -200,7 +199,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL)
|| OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname),
OBJ_nid2obj(hmac_md_nid), 0) <= 0) {
OBJ_nid2obj(hmac_md_nid), 0) <= 0) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
goto err;
}

2
include/crypto/cmperr.h
View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

2
include/openssl/crmf.h.in
View File

@ -44,8 +44,8 @@ extern "C" {
# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0
# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1
typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)

1
test/cmp_asn_test.c
View File

@ -104,7 +104,6 @@ static int test_ASN1_OCTET_STRING_set_tgt_is_src(void)
return result;
}
void cleanup_tests(void)
{
return;

3
test/cmp_client_test.c
View File

@ -97,6 +97,7 @@ static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixture)
static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture)
{
STACK_OF(OSSL_CMP_ITAV) *itavs = NULL;
if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx)))
return 0;
sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
@ -184,7 +185,6 @@ static int test_exec_IR_ses_poll_timeout(void)
return result;
}
static int test_exec_CR_ses(void)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
@ -299,6 +299,7 @@ static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture)
ossl_cmp_exchange_certConf(fixture->cmp_ctx,
OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable,
"abcdefg");
return TEST_int_eq(fixture->expected, res);
}

6
test/cmp_hdr_test.c
View File

@ -393,7 +393,6 @@ static int test_HDR_set_and_check_implicit_confirm(void)
return result;
}
static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture)
{
ASN1_OCTET_STRING *header_nonce, *header_transactionID;
@ -413,8 +412,8 @@ static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture)
fixture->cmp_ctx->senderNonce)))
return 0;
header_transactionID = OSSL_CMP_HDR_get0_transactionID(fixture->hdr);
if (!TEST_true(0 == ASN1_OCTET_STRING_cmp(header_transactionID,
fixture->cmp_ctx->transactionID)))
if (!TEST_true(ASN1_OCTET_STRING_cmp(header_transactionID,
fixture->cmp_ctx->transactionID) == 0))
return 0;
header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr);
@ -463,7 +462,6 @@ static int test_HDR_init_with_subject(void)
return result;
}
void cleanup_tests(void)
{
return;

2
test/cmp_msg_test.c
View File

@ -338,7 +338,6 @@ static int test_cmp_create_error_msg(void)
return result;
}
static int test_cmp_create_pollreq(void)
{
SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
@ -424,7 +423,6 @@ static int test_cmp_create_certrep(void)
return result;
}
static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture)
{
OSSL_CMP_PKISI *si = OSSL_CMP_STATUSINFO_new(33, 44, "a text");

3
test/cmp_protect_test.c
View File

@ -515,7 +515,6 @@ static int test_X509_STORE_only_self_issued(void)
return result;
}
void cleanup_tests(void)
{
EVP_PKEY_free(loadedprivkey);
@ -578,7 +577,7 @@ int setup_tests(void)
if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
loadedpubkey = loadedprivkey;
if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
|| !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
|| !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
return 0;
if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
|| !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))

3
test/cmp_status_test.c
View File

@ -34,7 +34,6 @@ static void tear_down(CMP_STATUS_TEST_FIXTURE *fixture)
OPENSSL_free(fixture);
}
/*
* Tests PKIStatusInfo creation and get-functions
*/
@ -89,8 +88,6 @@ static int test_PKISI(void)
return result;
}
void cleanup_tests(void)
{
return;

12
test/cmp_vfy_test.c
View File

@ -98,6 +98,7 @@ static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
if (fixture->expected == 0) {
const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0);
if (req == NULL || !flip_bit(req->popo->value.signature->signature))
return 0;
}
@ -218,6 +219,7 @@ static int test_validate_msg_signature_partial_chain(int expired)
fixture = NULL;
} else {
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
if (expired)
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
@ -322,13 +324,13 @@ static int test_validate_msg_signature_sender_cert_extracert(void)
return result;
}
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
static int test_validate_msg_signature_sender_cert_absent(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 0;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) {
if (!TEST_ptr(fixture->msg =
load_pkimsg(ir_protected_0_extracerts, libctx))) {
tear_down(fixture);
fixture = NULL;
}
@ -383,6 +385,7 @@ static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired)
if (expired) {
X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx);
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
}
if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong)
@ -466,6 +469,7 @@ static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected,
(*fixture) = NULL;
} else if (trid_data != NULL) {
ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new();
if (trid == NULL
|| !ASN1_OCTET_STRING_set(trid, trid_data,
OSSL_CMP_TRANSACTIONID_LENGTH)
@ -567,7 +571,6 @@ void cleanup_tests(void)
return;
}
#define USAGE "server.crt client.crt " \
"EndEntity1.crt EndEntity2.crt " \
"Root_CA.crt Intermediate_CA.crt " \
@ -635,7 +638,8 @@ int setup_tests(void)
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
goto err;
if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
|| !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx)))
|| !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f,
libctx)))
goto err;
/* Message validation tests */