diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index c6f37ef4df..e1ecc40838 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -28,7 +28,6 @@ ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = { } ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) - ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = { ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR), ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING), @@ -36,19 +35,16 @@ ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = { } ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) - ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT) - ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT) - ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = { /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509), @@ -59,7 +55,6 @@ ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = { } ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) - ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI), ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER), @@ -255,7 +250,6 @@ ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { } ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) - ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = { ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert, OSSL_CMP_CERTORENCCERT), @@ -266,20 +260,17 @@ ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = { } ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) - ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = { ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE), ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS) } ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) - ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT, OSSL_CMP_REVDETAILS) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT) - ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = { ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI), ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID, @@ -288,7 +279,6 @@ ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = { } ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) - ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = { ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI), ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0), @@ -298,7 +288,6 @@ ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = { } ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) - ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS) diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 26635db850..cffd258f18 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -487,6 +487,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, { X509_STORE *out_trusted = OSSL_CMP_CTX_get_certConf_cb_arg(ctx); STACK_OF(X509) *chain = NULL; + (void)text; /* make (artificial) use of var to prevent compiler warning */ if (fail_info != 0) /* accept any error flagged by CMP core library */ @@ -702,7 +703,6 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, const OSSL_CRMF_MSG *crm) { - OSSL_CMP_MSG *rep = NULL; int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR; int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID; @@ -809,7 +809,8 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx) OSSL_CRMF_CERTTEMPLATE *tmpl = sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails; const X509_NAME *issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl); - const ASN1_INTEGER *serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl); + const ASN1_INTEGER *serial = + OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl); if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) != num_RevDetails) { ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT); diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index f51247077d..a20eeac9dc 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -25,7 +25,7 @@ # include # include "crypto/x509.h" -#define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL) +# define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL) /* * this structure is used to store the context for CMP sessions diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 837f7523dd..dc33d8d0b3 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -59,7 +59,6 @@ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, return 1; } - OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg) { if (msg == NULL) { @@ -332,9 +331,9 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) && (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL) goto err; if (!ctx->SubjectAltName_nodefault && !HAS_SAN(ctx) && refcert != NULL - && (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), - NID_subject_alt_name, NULL, NULL)) - != NULL + && (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), + NID_subject_alt_name, NULL, NULL)) + != NULL && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) goto err; if (ctx->reqExtensions != NULL /* augment/override existing ones */ @@ -543,15 +542,15 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) /* Fill the template from the contents of the certificate to be revoked */ ret = ctx->oldCert != NULL - ? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, - NULL /* pubkey would be redundant */, - NULL /* subject would be redundant */, - X509_get_issuer_name(ctx->oldCert), - X509_get0_serialNumber(ctx->oldCert)) - : OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, - X509_REQ_get0_pubkey(ctx->p10CSR), - X509_REQ_get_subject_name(ctx->p10CSR), - NULL, NULL); + ? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, + NULL /* pubkey would be redundant */, + NULL /* subject would be redundant */, + X509_get_issuer_name(ctx->oldCert), + X509_get0_serialNumber(ctx->oldCert)) + : OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, + X509_REQ_get0_pubkey(ctx->p10CSR), + X509_REQ_get_subject_name(ctx->p10CSR), + NULL, NULL); if (!ret) goto err; diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 93b6116ef3..7ff46a6dc1 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -92,7 +92,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, if ((prot = ASN1_BIT_STRING_new()) == NULL) goto end; - /* OpenSSL defaults all bit strings to be encoded as ASN.1 NamedBitList */ + /* OpenSSL by default encodes all bit strings as ASN.1 NamedBitList */ ossl_asn1_string_set_bits_left(prot, 0); if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) { ASN1_BIT_STRING_free(prot); diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c index 46be6b6899..bb93ac9389 100644 --- a/crypto/cmp/cmp_status.c +++ b/crypto/cmp/cmp_status.c @@ -180,11 +180,11 @@ char *snprint_PKIStatusInfo_parts(int status, int fail_info, || (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL) return NULL; -#define ADVANCE_BUFFER \ - if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \ - return NULL; \ - write_ptr += printed_chars; \ - bufsize -= printed_chars; +#define ADVANCE_BUFFER \ + if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \ + return NULL; \ + write_ptr += printed_chars; \ + bufsize -= printed_chars; printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string); ADVANCE_BUFFER; diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 04acf49dee..f3c21c5d91 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -189,7 +189,7 @@ void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn) BIO_free(bio); } #else - /* ERR_raise(ERR_LIB_CMP, CMP_R_NO_STDIO) makes no sense during error printing */ + /* ERR_raise(..., CMP_R_NO_STDIO) would make no sense here */ #endif } else { if (log_fn(component, file, line, OSSL_CMP_LOG_ERR, msg) <= 0) @@ -243,6 +243,7 @@ int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, const ASN1_OCTET_STRING *src) { ASN1_OCTET_STRING *new; + if (tgt == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return 0; diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 3e402293c9..cc71c6ce04 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -329,6 +329,7 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx, ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, OSSL_CMP_CERTREQID); X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey); + /* * maybe better use get_cert_status() from cmp_client.c, which catches * errors @@ -421,6 +422,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, : "no trusted store"); } else { STACK_OF(X509) *trusted = X509_STORE_get1_all_certs(ctx->trusted); + ret = check_msg_with_certs(ctx, trusted, mode_3gpp ? "self-issued extraCerts" : "certs in trusted store", diff --git a/crypto/crmf/crmf_asn.c b/crypto/crmf/crmf_asn.c index 3354b89736..3a5bc3e71c 100644 --- a/crypto/crmf/crmf_asn.c +++ b/crypto/crmf/crmf_asn.c @@ -26,14 +26,14 @@ ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO) = { } ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO) - ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) = { - ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.string, ASN1_UTF8STRING), - ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.generalName, GENERAL_NAME) + ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, + value.string, ASN1_UTF8STRING), + ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, + value.generalName, GENERAL_NAME) } ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) - ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = { ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID, privateKey, OSSL_CRMF_PRIVATEKEYINFO), ASN1_OPT(OSSL_CRMF_ENCKEYWITHID, identifier, @@ -41,7 +41,6 @@ ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = { } ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID) - ASN1_SEQUENCE(OSSL_CRMF_CERTID) = { ASN1_SIMPLE(OSSL_CRMF_CERTID, issuer, GENERAL_NAME), ASN1_SIMPLE(OSSL_CRMF_CERTID, serialNumber, ASN1_INTEGER) @@ -49,7 +48,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTID) = { IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) - ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = { ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR, 0), ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR, 1), @@ -66,7 +64,6 @@ ASN1_SEQUENCE(OSSL_CRMF_SINGLEPUBINFO) = { } ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) - ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = { ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER), ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO, pubInfos, @@ -75,14 +72,12 @@ ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = { IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO) - ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE) = { ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, algId, X509_ALGOR), ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, value, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE) - ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = { ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0), ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1), @@ -92,7 +87,6 @@ ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = { } ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY) - ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = { ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING), ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, owf, X509_ALGOR), @@ -101,7 +95,6 @@ ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = { } ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) - ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = { ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender, GENERAL_NAME, 0), @@ -110,7 +103,6 @@ ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = { } ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) - ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = { ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, authInfo, OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO), @@ -118,7 +110,6 @@ ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = { } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT) - ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = { ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY, poposkInput, OSSL_CRMF_POPOSIGNINGKEYINPUT, 0), @@ -127,7 +118,6 @@ ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = { } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY) - ASN1_CHOICE(OSSL_CRMF_POPO) = { ASN1_IMP(OSSL_CRMF_POPO, value.raVerified, ASN1_NULL, 0), ASN1_IMP(OSSL_CRMF_POPO, value.signature, OSSL_CRMF_POPOSIGNINGKEY, 1), @@ -136,7 +126,6 @@ ASN1_CHOICE(OSSL_CRMF_POPO) = { } ASN1_CHOICE_END(OSSL_CRMF_POPO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO) - ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY); ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { @@ -165,7 +154,6 @@ ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { } ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0, &attributetypeandvalue_default_tt, NULL); - ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT), ASN1_ADB_OBJECT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) @@ -174,14 +162,12 @@ ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) - ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY) = { ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0), ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1) } ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY) - ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = { ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0), /* @@ -208,7 +194,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = { } ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) - ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = { ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certReqId, ASN1_INTEGER), ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certTemplate, OSSL_CRMF_CERTTEMPLATE), @@ -218,7 +203,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = { IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST) - ASN1_SEQUENCE(OSSL_CRMF_MSG) = { ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST), ASN1_OPT(OSSL_CRMF_MSG, popo, OSSL_CRMF_POPO), diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index aaafda4ba3..13d8cf19c3 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -81,7 +81,6 @@ int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \ return 0; \ } - /*- * Pushes the given control attribute into the controls stack of a CertRequest * (section 6) @@ -244,7 +243,6 @@ IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs, ASN1_UTF8STRING, regInfo) /* id-regInfo-certReq to regInfo (section 7.2) */ IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo) - /* retrieves the certificate template of crm */ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm) { @@ -255,7 +253,6 @@ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm) return crm->certReq->certTemplate; } - int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, ASN1_TIME *notBefore, ASN1_TIME *notAfter) { @@ -275,7 +272,6 @@ int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, return 1; } - int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid) { if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) { @@ -315,7 +311,6 @@ int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm) return crmf_asn1_get_int(crm->certReq->certReqId); } - int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts) { @@ -336,7 +331,6 @@ int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, return 1; } - int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext) { @@ -396,7 +390,6 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, NULL, pkey, digest, libctx, propq); } - int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, EVP_PKEY *pkey, const EVP_MD *digest, OSSL_LIB_CTX *libctx, const char *propq) @@ -537,7 +530,7 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, } const X509_PUBKEY - *OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl) +*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->publicKey : NULL; } @@ -550,20 +543,20 @@ const ASN1_INTEGER } const X509_NAME - *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl) +*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->subject : NULL; } /* retrieves the issuer name of the given cert template or NULL on error */ const X509_NAME - *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) +*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->issuer : NULL; } X509_EXTENSIONS - *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl) +*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->extensions : NULL; } @@ -576,7 +569,8 @@ const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) } /* retrieves the serialNumber of the given CertId or NULL on error */ -const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid) +const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID + *cid) { return cid != NULL ? cid->serialNumber : NULL; } @@ -609,7 +603,6 @@ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, return 1; } - /*- * Decrypts the certificate in the given encryptedValue using private key pkey. * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2. diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h index 3b8c3701b5..f8d028442b 100644 --- a/crypto/crmf/crmf_local.h +++ b/crypto/crmf/crmf_local.h @@ -126,7 +126,6 @@ struct ossl_crmf_singlepubinfo_st { DEFINE_STACK_OF(OSSL_CRMF_SINGLEPUBINFO) typedef STACK_OF(OSSL_CRMF_SINGLEPUBINFO) OSSL_CRMF_PUBINFOS; - /*- * PKIPublicationInfo ::= SEQUENCE { * action INTEGER { diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 96590a80f0..ec32e30598 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -11,7 +11,6 @@ * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. */ - #include #include @@ -200,7 +199,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL) || OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname), - OBJ_nid2obj(hmac_md_nid), 0) <= 0) { + OBJ_nid2obj(hmac_md_nid), 0) <= 0) { ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; } diff --git a/include/crypto/cmperr.h b/include/crypto/cmperr.h index ac61dd4875..9cbd380618 100644 --- a/include/crypto/cmperr.h +++ b/include/crypto/cmperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/crmf.h.in b/include/openssl/crmf.h.in index 2b77607dd1..0b359870db 100644 --- a/include/openssl/crmf.h.in +++ b/include/openssl/crmf.h.in @@ -44,8 +44,8 @@ extern "C" { # define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 # define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 - typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; + DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) diff --git a/test/cmp_asn_test.c b/test/cmp_asn_test.c index 36ae8a6008..7175362934 100644 --- a/test/cmp_asn_test.c +++ b/test/cmp_asn_test.c @@ -104,7 +104,6 @@ static int test_ASN1_OCTET_STRING_set_tgt_is_src(void) return result; } - void cleanup_tests(void) { return; diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index d6cd24bede..b25d98eb9f 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -97,6 +97,7 @@ static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixture) static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture) { STACK_OF(OSSL_CMP_ITAV) *itavs = NULL; + if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx))) return 0; sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); @@ -184,7 +185,6 @@ static int test_exec_IR_ses_poll_timeout(void) return result; } - static int test_exec_CR_ses(void) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); @@ -299,6 +299,7 @@ static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture) ossl_cmp_exchange_certConf(fixture->cmp_ctx, OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable, "abcdefg"); + return TEST_int_eq(fixture->expected, res); } diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c index 5a49299b42..9e041db1a0 100644 --- a/test/cmp_hdr_test.c +++ b/test/cmp_hdr_test.c @@ -393,7 +393,6 @@ static int test_HDR_set_and_check_implicit_confirm(void) return result; } - static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture) { ASN1_OCTET_STRING *header_nonce, *header_transactionID; @@ -413,8 +412,8 @@ static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture) fixture->cmp_ctx->senderNonce))) return 0; header_transactionID = OSSL_CMP_HDR_get0_transactionID(fixture->hdr); - if (!TEST_true(0 == ASN1_OCTET_STRING_cmp(header_transactionID, - fixture->cmp_ctx->transactionID))) + if (!TEST_true(ASN1_OCTET_STRING_cmp(header_transactionID, + fixture->cmp_ctx->transactionID) == 0)) return 0; header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr); @@ -463,7 +462,6 @@ static int test_HDR_init_with_subject(void) return result; } - void cleanup_tests(void) { return; diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index 4f2ca1b40b..ba6aaad1c1 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -338,7 +338,6 @@ static int test_cmp_create_error_msg(void) return result; } - static int test_cmp_create_pollreq(void) { SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); @@ -424,7 +423,6 @@ static int test_cmp_create_certrep(void) return result; } - static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture) { OSSL_CMP_PKISI *si = OSSL_CMP_STATUSINFO_new(33, 44, "a text"); diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 9c72b25644..0612a1faee 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -515,7 +515,6 @@ static int test_X509_STORE_only_self_issued(void) return result; } - void cleanup_tests(void) { EVP_PKEY_free(loadedprivkey); @@ -578,7 +577,7 @@ int setup_tests(void) if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) loadedpubkey = loadedprivkey; if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) - || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) + || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) return 0; if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) diff --git a/test/cmp_status_test.c b/test/cmp_status_test.c index 96f9336b84..ac1c54ac19 100644 --- a/test/cmp_status_test.c +++ b/test/cmp_status_test.c @@ -34,7 +34,6 @@ static void tear_down(CMP_STATUS_TEST_FIXTURE *fixture) OPENSSL_free(fixture); } - /* * Tests PKIStatusInfo creation and get-functions */ @@ -89,8 +88,6 @@ static int test_PKISI(void) return result; } - - void cleanup_tests(void) { return; diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index b17f17baeb..3ffc9654a9 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -98,6 +98,7 @@ static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture) if (fixture->expected == 0) { const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir; const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0); + if (req == NULL || !flip_bit(req->popo->value.signature->signature)) return 0; } @@ -218,6 +219,7 @@ static int test_validate_msg_signature_partial_chain(int expired) fixture = NULL; } else { X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); + X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN); if (expired) X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration); @@ -322,13 +324,13 @@ static int test_validate_msg_signature_sender_cert_extracert(void) return result; } - #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_signature_sender_cert_absent(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) { + if (!TEST_ptr(fixture->msg = + load_pkimsg(ir_protected_0_extracerts, libctx))) { tear_down(fixture); fixture = NULL; } @@ -383,6 +385,7 @@ static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired) if (expired) { X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx); X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); + X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration); } if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong) @@ -466,6 +469,7 @@ static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected, (*fixture) = NULL; } else if (trid_data != NULL) { ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new(); + if (trid == NULL || !ASN1_OCTET_STRING_set(trid, trid_data, OSSL_CMP_TRANSACTIONID_LENGTH) @@ -567,7 +571,6 @@ void cleanup_tests(void) return; } - #define USAGE "server.crt client.crt " \ "EndEntity1.crt EndEntity2.crt " \ "Root_CA.crt Intermediate_CA.crt " \ @@ -635,7 +638,8 @@ int setup_tests(void) if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) goto err; if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)) - || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx))) + || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, + libctx))) goto err; /* Message validation tests */