[openssl] master update
dev at ddvo.net
dev at ddvo.net
Thu Jul 30 18:17:36 UTC 2020
The branch master has been updated
via 1202de4481df88d63a2a5cc1e9e0450a7e72f4ac (commit)
via fafa56a14fc4787060818715c151e1ef7b25e72f (commit)
via 87d20a96510ecc78068865423e0fa127d17486de (commit)
from a3f15e237c0325718f488ebf9a242c031f4f864e (commit)
- Log -----------------------------------------------------------------
commit 1202de4481df88d63a2a5cc1e9e0450a7e72f4ac
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Sat Jul 11 12:26:22 2020 +0200
Add OSSL_CMP_MSG_write(), use it in apps/cmp.c
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
commit fafa56a14fc4787060818715c151e1ef7b25e72f
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Sat Jul 11 11:36:48 2020 +0200
Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c
Fixes #12403
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
commit 87d20a96510ecc78068865423e0fa127d17486de
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Sat Jul 11 11:21:06 2020 +0200
apps/cmp.c: Improve documentation of -recipient option
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12421)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 24 +++++-------------------
crypto/cmp/cmp_local.h | 1 -
crypto/cmp/cmp_msg.c | 24 ++++++++++++++++++++++--
doc/internal/man3/ossl_cmp_msg_create.pod | 5 -----
doc/man1/openssl-cmp.pod.in | 3 ++-
doc/man3/OSSL_CMP_MSG_get0_header.pod | 17 +++++++++++++++--
include/openssl/cmp.h | 2 ++
test/cmp_testlib.c | 2 +-
util/libcrypto.num | 2 ++
9 files changed, 49 insertions(+), 31 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 17b5bed6ff..e5f72cbea7 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -321,7 +321,7 @@ const OPTIONS cmp_options[] = {
{OPT_MORE_STR, 0, 0,
"also used as reference (defaulting to -cert) for subject DN and SANs."},
{OPT_MORE_STR, 0, 0,
- "Its issuer is used as recipient unless -srvcert, -recipient or -issuer given"},
+ "Its issuer is used as recipient unless -recipient, -srvcert, or -issuer given"},
{"revreason", OPT_REVREASON, 'n',
"Reason code to include in revocation request (rr); possible values:"},
{OPT_MORE_STR, 0, 0,
@@ -354,7 +354,7 @@ const OPTIONS cmp_options[] = {
{"srvcert", OPT_SRVCERT, 's',
"Server cert to pin and trust directly when verifying signed CMP responses"},
{"recipient", OPT_RECIPIENT, 's',
- "Distinguished Name (DN) to use as msg recipient; see man page for defaults"},
+ "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"},
{"expect_sender", OPT_EXPECT_SENDER, 's',
"DN of expected sender of responses. Defaults to subject of -srvcert, if any"},
{"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-',
@@ -934,7 +934,6 @@ static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */,
static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames)
{
char *file;
- BIO *bio;
if (msg == NULL || filenames == NULL) {
CMP_err("NULL arg to write_PKIMESSAGE");
@@ -947,17 +946,10 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames)
file = *filenames;
*filenames = next_item(file);
- bio = BIO_new_file(file, "wb");
- if (bio == NULL) {
- CMP_err1("Cannot open file '%s' for writing", file);
- return 0;
- }
- if (i2d_OSSL_CMP_MSG_bio(bio, msg) < 0) {
+ if (OSSL_CMP_MSG_write(file, msg) < 0) {
CMP_err1("Cannot write PKIMessage to file '%s'", file);
- BIO_free(bio);
return 0;
}
- BIO_free(bio);
return 1;
}
@@ -965,7 +957,6 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames)
static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
{
char *file;
- BIO *bio;
OSSL_CMP_MSG *ret;
if (filenames == NULL) {
@@ -979,15 +970,10 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
file = *filenames;
*filenames = next_item(file);
- bio = BIO_new_file(file, "rb");
- if (bio == NULL) {
- CMP_err1("Cannot open file '%s' for reading", file);
- return NULL;
- }
- ret = d2i_OSSL_CMP_MSG_bio(bio, NULL);
+
+ ret = OSSL_CMP_MSG_read(file);
if (ret == NULL)
CMP_err1("Cannot read PKIMessage from file '%s'", file);
- BIO_free(bio);
return ret;
}
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index 92f192bb5f..4e33fd339c 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -896,7 +896,6 @@ ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm,
int rid);
X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey,
const OSSL_CMP_CERTRESPONSE *crep);
-OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file);
/* from cmp_protect.c */
ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg,
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index d45a803677..6d6e3bd2b6 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -1008,13 +1008,15 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|| ossl_cmp_msg_protect(ctx, msg);
}
-OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file)
+OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file)
{
OSSL_CMP_MSG *msg = NULL;
BIO *bio = NULL;
- if (!ossl_assert(file != NULL))
+ if (file == NULL) {
+ CMPerr(0, CMP_R_NULL_ARGUMENT);
return NULL;
+ }
if ((bio = BIO_new_file(file, "rb")) == NULL)
return NULL;
@@ -1023,6 +1025,24 @@ OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file)
return msg;
}
+int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg)
+{
+ BIO *bio;
+ int res;
+
+ if (file == NULL || msg == NULL) {
+ CMPerr(0, CMP_R_NULL_ARGUMENT);
+ return -1;
+ }
+
+ bio = BIO_new_file(file, "wb");
+ if (bio == NULL)
+ return -2;
+ res = i2d_OSSL_CMP_MSG_bio(bio, msg);
+ BIO_free(bio);
+ return res;
+}
+
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg)
{
return ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new,
diff --git a/doc/internal/man3/ossl_cmp_msg_create.pod b/doc/internal/man3/ossl_cmp_msg_create.pod
index 3c236a3b49..0a10a6567e 100644
--- a/doc/internal/man3/ossl_cmp_msg_create.pod
+++ b/doc/internal/man3/ossl_cmp_msg_create.pod
@@ -6,7 +6,6 @@ ossl_cmp_bodytype_to_string,
ossl_cmp_msg_get_bodytype,
ossl_cmp_msg_set_bodytype,
ossl_cmp_msg_create,
-ossl_cmp_msg_load,
ossl_cmp_msg_gen_ITAV_push0,
ossl_cmp_msg_gen_ITAVs_push1
- functions manipulating CMP messages
@@ -19,7 +18,6 @@ ossl_cmp_msg_gen_ITAVs_push1
int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg);
int ossl_cmp_msg_set_bodytype( OSSL_CMP_MSG *msg, int type);
OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype);
- OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file);
int ossl_cmp_msg_gen_ITAV_push0(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav);
int ossl_cmp_msg_gen_ITAVs_push1(OSSL_CMP_MSG *msg,
STACK_OF(OSSL_CMP_ITAV) *itavs);
@@ -40,9 +38,6 @@ ossl_cmp_msg_create() creates and initializes a OSSL_CMP_MSG structure,
using B<ctx> for the header and B<bodytype> for the body.
Returns pointer to created OSSL_CMP_MSG on success, NULL on error.
-OSSL_CMP_MSG *ossl_cmp_msg_load() loads a OSSL_CMP_MSG from a B<file>.
-Returns pointer to created OSSL_CMP_MSG on success, NULL on error.
-
ossl_cmp_msg_gen_ITAV_push0() pushes the B<itav> to the body of the
PKIMessage B<msg> of GenMsg or GenRep type. Consumes the B<itavs> pointer.
Returns 1 on success, 0 on error.
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 216db0cb1f..45355cbdb3 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -506,10 +506,11 @@ and as default value for the expected sender of incoming CMP messages.
=item B<-recipient> I<name>
Distinguished Name (DN) to use in the recipient field of CMP request messages,
-i.e., the CMP server (usually a CA or RA entity).
+i.e., the CMP server (usually the addressed CA).
The argument must be formatted as I</type0=value0/type1=value1/type2=...>,
characters may be escaped by C<\>E<nbsp>(backslash), no spaces are skipped.
+The empty name (NULL-DN) can be given explicitly as a single slash: 'I</>'.
The recipient field in the header of a CMP message is mandatory.
If not given explicitly the recipient is determined in the following order:
diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod
index f1bf8eac32..8503b74b7c 100644
--- a/doc/man3/OSSL_CMP_MSG_get0_header.pod
+++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod
@@ -5,6 +5,8 @@
OSSL_CMP_MSG_get0_header,
OSSL_CMP_MSG_update_transactionID,
OSSL_CMP_CTX_setup_CRM,
+OSSL_CMP_MSG_read,
+OSSL_CMP_MSG_write,
d2i_OSSL_CMP_MSG_bio,
i2d_OSSL_CMP_MSG_bio
- function(s) manipulating CMP messages
@@ -16,6 +18,8 @@ i2d_OSSL_CMP_MSG_bio
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
+ OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file);
+ int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
@@ -35,6 +39,10 @@ then it copies the subject DN from there
if I<for_KUR> is set or the I<ctx> does not include a subjectAltName.
The I<rid> defines the request identifier to use, which typically is 0.
+OSSL_CMP_MSG_read() loads a DER-encoded OSSL_CMP_MSG from B<file>.
+
+OSSL_CMP_MSG_write() stores the given OSSL_CMP_MSG to B<file> in DER encoding.
+
d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I<bio>.
It assigns a pointer to the new structure to I<*msg> if I<msg> is not NULL.
@@ -55,8 +63,13 @@ NULL on error.
d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error.
-i2d_OSSL_CMP_MSG_bio() and OSSL_CMP_MSG_update_transactionID()
-return 1 on success, 0 on error.
+OSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio()
+return the parsed CMP message or NULL on error.
+
+OSSL_CMP_MSG_write() and i2d_OSSL_CMP_MSG_bio() return
+the number of bytes successfully encoded or a negative value if an error occurs.
+
+OSSL_CMP_MSG_update_transactionID() returns 1 on success, 0 on error.
=head1 HISTORY
diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h
index 378cda641d..519117d622 100644
--- a/include/openssl/cmp.h
+++ b/include/openssl/cmp.h
@@ -355,6 +355,8 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
+OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file);
+int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
diff --git a/test/cmp_testlib.c b/test/cmp_testlib.c
index d25ab7468b..ef33aa8e83 100644
--- a/test/cmp_testlib.c
+++ b/test/cmp_testlib.c
@@ -46,7 +46,7 @@ OSSL_CMP_MSG *load_pkimsg(const char *file)
{
OSSL_CMP_MSG *msg;
- (void)TEST_ptr((msg = ossl_cmp_msg_load(file)));
+ (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file)));
return msg;
}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index d53d04afa6..1a59d81624 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4993,6 +4993,8 @@ OSSL_CMP_certConf_cb ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_RR_ses ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_GENM_ses ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_http_perform ? 3_0_0 EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_read ? 3_0_0 EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_write ? 3_0_0 EXIST::FUNCTION:CMP
EVP_PKEY_gen ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_rsa_keygen_bits ? 3_0_0 EXIST::FUNCTION:RSA
EVP_PKEY_CTX_set_rsa_keygen_pubexp ? 3_0_0 EXIST::FUNCTION:RSA
More information about the openssl-commits
mailing list