[openssl] master update
dev at ddvo.net
dev at ddvo.net
Fri Jan 7 09:43:27 UTC 2022
The branch master has been updated
via fd989c734dc3f9e15d700ff9ced15125a23d4359 (commit)
via 9944df112ffbe4b6855b6a9bf88720803277cc23 (commit)
from 6e2499474cb96b28a51df1da25cc72f1cf342fad (commit)
- Log -----------------------------------------------------------------
commit fd989c734dc3f9e15d700ff9ced15125a23d4359
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue Jan 4 10:48:32 2022 +0100
apps/cmp.c: fix coding style nits reported by check-format.pl
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)
commit 9944df112ffbe4b6855b6a9bf88720803277cc23
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Fri Aug 6 12:11:13 2021 +0200
asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 30 ++++++++++++++++--------------
crypto/asn1/p5_pbev2.c | 4 ++--
crypto/asn1/x_algor.c | 28 ++++++++++++++++++++++------
crypto/cmp/cmp_protect.c | 41 +++++++++++++----------------------------
crypto/cms/cms_rsa.c | 12 +++++-------
crypto/cms/cms_sd.c | 5 ++---
include/crypto/asn1.h | 1 +
7 files changed, 61 insertions(+), 60 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 830e4cb9c8..7e3e975aac 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -940,7 +940,6 @@ static int setup_certs(char *files, const char *desc, void *ctx,
return ok;
}
-
/*
* parse and transform some options, checking their syntax.
* Returns 1 on success, 0 on error
@@ -1536,7 +1535,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (opt_subject != NULL) {
if (opt_ref == NULL && opt_cert == NULL) {
- /* use subject as default sender unless oldcert subject is used */
+ /* will use subject as sender unless oldcert subject is used */
if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject"))
return 0;
} else {
@@ -1610,8 +1609,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (pkey == NULL) {
ERR_clear_error();
desc = opt_csr == NULL
- ? "fallback public key for cert to be enrolled"
- : "public key for checking cert resulting from p10cr";
+ ? "fallback public key for cert to be enrolled"
+ : "public key for checking cert resulting from p10cr";
pkey = load_pubkey(file, format, 0, pass, engine, desc);
priv = 0;
}
@@ -1811,7 +1810,6 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx)
return 0;
}
-
/*
* set up the client-side OSSL_CMP_CTX based on options from config file/CLI
* while parsing options and checking their consistency.
@@ -2166,9 +2164,9 @@ static int read_config(void)
|| !strcmp(opt->name, OPT_MORE_STR))
n_options--;
OPENSSL_assert(OSSL_NELEM(cmp_vars) == n_options
- + OPT_PROV__FIRST + 1 - OPT_PROV__LAST
- + OPT_R__FIRST + 1 - OPT_R__LAST
- + OPT_V__FIRST + 1 - OPT_V__LAST);
+ + OPT_PROV__FIRST + 1 - OPT_PROV__LAST
+ + OPT_R__FIRST + 1 - OPT_R__LAST
+ + OPT_V__FIRST + 1 - OPT_V__LAST);
for (opt = &cmp_options[start_opt], i = start_idx;
opt->name != NULL; i++, opt++) {
int provider_option = (OPT_PROV__FIRST <= opt->retval
@@ -2503,7 +2501,7 @@ static int get_opts(int argc, char **argv)
break;
case OPT_REVREASON:
opt_revreason = opt_int_arg();
- if (opt_revreason < CRL_REASON_NONE
+ if (opt_revreason < CRL_REASON_NONE
|| opt_revreason > CRL_REASON_AA_COMPROMISE
|| opt_revreason == 7) {
CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10");
@@ -2648,7 +2646,8 @@ static int get_opts(int argc, char **argv)
}
#ifndef OPENSSL_NO_SOCK
-static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
+static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx)
+{
BIO *acbio;
BIO *cbio = NULL;
int keep_alive = 0;
@@ -2713,7 +2712,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
}
if (!ret || !keep_alive
|| OSSL_CMP_CTX_get_status(srv_cmp_ctx) == -1
- /* transaction closed by OSSL_CMP_CTX_server_perform() */) {
+ /* transaction closed by OSSL_CMP_CTX_server_perform() */) {
BIO_free_all(cbio);
cbio = NULL;
}
@@ -2769,7 +2768,8 @@ int cmp_main(int argc, char **argv)
/* read default values for options from config file */
configfile = opt_config != NULL ? opt_config : default_config_file;
if (configfile != NULL && configfile[0] != '\0' /* non-empty string */
- && (configfile != default_config_file || access(configfile, F_OK) != -1)) {
+ && (configfile != default_config_file
+ || access(configfile, F_OK) != -1)) {
CMP_info2("using section(s) '%s' of OpenSSL configuration file '%s'",
opt_section, configfile);
conf = app_load_config(configfile);
@@ -2814,7 +2814,8 @@ int cmp_main(int argc, char **argv)
set_base_ui_method(UI_null());
if (opt_engine != NULL) {
- engine = setup_engine_methods(opt_engine, 0 /* not: ENGINE_METHOD_ALL */, 0);
+ engine = setup_engine_methods(opt_engine,
+ 0 /* not: ENGINE_METHOD_ALL */, 0);
if (engine == NULL) {
CMP_err1("cannot load engine %s", opt_engine);
goto err;
@@ -2836,8 +2837,9 @@ int cmp_main(int argc, char **argv)
&& opt_tls_host == NULL) {
if (opt_tls_used)
CMP_warn("-tls_used given without any other TLS options");
- } else if (!opt_tls_used)
+ } else if (!opt_tls_used) {
CMP_warn("ignoring TLS options(s) since -tls_used is not given");
+ }
if (opt_port != NULL) {
if (opt_tls_used) {
CMP_err("-tls_used option not supported with -port option");
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index 711743a77b..82292626de 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -9,6 +9,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
+#include "crypto/asn1.h"
#include <openssl/asn1t.h>
#include <openssl/core.h>
#include <openssl/core_names.h>
@@ -208,10 +209,9 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen,
/* prf can stay NULL if we are using hmacWithSHA1 */
if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
- kdf->prf = X509_ALGOR_new();
+ kdf->prf = ossl_X509_ALGOR_from_nid(prf_nid, V_ASN1_NULL, NULL);
if (kdf->prf == NULL)
goto merr;
- X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
}
/* Finally setup the keyfunc structure */
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index c0a5f76803..f56ec92f65 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -43,7 +43,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
ASN1_OBJECT_free(alg->algorithm);
alg->algorithm = aobj;
- if (ptype == 0)
+ if (ptype == V_ASN1_EOC)
return 1;
if (ptype == V_ASN1_UNDEF) {
ASN1_TYPE_free(alg->parameter);
@@ -53,6 +53,25 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
return 1;
}
+X509_ALGOR *ossl_X509_ALGOR_from_nid(int nid, int ptype, void *pval)
+{
+ ASN1_OBJECT *algo = OBJ_nid2obj(nid);
+ X509_ALGOR *alg = NULL;
+
+ if (algo == NULL)
+ return NULL;
+ if ((alg = X509_ALGOR_new()) == NULL)
+ goto err;
+ if (X509_ALGOR_set0(alg, algo, ptype, pval))
+ return alg;
+ alg->algorithm = NULL; /* precaution to prevent double free */
+
+ err:
+ X509_ALGOR_free(alg);
+ ASN1_OBJECT_free(algo);
+ return NULL;
+}
+
void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
const void **ppval, const X509_ALGOR *algor)
{
@@ -176,15 +195,12 @@ int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
goto err;
if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL)
goto err;
- *palg = X509_ALGOR_new();
+ *palg = ossl_X509_ALGOR_from_nid(NID_mgf1, V_ASN1_SEQUENCE, stmp);
if (*palg == NULL)
goto err;
- X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
stmp = NULL;
err:
ASN1_STRING_free(stmp);
X509_ALGOR_free(algtmp);
- if (*palg != NULL)
- return 1;
- return 0;
+ return *palg != NULL;
}
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index a7ca580cc9..a35944f2c2 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -10,6 +10,7 @@
*/
#include "cmp_local.h"
+#include "crypto/asn1.h"
/* explicit #includes not strictly needed since implied by the above: */
#include <openssl/asn1t.h>
@@ -184,15 +185,16 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
* Create an X509_ALGOR structure for PasswordBasedMAC protection based on
* the pbm settings in the context
*/
-static int set_pbmac_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg)
+static X509_ALGOR *pbmac_algor(const OSSL_CMP_CTX *ctx)
{
OSSL_CRMF_PBMPARAMETER *pbm = NULL;
unsigned char *pbm_der = NULL;
int pbm_der_len;
ASN1_STRING *pbm_str = NULL;
+ X509_ALGOR *alg = NULL;
if (!ossl_assert(ctx != NULL))
- return 0;
+ return NULL;
pbm = OSSL_CRMF_pbmp_new(ctx->libctx, ctx->pbm_slen,
EVP_MD_get_type(ctx->pbm_owf), ctx->pbm_itercnt,
@@ -200,47 +202,30 @@ static int set_pbmac_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg)
pbm_str = ASN1_STRING_new();
if (pbm == NULL || pbm_str == NULL)
goto err;
-
if ((pbm_der_len = i2d_OSSL_CRMF_PBMPARAMETER(pbm, &pbm_der)) < 0)
goto err;
-
if (!ASN1_STRING_set(pbm_str, pbm_der, pbm_der_len))
goto err;
- if (*alg == NULL && (*alg = X509_ALGOR_new()) == NULL)
- goto err;
- OPENSSL_free(pbm_der);
-
- X509_ALGOR_set0(*alg, OBJ_nid2obj(NID_id_PasswordBasedMAC),
- V_ASN1_SEQUENCE, pbm_str);
- OSSL_CRMF_PBMPARAMETER_free(pbm);
- return 1;
-
+ alg = ossl_X509_ALGOR_from_nid(NID_id_PasswordBasedMAC,
+ V_ASN1_SEQUENCE, pbm_str);
err:
- ASN1_STRING_free(pbm_str);
+ if (alg == NULL)
+ ASN1_STRING_free(pbm_str);
OPENSSL_free(pbm_der);
OSSL_CRMF_PBMPARAMETER_free(pbm);
- return 0;
+ return alg;
}
-static int set_sig_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg)
+static X509_ALGOR *sig_algor(const OSSL_CMP_CTX *ctx)
{
int nid = 0;
- ASN1_OBJECT *algo = NULL;
if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_get_type(ctx->digest),
EVP_PKEY_get_id(ctx->pkey))) {
ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_KEY_TYPE);
return 0;
}
- if ((algo = OBJ_nid2obj(nid)) == NULL)
- return 0;
- if (*alg == NULL && (*alg = X509_ALGOR_new()) == NULL)
- return 0;
-
- if (X509_ALGOR_set0(*alg, algo, V_ASN1_UNDEF, NULL))
- return 1;
- ASN1_OBJECT_free(algo);
- return 0;
+ return ossl_X509_ALGOR_from_nid(nid, V_ASN1_UNDEF, NULL);
}
static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg,
@@ -269,7 +254,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
goto err;
} else if (ctx->secretValue != NULL) {
/* use PasswordBasedMac according to 5.1.3.1 if secretValue is given */
- if (!set_pbmac_algor(ctx, &msg->header->protectionAlg))
+ if ((msg->header->protectionAlg = pbmac_algor(ctx)) == NULL)
goto err;
if (!set_senderKID(ctx, msg, NULL))
goto err;
@@ -288,7 +273,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
goto err;
}
- if (!set_sig_algor(ctx, &msg->header->protectionAlg))
+ if ((msg->header->protectionAlg = sig_algor(ctx)) == NULL)
goto err;
/* set senderKID to keyIdentifier of the cert according to 5.1.1 */
if (!set_senderKID(ctx, msg, X509_get0_subject_key_id(ctx->cert)))
diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index 20ed816918..eafa1788de 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -145,20 +145,18 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
if (!ossl_x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
goto err;
if (labellen > 0) {
- ASN1_OCTET_STRING *los;
+ ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new();
- oaep->pSourceFunc = X509_ALGOR_new();
- if (oaep->pSourceFunc == NULL)
- goto err;
- los = ASN1_OCTET_STRING_new();
if (los == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
ASN1_OCTET_STRING_free(los);
goto err;
}
- X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
- V_ASN1_OCTET_STRING, los);
+ oaep->pSourceFunc = ossl_X509_ALGOR_from_nid(NID_pSpecified,
+ V_ASN1_OCTET_STRING, los);
+ if (oaep->pSourceFunc == NULL)
+ goto err;
}
/* create string with pss parameter encoding. */
if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 34c021bba6..7a77a0870a 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -1039,14 +1039,13 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
return 0;
}
}
- alg = X509_ALGOR_new();
+ alg = ossl_X509_ALGOR_from_nid(algnid, key != NULL ? V_ASN1_INTEGER :
+ V_ASN1_UNDEF, key);
if (alg == NULL) {
ASN1_INTEGER_free(key);
return 0;
}
- X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
- key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
if (*algs == NULL)
*algs = sk_X509_ALGOR_new_null();
if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index ec76ae6fc6..ff02cac573 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -145,5 +145,6 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags);
EVP_PKEY * ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a,
const unsigned char **pp, long length,
OSSL_LIB_CTX *libctx, const char *propq);
+X509_ALGOR *ossl_X509_ALGOR_from_nid(int nid, int ptype, void *pval);
#endif /* ndef OSSL_CRYPTO_ASN1_H */
More information about the openssl-commits
mailing list