diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-02-25 08:58:39 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-10 16:09:44 +0100 |
commit | 7269071e5eb54683353a1d2f8831a4ed03485b86 (patch) | |
tree | 20a8e05d64cba1c417cca8cc16e16e126e09c6bf | |
parent | 62dcd2aa17b27b7892ad62540f9034c9192f6530 (diff) |
Fix error in case CMP msg POPO is not provided in OSSL_CRMF_MSGS_verify_popo()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
-rw-r--r-- | crypto/crmf/crmf_err.c | 1 | ||||
-rw-r--r-- | crypto/crmf/crmf_lib.c | 12 | ||||
-rw-r--r-- | crypto/err/openssl.txt | 1 | ||||
-rw-r--r-- | include/openssl/crmferr.h | 1 |
4 files changed, 10 insertions, 5 deletions
diff --git a/crypto/crmf/crmf_err.c b/crypto/crmf/crmf_err.c index 80f71543ca..159d5b2c91 100644 --- a/crypto/crmf/crmf_err.c +++ b/crypto/crmf/crmf_err.c @@ -32,6 +32,7 @@ static const ERR_STRING_DATA CRMF_str_reasons[] = { {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_NULL_ARGUMENT), "null argument"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY), "popo inconsistent public key"}, + {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING), "popo missing"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_PUBLIC_KEY), "popo missing public key"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_SUBJECT), diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index acbc9af5cb..dd69372f3e 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -485,11 +485,13 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, X509_PUBKEY *pubkey = NULL; OSSL_CRMF_POPOSIGNINGKEY *sig = NULL; - if (reqs == NULL - || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL - || req->popo == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, - CRMF_R_NULL_ARGUMENT); + if (reqs == NULL || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL) { + CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, CRMF_R_NULL_ARGUMENT); + return 0; + } + + if (req->popo == NULL) { + CRMFerr(0, CRMF_R_POPO_MISSING); return 0; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index c35d235e18..c921207698 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2263,6 +2263,7 @@ CRMF_R_ITERATIONCOUNT_BELOW_100:108:iterationcount below 100 CRMF_R_MALFORMED_IV:101:malformed iv CRMF_R_NULL_ARGUMENT:109:null argument CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY:117:popo inconsistent public key +CRMF_R_POPO_MISSING:121:popo missing CRMF_R_POPO_MISSING_PUBLIC_KEY:118:popo missing public key CRMF_R_POPO_MISSING_SUBJECT:119:popo missing subject CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED:120:popo raverified not accepted diff --git a/include/openssl/crmferr.h b/include/openssl/crmferr.h index f7b5b906e2..22936c620e 100644 --- a/include/openssl/crmferr.h +++ b/include/openssl/crmferr.h @@ -63,6 +63,7 @@ int ERR_load_CRMF_strings(void); # define CRMF_R_MALFORMED_IV 101 # define CRMF_R_NULL_ARGUMENT 109 # define CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY 117 +# define CRMF_R_POPO_MISSING 121 # define CRMF_R_POPO_MISSING_PUBLIC_KEY 118 # define CRMF_R_POPO_MISSING_SUBJECT 119 # define CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED 120 |