diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-02-15 14:57:32 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-02-17 07:43:58 +0100 |
commit | 31b28ad96aa841ae39d4009ebb15d90f2a2afdab (patch) | |
tree | 1c35d270dec05defdb07028911a67dbba82fe65c /crypto/err | |
parent | 235595c402bd7815f07f1f3f3babe9fcc247a206 (diff) |
chunk 7 of CMP contribution to OpenSSL
add CMP message validation and related tests; while doing so:
* add ERR_add_error_mem_bio() to crypto/err/err_prn.c
* move ossl_cmp_add_error_txt() as ERR_add_error_txt() to crypto/err/err_prn.c
* add X509_STORE_CTX_print_verify_cb() to crypto/x509/t_x509.c,
adding internally x509_print_ex_brief(), print_certs(), and print_store_certs()
* move {ossl_cmp_,}X509_STORE_get1_certs() to crypto/x509/x509_lu.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10620)
Diffstat (limited to 'crypto/err')
-rw-r--r-- | crypto/err/err_prn.c | 120 | ||||
-rw-r--r-- | crypto/err/openssl.txt | 21 |
2 files changed, 139 insertions, 2 deletions
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index e0184b0771..9a5889829d 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -17,12 +17,13 @@ #include <openssl/err.h> #include "err_local.h" +#define ERR_PRINT_BUF_SIZE 4096 void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), void *u) { CRYPTO_THREAD_ID tid = CRYPTO_THREAD_get_current_id(); unsigned long l; - char buf[4096], *hex; + char buf[ERR_PRINT_BUF_SIZE], *hex; const char *lib, *reason; const char *file, *data, *func; int line, flags; @@ -44,6 +45,123 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), } } +/* auxiliary function for incrementally reporting texts via the error queue */ +static void put_error(int lib, const char *func, int reason, + const char *file, int line) +{ + ERR_new(); + ERR_set_debug(file, line, func); + ERR_set_error(lib, reason, NULL /* no data here, so fmt is NULL */); +} + +#define TYPICAL_MAX_OUTPUT_BEFORE_DATA 100 +#define MAX_DATA_LEN (ERR_PRINT_BUF_SIZE - TYPICAL_MAX_OUTPUT_BEFORE_DATA) +void ERR_add_error_txt(const char *separator, const char *txt) +{ + const char *file = NULL; + int line; + const char *func = NULL; + const char *data = NULL; + int flags; + unsigned long err = ERR_peek_last_error(); + + if (separator == NULL) + separator = ""; + if (err == 0) + put_error(ERR_LIB_CMP, NULL, 0, "", 0); + + do { + size_t available_len, data_len; + const char *curr = txt, *next = txt; + const char *leading_separator = separator; + int trailing_separator = 0; + char *tmp; + + ERR_peek_last_error_all(&file, &line, &func, &data, &flags); + if ((flags & ERR_TXT_STRING) == 0) { + data = ""; + leading_separator = ""; + } + data_len = strlen(data); + + /* workaround for limit of ERR_print_errors_cb() */ + if (data_len >= MAX_DATA_LEN + || strlen(separator) >= (size_t)(MAX_DATA_LEN - data_len)) + available_len = 0; + else + available_len = MAX_DATA_LEN - data_len - strlen(separator) - 1; + /* MAX_DATA_LEN > available_len >= 0 */ + + if (*separator == '\0') { + const size_t len_next = strlen(next); + + if (len_next <= available_len) { + next += len_next; + curr = NULL; /* no need to split */ + } else { + next += available_len; + curr = next; /* will split at this point */ + } + } else { + while (*next != '\0' && (size_t)(next - txt) <= available_len) { + curr = next; + next = strstr(curr, separator); + if (next != NULL) { + next += strlen(separator); + trailing_separator = *next == '\0'; + } else { + next = curr + strlen(curr); + } + } + if ((size_t)(next - txt) <= available_len) + curr = NULL; /* the above loop implies *next == '\0' */ + } + if (curr != NULL) { + /* split error msg at curr since error data would get too long */ + if (curr != txt) { + tmp = OPENSSL_strndup(txt, curr - txt); + if (tmp == NULL) + return; + ERR_add_error_data(2, separator, tmp); + OPENSSL_free(tmp); + } + put_error(ERR_LIB_CMP, func, err, file, line); + txt = curr; + } else { + if (trailing_separator) { + tmp = OPENSSL_strndup(txt, next - strlen(separator) - txt); + if (tmp == NULL) + return; + /* output txt without the trailing separator */ + ERR_add_error_data(2, leading_separator, tmp); + OPENSSL_free(tmp); + } else { + ERR_add_error_data(2, leading_separator, txt); + } + txt = next; /* finished */ + } + } while (*txt != '\0'); +} + +void ERR_add_error_mem_bio(const char *separator, BIO *bio) +{ + if (bio != NULL) { + char *str; + long len = BIO_get_mem_data(bio, &str); + + if (len > 0) { + if (str[len - 1] != '\0') { + if (BIO_write(bio, "", 1) <= 0) + return; + + len = BIO_get_mem_data(bio, &str); + } + if (len > 1) + ERR_add_error_txt(separator, str); + } + } +} + static int print_bio(const char *str, size_t len, void *bp) { return BIO_write((BIO *)bp, str, len); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8920a77390..e6a45ac03a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2067,6 +2067,7 @@ BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large BN_R_P_IS_NOT_PRIME:112:p is not prime BN_R_TOO_MANY_ITERATIONS:113:too many iterations BN_R_TOO_MANY_TEMPORARY_VARIABLES:109:too many temporary variables +CMP_R_ALGORITHM_NOT_SUPPORTED:139:algorithm not supported CMP_R_BAD_REQUEST_ID:108:bad request id CMP_R_CERTID_NOT_FOUND:109:certid not found CMP_R_CERTIFICATE_NOT_FOUND:112:certificate not found @@ -2087,24 +2088,41 @@ CMP_R_ERROR_CREATING_RR:126:error creating rr CMP_R_ERROR_PARSING_PKISTATUS:107:error parsing pkistatus CMP_R_ERROR_PROTECTING_MESSAGE:127:error protecting message CMP_R_ERROR_SETTING_CERTHASH:128:error setting certhash +CMP_R_ERROR_VALIDATING_PROTECTION:140:error validating protection +CMP_R_FAILED_EXTRACTING_PUBKEY:141:failed extracting pubkey CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range CMP_R_INVALID_ARGS:100:invalid args CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\ missing key input for creating protection +CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature CMP_R_MISSING_PRIVATE_KEY:131:missing private key +CMP_R_MISSING_PROTECTION:143:missing protection CMP_R_MISSING_SENDER_IDENTIFICATION:111:missing sender identification +CMP_R_MISSING_TRUST_STORE:144:missing trust store CMP_R_MULTIPLE_SAN_SOURCES:102:multiple san sources CMP_R_NO_STDIO:194:no stdio +CMP_R_NO_SUITABLE_SENDER_CERT:145:no suitable sender cert CMP_R_NULL_ARGUMENT:103:null argument +CMP_R_PKIBODY_ERROR:146:pkibody error CMP_R_PKISTATUSINFO_NOT_FOUND:132:pkistatusinfo not found -CMP_R_POTENTIALLY_INVALID_CERTIFICATE:139:potentially invalid certificate +CMP_R_POTENTIALLY_INVALID_CERTIFICATE:147:potentially invalid certificate +CMP_R_RECIPNONCE_UNMATCHED:148:recipnonce unmatched +CMP_R_REQUEST_NOT_ACCEPTED:149:request not accepted +CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED:150:\ + sender generalname type not supported +CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG:151:srvcert does not validate msg +CMP_R_TRANSACTIONID_UNMATCHED:152:transactionid unmatched CMP_R_UNEXPECTED_PKIBODY:133:unexpected pkibody +CMP_R_UNEXPECTED_PVNO:153:unexpected pvno CMP_R_UNKNOWN_ALGORITHM_ID:134:unknown algorithm id CMP_R_UNKNOWN_CERT_TYPE:135:unknown cert type CMP_R_UNSUPPORTED_ALGORITHM:136:unsupported algorithm CMP_R_UNSUPPORTED_KEY_TYPE:137:unsupported key type +CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC:154:\ + unsupported protection alg dhbasedmac CMP_R_WRONG_ALGORITHM_OID:138:wrong algorithm oid +CMP_R_WRONG_PBM_VALUE:155:wrong pbm value CMS_R_ADD_SIGNER_ERROR:99:add signer error CMS_R_ATTRIBUTE_ERROR:161:attribute error CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present @@ -3360,6 +3378,7 @@ X509_R_BAD_X509_FILETYPE:100:bad x509 filetype X509_R_BASE64_DECODE_ERROR:118:base64 decode error X509_R_CANT_CHECK_DH_KEY:114:cant check dh key X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table +X509_R_CERTIFICATE_VERIFICATION_FAILED:139:certificate verification failed X509_R_CRL_ALREADY_DELTA:127:crl already delta X509_R_CRL_VERIFY_FAILURE:131:crl verify failure X509_R_IDP_MISMATCH:128:idp mismatch |