summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto/cmp/cmp_asn.c3
-rw-r--r--crypto/cmp/cmp_ctx.c2
-rw-r--r--crypto/cmp/cmp_local.h142
-rw-r--r--crypto/cmp/cmp_msg.c12
-rw-r--r--crypto/cmp/cmp_protect.c2
-rw-r--r--crypto/cmp/cmp_status.c4
-rw-r--r--crypto/cmp/cmp_util.c2
-rw-r--r--crypto/crmf/crmf_asn.c18
-rw-r--r--crypto/crmf/crmf_lib.c30
-rw-r--r--crypto/crmf/crmf_local.h32
-rw-r--r--crypto/crmf/crmf_pbm.c2
-rw-r--r--doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod8
-rw-r--r--include/openssl/cmp.h6
-rw-r--r--include/openssl/cmp_util.h2
-rw-r--r--include/openssl/cmperr.h6
-rw-r--r--include/openssl/crmf.h16
-rw-r--r--include/openssl/crmferr.h6
-rw-r--r--test/cmp_ctx_test.c38
-rw-r--r--test/cmp_hdr_test.c116
-rw-r--r--test/cmp_msg_test.c18
-rw-r--r--test/cmp_protect_test.c13
21 files changed, 266 insertions, 212 deletions
diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
index ca121b068a..e02076bb12 100644
--- a/crypto/cmp/cmp_asn.c
+++ b/crypto/cmp/cmp_asn.c
@@ -73,7 +73,8 @@ ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)
ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV,
- infoValue.other, ASN1_ANY);
+ infoValue.other,
+ ASN1_ANY);
/* ITAV means InfoTypeAndValue */
ASN1_ADB(OSSL_CMP_ITAV) = {
/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index 12492336ef..714157a964 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -80,7 +80,7 @@ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
sk_X509_pop_free(ctx->untrusted_certs, X509_free);
ctx->untrusted_certs = untrusted_certs;
return 1;
-err:
+ err:
sk_X509_pop_free(untrusted_certs, X509_free);
return 0;
}
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index f36928bdf1..1e62d4516f 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -48,16 +48,23 @@ struct ossl_cmp_ctx_st {
void *http_cb_arg; /* allows to store optional argument to cb */
/* server authentication */
- int unprotectedErrors; /* accept neg. response with no/invalid protection */
- /* to cope with broken server */
+ /*
+ * unprotectedErrors may be set as workaround for broken server responses:
+ * accept missing or invalid protection of regular error messages, negative
+ * certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf
+ */
+ int unprotectedErrors;
X509 *srvCert; /* certificate used to identify the server */
X509 *validatedSrvCert; /* caches any already validated server cert */
X509_NAME *expected_sender; /* expected sender in pkiheader of response */
X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
STACK_OF(X509) *untrusted_certs; /* untrusted (intermediate) certs */
int ignore_keyusage; /* ignore key usage entry when validating certs */
- int permitTAInExtraCertsForIR; /* allow use of root certs in extracerts */
- /* when validating message protection; used for 3GPP-style E.7 */
+ /*
+ * permitTAInExtraCertsForIR allows use of root certs in extracerts
+ * when validating message protection; this is used for 3GPP-style E.7
+ */
+ int permitTAInExtraCertsForIR;
/* client authentication */
int unprotectedSend; /* send unprotected PKI messages */
@@ -536,68 +543,108 @@ typedef struct ossl_cmp_pkibody_st {
OSSL_CMP_CERTREPMESSAGE *ip; /* 1 */
OSSL_CRMF_MSGS *cr; /* 2 */
OSSL_CMP_CERTREPMESSAGE *cp; /* 3 */
- /* p10cr [4] CertificationRequest, --imported from [PKCS10] */
- /*
+ /*-
+ * p10cr [4] CertificationRequest, --imported from [PKCS10]
+ *
* PKCS10_CERTIFICATIONREQUEST is effectively X509_REQ
* so it is used directly
*/
X509_REQ *p10cr; /* 4 */
- /* popdecc [5] POPODecKeyChallContent, --pop Challenge */
- /* POPODecKeyChallContent ::= SEQUENCE OF Challenge */
+ /*-
+ * popdecc [5] POPODecKeyChallContent, --pop Challenge
+ *
+ * POPODecKeyChallContent ::= SEQUENCE OF Challenge
+ */
OSSL_CMP_POPODECKEYCHALLCONTENT *popdecc; /* 5 */
- /* popdecr [6] POPODecKeyRespContent, --pop Response */
- /* POPODecKeyRespContent ::= SEQUENCE OF INTEGER */
+ /*-
+ * popdecr [6] POPODecKeyRespContent, --pop Response
+ *
+ * POPODecKeyRespContent ::= SEQUENCE OF INTEGER
+ */
OSSL_CMP_POPODECKEYRESPCONTENT *popdecr; /* 6 */
OSSL_CRMF_MSGS *kur; /* 7 */
OSSL_CMP_CERTREPMESSAGE *kup; /* 8 */
OSSL_CRMF_MSGS *krr; /* 9 */
- /* krp [10] KeyRecRepContent, --Key Recovery Response */
+ /*-
+ * krp [10] KeyRecRepContent, --Key Recovery Response
+ */
OSSL_CMP_KEYRECREPCONTENT *krp; /* 10 */
- /* rr [11] RevReqContent, --Revocation Request */
+ /*-
+ * rr [11] RevReqContent, --Revocation Request
+ */
OSSL_CMP_REVREQCONTENT *rr; /* 11 */
- /* rp [12] RevRepContent, --Revocation Response */
+ /*-
+ * rp [12] RevRepContent, --Revocation Response
+ */
OSSL_CMP_REVREPCONTENT *rp; /* 12 */
- /* ccr [13] CertReqMessages, --Cross-Cert. Request */
+ /*-
+ * ccr [13] CertReqMessages, --Cross-Cert. Request
+ */
OSSL_CRMF_MSGS *ccr; /* 13 */
- /* ccp [14] CertRepMessage, --Cross-Cert. Response */
+ /*-
+ * ccp [14] CertRepMessage, --Cross-Cert. Response
+ */
OSSL_CMP_CERTREPMESSAGE *ccp; /* 14 */
- /* ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. */
+ /*-
+ * ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann.
+ */
OSSL_CMP_CAKEYUPDANNCONTENT *ckuann; /* 15 */
- /* cann [16] CertAnnContent, --Certificate Ann. */
- /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
- X509 *cann; /* 16 */
- /* rann [17] RevAnnContent, --Revocation Ann. */
+ /*-
+ * cann [16] CertAnnContent, --Certificate Ann.
+ * OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly
+ */
+ X509 *cann; /* 16 */
+ /*-
+ * rann [17] RevAnnContent, --Revocation Ann.
+ */
OSSL_CMP_REVANNCONTENT *rann; /* 17 */
- /* crlann [18] CRLAnnContent, --CRL Announcement */
- /* CRLAnnContent ::= SEQUENCE OF CertificateList */
- OSSL_CMP_CRLANNCONTENT *crlann;
- /* PKIConfirmContent ::= NULL */
- /* pkiconf [19] PKIConfirmContent, --Confirmation */
- /* OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL */
- /* OSSL_CMP_CONFIRMCONTENT *pkiconf; */
- /*
+ /*-
+ * crlann [18] CRLAnnContent, --CRL Announcement
+ * CRLAnnContent ::= SEQUENCE OF CertificateList
+ */
+ OSSL_CMP_CRLANNCONTENT *crlann; /* 18 */
+ /*-
+ * PKIConfirmContent ::= NULL
+ * pkiconf [19] PKIConfirmContent, --Confirmation
+ * OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL
+ * OSSL_CMP_CONFIRMCONTENT *pkiconf;
+ *
* NOTE: this should ASN1_NULL according to the RFC
* but there might be a struct in it when sent from faulty servers...
*/
ASN1_TYPE *pkiconf; /* 19 */
- /* nested [20] NestedMessageContent, --Nested Message */
- /* NestedMessageContent ::= PKIMessages */
+ /*-
+ * nested [20] NestedMessageContent, --Nested Message
+ * NestedMessageContent ::= PKIMessages
+ */
OSSL_CMP_MSGS *nested; /* 20 */
- /* genm [21] GenMsgContent, --General Message */
- /* GenMsgContent ::= SEQUENCE OF InfoTypeAndValue */
+ /*-
+ * genm [21] GenMsgContent, --General Message
+ * GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
+ */
OSSL_CMP_GENMSGCONTENT *genm; /* 21 */
- /* genp [22] GenRepContent, --General Response */
- /* GenRepContent ::= SEQUENCE OF InfoTypeAndValue */
+ /*-
+ * genp [22] GenRepContent, --General Response
+ * GenRepContent ::= SEQUENCE OF InfoTypeAndValue
+ */
OSSL_CMP_GENREPCONTENT *genp; /* 22 */
- /* error [23] ErrorMsgContent, --Error Message */
+ /*-
+ * error [23] ErrorMsgContent, --Error Message
+ */
OSSL_CMP_ERRORMSGCONTENT *error; /* 23 */
- /* certConf [24] CertConfirmContent, --Certificate confirm */
+ /*-
+ * certConf [24] CertConfirmContent, --Certificate confirm
+ */
OSSL_CMP_CERTCONFIRMCONTENT *certConf; /* 24 */
- /* pollReq [25] PollReqContent, --Polling request */
- OSSL_CMP_POLLREQCONTENT *pollReq;
- /* pollRep [26] PollRepContent --Polling response */
- OSSL_CMP_POLLREPCONTENT *pollRep;
+ /*-
+ * pollReq [25] PollReqContent, --Polling request
+ */
+ OSSL_CMP_POLLREQCONTENT *pollReq; /* 25 */
+ /*-
+ * pollRep [26] PollRepContent --Polling response
+ */
+ OSSL_CMP_POLLREPCONTENT *pollRep; /* 26 */
} value;
} OSSL_CMP_PKIBODY;
DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)
@@ -704,13 +751,12 @@ void ossl_cmp_add_error_txt(const char *separator, const char *txt);
# define ossl_cmp_add_error_data(txt) ossl_cmp_add_error_txt(" : ", txt)
# define ossl_cmp_add_error_line(txt) ossl_cmp_add_error_txt("\n", txt)
/* functions manipulating lists of certificates etc could be generally useful */
-int ossl_cmp_sk_X509_add1_cert (STACK_OF(X509) *sk, X509 *cert,
- int no_dup, int prepend);
+int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert,
+ int no_dup, int prepend);
int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs,
- int no_self_signed, int no_dups, int prepend);
+ int no_self_issued, int no_dups, int prepend);
int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs,
- int only_self_signed);
-STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store);
+ int only_self_issued);
int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt,
const ASN1_OCTET_STRING *src);
int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt,
@@ -850,7 +896,7 @@ OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid,
OSSL_CMP_PKISI *
ossl_cmp_revrepcontent_get_pkistatusinfo(OSSL_CMP_REVREPCONTENT *rrep, int rsid);
OSSL_CRMF_CERTID *ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rrep,
- int rsid);
+ int rsid);
OSSL_CMP_POLLREP *
ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc,
int rid);
@@ -861,9 +907,9 @@ X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey,
const OSSL_CMP_CERTRESPONSE *crep);
OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file);
/* BIO definitions */
-# define OSSL_d2i_CMP_MSG_bio(bp, p) \
+# define OSSL_d2i_CMP_MSG_bio(bp, p) \
ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new, d2i_OSSL_CMP_MSG, bp, p)
-# define OSSL_i2d_CMP_MSG_bio(bp, o) \
+# define OSSL_i2d_CMP_MSG_bio(bp, o) \
ASN1_i2d_bio_of(OSSL_CMP_MSG, i2d_OSSL_CMP_MSG, bp, o)
/* from cmp_protect.c */
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 00381932f3..c794dc98bb 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -232,7 +232,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype,
*/
|| !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey,
subject, ctx->issuer,
- NULL/* serial */))
+ NULL /* serial */))
goto err;
if (ctx->days != 0) {
time_t notBefore, notAfter;
@@ -442,8 +442,8 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
/* Fill the template from the contents of the certificate to be revoked */
if (!OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
- NULL/* pubkey would be redundant */,
- NULL/* subject would be redundant */,
+ NULL /* pubkey would be redundant */,
+ NULL /* subject would be redundant */,
X509_get_issuer_name(ctx->oldCert),
X509_get_serialNumber(ctx->oldCert)))
goto err;
@@ -569,7 +569,7 @@ int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg,
return 0;
for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
- if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs,i))) == NULL)
+ if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i))) == NULL)
return 0;
if (!ossl_cmp_msg_gen_push0_ITAV(msg, itav)) {
OSSL_CMP_ITAV_free(itav);
@@ -643,8 +643,8 @@ OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
}
if (errorDetails != NULL)
if ((msg->body->value.error->errorDetails =
- sk_ASN1_UTF8STRING_deep_copy(errorDetails, ASN1_STRING_dup,
- ASN1_STRING_free)) == NULL)
+ sk_ASN1_UTF8STRING_deep_copy(errorDetails, ASN1_STRING_dup,
+ ASN1_STRING_free)) == NULL)
goto err;
if (!unprotected && !ossl_cmp_msg_protect(ctx, msg))
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index 7db3440f32..c1b4b8584d 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -156,7 +156,7 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
STACK_OF(X509) *chain =
ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->clCert);
int res = ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain,
- 1 /* no self-signed */,
+ 1 /* no self-issued */,
1 /* no duplicates */, 0);
sk_X509_pop_free(chain, X509_free);
if (res == 0)
diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c
index a5f6b29490..7ebc57d37b 100644
--- a/crypto/cmp/cmp_status.c
+++ b/crypto/cmp/cmp_status.c
@@ -61,7 +61,7 @@ const char *ossl_cmp_PKIStatus_to_string(int status)
char buf[40];
BIO_snprintf(buf, sizeof(buf), "PKIStatus: invalid=%d", status);
CMPerr(0, CMP_R_ERROR_PARSING_PKISTATUS);
- ossl_cmp_add_error_data(buf);
+ ERR_add_error_data(1, buf);
return NULL;
}
}
@@ -195,7 +195,7 @@ char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf,
int printed_chars;
int failinfo_found = 0;
int n_status_strings;
- char* write_ptr = buf;
+ char *write_ptr = buf;
#define ADVANCE_BUFFER \
if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index 168bb854d1..a68f701062 100644
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -120,7 +120,7 @@ static const char *improve_location_name(const char *func, const char *fallback)
? fallback : func;
}
-int OSSL_CMP_print_to_bio(BIO* bio, const char *component, const char *file,
+int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file,
int line, OSSL_CMP_severity level, const char *msg)
{
const char *level_string =
diff --git a/crypto/crmf/crmf_asn.c b/crypto/crmf/crmf_asn.c
index 8b6657f969..bd375c6f85 100644
--- a/crypto/crmf/crmf_asn.c
+++ b/crypto/crmf/crmf_asn.c
@@ -141,8 +141,8 @@ ASN1_CHOICE(OSSL_CRMF_POPO) = {
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
-ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = ASN1_OPT(
- OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
+ASN1_ADB_TEMPLATE(attributetypeandvalue_default) =
+ ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
ADB_ENTRY(NID_id_regCtrl_regToken,
ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
@@ -187,7 +187,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
- ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0),
+ ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0),
/*
* serialNumber MUST be omitted. This field is assigned by the CA
* during certificate creation.
@@ -197,16 +197,16 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
* signingAlg MUST be omitted. This field is assigned by the CA
* during certificate creation.
*/
- ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2),
- ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3),
+ ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2),
+ ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3),
ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, validity,
OSSL_CRMF_OPTIONALVALIDITY, 4),
- ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5),
- ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6),
+ ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5),
+ ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6),
/* issuerUID is deprecated in version 2 */
- ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7),
+ ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7),
/* subjectUID is deprecated in version 2 */
- ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8),
+ ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8),
ASN1_IMP_SEQUENCE_OF_OPT(OSSL_CRMF_CERTTEMPLATE, extensions,
X509_EXTENSION, 9),
} ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE)
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index 64dbf80978..4d81569299 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -47,7 +47,7 @@ int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, \
{ \
OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \
\
- if (msg == NULL || in == NULL) \
+ if (msg == NULL || in == NULL) \
goto err; \
if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \
goto err; \
@@ -122,9 +122,9 @@ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
return 1;
}
-int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
- OSSL_CRMF_PKIPUBLICATIONINFO *pi,
- OSSL_CRMF_SINGLEPUBINFO *spi)
+int
+OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+ OSSL_CRMF_SINGLEPUBINFO *spi)
{
if (pi == NULL || spi == NULL) {
CRMFerr(CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO,
@@ -139,8 +139,8 @@ int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
return sk_OSSL_CRMF_SINGLEPUBINFO_push(pi->pubInfos, spi);
}
-int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
- OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action)
+int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+ int action)
{
if (pi == NULL
|| action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH
@@ -457,7 +457,7 @@ int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
{
OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new();
if (ps == NULL
- || !CRMF_poposigningkey_init(ps, crm->certReq, pkey, dgst)){
+ || !CRMF_poposigningkey_init(ps, crm->certReq, pkey, dgst)) {
OSSL_CRMF_POPOSIGNINGKEY_free(ps);
goto err;
}
@@ -542,21 +542,23 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
* the public key from the certificate template. This MUST be
* exactly the same value as contained in the certificate template.
*/
+ const ASN1_ITEM *rptr = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT);
+
if (pubkey == NULL
|| sig->poposkInput->publicKey == NULL
|| X509_PUBKEY_cmp(pubkey, sig->poposkInput->publicKey)
- || ASN1_item_verify(
- ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT),
- sig->algorithmIdentifier, sig->signature,
- sig->poposkInput, X509_PUBKEY_get0(pubkey)) < 1)
+ || ASN1_item_verify(rptr, sig->algorithmIdentifier,
+ sig->signature, sig->poposkInput,
+ X509_PUBKEY_get0(pubkey)) < 1)
break;
} else {
if (pubkey == NULL
|| req->certReq->certTemplate->subject == NULL
|| ASN1_item_verify(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
- sig->algorithmIdentifier, sig->signature,
- req->certReq,
- X509_PUBKEY_get0(pubkey)) < 1)
+ sig->algorithmIdentifier,
+ sig->signature,
+ req->certReq,
+ X509_PUBKEY_get0(pubkey)) < 1)
break;
}
return 1;
diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h
index 06b32b5378..3f3f75cf2f 100644
--- a/crypto/crmf/crmf_local.h
+++ b/crypto/crmf/crmf_local.h
@@ -185,9 +185,9 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE)
typedef struct ossl_crmf_popoprivkey_st {
int type;
union {
- ASN1_BIT_STRING *thisMessage; /* 0 */ /* Deprecated */
+ ASN1_BIT_STRING *thisMessage; /* 0 */ /* Deprecated */
ASN1_INTEGER *subsequentMessage; /* 1 */
- ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */
+ ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */
OSSL_CRMF_PKMACVALUE *agreeMAC; /* 3 */
/*
* TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be
@@ -310,20 +310,20 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
* }
*/
struct ossl_crmf_certtemplate_st {
- ASN1_INTEGER *version; /* 0 */
- ASN1_INTEGER *serialNumber; /* 1 */ /* serialNumber MUST be omitted */
- /* This field is assigned by the CA during certificate creation */
- X509_ALGOR *signingAlg; /* 2 */ /* signingAlg MUST be omitted */
- /* This field is assigned by the CA during certificate creation */
- X509_NAME *issuer; /* 3 */
- OSSL_CRMF_OPTIONALVALIDITY *validity; /* 4 */
- X509_NAME *subject; /* 5 */
- X509_PUBKEY *publicKey; /* 6 */
- ASN1_BIT_STRING *issuerUID; /* 7 */ /* deprecated in version 2 */
- /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */
- ASN1_BIT_STRING *subjectUID; /* 8 */ /* deprecated in version 2 */
- /* Could be X509_EXTENSION*S*, but that's only cosmetic */
- STACK_OF(X509_EXTENSION) *extensions; /* 9 */
+ ASN1_INTEGER *version;
+ ASN1_INTEGER *serialNumber; /* serialNumber MUST be omitted */
+ /* This field is assigned by the CA during certificate creation */
+ X509_ALGOR *signingAlg; /* signingAlg MUST be omitted */
+ /* This field is assigned by the CA during certificate creation */
+ X509_NAME *issuer;
+ OSSL_CRMF_OPTIONALVALIDITY *validity;
+ X509_NAME *subject;
+ X509_PUBKEY *publicKey;
+ ASN1_BIT_STRING *issuerUID; /* deprecated in version 2 */
+ /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */
+ ASN1_BIT_STRING *subjectUID; /* deprecated in version 2 */
+ /* Could be X509_EXTENSION*S*, but that's only cosmetic */
+ STACK_OF(X509_EXTENSION) *extensions;
} /* OSSL_CRMF_CERTTEMPLATE */;
/*-
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index 2dfa84e49b..6c22bc29a0 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -71,7 +71,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid,
/*
* iterationCount identifies the number of times the hash is applied
* during the key computation process. The iterationCount MUST be a
- * minimum of 100. Many people suggest using values as high as 1000
+ * minimum of 100. Many people suggest using values as high as 1000
* iterations as the minimum value. The trade off here is between
* protection of the password from attacks and the time spent by the
* server processing all of the different iterations in deriving
diff --git a/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod b/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod
index cb36855adf..4c647708f3 100644
--- a/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod
+++ b/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod
@@ -15,9 +15,9 @@ ossl_cmp_X509_STORE_get1_certs
int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert,
int no_dup, int prepend);
int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs,
- int no_self_signed, int no_dups, int prepend);
+ int no_self_issued, int no_dups, int prepend);
int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs,
- int only_self_signed);
+ int only_self_issued);
STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store);
=head1 DESCRIPTION
@@ -29,10 +29,10 @@ On success the reference count of the certificate is increased.
ossl_cmp_sk_X509_add1_certs() appends or prepends (depending on the I<prepend>
argument) a list of certificates to the given list,
-optionally only if not self-signed and optionally only if not already contained.
+optionally only if not self-issued and optionally only if not already contained.
The reference counts of those certificates appended successfully are increased.
-ossl_cmp_X509_STORE_add1_certs() adds all or only self-signed certificates from
+ossl_cmp_X509_STORE_add1_certs() adds all or only self-issued certificates from
the given stack to given store. The I<certs> parameter may be NULL.
ossl_cmp_X509_STORE_get1_certs() retrieves a copy of all certificates in the
diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h
index 78763248e0..bc1ae35305 100644
--- a/include/openssl/cmp.h
+++ b/include/openssl/cmp.h
@@ -26,7 +26,7 @@
# include <openssl/x509.h>
# include <openssl/x509v3.h>
-# ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
# endif
@@ -128,9 +128,9 @@ extern "C" {
# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
# define OSSL_CMP_PKIFAILUREINFO_MAX 26
# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
- ( (1<<(OSSL_CMP_PKIFAILUREINFO_MAX+1)) - 1)
+ ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
-# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
+# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
# endif
typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
diff --git a/include/openssl/cmp_util.h b/include/openssl/cmp_util.h
index 69e843c64e..56fb49e188 100644
--- a/include/openssl/cmp_util.h
+++ b/include/openssl/cmp_util.h
@@ -42,7 +42,7 @@ typedef int OSSL_CMP_severity;
typedef int (*OSSL_cmp_log_cb_t)(const char *func, const char *file, int line,
OSSL_CMP_severity level, const char *msg);
-int OSSL_CMP_print_to_bio(BIO* bio, const char *component, const char *file,
+int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file,
int line, OSSL_CMP_severity level, const char *msg);
/* use of the logging callback for outputting error queue */
void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn);
diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h
index cd962fb5d1..a44a1a92bb 100644
--- a/include/openssl/cmperr.h
+++ b/include/openssl/cmperr.h
@@ -19,7 +19,7 @@
# ifndef OPENSSL_NO_CMP
-# ifdef __cplusplus
+# ifdef __cplusplus
extern "C"
# endif
int ERR_load_CMP_strings(void);
@@ -27,8 +27,8 @@ int ERR_load_CMP_strings(void);
/*
* CMP function codes.
*/
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# endif
/*
* CMP reason codes.
diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h
index 160ad326b0..09b57f6bce 100644
--- a/include/openssl/crmf.h
+++ b/include/openssl/crmf.h
@@ -26,7 +26,7 @@
# include <openssl/types.h>
# include <openssl/x509.h>
-# ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
# endif
@@ -77,9 +77,9 @@ int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *tok);
int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *auth);
-int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
- OSSL_CRMF_PKIPUBLICATIONINFO *pi,
- OSSL_CRMF_SINGLEPUBINFO *spi);
+int
+OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+ OSSL_CRMF_SINGLEPUBINFO *spi);
# define OSSL_CRMF_PUB_METHOD_DONTCARE 0
# define OSSL_CRMF_PUB_METHOD_X500 1
# define OSSL_CRMF_PUB_METHOD_WEB 2
@@ -88,10 +88,10 @@ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
int method, GENERAL_NAME *nm);
# define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0
# define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
-int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
- OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action);
+int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+ int action);
int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
- const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
+ const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
const X509_PUBKEY *pubkey);
int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
@@ -110,7 +110,7 @@ int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm);
int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
-# define OSSL_CRMF_POPO_NONE -1
+# define OSSL_CRMF_POPO_NONE -1
# define