X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fcmp%2Fcmp_util.c;h=d1128d7e66fb5cb3c99d0b4820f0e65499765c54;hp=168bb854d1bc3bef643a92ff3e6fea4786987183;hb=0d8dbb52e3900fdd096ca1765137958340fb8497;hpb=ebf3006917e0e968af4a5d5c2c6379c5b866f801 diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 168bb854d1..d1128d7e66 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -16,6 +16,10 @@ #include /* should be implied by cmperr.h */ #include +DEFINE_STACK_OF(X509) +DEFINE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(ASN1_UTF8STRING) + /* * use trace API for CMP-specific logging, prefixed by "CMP " and severity */ @@ -114,13 +118,14 @@ const char *ossl_cmp_log_parse_metadata(const char *buf, */ static const char *improve_location_name(const char *func, const char *fallback) { - if (!ossl_assert(fallback != NULL)) - return NULL; + if (fallback == NULL) + return func == NULL ? UNKNOWN_FUNC : func; + return func == NULL || *func == '\0' || strcmp(func, UNKNOWN_FUNC) == 0 ? fallback : func; } -int OSSL_CMP_print_to_bio(BIO* bio, const char *component, const char *file, +int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, int line, OSSL_CMP_severity level, const char *msg) { const char *level_string = @@ -142,100 +147,12 @@ int OSSL_CMP_print_to_bio(BIO* bio, const char *component, const char *file, level_string, msg) >= 0; } -/* - * auxiliary function for incrementally reporting texts via the error queue - */ -static void put_error(int lib, const char *func, int reason, - const char *file, int line) -{ - ERR_new(); - ERR_set_debug(file, line, func); - ERR_set_error(lib, reason, NULL /* no data here, so fmt is NULL */); -} - -#define ERR_print_errors_cb_LIMIT 4096 /* size of char buf[] variable there */ -#define TYPICAL_MAX_OUTPUT_BEFORE_DATA 100 -#define MAX_DATA_LEN (ERR_print_errors_cb_LIMIT-TYPICAL_MAX_OUTPUT_BEFORE_DATA) -void ossl_cmp_add_error_txt(const char *separator, const char *txt) -{ - const char *file = NULL; - int line; - const char *func = NULL; - const char *data = NULL; - int flags; - unsigned long err = ERR_peek_last_error(); - - if (separator == NULL) - separator = ""; - if (err == 0) - put_error(ERR_LIB_CMP, NULL, 0, "", 0); - - do { - size_t available_len, data_len; - const char *curr = txt, *next = txt; - char *tmp; - - ERR_peek_last_error_all(&file, &line, &func, &data, &flags); - if ((flags & ERR_TXT_STRING) == 0) { - data = ""; - separator = ""; - } - data_len = strlen(data); - - /* workaround for limit of ERR_print_errors_cb() */ - if (data_len >= MAX_DATA_LEN - || strlen(separator) >= (size_t)(MAX_DATA_LEN - data_len)) - available_len = 0; - else - available_len = MAX_DATA_LEN - data_len - strlen(separator) - 1; - /* MAX_DATA_LEN > available_len >= 0 */ - - if (separator[0] == '\0') { - const size_t len_next = strlen(next); - - if (len_next <= available_len) { - next += len_next; - curr = NULL; /* no need to split */ - } - else { - next += available_len; - curr = next; /* will split at this point */ - } - } else { - while (*next != '\0' && (size_t)(next - txt) <= available_len) { - curr = next; - next = strstr(curr, separator); - if (next != NULL) - next += strlen(separator); - else - next = curr + strlen(curr); - } - if ((size_t)(next - txt) <= available_len) - curr = NULL; /* the above loop implies *next == '\0' */ - } - if (curr != NULL) { - /* split error msg at curr since error data would get too long */ - if (curr != txt) { - tmp = OPENSSL_strndup(txt, curr - txt); - if (tmp == NULL) - return; - ERR_add_error_data(2, separator, tmp); - OPENSSL_free(tmp); - } - put_error(ERR_LIB_CMP, func, err, file, line); - txt = curr; - } else { - ERR_add_error_data(2, separator, txt); - txt = next; /* finished */ - } - } while (*txt != '\0'); -} - +#define ERR_PRINT_BUF_SIZE 4096 /* this is similar to ERR_print_errors_cb, but uses the CMP-specific cb type */ -void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn) +void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn) { unsigned long err; - char msg[ERR_print_errors_cb_LIMIT]; + char msg[ERR_PRINT_BUF_SIZE]; const char *file = NULL, *func = NULL, *data = NULL; int line, flags; @@ -301,7 +218,7 @@ int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert, } int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, - int no_self_issued, int no_dups, int prepend) + int no_self_signed, int no_dups, int prepend) /* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */ { int i; @@ -313,7 +230,7 @@ int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, for (i = 0; i < sk_X509_num(certs); i++) { /* certs may be NULL */ X509 *cert = sk_X509_value(certs, i); - if (!no_self_issued || X509_check_issued(cert, cert) != X509_V_OK) { + if (!no_self_signed || X509_self_signed(cert, 0) != 1) { if (!ossl_cmp_sk_X509_add1_cert(sk, cert, no_dups, prepend)) return 0; } @@ -322,7 +239,7 @@ int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, } int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_issued) + int only_self_signed) { int i; @@ -335,45 +252,13 @@ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, for (i = 0; i < sk_X509_num(certs); i++) { X509 *cert = sk_X509_value(certs, i); - if (!only_self_issued || X509_check_issued(cert, cert) == X509_V_OK) + if (!only_self_signed || X509_self_signed(cert, 0) == 1) if (!X509_STORE_add_cert(store, cert)) /* ups cert ref counter */ return 0; } return 1; } -STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store) -{ - int i; - STACK_OF(X509) *sk; - STACK_OF(X509_OBJECT) *objs; - - if (store == NULL) { - CMPerr(0, CMP_R_NULL_ARGUMENT); - return 0; - } - if ((sk = sk_X509_new_null()) == NULL) - return NULL; - objs = X509_STORE_get0_objects(store); - for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { - X509 *cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i)); - - if (cert != NULL) { - if (!sk_X509_push(sk, cert)) - goto err; - if (!X509_up_ref(cert)) { - (void)sk_X509_pop(sk); - goto err; - } - } - } - return sk; - - err: - sk_X509_pop_free(sk, X509_free); - return NULL; -} - /*- * Builds up the certificate chain of certs as high up as possible using * the given list of certs containing all possible intermediate certificates and @@ -440,6 +325,26 @@ STACK_OF(X509) *ossl_cmp_build_cert_chain(STACK_OF(X509) *certs, X509 *cert) return result; } +int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, + const char *text) +{ + ASN1_UTF8STRING *utf8string; + + if (!ossl_assert(sk != NULL && text != NULL)) + return 0; + if ((utf8string = ASN1_UTF8STRING_new()) == NULL) + return 0; + if (!ASN1_STRING_set(utf8string, text, -1)) + goto err; + if (!sk_ASN1_UTF8STRING_push(sk, utf8string)) + goto err; + return 1; + + err: + ASN1_UTF8STRING_free(utf8string); + return 0; +} + int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, const ASN1_OCTET_STRING *src) {