From 235595c402bd7815f07f1f3f3babe9fcc247a206 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 13 Dec 2019 20:07:08 +0100 Subject: [PATCH] fix various formatting nits in CMP contribution chunks 1-6 found by the new util/check-format.pl in addition: correct wording in doc, comments, and parameter names: self-signed -> self-issued where appropriate Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/10620) --- crypto/cmp/cmp_asn.c | 3 +- crypto/cmp/cmp_ctx.c | 2 +- crypto/cmp/cmp_local.h | 142 ++++++++++++------ crypto/cmp/cmp_msg.c | 12 +- crypto/cmp/cmp_protect.c | 2 +- crypto/cmp/cmp_status.c | 4 +- crypto/cmp/cmp_util.c | 2 +- crypto/crmf/crmf_asn.c | 18 +-- crypto/crmf/crmf_lib.c | 30 ++-- crypto/crmf/crmf_local.h | 32 ++-- crypto/crmf/crmf_pbm.c | 2 +- .../man3/ossl_cmp_sk_X509_add1_cert.pod | 8 +- include/openssl/cmp.h | 6 +- include/openssl/cmp_util.h | 2 +- include/openssl/cmperr.h | 6 +- include/openssl/crmf.h | 16 +- include/openssl/crmferr.h | 6 +- test/cmp_ctx_test.c | 38 ++--- test/cmp_hdr_test.c | 116 +++++++------- test/cmp_msg_test.c | 18 +-- test/cmp_protect_test.c | 13 +- 21 files changed, 266 insertions(+), 212 deletions(-) diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index ca121b068a..e02076bb12 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -73,7 +73,8 @@ ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV, - infoValue.other, ASN1_ANY); + infoValue.other, + ASN1_ANY); /* ITAV means InfoTypeAndValue */ ASN1_ADB(OSSL_CMP_ITAV) = { /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 12492336ef..714157a964 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -80,7 +80,7 @@ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) sk_X509_pop_free(ctx->untrusted_certs, X509_free); ctx->untrusted_certs = untrusted_certs; return 1; -err: + err: sk_X509_pop_free(untrusted_certs, X509_free); return 0; } diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index f36928bdf1..1e62d4516f 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -48,16 +48,23 @@ struct ossl_cmp_ctx_st { void *http_cb_arg; /* allows to store optional argument to cb */ /* server authentication */ - int unprotectedErrors; /* accept neg. response with no/invalid protection */ - /* to cope with broken server */ + /* + * unprotectedErrors may be set as workaround for broken server responses: + * accept missing or invalid protection of regular error messages, negative + * certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf + */ + int unprotectedErrors; X509 *srvCert; /* certificate used to identify the server */ X509 *validatedSrvCert; /* caches any already validated server cert */ X509_NAME *expected_sender; /* expected sender in pkiheader of response */ X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */ STACK_OF(X509) *untrusted_certs; /* untrusted (intermediate) certs */ int ignore_keyusage; /* ignore key usage entry when validating certs */ - int permitTAInExtraCertsForIR; /* allow use of root certs in extracerts */ - /* when validating message protection; used for 3GPP-style E.7 */ + /* + * permitTAInExtraCertsForIR allows use of root certs in extracerts + * when validating message protection; this is used for 3GPP-style E.7 + */ + int permitTAInExtraCertsForIR; /* client authentication */ int unprotectedSend; /* send unprotected PKI messages */ @@ -536,68 +543,108 @@ typedef struct ossl_cmp_pkibody_st { OSSL_CMP_CERTREPMESSAGE *ip; /* 1 */ OSSL_CRMF_MSGS *cr; /* 2 */ OSSL_CMP_CERTREPMESSAGE *cp; /* 3 */ - /* p10cr [4] CertificationRequest, --imported from [PKCS10] */ - /* + /*- + * p10cr [4] CertificationRequest, --imported from [PKCS10] + * * PKCS10_CERTIFICATIONREQUEST is effectively X509_REQ * so it is used directly */ X509_REQ *p10cr; /* 4 */ - /* popdecc [5] POPODecKeyChallContent, --pop Challenge */ - /* POPODecKeyChallContent ::= SEQUENCE OF Challenge */ + /*- + * popdecc [5] POPODecKeyChallContent, --pop Challenge + * + * POPODecKeyChallContent ::= SEQUENCE OF Challenge + */ OSSL_CMP_POPODECKEYCHALLCONTENT *popdecc; /* 5 */ - /* popdecr [6] POPODecKeyRespContent, --pop Response */ - /* POPODecKeyRespContent ::= SEQUENCE OF INTEGER */ + /*- + * popdecr [6] POPODecKeyRespContent, --pop Response + * + * POPODecKeyRespContent ::= SEQUENCE OF INTEGER + */ OSSL_CMP_POPODECKEYRESPCONTENT *popdecr; /* 6 */ OSSL_CRMF_MSGS *kur; /* 7 */ OSSL_CMP_CERTREPMESSAGE *kup; /* 8 */ OSSL_CRMF_MSGS *krr; /* 9 */ - /* krp [10] KeyRecRepContent, --Key Recovery Response */ + /*- + * krp [10] KeyRecRepContent, --Key Recovery Response + */ OSSL_CMP_KEYRECREPCONTENT *krp; /* 10 */ - /* rr [11] RevReqContent, --Revocation Request */ + /*- + * rr [11] RevReqContent, --Revocation Request + */ OSSL_CMP_REVREQCONTENT *rr; /* 11 */ - /* rp [12] RevRepContent, --Revocation Response */ + /*- + * rp [12] RevRepContent, --Revocation Response + */ OSSL_CMP_REVREPCONTENT *rp; /* 12 */ - /* ccr [13] CertReqMessages, --Cross-Cert. Request */ + /*- + * ccr [13] CertReqMessages, --Cross-Cert. Request + */ OSSL_CRMF_MSGS *ccr; /* 13 */ - /* ccp [14] CertRepMessage, --Cross-Cert. Response */ + /*- + * ccp [14] CertRepMessage, --Cross-Cert. Response + */ OSSL_CMP_CERTREPMESSAGE *ccp; /* 14 */ - /* ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. */ + /*- + * ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. + */ OSSL_CMP_CAKEYUPDANNCONTENT *ckuann; /* 15 */ - /* cann [16] CertAnnContent, --Certificate Ann. */ - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - X509 *cann; /* 16 */ - /* rann [17] RevAnnContent, --Revocation Ann. */ + /*- + * cann [16] CertAnnContent, --Certificate Ann. + * OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly + */ + X509 *cann; /* 16 */ + /*- + * rann [17] RevAnnContent, --Revocation Ann. + */ OSSL_CMP_REVANNCONTENT *rann; /* 17 */ - /* crlann [18] CRLAnnContent, --CRL Announcement */ - /* CRLAnnContent ::= SEQUENCE OF CertificateList */ - OSSL_CMP_CRLANNCONTENT *crlann; - /* PKIConfirmContent ::= NULL */ - /* pkiconf [19] PKIConfirmContent, --Confirmation */ - /* OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL */ - /* OSSL_CMP_CONFIRMCONTENT *pkiconf; */ - /* + /*- + * crlann [18] CRLAnnContent, --CRL Announcement + * CRLAnnContent ::= SEQUENCE OF CertificateList + */ + OSSL_CMP_CRLANNCONTENT *crlann; /* 18 */ + /*- + * PKIConfirmContent ::= NULL + * pkiconf [19] PKIConfirmContent, --Confirmation + * OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL + * OSSL_CMP_CONFIRMCONTENT *pkiconf; + * * NOTE: this should ASN1_NULL according to the RFC * but there might be a struct in it when sent from faulty servers... */ ASN1_TYPE *pkiconf; /* 19 */ - /* nested [20] NestedMessageContent, --Nested Message */ - /* NestedMessageContent ::= PKIMessages */ + /*- + * nested [20] NestedMessageContent, --Nested Message + * NestedMessageContent ::= PKIMessages + */ OSSL_CMP_MSGS *nested; /* 20 */ - /* genm [21] GenMsgContent, --General Message */ - /* GenMsgContent ::= SEQUENCE OF InfoTypeAndValue */ + /*- + * genm [21] GenMsgContent, --General Message + * GenMsgContent ::= SEQUENCE OF InfoTypeAndValue + */ OSSL_CMP_GENMSGCONTENT *genm; /* 21 */ - /* genp [22] GenRepContent, --General Response */ - /* GenRepContent ::= SEQUENCE OF InfoTypeAndValue */ + /*- + * genp [22] GenRepContent, --General Response + * GenRepContent ::= SEQUENCE OF InfoTypeAndValue + */ OSSL_CMP_GENREPCONTENT *genp; /* 22 */ - /* error [23] ErrorMsgContent, --Error Message */ + /*- + * error [23] ErrorMsgContent, --Error Message + */ OSSL_CMP_ERRORMSGCONTENT *error; /* 23 */ - /* certConf [24] CertConfirmContent, --Certificate confirm */ + /*- + * certConf [24] CertConfirmContent, --Certificate confirm + */ OSSL_CMP_CERTCONFIRMCONTENT *certConf; /* 24 */ - /* pollReq [25] PollReqContent, --Polling request */ - OSSL_CMP_POLLREQCONTENT *pollReq; - /* pollRep [26] PollRepContent --Polling response */ - OSSL_CMP_POLLREPCONTENT *pollRep; + /*- + * pollReq [25] PollReqContent, --Polling request + */ + OSSL_CMP_POLLREQCONTENT *pollReq; /* 25 */ + /*- + * pollRep [26] PollRepContent --Polling response + */ + OSSL_CMP_POLLREPCONTENT *pollRep; /* 26 */ } value; } OSSL_CMP_PKIBODY; DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) @@ -704,13 +751,12 @@ void ossl_cmp_add_error_txt(const char *separator, const char *txt); # define ossl_cmp_add_error_data(txt) ossl_cmp_add_error_txt(" : ", txt) # define ossl_cmp_add_error_line(txt) ossl_cmp_add_error_txt("\n", txt) /* functions manipulating lists of certificates etc could be generally useful */ -int ossl_cmp_sk_X509_add1_cert (STACK_OF(X509) *sk, X509 *cert, - int no_dup, int prepend); +int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert, + int no_dup, int prepend); int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, - int no_self_signed, int no_dups, int prepend); + int no_self_issued, int no_dups, int prepend); int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_signed); -STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); + int only_self_issued); int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, const ASN1_OCTET_STRING *src); int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, @@ -850,7 +896,7 @@ OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, OSSL_CMP_PKISI * ossl_cmp_revrepcontent_get_pkistatusinfo(OSSL_CMP_REVREPCONTENT *rrep, int rsid); OSSL_CRMF_CERTID *ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rrep, - int rsid); + int rsid); OSSL_CMP_POLLREP * ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, int rid); @@ -861,9 +907,9 @@ X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, const OSSL_CMP_CERTRESPONSE *crep); OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file); /* BIO definitions */ -# define OSSL_d2i_CMP_MSG_bio(bp, p) \ +# define OSSL_d2i_CMP_MSG_bio(bp, p) \ ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new, d2i_OSSL_CMP_MSG, bp, p) -# define OSSL_i2d_CMP_MSG_bio(bp, o) \ +# define OSSL_i2d_CMP_MSG_bio(bp, o) \ ASN1_i2d_bio_of(OSSL_CMP_MSG, i2d_OSSL_CMP_MSG, bp, o) /* from cmp_protect.c */ diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 00381932f3..c794dc98bb 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -232,7 +232,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, */ || !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey, subject, ctx->issuer, - NULL/* serial */)) + NULL /* serial */)) goto err; if (ctx->days != 0) { time_t notBefore, notAfter; @@ -442,8 +442,8 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) /* Fill the template from the contents of the certificate to be revoked */ if (!OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, - NULL/* pubkey would be redundant */, - NULL/* subject would be redundant */, + NULL /* pubkey would be redundant */, + NULL /* subject would be redundant */, X509_get_issuer_name(ctx->oldCert), X509_get_serialNumber(ctx->oldCert))) goto err; @@ -569,7 +569,7 @@ int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, return 0; for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) { - if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs,i))) == NULL) + if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i))) == NULL) return 0; if (!ossl_cmp_msg_gen_push0_ITAV(msg, itav)) { OSSL_CMP_ITAV_free(itav); @@ -643,8 +643,8 @@ OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si, } if (errorDetails != NULL) if ((msg->body->value.error->errorDetails = - sk_ASN1_UTF8STRING_deep_copy(errorDetails, ASN1_STRING_dup, - ASN1_STRING_free)) == NULL) + sk_ASN1_UTF8STRING_deep_copy(errorDetails, ASN1_STRING_dup, + ASN1_STRING_free)) == NULL) goto err; if (!unprotected && !ossl_cmp_msg_protect(ctx, msg)) diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 7db3440f32..c1b4b8584d 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -156,7 +156,7 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) STACK_OF(X509) *chain = ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->clCert); int res = ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, - 1 /* no self-signed */, + 1 /* no self-issued */, 1 /* no duplicates */, 0); sk_X509_pop_free(chain, X509_free); if (res == 0) diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c index a5f6b29490..7ebc57d37b 100644 --- a/crypto/cmp/cmp_status.c +++ b/crypto/cmp/cmp_status.c @@ -61,7 +61,7 @@ const char *ossl_cmp_PKIStatus_to_string(int status) char buf[40]; BIO_snprintf(buf, sizeof(buf), "PKIStatus: invalid=%d", status); CMPerr(0, CMP_R_ERROR_PARSING_PKISTATUS); - ossl_cmp_add_error_data(buf); + ERR_add_error_data(1, buf); return NULL; } } @@ -195,7 +195,7 @@ char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf, int printed_chars; int failinfo_found = 0; int n_status_strings; - char* write_ptr = buf; + char *write_ptr = buf; #define ADVANCE_BUFFER \ if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \ diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 168bb854d1..a68f701062 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -120,7 +120,7 @@ static const char *improve_location_name(const char *func, const char *fallback) ? fallback : func; } -int OSSL_CMP_print_to_bio(BIO* bio, const char *component, const char *file, +int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, int line, OSSL_CMP_severity level, const char *msg) { const char *level_string = diff --git a/crypto/crmf/crmf_asn.c b/crypto/crmf/crmf_asn.c index 8b6657f969..bd375c6f85 100644 --- a/crypto/crmf/crmf_asn.c +++ b/crypto/crmf/crmf_asn.c @@ -141,8 +141,8 @@ ASN1_CHOICE(OSSL_CRMF_POPO) = { IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO) -ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = ASN1_OPT( - OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY); +ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = + ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY); ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { ADB_ENTRY(NID_id_regCtrl_regToken, ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, @@ -187,7 +187,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY) ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = { - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0), + ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0), /* * serialNumber MUST be omitted. This field is assigned by the CA * during certificate creation. @@ -197,16 +197,16 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = { * signingAlg MUST be omitted. This field is assigned by the CA * during certificate creation. */ - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2), - ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3), + ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2), + ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3), ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, validity, OSSL_CRMF_OPTIONALVALIDITY, 4), - ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5), - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6), + ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5), + ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6), /* issuerUID is deprecated in version 2 */ - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7), + ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7), /* subjectUID is deprecated in version 2 */ - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8), + ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8), ASN1_IMP_SEQUENCE_OF_OPT(OSSL_CRMF_CERTTEMPLATE, extensions, X509_EXTENSION, 9), } ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE) diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 64dbf80978..4d81569299 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -47,7 +47,7 @@ int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, \ { \ OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ \ - if (msg == NULL || in == NULL) \ + if (msg == NULL || in == NULL) \ goto err; \ if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \ goto err; \ @@ -122,9 +122,9 @@ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, return 1; } -int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo( - OSSL_CRMF_PKIPUBLICATIONINFO *pi, - OSSL_CRMF_SINGLEPUBINFO *spi) +int +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + OSSL_CRMF_SINGLEPUBINFO *spi) { if (pi == NULL || spi == NULL) { CRMFerr(CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO, @@ -139,8 +139,8 @@ int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo( return sk_OSSL_CRMF_SINGLEPUBINFO_push(pi->pubInfos, spi); } -int OSSL_CRMF_MSG_set_PKIPublicationInfo_action( - OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action) +int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + int action) { if (pi == NULL || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH @@ -457,7 +457,7 @@ int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey, { OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new(); if (ps == NULL - || !CRMF_poposigningkey_init(ps, crm->certReq, pkey, dgst)){ + || !CRMF_poposigningkey_init(ps, crm->certReq, pkey, dgst)) { OSSL_CRMF_POPOSIGNINGKEY_free(ps); goto err; } @@ -542,21 +542,23 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, * the public key from the certificate template. This MUST be * exactly the same value as contained in the certificate template. */ + const ASN1_ITEM *rptr = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT); + if (pubkey == NULL || sig->poposkInput->publicKey == NULL || X509_PUBKEY_cmp(pubkey, sig->poposkInput->publicKey) - || ASN1_item_verify( - ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT), - sig->algorithmIdentifier, sig->signature, - sig->poposkInput, X509_PUBKEY_get0(pubkey)) < 1) + || ASN1_item_verify(rptr, sig->algorithmIdentifier, + sig->signature, sig->poposkInput, + X509_PUBKEY_get0(pubkey)) < 1) break; } else { if (pubkey == NULL || req->certReq->certTemplate->subject == NULL || ASN1_item_verify(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST), - sig->algorithmIdentifier, sig->signature, - req->certReq, - X509_PUBKEY_get0(pubkey)) < 1) + sig->algorithmIdentifier, + sig->signature, + req->certReq, + X509_PUBKEY_get0(pubkey)) < 1) break; } return 1; diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h index 06b32b5378..3f3f75cf2f 100644 --- a/crypto/crmf/crmf_local.h +++ b/crypto/crmf/crmf_local.h @@ -185,9 +185,9 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE) typedef struct ossl_crmf_popoprivkey_st { int type; union { - ASN1_BIT_STRING *thisMessage; /* 0 */ /* Deprecated */ + ASN1_BIT_STRING *thisMessage; /* 0 */ /* Deprecated */ ASN1_INTEGER *subsequentMessage; /* 1 */ - ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */ + ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */ OSSL_CRMF_PKMACVALUE *agreeMAC; /* 3 */ /* * TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be @@ -310,20 +310,20 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY) * } */ struct ossl_crmf_certtemplate_st { - ASN1_INTEGER *version; /* 0 */ - ASN1_INTEGER *serialNumber; /* 1 */ /* serialNumber MUST be omitted */ - /* This field is assigned by the CA during certificate creation */ - X509_ALGOR *signingAlg; /* 2 */ /* signingAlg MUST be omitted */ - /* This field is assigned by the CA during certificate creation */ - X509_NAME *issuer; /* 3 */ - OSSL_CRMF_OPTIONALVALIDITY *validity; /* 4 */ - X509_NAME *subject; /* 5 */ - X509_PUBKEY *publicKey; /* 6 */ - ASN1_BIT_STRING *issuerUID; /* 7 */ /* deprecated in version 2 */ - /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */ - ASN1_BIT_STRING *subjectUID; /* 8 */ /* deprecated in version 2 */ - /* Could be X509_EXTENSION*S*, but that's only cosmetic */ - STACK_OF(X509_EXTENSION) *extensions; /* 9 */ + ASN1_INTEGER *version; + ASN1_INTEGER *serialNumber; /* serialNumber MUST be omitted */ + /* This field is assigned by the CA during certificate creation */ + X509_ALGOR *signingAlg; /* signingAlg MUST be omitted */ + /* This field is assigned by the CA during certificate creation */ + X509_NAME *issuer; + OSSL_CRMF_OPTIONALVALIDITY *validity; + X509_NAME *subject; + X509_PUBKEY *publicKey; + ASN1_BIT_STRING *issuerUID; /* deprecated in version 2 */ + /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */ + ASN1_BIT_STRING *subjectUID; /* deprecated in version 2 */ + /* Could be X509_EXTENSION*S*, but that's only cosmetic */ + STACK_OF(X509_EXTENSION) *extensions; } /* OSSL_CRMF_CERTTEMPLATE */; /*- diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 2dfa84e49b..6c22bc29a0 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -71,7 +71,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid, /* * iterationCount identifies the number of times the hash is applied * during the key computation process. The iterationCount MUST be a - * minimum of 100. Many people suggest using values as high as 1000 + * minimum of 100. Many people suggest using values as high as 1000 * iterations as the minimum value. The trade off here is between * protection of the password from attacks and the time spent by the * server processing all of the different iterations in deriving diff --git a/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod b/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod index cb36855adf..4c647708f3 100644 --- a/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod +++ b/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod @@ -15,9 +15,9 @@ ossl_cmp_X509_STORE_get1_certs int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert, int no_dup, int prepend); int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, - int no_self_signed, int no_dups, int prepend); + int no_self_issued, int no_dups, int prepend); int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_signed); + int only_self_issued); STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); =head1 DESCRIPTION @@ -29,10 +29,10 @@ On success the reference count of the certificate is increased. ossl_cmp_sk_X509_add1_certs() appends or prepends (depending on the I argument) a list of certificates to the given list, -optionally only if not self-signed and optionally only if not already contained. +optionally only if not self-issued and optionally only if not already contained. The reference counts of those certificates appended successfully are increased. -ossl_cmp_X509_STORE_add1_certs() adds all or only self-signed certificates from +ossl_cmp_X509_STORE_add1_certs() adds all or only self-issued certificates from the given stack to given store. The I parameter may be NULL. ossl_cmp_X509_STORE_get1_certs() retrieves a copy of all certificates in the diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index 78763248e0..bc1ae35305 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -26,7 +26,7 @@ # include # include -# ifdef __cplusplus +# ifdef __cplusplus extern "C" { # endif @@ -128,9 +128,9 @@ extern "C" { # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 # define OSSL_CMP_PKIFAILUREINFO_MAX 26 # define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ - ( (1<<(OSSL_CMP_PKIFAILUREINFO_MAX+1)) - 1) + ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX -# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int +# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int # endif typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; diff --git a/include/openssl/cmp_util.h b/include/openssl/cmp_util.h index 69e843c64e..56fb49e188 100644 --- a/include/openssl/cmp_util.h +++ b/include/openssl/cmp_util.h @@ -42,7 +42,7 @@ typedef int OSSL_CMP_severity; typedef int (*OSSL_cmp_log_cb_t)(const char *func, const char *file, int line, OSSL_CMP_severity level, const char *msg); -int OSSL_CMP_print_to_bio(BIO* bio, const char *component, const char *file, +int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, int line, OSSL_CMP_severity level, const char *msg); /* use of the logging callback for outputting error queue */ void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn); diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index cd962fb5d1..a44a1a92bb 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -19,7 +19,7 @@ # ifndef OPENSSL_NO_CMP -# ifdef __cplusplus +# ifdef __cplusplus extern "C" # endif int ERR_load_CMP_strings(void); @@ -27,8 +27,8 @@ int ERR_load_CMP_strings(void); /* * CMP function codes. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif /* * CMP reason codes. diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h index 160ad326b0..09b57f6bce 100644 --- a/include/openssl/crmf.h +++ b/include/openssl/crmf.h @@ -26,7 +26,7 @@ # include # include -# ifdef __cplusplus +# ifdef __cplusplus extern "C" { # endif @@ -77,9 +77,9 @@ int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *tok); int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *auth); -int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo( - OSSL_CRMF_PKIPUBLICATIONINFO *pi, - OSSL_CRMF_SINGLEPUBINFO *spi); +int +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + OSSL_CRMF_SINGLEPUBINFO *spi); # define OSSL_CRMF_PUB_METHOD_DONTCARE 0 # define OSSL_CRMF_PUB_METHOD_X500 1 # define OSSL_CRMF_PUB_METHOD_WEB 2 @@ -88,10 +88,10 @@ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, int method, GENERAL_NAME *nm); # define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 # define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 -int OSSL_CRMF_MSG_set_PKIPublicationInfo_action( - OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action); +int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + int action); int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, - const OSSL_CRMF_PKIPUBLICATIONINFO *pi); + const OSSL_CRMF_PKIPUBLICATIONINFO *pi); int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, const X509_PUBKEY *pubkey); int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, @@ -110,7 +110,7 @@ int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm); int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); -# define OSSL_CRMF_POPO_NONE -1 +# define OSSL_CRMF_POPO_NONE -1 # define OSSL_CRMF_POPO_RAVERIFIED 0 # define OSSL_CRMF_POPO_SIGNATURE 1 # define OSSL_CRMF_POPO_KEYENC 2 diff --git a/include/openssl/crmferr.h b/include/openssl/crmferr.h index 97f5159b51..97a3028ce2 100644 --- a/include/openssl/crmferr.h +++ b/include/openssl/crmferr.h @@ -19,7 +19,7 @@ # ifndef OPENSSL_NO_CRMF -# ifdef __cplusplus +# ifdef __cplusplus extern "C" # endif int ERR_load_CRMF_strings(void); @@ -27,7 +27,7 @@ int ERR_load_CRMF_strings(void); /* * CRMF function codes. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DEPRECATED_3_0 # define CRMF_F_CRMF_POPOSIGNINGKEY_INIT 0 # define CRMF_F_OSSL_CRMF_CERTID_GEN 0 # define CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL 0 @@ -47,7 +47,7 @@ int ERR_load_CRMF_strings(void); # define CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY 0 # define CRMF_F_OSSL_CRMF_PBMP_NEW 0 # define CRMF_F_OSSL_CRMF_PBM_NEW 0 -# endif +# endif /* * CRMF reason codes. diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index e6b6f24854..5c637b0a3c 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -190,8 +190,8 @@ static int test_CTX_print_errors(void) } #endif -static int execute_CTX_reqExtensions_have_SAN_test( - OSSL_CMP_CTX_TEST_FIXTURE *fixture) +static +int execute_CTX_reqExtensions_have_SAN_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) { OSSL_CMP_CTX *ctx = fixture->ctx; const int len = 16; @@ -240,10 +240,10 @@ static int test_log_cb(const char *func, const char *file, int line, OSSL_CMP_severity level, const char *msg) { test_log_cb_res = -# ifndef PEDANTIC +#ifndef PEDANTIC (TEST_str_eq(func, "execute_cmp_ctx_log_cb_test") || TEST_str_eq(func, "(unknown function)")) && -# endif +#endif (TEST_str_eq(file, OPENSSL_FILE) || TEST_str_eq(file, "(no file)")) && (TEST_int_eq(line, test_log_line) || TEST_int_eq(line, 0)) @@ -327,13 +327,13 @@ typedef OSSL_CMP_CTX CMP_CTX; /* prevents rewriting type name by below macro */ #define DEFINE_SET_GET_BASE_TEST(PREFIX, SETN, GETN, DUP, FIELD, TYPE, ERR, \ DEFAULT, NEW, FREE) \ -static int execute_CTX_##SETN##_##GETN##_##FIELD( \ - OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ +static int \ +execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ { \ CMP_CTX *ctx = fixture->ctx; \ int (*set_fn)(CMP_CTX *ctx, TYPE) = \ (int (*)(CMP_CTX *ctx, TYPE))PREFIX##_##SETN##_##FIELD; \ - /* need type cast in above assignment because TYPE arg sometimes is const */ \ + /* need type cast in above assignment as TYPE arg sometimes is const */ \ TYPE (*get_fn)(const CMP_CTX *ctx) = OSSL_CMP_CTX_##GETN##_##FIELD; \ TYPE val1_to_free = NEW; \ TYPE val1 = val1_to_free; \ @@ -437,7 +437,7 @@ static int execute_CTX_##SETN##_##GETN##_##FIELD( \ TEST_error("third get gave different value"); \ res = 0; \ } \ - } else { \ + } else { \ if (DUP && val3_read == val2_read) { \ TEST_error("third get did not create a new dup"); \ res = 0; \ @@ -486,8 +486,8 @@ static X509_STORE *X509_STORE_new_1(void) return store; } -#define DEFAULT_STORE(x) ((x) == NULL \ - || X509_VERIFY_PARAM_get_flags(X509_STORE_get0_param(x)) == 0) +#define DEFAULT_STORE(x) \ + ((x) == NULL || X509_VERIFY_PARAM_get_flags(X509_STORE_get0_param(x)) == 0) #define IS_NEG(x) ((x) < 0) #define IS_0(x) ((x) == 0) /* for any type */ @@ -498,7 +498,7 @@ static X509_STORE *X509_STORE_new_1(void) #define DEFINE_SET_GET_TEST(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \ - TYPE*, NULL, IS_0, TYPE##_new(), TYPE##_free) + TYPE *, NULL, IS_0, TYPE##_new(), TYPE##_free) #define DEFINE_SET_GET_SK_TEST_DEFAULT(OSSL_CMP, CTX, N, M, FIELD, ELEM_TYPE, \ DEFAULT, NEW, FREE) \ @@ -515,7 +515,7 @@ static X509_STORE *X509_STORE_new_1(void) #define DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE, \ DEFAULT) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \ - TYPE*, NULL, DEFAULT, TYPE##_new(), TYPE##_free) + TYPE *, NULL, DEFAULT, TYPE##_new(), TYPE##_free) #define DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, N, DUP, FIELD, TYPE, DEFAULT) \ static TYPE *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \ { \ @@ -546,7 +546,7 @@ typedef OSSL_HTTP_bio_cb_t OSSL_cmp_http_cb_t; OSSL_cmp_##FIELD##_t, NULL, IS_0, \ test_##FIELD, DROP) #define DEFINE_SET_GET_P_VOID_TEST(FIELD) \ - DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, void*, \ + DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, void *, \ NULL, IS_0, ((void *)1), DROP) #define DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, DEFAULT) \ @@ -576,7 +576,7 @@ typedef OSSL_HTTP_bio_cb_t OSSL_cmp_http_cb_t; static int OSSL_CMP_CTX_##SETN##_##FIELD##_str(CMP_CTX *ctx, char *val)\ { \ return OSSL_CMP_CTX_##SETN##_##FIELD(ctx, (unsigned char *)val, \ - strlen(val)); \ + strlen(val)); \ } \ \ static char *OSSL_CMP_CTX_get1_##FIELD##_str(const CMP_CTX *ctx) \ @@ -681,7 +681,7 @@ static int execute_CTX_##PUSHN##_##ELEM(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ res = 0; \ } \ } \ - /* this does not check that all remaining fields and elems are untouched */\ + /* this does not check if all remaining fields and elems are untouched */ \ \ if (!TEST_int_eq(ERR_peek_error(), 0)) \ res = 0; \ @@ -699,7 +699,7 @@ static int test_CTX_##PUSHN##_##ELEM(void) \ } \ #define DEFINE_PUSH_TEST(N, DUP, FIELD, ELEM, TYPE) \ - DEFINE_PUSH_BASE_TEST(push##N, DUP, FIELD, ELEM, TYPE*, TYPE, \ + DEFINE_PUSH_BASE_TEST(push##N, DUP, FIELD, ELEM, TYPE *, TYPE, \ IS_0, TYPE##_new(), TYPE##_free) void cleanup_tests(void) @@ -728,7 +728,7 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, srvCert, X509) DEFINE_SET_TEST(ossl_cmp, ctx, 0, 0, validatedSrvCert, X509) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, expected_sender, X509_NAME) DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore, - X509_STORE*, NULL, + X509_STORE *, NULL, DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free) DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted_certs) @@ -738,9 +738,9 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, pkey, EVP_PKEY) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, recipient, X509_NAME) DEFINE_PUSH_TEST(0, 0, geninfo_ITAVs, geninfo_ITAV, OSSL_CMP_ITAV) DEFINE_SET_SK_TEST(OSSL_CMP, CTX, 1, extraCertsOut, X509) -DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 1, EVP_PKEY*) /* priv == 1 */ +DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 1, EVP_PKEY *) /* priv == 1 */ DEFINE_SET_GET_TEST(OSSL_CMP, CTX, 0, 0, 0, newPkey_1, EVP_PKEY) -DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 0, EVP_PKEY*) /* priv == 0 */ +DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 0, EVP_PKEY *) /* priv == 0 */ DEFINE_SET_GET_TEST(OSSL_CMP, CTX, 0, 0, 0, newPkey_0, EVP_PKEY) DEFINE_SET_GET1_STR_FN(set1, referenceValue) DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, 1, referenceValue_str, char, diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c index a9b2aff79c..c12b72f29e 100644 --- a/test/cmp_hdr_test.c +++ b/test/cmp_hdr_test.c @@ -65,8 +65,9 @@ static int test_HDR_set_get_pvno(void) return result; } -#define X509_NAME_ADD(n, rd, s) X509_NAME_add_entry_by_txt((n), (rd), \ - MBSTRING_ASC, (unsigned char *)(s), -1, -1, 0) +#define X509_NAME_ADD(n, rd, s) \ + X509_NAME_add_entry_by_txt((n), (rd), MBSTRING_ASC, (unsigned char *)(s), \ + -1, -1, 0) static int execute_HDR_get0_senderNonce_test(CMP_HDR_TEST_FIXTURE *fixture) { @@ -112,8 +113,8 @@ static int execute_HDR_set1_sender_test(CMP_HDR_TEST_FIXTURE *fixture) if (!TEST_int_eq(fixture->hdr->sender->type, GEN_DIRNAME)) return 0; - if (!TEST_int_eq( - X509_NAME_cmp(fixture->hdr->sender->d.directoryName, x509name), 0)) + if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->sender->d.directoryName, + x509name), 0)) return 0; X509_NAME_free(x509name); @@ -142,8 +143,8 @@ static int execute_HDR_set1_recipient_test(CMP_HDR_TEST_FIXTURE *fixture) if (!TEST_int_eq(fixture->hdr->recipient->type, GEN_DIRNAME)) return 0; - if (!TEST_int_eq( - X509_NAME_cmp(fixture->hdr->recipient->d.directoryName, x509name),0)) + if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->recipient->d.directoryName, + x509name), 0)) return 0; X509_NAME_free(x509name); @@ -188,7 +189,7 @@ static int test_HDR_update_messageTime(void) static int execute_HDR_set1_senderKID_test(CMP_HDR_TEST_FIXTURE *fixture) { - ASN1_OCTET_STRING* senderKID = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING *senderKID = ASN1_OCTET_STRING_new(); if (!TEST_ptr(senderKID)) return 0; @@ -198,8 +199,8 @@ static int execute_HDR_set1_senderKID_test(CMP_HDR_TEST_FIXTURE *fixture) return 0; if (!TEST_int_eq(ossl_cmp_hdr_set1_senderKID(fixture->hdr, senderKID), 1)) return 0; - if (!TEST_int_eq( - ASN1_OCTET_STRING_cmp(fixture->hdr->senderKID, senderKID), 0)) + if (!TEST_int_eq(ASN1_OCTET_STRING_cmp(fixture->hdr->senderKID, + senderKID), 0)) return 0; ASN1_OCTET_STRING_free(senderKID); @@ -216,7 +217,7 @@ static int test_HDR_set1_senderKID(void) static int execute_HDR_push0_freeText_test(CMP_HDR_TEST_FIXTURE *fixture) { - ASN1_UTF8STRING* text = ASN1_UTF8STRING_new(); + ASN1_UTF8STRING *text = ASN1_UTF8STRING_new(); if (!TEST_ptr(text)) return 0; @@ -224,11 +225,10 @@ static int execute_HDR_push0_freeText_test(CMP_HDR_TEST_FIXTURE *fixture) if (!ASN1_STRING_set(text, "A free text", -1)) return 0; - if (!TEST_int_eq( - ossl_cmp_hdr_push0_freeText(fixture->hdr, text), 1)) + if (!TEST_int_eq(ossl_cmp_hdr_push0_freeText(fixture->hdr, text), 1)) return 0; - if (!TEST_true(text == sk_ASN1_UTF8STRING_value( - fixture->hdr->freeText, 0))) + + if (!TEST_true(text == sk_ASN1_UTF8STRING_value(fixture->hdr->freeText, 0))) return 0; return 1; @@ -244,7 +244,8 @@ static int test_HDR_push0_freeText(void) static int execute_HDR_push1_freeText_test(CMP_HDR_TEST_FIXTURE *fixture) { - ASN1_UTF8STRING* text = ASN1_UTF8STRING_new(); + ASN1_UTF8STRING *text = ASN1_UTF8STRING_new(); + ASN1_UTF8STRING *pushed_text; if (!TEST_ptr(text)) return 0; @@ -252,11 +253,11 @@ static int execute_HDR_push1_freeText_test(CMP_HDR_TEST_FIXTURE *fixture) if (!ASN1_STRING_set(text, "A free text", -1)) return 0; - if (!TEST_int_eq( - ossl_cmp_hdr_push1_freeText(fixture->hdr, text), 1)) + if (!TEST_int_eq(ossl_cmp_hdr_push1_freeText(fixture->hdr, text), 1)) return 0; - if (!TEST_int_eq(ASN1_STRING_cmp( - sk_ASN1_UTF8STRING_value(fixture->hdr->freeText, 0), text), 0)) + + pushed_text = sk_ASN1_UTF8STRING_value(fixture->hdr->freeText, 0); + if (!TEST_int_eq(ASN1_STRING_cmp(text, pushed_text), 0)) return 0; ASN1_UTF8STRING_free(text); @@ -279,11 +280,12 @@ execute_HDR_generalInfo_push0_item_test(CMP_HDR_TEST_FIXTURE *fixture) if (!TEST_ptr(itav)) return 0; - if (!TEST_int_eq( - ossl_cmp_hdr_generalInfo_push0_item(fixture->hdr, itav), 1)) + if (!TEST_int_eq(ossl_cmp_hdr_generalInfo_push0_item(fixture->hdr, itav), + 1)) return 0; - if (!TEST_true(itav == sk_OSSL_CMP_ITAV_value( - fixture->hdr->generalInfo, 0))) + + if (!TEST_true(itav == sk_OSSL_CMP_ITAV_value(fixture->hdr->generalInfo, + 0))) return 0; return 1; @@ -302,10 +304,11 @@ execute_HDR_generalInfo_push1_items_test(CMP_HDR_TEST_FIXTURE *fixture) { const char oid[] = "1.2.3.4"; char buf[20]; - OSSL_CMP_ITAV *itav; - STACK_OF(OSSL_CMP_ITAV) *itavs = NULL; + OSSL_CMP_ITAV *itav, *pushed_itav; + STACK_OF(OSSL_CMP_ITAV) *itavs = NULL, *ginfo; ASN1_INTEGER *asn1int = ASN1_INTEGER_new(); ASN1_TYPE *val = ASN1_TYPE_new(); + ASN1_TYPE *pushed_val; if (!TEST_ptr(asn1int)) return 0; @@ -318,17 +321,17 @@ execute_HDR_generalInfo_push1_items_test(CMP_HDR_TEST_FIXTURE *fixture) itav = OSSL_CMP_ITAV_create(OBJ_txt2obj(oid, 1), val); OSSL_CMP_ITAV_push0_stack_item(&itavs, itav); - if (!TEST_int_eq( - ossl_cmp_hdr_generalInfo_push1_items(fixture->hdr, itavs), 1)) + if (!TEST_int_eq(ossl_cmp_hdr_generalInfo_push1_items(fixture->hdr, itavs), + 1)) return 0; - OBJ_obj2txt(buf, sizeof(buf), OSSL_CMP_ITAV_get0_type( - sk_OSSL_CMP_ITAV_value(fixture->hdr->generalInfo, 0)), 0); + ginfo = fixture->hdr->generalInfo; + pushed_itav = sk_OSSL_CMP_ITAV_value(ginfo, 0); + OBJ_obj2txt(buf, sizeof(buf), OSSL_CMP_ITAV_get0_type(pushed_itav), 0); if (!TEST_int_eq(memcmp(oid, buf, sizeof(oid)), 0)) return 0; - if (!TEST_int_eq(ASN1_TYPE_cmp(itav->infoValue.other, - OSSL_CMP_ITAV_get0_value( - sk_OSSL_CMP_ITAV_value(fixture->hdr->generalInfo, 0))), 0)) + pushed_val = OSSL_CMP_ITAV_get0_value(sk_OSSL_CMP_ITAV_value(ginfo, 0)); + if (!TEST_int_eq(ASN1_TYPE_cmp(itav->infoValue.other, pushed_val), 0)) return 0; sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); @@ -362,35 +365,36 @@ static int test_HDR_set_and_check_implicit_confirm(void) static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture) { - ASN1_OCTET_STRING *header_nonce = NULL; - ASN1_OCTET_STRING *ctx_nonce = NULL; - int res = 0; + ASN1_OCTET_STRING *header_nonce, *header_transactionID; + ASN1_OCTET_STRING *ctx_nonce; if (!TEST_int_eq(fixture->expected, ossl_cmp_hdr_init(fixture->cmp_ctx, fixture->hdr))) - goto err; - if (fixture->expected != 0) { - if (!TEST_int_eq(ossl_cmp_hdr_get_pvno(fixture->hdr), OSSL_CMP_PVNO) - || !TEST_true(0 == ASN1_OCTET_STRING_cmp( - ossl_cmp_hdr_get0_senderNonce(fixture->hdr), - fixture->cmp_ctx->senderNonce)) - || !TEST_true(0 == ASN1_OCTET_STRING_cmp( - OSSL_CMP_HDR_get0_transactionID(fixture->hdr), - fixture->cmp_ctx->transactionID))) - goto err; - header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr); - ctx_nonce = fixture->cmp_ctx->recipNonce; - if (ctx_nonce != NULL - && (!TEST_ptr(header_nonce) - || !TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce, - ctx_nonce)))) - goto err; - } + return 0; + if (fixture->expected == 0) + return 1; - res = 1; + if (!TEST_int_eq(ossl_cmp_hdr_get_pvno(fixture->hdr), OSSL_CMP_PVNO)) + return 0; - err: - return res; + header_nonce = ossl_cmp_hdr_get0_senderNonce(fixture->hdr); + if (!TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce, + fixture->cmp_ctx->senderNonce))) + return 0; + header_transactionID = OSSL_CMP_HDR_get0_transactionID(fixture->hdr); + if (!TEST_true(0 == ASN1_OCTET_STRING_cmp(header_transactionID, + fixture->cmp_ctx->transactionID))) + return 0; + + header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr); + ctx_nonce = fixture->cmp_ctx->recipNonce; + if (ctx_nonce != NULL + && (!TEST_ptr(header_nonce) + || !TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce, + ctx_nonce)))) + return 0; + + return 1; } static int test_HDR_init(void) diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index 7fa0619284..8f95865869 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -122,7 +122,7 @@ static int execute_pkimessage_create_test(CMP_MSG_TEST_FIXTURE *fixture) (fixture->cmp_ctx, fixture->bodytype)); } -static int set1_newPkey(OSSL_CMP_CTX *ctx, EVP_PKEY* pkey) +static int set1_newPkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey) { if (!EVP_PKEY_up_ref(pkey)) return 0; @@ -321,7 +321,7 @@ static int test_cmp_create_error_msg(void) OSSL_CMP_PKIFAILUREINFO_systemFailure, NULL); fixture->err_code = -1; - fixture->expected = 1; /* Expected: Message creation is successful */ + fixture->expected = 1; /* expected: message creation is successful */ if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) { tear_down(fixture); fixture = NULL; @@ -430,7 +430,7 @@ static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture) goto err; if (!X509_NAME_add_entry_by_txt(issuer, "CN", MBSTRING_ASC, - (unsigned char*)"The Issuer", -1, -1, 0) + (unsigned char *)"The Issuer", -1, -1, 0) || !ASN1_INTEGER_set(serial, 99) || (cid = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL || (rpmsg = ossl_cmp_rp_new(fixture->cmp_ctx, si, cid, 1)) == NULL) @@ -439,8 +439,8 @@ static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture) if (!TEST_ptr(ossl_cmp_revrepcontent_get_CertId(rpmsg->body->value.rp, 0))) goto err; - if (!TEST_ptr(ossl_cmp_revrepcontent_get_pkistatusinfo(rpmsg->body->value.rp, - 0))) + if (!TEST_ptr(ossl_cmp_revrepcontent_get_pkistatusinfo(rpmsg->body-> + value.rp, 0))) goto err; res = 1; @@ -468,11 +468,11 @@ static int execute_pollrep_create(CMP_MSG_TEST_FIXTURE *fixture) pollrep = ossl_cmp_pollRep_new(fixture->cmp_ctx, 77, 2000); if (!TEST_ptr(pollrep)) return 0; - if (!TEST_ptr(ossl_cmp_pollrepcontent_get0_pollrep( - pollrep->body->value.pollRep, 77))) + if (!TEST_ptr(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body-> + value.pollRep, 77))) goto err; - if (!TEST_ptr_null(ossl_cmp_pollrepcontent_get0_pollrep( - pollrep->body->value.pollRep, 88))) + if (!TEST_ptr_null(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body-> + value.pollRep, 88))) goto err; res = 1; diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 8425849835..022dea6b7c 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -20,7 +20,7 @@ typedef struct test_fixture { OSSL_CMP_CTX *cmp_ctx; /* for protection tests */ OSSL_CMP_MSG *msg; - OSSL_CMP_PKISI *si; /* for error and response messages */ + OSSL_CMP_PKISI *si; /* for error and response messages */ ASN1_OCTET_STRING *secret; EVP_PKEY *privkey; EVP_PKEY *pubkey; @@ -86,7 +86,8 @@ static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->msg, fixture->secret, NULL); int res = TEST_ptr(protection) - && TEST_true(ASN1_STRING_cmp(protection, fixture->msg->protection) == 0); + && TEST_true(ASN1_STRING_cmp(protection, + fixture->msg->protection) == 0); ASN1_BIT_STRING_free(protection); return res; @@ -400,7 +401,7 @@ static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) static int test_X509_STORE(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); - fixture->callback_arg = 0; /* self-signed allowed */ + fixture->callback_arg = 0; /* self-issued allowed */ if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !sk_X509_push(fixture->certs, endentity1) || !sk_X509_push(fixture->certs, endentity2) @@ -414,12 +415,12 @@ static int test_X509_STORE(void) return result; } -static int test_X509_STORE_only_self_signed(void) +static int test_X509_STORE_only_self_issued(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->certs = sk_X509_new_null(); fixture->chain = sk_X509_new_null(); - fixture->callback_arg = 1; /* only self-signed */ + fixture->callback_arg = 1; /* only self-issued */ if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) || !TEST_true(sk_X509_push(fixture->certs, endentity2)) || !TEST_true(sk_X509_push(fixture->certs, root)) @@ -521,7 +522,7 @@ int setup_tests(void) #endif ADD_TEST(test_X509_STORE); - ADD_TEST(test_X509_STORE_only_self_signed); + ADD_TEST(test_X509_STORE_only_self_issued); return 1; } -- 2.34.1