From 0c5099cbbc3512562cf8a92e7a092a0ad3a1fb29 Mon Sep 17 00:00:00 2001 From: Rajeev Ranjan Date: Fri, 22 Mar 2024 16:32:35 +0100 Subject: [PATCH] fixup! CMP: add support for genm with crlStatusList and genp with crls --- CHANGES.md | 17 +++++++++++------ apps/cmp.c | 4 ++++ doc/man1/openssl-cmp.pod.in | 8 ++++++-- doc/man3/GENERAL_NAME.pod | 2 +- doc/man3/OSSL_CMP_ITAV_new_caCerts.pod | 2 +- doc/man3/OSSL_CMP_exec_certreq.pod | 6 ++++-- util/libcrypto.num | 22 +++++++++++----------- 7 files changed, 38 insertions(+), 23 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index cbaf25fba540fa..46eb92df2f51a9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,17 @@ OpenSSL Releases - [OpenSSL 1.0.0](#openssl-100) - [OpenSSL 0.9.x](#openssl-09x) + OpenSSL 3.4 +----------- + +### Changes between 3.3 and 3.4 [xx XXX xxxx] + + * Added support for requesting CRL in CMP. + + This work was sponsored by Siemens AG. + + *Rajeev Ranjan* + OpenSSL 3.3 ----------- @@ -75,12 +86,6 @@ OpenSSL 3.3 *Neil Horman* - * Added support for requesting CRL in CMP. - - This work was sponsored by Siemens AG. - - *Rajeev Ranjan* - * Added `-set_issuer` and `-set_subject` options to `openssl x509` to override the Issuer and Subject when creating a certificate. The `-subj` option now is an alias for `-set_subject`. diff --git a/apps/cmp.c b/apps/cmp.c index 2c9360716cba68..7aa31befdecebe 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -146,6 +146,10 @@ static int opt_revreason = CRL_REASON_NONE; /* credentials format */ static char *opt_certform_s = "PEM"; static int opt_certform = FORMAT_PEM; +/* + * DER format is the preferred choice for saving a CRL because it allows for + * more efficient storage, especially when dealing with large CRLs. + */ static char *opt_crlform_s = "DER"; static int opt_crlform = FORMAT_ASN1; static char *opt_keyform_s = NULL; diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 5d63726b7cfdfe..3606faa22cba8f 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -886,6 +886,8 @@ Default value is PEM. File format to use when saving a CRL to a file. Default value is DER. +DER format is preferred because it enables more efficient storage +of large CRLs. =item B<-keyform> I @@ -1471,8 +1473,10 @@ The B application was added in OpenSSL 3.0. The B<-engine> option was deprecated in OpenSSL 3.0. -B<-profile>, B<-crlcert>, B<-oldcrl>, B<-crlout>, B<-crlform> -and B<-rsp_crl> options were added in OpenSSL 3.3. +The B<-profile> option was added in OpenSSL 3.3. + +B<-crlcert>, B<-oldcrl>, B<-crlout>, B<-crlform> +and B<-rsp_crl> options were added in OpenSSL 3.4. =head1 COPYRIGHT diff --git a/doc/man3/GENERAL_NAME.pod b/doc/man3/GENERAL_NAME.pod index 903a33944ebf6c..0bd13dc3ad5a74 100644 --- a/doc/man3/GENERAL_NAME.pod +++ b/doc/man3/GENERAL_NAME.pod @@ -27,7 +27,7 @@ GENERAL_NAME_set1_X509_NAME() return 1 on success, 0 on error. =head1 HISTORY -GENERAL_NAME_set1_X509_NAME() was added in OpenSSL 3.3. +GENERAL_NAME_set1_X509_NAME() was added in OpenSSL 3.4. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod b/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod index fada72c0ce1c8a..aedd827dfc6007 100644 --- a/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod +++ b/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod @@ -171,7 +171,7 @@ were added in OpenSSL 3.2. OSSL_CMP_CRLSTATUS_new1(), OSSL_CMP_CRLSTATUS_create(), OSSL_CMP_CRLSTATUS_get0(), OSSL_CMP_ITAV_new0_crlStatusList(), OSSL_CMP_ITAV_get0_crlStatusList(), OSSL_CMP_ITAV_new_crls() -and OSSL_CMP_ITAV_get0_crls() were added in OpenSSL 3.3. +and OSSL_CMP_ITAV_get0_crls() were added in OpenSSL 3.4. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_CMP_exec_certreq.pod b/doc/man3/OSSL_CMP_exec_certreq.pod index 56e6bb8ef2cc40..a264ec88275ad2 100644 --- a/doc/man3/OSSL_CMP_exec_certreq.pod +++ b/doc/man3/OSSL_CMP_exec_certreq.pod @@ -232,8 +232,10 @@ The OpenSSL CMP support was added in OpenSSL 3.0. OSSL_CMP_get1_caCerts() and OSSL_CMP_get1_rootCaKeyUpdate() were added in OpenSSL 3.2. -OSSL_CMP_get1_crlUpdate() and support for delayed delivery -of all types of response messages was added in OpenSSL 3.3. +Support for delayed delivery of all types of response messages +was added in OpenSSL 3.3. + +OSSL_CMP_get1_crlUpdate() was added in OpenSSL 3.4. =head1 COPYRIGHT diff --git a/util/libcrypto.num b/util/libcrypto.num index 41841ce40224f5..597f4b29aded33 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5536,23 +5536,23 @@ X509_STORE_CTX_set_get_crl 5663 3_2_0 EXIST::FUNCTION: X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION: OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION: BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK -DIST_POINT_NAME_dup ? 3_3_0 EXIST::FUNCTION: -GENERAL_NAME_set1_X509_NAME ? 3_3_0 EXIST::FUNCTION: OSSL_CMP_CTX_get0_geninfo_ITAVs ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_HDR_get0_geninfo_ITAVs ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_ITAV_new0_certProfile ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_ITAV_get0_certProfile ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_get0_certreq_publickey ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_SRV_CTX_init_trans ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_CRLSTATUS_create ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_CRLSTATUS_free ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_CRLSTATUS_get0 ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_CRLSTATUS_new1 ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_get0_crlStatusList ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_get0_crls ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_new0_crlStatusList ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_new_crls ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_get1_crlUpdate ? 3_3_0 EXIST::FUNCTION:CMP +DIST_POINT_NAME_dup ? 3_4_0 EXIST::FUNCTION: +GENERAL_NAME_set1_X509_NAME ? 3_4_0 EXIST::FUNCTION: +OSSL_CMP_CRLSTATUS_create ? 3_4_0 EXIST::FUNCTION:CMP +OSSL_CMP_CRLSTATUS_free ? 3_4_0 EXIST::FUNCTION:CMP +OSSL_CMP_CRLSTATUS_get0 ? 3_4_0 EXIST::FUNCTION:CMP +OSSL_CMP_CRLSTATUS_new1 ? 3_4_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_get0_crlStatusList ? 3_4_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_get0_crls ? 3_4_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_new0_crlStatusList ? 3_4_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_new_crls ? 3_4_0 EXIST::FUNCTION:CMP +OSSL_CMP_get1_crlUpdate ? 3_4_0 EXIST::FUNCTION:CMP EVP_DigestSqueeze ? 3_3_0 EXIST::FUNCTION: ERR_pop ? 3_3_0 EXIST::FUNCTION: X509_STORE_get1_objects ? 3_3_0 EXIST::FUNCTION: