fixup! CMP lib and app: add optional certProfile request message head…

…er and respective -profile option
siemens · Dec 15, 2023 · 3c7a3ea · 3c7a3ea
1 parent a0b402b
commit 3c7a3ea
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 5 deletions.
diff --git a/apps/cmp.c b/apps/cmp.c
@@ -1859,7 +1859,8 @@ static int add_certProfile(OSSL_CMP_CTX *ctx, const char *name)
        ASN1_STRING_free(utf8string);
        goto err;
    }
-   (void)sk_ASN1_UTF8STRING_push(sk, utf8string); /* must succeed */
+   /* Due to sk_ASN1_UTF8STRING_new_reserve(NULL, 1), this surely succeeds: */
+   (void)sk_ASN1_UTF8STRING_push(sk, utf8string);
    if ((itav = OSSL_CMP_ITAV_new0_certProfile(sk)) == NULL)
        goto err;
    if (OSSL_CMP_CTX_push0_geninfo_ITAV(ctx, itav))

diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
@@ -252,6 +252,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
             ASN1_OBJECT *obj = OSSL_CMP_ITAV_get0_type(itav);
             STACK_OF(ASN1_UTF8STRING) *strs;
             ASN1_UTF8STRING *str;
+            const char *data;
 
             if (OBJ_obj2nid(obj) == NID_id_it_certProfile) {
                 if (!OSSL_CMP_ITAV_get0_certProfile(itav, &strs))
@@ -261,8 +262,13 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
                     return NULL;
                 }
                 str = sk_ASN1_UTF8STRING_value(strs, 0);
-                if (strcmp((const char *)ASN1_STRING_get0_data(str), "profile1")
-                    != 0) {
+                if (str == NULL
+                    || (data =
+                        (const char *)ASN1_STRING_get0_data(str)) == NULL) {
+                    ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
+                    return NULL;
+                }
+                if (strcmp(data, "profile1") != 0) {
                     ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CERTPROFILE);
                     return NULL;
                 }

diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
@@ -1401,7 +1401,7 @@ The B<cmp> application was added in OpenSSL 3.0.
 
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
-The B<-profile> option as was added in OpenSSL 3.3.
+The B<-profile> option was added in OpenSSL 3.3.
 
 =head1 COPYRIGHT
 

diff --git a/doc/man3/OSSL_CMP_ITAV_set0.pod b/doc/man3/OSSL_CMP_ITAV_set0.pod
@@ -61,7 +61,12 @@ It is an error if the infoType of I<itav> is not B<certProfile>.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 4210 and RFC 9480 (and CRMF in RFC 4211).
+
+OIDs to use as types in B<OSSL_CMP_ITAV> can be found at
+L<https://datatracker.ietf.org/doc/html/rfc9480#section-4.2.2>.
+The respective OpenSSL NIDs, such as B<NID_id_it_certProfile>,
+are defined in the F<< <openssl/obj_mac.h> >> header file.
 
 =head1 RETURN VALUES