From b204e1bd3a69e29b53e4112a5dba1f266fa1152f Mon Sep 17 00:00:00 2001 From: Rajeev Ranjan Date: Wed, 17 Apr 2024 14:39:27 +0200 Subject: [PATCH] fixup! fix sending error when no root CA cert update available --- crypto/cmp/cmp_asn.c | 27 +++++++++---------- doc/man3/OSSL_CMP_ITAV_new_caCerts.pod | 3 ++- .../80-test_cmp_http_data/test_commands.csv | 2 +- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index 2c9dd6a547084..daa6a4c49b64a 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -289,24 +289,23 @@ OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, OSSL_CMP_ITAV *itav; OSSL_CMP_ROOTCAKEYUPDATE *upd = NULL; - if (newWithNew == NULL) - goto null_value; + if (newWithNew != NULL) { + upd = OSSL_CMP_ROOTCAKEYUPDATE_new(); + if (upd == NULL) + return NULL; - upd = OSSL_CMP_ROOTCAKEYUPDATE_new(); - if (upd == NULL) - return NULL; - - if ((upd->newWithNew = X509_dup(newWithNew)) == NULL) - goto err; - if (newWithOld != NULL && (upd->newWithOld = X509_dup(newWithOld)) == NULL) - goto err; - if (oldWithNew != NULL && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL) - goto err; + if ((upd->newWithNew = X509_dup(newWithNew)) == NULL) + goto err; + if (newWithOld != NULL + && (upd->newWithOld = X509_dup(newWithOld)) == NULL) + goto err; + if (oldWithNew != NULL + && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL) + goto err; + } - null_value: if ((itav = OSSL_CMP_ITAV_new()) == NULL) goto err; - itav->infoType = OBJ_nid2obj(NID_id_it_rootCaKeyUpdate); itav->infoValue.rootCaKeyUpdate = upd; return itav; diff --git a/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod b/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod index 66f0ac90309d2..d230896c151e5 100644 --- a/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod +++ b/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod @@ -59,7 +59,8 @@ If I is not NULL, it assigns to I<*newWithOld> the internal pointer to the certificate contained in the newWithOld infoValue sub-field of I. If I is not NULL, it assigns to I<*oldWithNew> the internal pointer to the certificate contained in the oldWithNew infoValue sub-field of I. -Each of these pointers will be NULL if the respective sub-field is not set. +Each of these pointers will be set to NULL if update of root CA certificate is +not included. =head1 NOTES diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv index 9162c329f14ac..aabf2dc1e62ca 100644 --- a/test/recipes/80-test_cmp_http_data/test_commands.csv +++ b/test/recipes/80-test_cmp_http_data/test_commands.csv @@ -77,7 +77,7 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty 0,genm rootCaCert oldwithold empty file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, empty.txt , -newwithnew, _RESULT_DIR/test.newwithnew.pem 0,genm rootCaCert oldwithold random file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, random.bin , -newwithnew, _RESULT_DIR/test.newwithnew.pem 0,genm rootCaCert oldwithold nonexistent , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, idontexist , -newwithnew, _RESULT_DIR/test.newwithnew.pem -1,genm rootCaCert oldwithold wrong , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt , -newwithnew, _RESULT_DIR/test.newwithnew.pem +1,genm rootCaCert oldwithold different , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt , -newwithnew, _RESULT_DIR/test.newwithnew.pem 0,genm rootCaCert missing newwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, BLANK ,, 0,genm rootCaCert newwithnew missing arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew,, 1,genm rootCaCert with oldwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew1.pem, -oldwithnew, _RESULT_DIR/test.oldwithnew1.pem