Correct error reason of verify_signature() in cmp_vfy.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)

diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c
index 0c3547c0138caa2d6b3c8041e506d8b557b9b848..5f2f713b0808bbc7173c802b1c81059ae710d214 100644 (file)
--- a/crypto/cmp/cmp_err.c
+++ b/crypto/cmp/cmp_err.c
@@ -76,6 +76,8 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
     "error unexpected certconf"},
     {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_PROTECTION),
     "error validating protection"},
+    {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_SIGNATURE),
+    "error validating signature"},
     {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_EXTRACTING_PUBKEY),
     "failed extracting pubkey"},
     {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILURE_OBTAINING_RANDOM),

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 45b2e0010cd75ddc5e10af0ee467036b0f53ce21..f73a0a06a5ff52f67aef1a82f89405a46f8565f2 100644 (file)
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -95,7 +95,7 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
 
  sig_err:
     res = x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
-    CMPerr(0, CMP_R_ERROR_VALIDATING_PROTECTION);
+    CMPerr(0, CMP_R_ERROR_VALIDATING_SIGNATURE);
     if (res)
         ERR_add_error_mem_bio("\n", bio);
     res = 0;

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1668c95153879953db40657caed365d54eb4fb3b..8fd805cd9c47001dcb86624a22ba1aa114ec1bcd 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2116,6 +2116,7 @@ CMP_R_ERROR_PROTECTING_MESSAGE:127:error protecting message
 CMP_R_ERROR_SETTING_CERTHASH:128:error setting certhash
 CMP_R_ERROR_UNEXPECTED_CERTCONF:160:error unexpected certconf
 CMP_R_ERROR_VALIDATING_PROTECTION:140:error validating protection
+CMP_R_ERROR_VALIDATING_SIGNATURE:171:error validating signature
 CMP_R_FAILED_EXTRACTING_PUBKEY:141:failed extracting pubkey
 CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random
 CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range

diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h
index 31fa43cd9281388e227d67053d14b72303e6b6e3..d1ce2256fa48a4dcedf83e385c8bf0632f391f0a 100644 (file)
--- a/include/openssl/cmperr.h
+++ b/include/openssl/cmperr.h
@@ -10,6 +10,7 @@
 
 #ifndef OPENSSL_CMPERR_H
 # define OPENSSL_CMPERR_H
+# pragma once
 
 # include <openssl/opensslconf.h>
 # include <openssl/symhacks.h>
@@ -68,6 +69,7 @@ int ERR_load_CMP_strings(void);
 #  define CMP_R_ERROR_SETTING_CERTHASH                     128
 #  define CMP_R_ERROR_UNEXPECTED_CERTCONF                  160
 #  define CMP_R_ERROR_VALIDATING_PROTECTION                140
+#  define CMP_R_ERROR_VALIDATING_SIGNATURE                 171
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129