From 7269071e5eb54683353a1d2f8831a4ed03485b86 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Tue, 25 Feb 2020 08:58:39 +0100 Subject: [PATCH] Fix error in case CMP msg POPO is not provided in OSSL_CRMF_MSGS_verify_popo() Reviewed-by: Matt Caswell Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/11142) --- crypto/crmf/crmf_err.c | 1 + crypto/crmf/crmf_lib.c | 12 +++++++----- crypto/err/openssl.txt | 1 + include/openssl/crmferr.h | 1 + 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/crypto/crmf/crmf_err.c b/crypto/crmf/crmf_err.c index 80f71543ca..159d5b2c91 100644 --- a/crypto/crmf/crmf_err.c +++ b/crypto/crmf/crmf_err.c @@ -32,6 +32,7 @@ static const ERR_STRING_DATA CRMF_str_reasons[] = { {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_NULL_ARGUMENT), "null argument"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY), "popo inconsistent public key"}, + {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING), "popo missing"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_PUBLIC_KEY), "popo missing public key"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_SUBJECT), diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index acbc9af5cb..dd69372f3e 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -485,11 +485,13 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, X509_PUBKEY *pubkey = NULL; OSSL_CRMF_POPOSIGNINGKEY *sig = NULL; - if (reqs == NULL - || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL - || req->popo == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, - CRMF_R_NULL_ARGUMENT); + if (reqs == NULL || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL) { + CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, CRMF_R_NULL_ARGUMENT); + return 0; + } + + if (req->popo == NULL) { + CRMFerr(0, CRMF_R_POPO_MISSING); return 0; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index c35d235e18..c921207698 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2263,6 +2263,7 @@ CRMF_R_ITERATIONCOUNT_BELOW_100:108:iterationcount below 100 CRMF_R_MALFORMED_IV:101:malformed iv CRMF_R_NULL_ARGUMENT:109:null argument CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY:117:popo inconsistent public key +CRMF_R_POPO_MISSING:121:popo missing CRMF_R_POPO_MISSING_PUBLIC_KEY:118:popo missing public key CRMF_R_POPO_MISSING_SUBJECT:119:popo missing subject CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED:120:popo raverified not accepted diff --git a/include/openssl/crmferr.h b/include/openssl/crmferr.h index f7b5b906e2..22936c620e 100644 --- a/include/openssl/crmferr.h +++ b/include/openssl/crmferr.h @@ -63,6 +63,7 @@ int ERR_load_CRMF_strings(void); # define CRMF_R_MALFORMED_IV 101 # define CRMF_R_NULL_ARGUMENT 109 # define CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY 117 +# define CRMF_R_POPO_MISSING 121 # define CRMF_R_POPO_MISSING_PUBLIC_KEY 118 # define CRMF_R_POPO_MISSING_SUBJECT 119 # define CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED 120 -- 2.25.1