CMP: introduce version 3, while version 2 stays the default

author Dr. David von Oheimb <David.von.Oheimb@siemens.com>

Wed, 4 May 2022 13:49:47 +0000 (15:49 +0200)

committer Hugo Landau <hlandau@openssl.org>

Fri, 1 Jul 2022 06:38:50 +0000 (07:38 +0100)
author Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Wed, 4 May 2022 13:49:47 +0000 (15:49 +0200)
committer Hugo Landau <hlandau@openssl.org>
Fri, 1 Jul 2022 06:38:50 +0000 (07:38 +0100)
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h

index 3da021043b81f0610a50e080def70d37a8c3f20f..07a8c8eab20f0f335b4e786be2a503a21e410af5 100644 (file)
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -446,7 +446,7 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREPCONTENT)
  
  /*-
   * PKIHeader ::= SEQUENCE {
- *     pvno                INTEGER     { cmp1999(1), cmp2000(2) },
+ *     pvno                INTEGER     { cmp1999(1), cmp2000(2), cmp2021(3) },
   *     sender              GeneralName,
   *     -- identifies the sender
   *     recipient           GeneralName,
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c

index 5553abe9148f12ea33a3f12d2ca39531378de153..a269ef49da5e9edafca53beae286fd70b623c37b 100644 (file)
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -749,7 +749,8 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
      }
  
      /* check CMP version number in header */
-    if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO) {
+    if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO_2
+            && ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO_3) {
  #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
          ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PVNO);
          return 0;
diff --git a/doc/internal/man3/ossl_cmp_msg_check_update.pod b/doc/internal/man3/ossl_cmp_msg_check_update.pod

index 763de8452aba0d5c3b559e3416e3a98f9132098e..d1513bf34f0c796beb67b21edf7c5fce646d2a58 100644 (file)
--- a/doc/internal/man3/ossl_cmp_msg_check_update.pod
+++ b/doc/internal/man3/ossl_cmp_msg_check_update.pod
@@ -33,7 +33,7 @@ The B<msg> is checked for the following:
  =item its protection is present and valid (or a callback function B<cb>
  is present and indicates that a missing or invalid protection is acceptable),
  
-=item its CMP protocol version is acceptable, namely B<OSSL_CMP_PVNO>,
+=item its CMP protocol version is acceptable,
  
  =item its body type is valid,
  
diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in

index fbe248388caf3be9f72bf15a3b662b345da54d3d..dd4d9a633d219709b09ae463f842eab280752e91 100644 (file)
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -36,7 +36,9 @@ use OpenSSL::stackhash qw(generate_stack_macros);
  extern "C" {
  #  endif
  
-#  define OSSL_CMP_PVNO 2
+#  define OSSL_CMP_PVNO_2 2
+#  define OSSL_CMP_PVNO_3 3
+#  define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
  
  /*-
   *   PKIFailureInfo ::= BIT STRING {
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>
	Wed, 4 May 2022 13:49:47 +0000 (15:49 +0200)
committer	Hugo Landau <hlandau@openssl.org>
	Fri, 1 Jul 2022 06:38:50 +0000 (07:38 +0100)
crypto/cmp/cmp_local.h		patch \| blob \| blame \| history
crypto/cmp/cmp_vfy.c		patch \| blob \| blame \| history
doc/internal/man3/ossl_cmp_msg_check_update.pod		patch \| blob \| blame \| history
include/openssl/cmp.h.in		patch \| blob \| blame \| history