crmf_lib.c create_popo_signature(): add error queue entry on signature failure

author Dr. David von Oheimb <dev@ddvo.net>

Mon, 2 Jun 2025 18:58:01 +0000 (20:58 +0200)

committer Dr. David von Oheimb <dev@ddvo.net>

Thu, 11 Sep 2025 17:25:42 +0000 (19:25 +0200)
author Dr. David von Oheimb <dev@ddvo.net>
Mon, 2 Jun 2025 18:58:01 +0000 (20:58 +0200)
committer Dr. David von Oheimb <dev@ddvo.net>
Thu, 11 Sep 2025 17:25:42 +0000 (19:25 +0200)
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c

index 173b9ac55a03736bbe52389ab76ba6fc3ae3a04e..6078a61b2481cb1165192e4282d1404316f58b06 100644 (file)
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -116,7 +116,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
          if (ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART),
                                msg->header->protectionAlg, /* sets X509_ALGOR */
                                NULL, prot, &prot_part, NULL, ctx->pkey, md,
-                              ctx->libctx, ctx->propq))
+                              ctx->libctx, ctx->propq) != 0)
              return prot;
          ASN1_BIT_STRING_free(prot);
          return NULL;
diff --git a/crypto/crmf/crmf_err.c b/crypto/crmf/crmf_err.c

index 4727c83353048be9e5ac02ebce9e6d7748fd83f1..55c543d563a0dd4455c1b99ca8c7c0ec8a865da8 100644 (file)
--- a/crypto/crmf/crmf_err.c
+++ b/crypto/crmf/crmf_err.c
@@ -36,6 +36,8 @@ static const ERR_STRING_DATA CRMF_str_reasons[] = {
       "error decrypting symmetric key"},
      {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_SETTING_PURPOSE),
       "error setting purpose"},
+    {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_SIGNING_POPO),
+     "error signing popo"},
      {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_VERIFYING_ENCRYPTEDKEY),
       "error verifying encryptedkey"},
      {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_FAILURE_OBTAINING_RANDOM),
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c

index 68432e530060e70e25e9d8d7537ffda837d4eb01..ecdd3526e38902055e3aaa73805df99493c018c1 100644 (file)
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -379,10 +379,13 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
              && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */
          digest = NULL;
  
-    return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
-                             ps->algorithmIdentifier, /* sets this X509_ALGOR */
-                             NULL, ps->signature, /* sets the ASN1_BIT_STRING */
-                             cr, NULL, pkey, digest, libctx, propq);
+    if (ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
+                          ps->algorithmIdentifier, /* sets this X509_ALGOR */
+                          NULL, ps->signature, /* sets the ASN1_BIT_STRING */
+                          cr, NULL, pkey, digest, libctx, propq) != 0)
+        return 1;
+    ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_SIGNING_POPO);
+    return 0;
  }
  
  int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt

index e819a808ca98e68e958daf7d7d38855fe0db27b4..f47bc5ae7566cffd101e6cc017b2026106e9f296 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -464,6 +464,7 @@ CRMF_R_ERROR_DECRYPTING_ENCRYPTEDKEY:124:error decrypting encryptedkey
  CRMF_R_ERROR_DECRYPTING_ENCRYPTEDVALUE:125:error decrypting encryptedvalue
  CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY:106:error decrypting symmetric key
  CRMF_R_ERROR_SETTING_PURPOSE:126:error setting purpose
+CRMF_R_ERROR_SIGNING_POPO:129:error signing popo
  CRMF_R_ERROR_VERIFYING_ENCRYPTEDKEY:127:error verifying encryptedkey
  CRMF_R_FAILURE_OBTAINING_RANDOM:107:failure obtaining random
  CRMF_R_ITERATIONCOUNT_BELOW_100:108:iterationcount below 100
diff --git a/include/openssl/crmferr.h b/include/openssl/crmferr.h

index a9b04e0ebb218294fe50d490781372bb789d443c..9269006c46402be2da5213f5694c2c01c88fecf3 100644 (file)
--- a/include/openssl/crmferr.h
+++ b/include/openssl/crmferr.h
@@ -34,6 +34,7 @@
  #  define CRMF_R_ERROR_DECRYPTING_ENCRYPTEDVALUE           125
  #  define CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY            106
  #  define CRMF_R_ERROR_SETTING_PURPOSE                     126
+#  define CRMF_R_ERROR_SIGNING_POPO                        129
  #  define CRMF_R_ERROR_VERIFYING_ENCRYPTEDKEY              127
  #  define CRMF_R_FAILURE_OBTAINING_RANDOM                  107
  #  define CRMF_R_ITERATIONCOUNT_BELOW_100                  108
author	Dr. David von Oheimb <dev@ddvo.net>
	Mon, 2 Jun 2025 18:58:01 +0000 (20:58 +0200)
committer	Dr. David von Oheimb <dev@ddvo.net>
	Thu, 11 Sep 2025 17:25:42 +0000 (19:25 +0200)
crypto/cmp/cmp_protect.c		patch \| blob \| blame \| history
crypto/crmf/crmf_err.c		patch \| blob \| blame \| history
crypto/crmf/crmf_lib.c		patch \| blob \| blame \| history
crypto/err/openssl.txt		patch \| blob \| blame \| history
include/openssl/crmferr.h		patch \| blob \| blame \| history