From: Dr. David von Oheimb Date: Wed, 4 May 2022 13:49:47 +0000 (+0200) Subject: CMP: introduce version 3, while version 2 stays the default X-Git-Tag: openssl-3.2.0-alpha1~2449 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4ad4e5bf67dae6f7729de5438c9a96a2abd0f92;p=thirdparty%2Fopenssl.git CMP: introduce version 3, while version 2 stays the default Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18294) --- diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 3da021043b8..07a8c8eab20 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -446,7 +446,7 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREPCONTENT) /*- * PKIHeader ::= SEQUENCE { - * pvno INTEGER { cmp1999(1), cmp2000(2) }, + * pvno INTEGER { cmp1999(1), cmp2000(2), cmp2021(3) }, * sender GeneralName, * -- identifies the sender * recipient GeneralName, diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 5553abe9148..a269ef49da5 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -749,7 +749,8 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, } /* check CMP version number in header */ - if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO) { + if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO_2 + && ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO_3) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PVNO); return 0; diff --git a/doc/internal/man3/ossl_cmp_msg_check_update.pod b/doc/internal/man3/ossl_cmp_msg_check_update.pod index 763de8452ab..d1513bf34f0 100644 --- a/doc/internal/man3/ossl_cmp_msg_check_update.pod +++ b/doc/internal/man3/ossl_cmp_msg_check_update.pod @@ -33,7 +33,7 @@ The B is checked for the following: =item its protection is present and valid (or a callback function B is present and indicates that a missing or invalid protection is acceptable), -=item its CMP protocol version is acceptable, namely B, +=item its CMP protocol version is acceptable, =item its body type is valid, diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index fbe248388ca..dd4d9a633d2 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -36,7 +36,9 @@ use OpenSSL::stackhash qw(generate_stack_macros); extern "C" { # endif -# define OSSL_CMP_PVNO 2 +# define OSSL_CMP_PVNO_2 2 +# define OSSL_CMP_PVNO_3 3 +# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ /*- * PKIFailureInfo ::= BIT STRING {