mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

cmp: remove TODOs

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
This commit is contained in:
Pauli 2021-05-31 14:29:33 +10:00
parent 69e21cb648
commit 75e1191f4d
7 changed files with 5 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/cmp/cmp_client.c
View File

@ -71,7 +71,6 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx,
if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1)
return -1;
/* TODO: handle potentially multiple CertResponses in CertRepMsg */
if (crep == NULL)
return -1;
if (ossl_cmp_pkisi_get_status(crep->status)
@ -262,7 +261,6 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
"received 'waiting' PKIStatus, starting to poll for response");
*rep = NULL;
for (;;) {
/* TODO: handle potentially multiple poll requests per message */
if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL)
goto err;

4
crypto/cmp/cmp_ctx.c
View File

@ -770,7 +770,7 @@ DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ)
/*
* Set the (newly received in IP/KUP/CP) certificate in the context.
* TODO: this only permits for one cert to be enrolled at a time.
* This only permits for one cert to be enrolled at a time.
*/
int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert)
{
@ -784,7 +784,7 @@ int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert)
/*
* Get the (newly received in IP/KUP/CP) client certificate from the context
* TODO: this only permits for one client cert to be received...
* This only permits for one client cert to be received...
*/
X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx)
{

5
crypto/cmp/cmp_local.h
View File

@ -120,12 +120,9 @@ struct ossl_cmp_ctx_st {
/* result returned in responses */
int status; /* PKIStatus of last received IP/CP/KUP/RP/error or -1 */
/* TODO: this should be a stack since there could be more than one */
OSSL_CMP_PKIFREETEXT *statusString; /* of last IP/CP/KUP/RP/error */
int failInfoCode; /* failInfoCode of last received IP/CP/KUP/error, or -1 */
/* TODO: this should be a stack since there could be more than one */
X509 *newCert; /* newly enrolled cert received from the CA */
/* TODO: this should be a stack since there could be more than one */
STACK_OF(X509) *newChain; /* chain of newly enrolled cert received */
STACK_OF(X509) *caPubs; /* CA certs received from server (in IP message) */
STACK_OF(X509) *extraCertsIn; /* extraCerts received from server */
@ -708,8 +705,6 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART)
* } -- or HMAC [RFC2104, RFC2202])
*/
/*-
* TODO: this is not yet defined here - but DH is anyway not used yet
*
* id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30}
* DHBMParameter ::= SEQUENCE {
* owf AlgorithmIdentifier,

12
crypto/cmp/cmp_msg.c
View File

@ -399,7 +399,6 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
if (!sk_OSSL_CRMF_MSG_push(msg->body->value.ir, local_crm))
goto err;
local_crm = NULL;
/* TODO: here optional 2nd certreqmsg could be pushed to the stack */
}
if (!ossl_cmp_msg_protect(ctx, msg))
@ -465,7 +464,6 @@ OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype,
if (!sk_OSSL_CMP_CERTRESPONSE_push(repMsg->response, resp))
goto err;
resp = NULL;
/* TODO: here optional 2nd certrep could be pushed to the stack */
if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL
&& (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL)
@ -529,11 +527,6 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
goto err;
rd = NULL;
/*
* TODO: the Revocation Passphrase according to section 5.3.19.9 could be
* set here if set in ctx
*/
if (!ossl_cmp_msg_protect(ctx, msg))
goto err;
@ -749,10 +742,6 @@ int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
return 1;
}
/*
* TODO: handle potential 2nd certificate when signing and encrypting
* certificates have been requested/received
*/
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
const char *text)
{
@ -827,7 +816,6 @@ OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid)
if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREQ)) == NULL)
goto err;
/* TODO: support multiple cert request IDs to poll */
if ((preq = OSSL_CMP_POLLREQ_new()) == NULL
|| !ASN1_INTEGER_set(preq->certReqId, crid)
|| !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq))

1
crypto/cmp/cmp_protect.c
View File

@ -258,7 +258,6 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
/*
* For the case of re-protection remove pre-existing protection.
* TODO: Consider also removing any pre-existing extraCerts.
*/
X509_ALGOR_free(msg->header->protectionAlg);
msg->header->protectionAlg = NULL;

13
crypto/cmp/cmp_server.c
View File

@ -189,7 +189,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
} else {
OSSL_CRMF_MSGS *reqs = req->body->value.ir; /* same for cr and kur */
if (sk_OSSL_CRMF_MSG_num(reqs) != 1) { /* TODO: handle case > 1 */
if (sk_OSSL_CRMF_MSG_num(reqs) != 1) {
ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED);
return NULL;
}
@ -228,10 +228,6 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si,
certOut, chainOut, caPubs, 0 /* encrypted */,
srv_ctx->sendUnprotectedErrors);
/*
* TODO when implemented in ossl_cmp_certrep_new():
* in case OSSL_CRMF_POPO_KEYENC, set encrypted
*/
if (msg == NULL)
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP);
@ -258,7 +254,6 @@ static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
if (sk_OSSL_CMP_REVDETAILS_num(req->body->value.rr) != 1) {
/* TODO: handle multiple elements if multiple requests have been sent */
ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED);
return NULL;
}
@ -393,7 +388,7 @@ static OSSL_CMP_MSG *process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
prc = req->body->value.pollReq;
if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) { /* TODO: handle case > 1 */
if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) {
ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED);
return NULL;
}
@ -559,7 +554,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
rsp = process_pollReq(srv_ctx, req);
break;
default:
/* TODO possibly support further request message types */
ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY);
break;
}
@ -571,7 +565,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
int flags = 0;
unsigned long err = ERR_peek_error_data(&data, &flags);
int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest;
/* TODO fail_info could be more specific */
OSSL_CMP_PKISI *si = NULL;
if (ctx->transactionID == NULL) {
@ -615,8 +608,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
case OSSL_CMP_PKIBODY_PKICONF:
case OSSL_CMP_PKIBODY_GENP:
case OSSL_CMP_PKIBODY_ERROR:
/* TODO possibly support further terminating response message types */
/* prepare for next transaction, ignoring any errors here: */
(void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL);
(void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL);
ctx->status = -1; /* transaction closed */

2
crypto/cmp/cmp_vfy.c
View File

@ -672,7 +672,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
/* validate sender name of received msg */
if (hdr->sender->type != GEN_DIRNAME) {
ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
return 0; /* TODO FR#42: support for more than X509_NAME */
return 0;
}
/*
* Compare actual sender name of response with expected sender name.