From 75e1191f4d1185ebf7b94e620b15a73f22af146e Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 31 May 2021 14:29:33 +1000 Subject: [PATCH] cmp: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) --- crypto/cmp/cmp_client.c | 2 -- crypto/cmp/cmp_ctx.c | 4 ++-- crypto/cmp/cmp_local.h | 5 ----- crypto/cmp/cmp_msg.c | 12 ------------ crypto/cmp/cmp_protect.c | 1 - crypto/cmp/cmp_server.c | 13 ++----------- crypto/cmp/cmp_vfy.c | 2 +- 7 files changed, 5 insertions(+), 34 deletions(-) diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 367ddfd207..8e01381402 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -71,7 +71,6 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx, if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1) return -1; - /* TODO: handle potentially multiple CertResponses in CertRepMsg */ if (crep == NULL) return -1; if (ossl_cmp_pkisi_get_status(crep->status) @@ -262,7 +261,6 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid, "received 'waiting' PKIStatus, starting to poll for response"); *rep = NULL; for (;;) { - /* TODO: handle potentially multiple poll requests per message */ if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL) goto err; diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index b0f676201e..f514ab27e0 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -770,7 +770,7 @@ DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ) /* * Set the (newly received in IP/KUP/CP) certificate in the context. - * TODO: this only permits for one cert to be enrolled at a time. + * This only permits for one cert to be enrolled at a time. */ int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert) { @@ -784,7 +784,7 @@ int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert) /* * Get the (newly received in IP/KUP/CP) client certificate from the context - * TODO: this only permits for one client cert to be received... + * This only permits for one client cert to be received... */ X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx) { diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index fec4916ed3..2b22db3e82 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -120,12 +120,9 @@ struct ossl_cmp_ctx_st { /* result returned in responses */ int status; /* PKIStatus of last received IP/CP/KUP/RP/error or -1 */ - /* TODO: this should be a stack since there could be more than one */ OSSL_CMP_PKIFREETEXT *statusString; /* of last IP/CP/KUP/RP/error */ int failInfoCode; /* failInfoCode of last received IP/CP/KUP/error, or -1 */ - /* TODO: this should be a stack since there could be more than one */ X509 *newCert; /* newly enrolled cert received from the CA */ - /* TODO: this should be a stack since there could be more than one */ STACK_OF(X509) *newChain; /* chain of newly enrolled cert received */ STACK_OF(X509) *caPubs; /* CA certs received from server (in IP message) */ STACK_OF(X509) *extraCertsIn; /* extraCerts received from server */ @@ -708,8 +705,6 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) * } -- or HMAC [RFC2104, RFC2202]) */ /*- - * TODO: this is not yet defined here - but DH is anyway not used yet - * * id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} * DHBMParameter ::= SEQUENCE { * owf AlgorithmIdentifier, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 77b2175b11..b9c347afb8 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -399,7 +399,6 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type, if (!sk_OSSL_CRMF_MSG_push(msg->body->value.ir, local_crm)) goto err; local_crm = NULL; - /* TODO: here optional 2nd certreqmsg could be pushed to the stack */ } if (!ossl_cmp_msg_protect(ctx, msg)) @@ -465,7 +464,6 @@ OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, if (!sk_OSSL_CMP_CERTRESPONSE_push(repMsg->response, resp)) goto err; resp = NULL; - /* TODO: here optional 2nd certrep could be pushed to the stack */ if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL) @@ -529,11 +527,6 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) goto err; rd = NULL; - /* - * TODO: the Revocation Passphrase according to section 5.3.19.9 could be - * set here if set in ctx - */ - if (!ossl_cmp_msg_protect(ctx, msg)) goto err; @@ -749,10 +742,6 @@ int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus, return 1; } -/* - * TODO: handle potential 2nd certificate when signing and encrypting - * certificates have been requested/received - */ OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info, const char *text) { @@ -827,7 +816,6 @@ OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid) if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREQ)) == NULL) goto err; - /* TODO: support multiple cert request IDs to poll */ if ((preq = OSSL_CMP_POLLREQ_new()) == NULL || !ASN1_INTEGER_set(preq->certReqId, crid) || !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq)) diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 91a66f5d6e..a7ca580cc9 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -258,7 +258,6 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) /* * For the case of re-protection remove pre-existing protection. - * TODO: Consider also removing any pre-existing extraCerts. */ X509_ALGOR_free(msg->header->protectionAlg); msg->header->protectionAlg = NULL; diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index 73c14841ca..c4ef5fa203 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -189,7 +189,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, } else { OSSL_CRMF_MSGS *reqs = req->body->value.ir; /* same for cr and kur */ - if (sk_OSSL_CRMF_MSG_num(reqs) != 1) { /* TODO: handle case > 1 */ + if (sk_OSSL_CRMF_MSG_num(reqs) != 1) { ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); return NULL; } @@ -228,10 +228,6 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si, certOut, chainOut, caPubs, 0 /* encrypted */, srv_ctx->sendUnprotectedErrors); - /* - * TODO when implemented in ossl_cmp_certrep_new(): - * in case OSSL_CRMF_POPO_KEYENC, set encrypted - */ if (msg == NULL) ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP); @@ -258,7 +254,6 @@ static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, return NULL; if (sk_OSSL_CMP_REVDETAILS_num(req->body->value.rr) != 1) { - /* TODO: handle multiple elements if multiple requests have been sent */ ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); return NULL; } @@ -393,7 +388,7 @@ static OSSL_CMP_MSG *process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, return NULL; prc = req->body->value.pollReq; - if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) { /* TODO: handle case > 1 */ + if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) { ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); return NULL; } @@ -559,7 +554,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, rsp = process_pollReq(srv_ctx, req); break; default: - /* TODO possibly support further request message types */ ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); break; } @@ -571,7 +565,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, int flags = 0; unsigned long err = ERR_peek_error_data(&data, &flags); int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest; - /* TODO fail_info could be more specific */ OSSL_CMP_PKISI *si = NULL; if (ctx->transactionID == NULL) { @@ -615,8 +608,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, case OSSL_CMP_PKIBODY_PKICONF: case OSSL_CMP_PKIBODY_GENP: case OSSL_CMP_PKIBODY_ERROR: - /* TODO possibly support further terminating response message types */ - /* prepare for next transaction, ignoring any errors here: */ (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL); (void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL); ctx->status = -1; /* transaction closed */ diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 064e8e37b3..28c9a984d2 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -672,7 +672,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, /* validate sender name of received msg */ if (hdr->sender->type != GEN_DIRNAME) { ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); - return 0; /* TODO FR#42: support for more than X509_NAME */ + return 0; } /* * Compare actual sender name of response with expected sender name.