mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

crmf: remove TODOs

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
This commit is contained in:
Pauli 2021-05-31 14:29:33 +10:00
parent 1486b1fbd3
commit e0a7ef0b51
4 changed files with 1 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/crmf/crmf_asn.c
View File

@ -88,10 +88,6 @@ ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = {
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1),
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.dhMAC, ASN1_BIT_STRING, 2),
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.agreeMAC, OSSL_CRMF_PKMACVALUE, 3),
/*
* TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be somehow
* taken from crypto/cms which exists now - this is not used anywhere so far
*/
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.encryptedKey, ASN1_NULL, 4),
} ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY)

12
crypto/crmf/crmf_lib.c
View File

@ -358,7 +358,7 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
return 0;
}
if (ps->poposkInput != NULL) {
/* TODO: support cases 1+2 defined in RFC 4211, section 4.1 */
/* We do not support cases 1+2 defined in RFC 4211, section 4.1 */
ERR_raise(ERR_LIB_CRMF, CRMF_R_POPOSKINPUT_NOT_SUPPORTED);
return 0;
}
@ -484,10 +484,6 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY);
return 0;
}
/*
* TODO check the contents of the authInfo sub-field,
* see RFC 4211 https://tools.ietf.org/html/rfc4211#section-4.1
*/
it = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT);
asn = sig->poposkInput;
} else {
@ -504,12 +500,6 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
return 0;
break;
case OSSL_CRMF_POPO_KEYENC:
/*
* TODO: when OSSL_CMP_certrep_new() supports encrypted certs,
* return 1 if the type of req->popo->value.keyEncipherment
* is OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE and
* its value.subsequentMessage == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT
*/
case OSSL_CRMF_POPO_KEYAGREE:
default:
ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_POPO_METHOD);

7
crypto/crmf/crmf_local.h
View File

@ -188,11 +188,6 @@ typedef struct ossl_crmf_popoprivkey_st {
ASN1_INTEGER *subsequentMessage; /* 1 */
ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */
OSSL_CRMF_PKMACVALUE *agreeMAC; /* 3 */
/*
* TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be
* somehow taken from crypto/cms which exists now
* - this is not used anywhere so far
*/
ASN1_NULL *encryptedKey; /* 4 */
} value;
} OSSL_CRMF_POPOPRIVKEY;
@ -335,13 +330,11 @@ struct ossl_crmf_certtemplate_st {
struct ossl_crmf_certrequest_st {
ASN1_INTEGER *certReqId;
OSSL_CRMF_CERTTEMPLATE *certTemplate;
/* TODO: make OSSL_CRMF_CONTROLS out of that - but only cosmetical */
STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls;
} /* OSSL_CRMF_CERTREQUEST */;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST)
DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST)
/* TODO: isn't there a better way to have this for ANY type? */
struct ossl_crmf_attributetypeandvalue_st {
ASN1_OBJECT *type;
union {

2
crypto/crmf/crmf_pbm.c
View File

@ -125,7 +125,6 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
* |outlen| if not NULL, will set variable to the length of the mac on success
* returns 1 on success, 0 on error
*/
/* TODO try to combine with other MAC calculations in the libray */
int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
const OSSL_CRMF_PBMPARAMETER *pbmp,
const unsigned char *msg, size_t msglen,
@ -207,7 +206,6 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
goto err;
}
/* TODO generalize to non-HMAC: */
if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen,
msg, msglen, mac_res, EVP_MAX_MD_SIZE, &maclen) == NULL)
goto err;