diff options
author | Rajeev Ranjan <ranjan.rajeev@siemens.com> | 2024-03-07 20:23:34 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-01 14:59:39 +0200 |
commit | ee28152e86641e0299fdb3151716bb0451b2bc53 (patch) | |
tree | 31c213bd37f8b543fb095a98f6f8f1202c4aa76c /apps | |
parent | 40a200f9e781381d72d234c886e38bcfce36bbc8 (diff) | |
download | openssl-ee28152e86641e0299fdb3151716bb0451b2bc53.zip openssl-ee28152e86641e0299fdb3151716bb0451b2bc53.tar.gz openssl-ee28152e86641e0299fdb3151716bb0451b2bc53.tar.bz2 |
CMP: Improvements of the support for requesting CRL
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23768)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/cmp.c | 38 | ||||
-rw-r--r-- | apps/lib/cmp_mock_srv.c | 6 |
2 files changed, 24 insertions, 20 deletions
@@ -146,6 +146,10 @@ static int opt_revreason = CRL_REASON_NONE; /* credentials format */ static char *opt_certform_s = "PEM"; static int opt_certform = FORMAT_PEM; +/* + * DER format is the preferred choice for saving a CRL because it allows for + * more efficient storage, especially when dealing with large CRLs. + */ static char *opt_crlform_s = "DER"; static int opt_crlform = FORMAT_ASN1; static char *opt_keyform_s = NULL; @@ -1955,20 +1959,20 @@ static int add_certProfile(OSSL_CMP_CTX *ctx, const char *name) if ((sk = sk_ASN1_UTF8STRING_new_reserve(NULL, 1)) == NULL) return 0; - if ((utf8string = ASN1_UTF8STRING_new()) == NULL) - goto err; - if (!ASN1_STRING_set(utf8string, name, (int)strlen(name))) { - ASN1_STRING_free(utf8string); - goto err; - } - /* Due to sk_ASN1_UTF8STRING_new_reserve(NULL, 1), this surely succeeds: */ - (void)sk_ASN1_UTF8STRING_push(sk, utf8string); - if ((itav = OSSL_CMP_ITAV_new0_certProfile(sk)) == NULL) - goto err; - if (OSSL_CMP_CTX_push0_geninfo_ITAV(ctx, itav)) - return 1; - OSSL_CMP_ITAV_free(itav); - return 0; + if ((utf8string = ASN1_UTF8STRING_new()) == NULL) + goto err; + if (!ASN1_STRING_set(utf8string, name, (int)strlen(name))) { + ASN1_STRING_free(utf8string); + goto err; + } + /* Due to sk_ASN1_UTF8STRING_new_reserve(NULL, 1), this surely succeeds: */ + (void)sk_ASN1_UTF8STRING_push(sk, utf8string); + if ((itav = OSSL_CMP_ITAV_new0_certProfile(sk)) == NULL) + goto err; + if (OSSL_CMP_CTX_push0_geninfo_ITAV(ctx, itav)) + return 1; + OSSL_CMP_ITAV_free(itav); + return 0; err: sk_ASN1_UTF8STRING_pop_free(sk, ASN1_UTF8STRING_free); @@ -2013,7 +2017,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx) if (*ptr != '\0') { if (*ptr != ',') { CMP_err1("Missing ',' or end of -geninfo arg after int at %.40s", - ptr); + ptr); goto err; } ptr++; @@ -3513,10 +3517,10 @@ int cmp_main(int argc, char **argv) if (opt_reqout_only != NULL) { const char *msg = "option is ignored since -reqout_only option is given"; -#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) +# if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server != NULL) CMP_warn1("-server %s", msg); -#endif +# endif if (opt_use_mock_srv) CMP_warn1("-use_mock_srv %s", msg); if (opt_reqout != NULL) diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c index 1c7bf22..b69d29a 100644 --- a/apps/lib/cmp_mock_srv.c +++ b/apps/lib/cmp_mock_srv.c @@ -413,8 +413,8 @@ static int check_client_crl(const STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList, const X509_CRL *crl) { OSSL_CMP_CRLSTATUS *crlstatus; - DIST_POINT_NAME *dpn; - GENERAL_NAMES *issuer; + DIST_POINT_NAME *dpn = NULL; + GENERAL_NAMES *issuer = NULL; ASN1_TIME *thisupd = NULL; if (sk_OSSL_CMP_CRLSTATUS_num(crlStatusList) != 1) { @@ -477,7 +477,7 @@ static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid, break; case NID_id_it_crlStatusList: { - STACK_OF(OSSL_CMP_CRLSTATUS) *crlstatuslist; + STACK_OF(OSSL_CMP_CRLSTATUS) *crlstatuslist = NULL; int res = 0; if (!OSSL_CMP_ITAV_get0_crlStatusList(req, &crlstatuslist)) |