summaryrefslogtreecommitdiffstats
path: root/crypto/cmp
diff options
context:
space:
mode:
authorPauli <pauli@openssl.org>2021-05-31 06:29:33 +0200
committerPauli <pauli@openssl.org>2021-06-02 08:30:15 +0200
commit75e1191f4d1185ebf7b94e620b15a73f22af146e (patch)
tree34c619327d59a104c23821f6a1cac029c43b1ddc /crypto/cmp
parentx509: remove TODOs (diff)
downloadopenssl-75e1191f4d1185ebf7b94e620b15a73f22af146e.tar.xz
openssl-75e1191f4d1185ebf7b94e620b15a73f22af146e.zip
cmp: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
Diffstat (limited to 'crypto/cmp')
-rw-r--r--crypto/cmp/cmp_client.c2
-rw-r--r--crypto/cmp/cmp_ctx.c4
-rw-r--r--crypto/cmp/cmp_local.h5
-rw-r--r--crypto/cmp/cmp_msg.c12
-rw-r--r--crypto/cmp/cmp_protect.c1
-rw-r--r--crypto/cmp/cmp_server.c13
-rw-r--r--crypto/cmp/cmp_vfy.c2
7 files changed, 5 insertions, 34 deletions
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 367ddfd207..8e01381402 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -71,7 +71,6 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx,
if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1)
return -1;
- /* TODO: handle potentially multiple CertResponses in CertRepMsg */
if (crep == NULL)
return -1;
if (ossl_cmp_pkisi_get_status(crep->status)
@@ -262,7 +261,6 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
"received 'waiting' PKIStatus, starting to poll for response");
*rep = NULL;
for (;;) {
- /* TODO: handle potentially multiple poll requests per message */
if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL)
goto err;
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index b0f676201e..f514ab27e0 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -770,7 +770,7 @@ DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ)
/*
* Set the (newly received in IP/KUP/CP) certificate in the context.
- * TODO: this only permits for one cert to be enrolled at a time.
+ * This only permits for one cert to be enrolled at a time.
*/
int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert)
{
@@ -784,7 +784,7 @@ int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert)
/*
* Get the (newly received in IP/KUP/CP) client certificate from the context
- * TODO: this only permits for one client cert to be received...
+ * This only permits for one client cert to be received...
*/
X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx)
{
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index fec4916ed3..2b22db3e82 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -120,12 +120,9 @@ struct ossl_cmp_ctx_st {
/* result returned in responses */
int status; /* PKIStatus of last received IP/CP/KUP/RP/error or -1 */
- /* TODO: this should be a stack since there could be more than one */
OSSL_CMP_PKIFREETEXT *statusString; /* of last IP/CP/KUP/RP/error */
int failInfoCode; /* failInfoCode of last received IP/CP/KUP/error, or -1 */
- /* TODO: this should be a stack since there could be more than one */
X509 *newCert; /* newly enrolled cert received from the CA */
- /* TODO: this should be a stack since there could be more than one */
STACK_OF(X509) *newChain; /* chain of newly enrolled cert received */
STACK_OF(X509) *caPubs; /* CA certs received from server (in IP message) */
STACK_OF(X509) *extraCertsIn; /* extraCerts received from server */
@@ -708,8 +705,6 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART)
* } -- or HMAC [RFC2104, RFC2202])
*/
/*-
- * TODO: this is not yet defined here - but DH is anyway not used yet
- *
* id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30}
* DHBMParameter ::= SEQUENCE {
* owf AlgorithmIdentifier,
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 77b2175b11..b9c347afb8 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -399,7 +399,6 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
if (!sk_OSSL_CRMF_MSG_push(msg->body->value.ir, local_crm))
goto err;
local_crm = NULL;
- /* TODO: here optional 2nd certreqmsg could be pushed to the stack */
}
if (!ossl_cmp_msg_protect(ctx, msg))
@@ -465,7 +464,6 @@ OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype,
if (!sk_OSSL_CMP_CERTRESPONSE_push(repMsg->response, resp))
goto err;
resp = NULL;
- /* TODO: here optional 2nd certrep could be pushed to the stack */
if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL
&& (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL)
@@ -529,11 +527,6 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
goto err;
rd = NULL;
- /*
- * TODO: the Revocation Passphrase according to section 5.3.19.9 could be
- * set here if set in ctx
- */
-
if (!ossl_cmp_msg_protect(ctx, msg))
goto err;
@@ -749,10 +742,6 @@ int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
return 1;
}
-/*
- * TODO: handle potential 2nd certificate when signing and encrypting
- * certificates have been requested/received
- */
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
const char *text)
{
@@ -827,7 +816,6 @@ OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid)
if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREQ)) == NULL)
goto err;
- /* TODO: support multiple cert request IDs to poll */
if ((preq = OSSL_CMP_POLLREQ_new()) == NULL
|| !ASN1_INTEGER_set(preq->certReqId, crid)
|| !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq))
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index 91a66f5d6e..a7ca580cc9 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -258,7 +258,6 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
/*
* For the case of re-protection remove pre-existing protection.
- * TODO: Consider also removing any pre-existing extraCerts.
*/
X509_ALGOR_free(msg->header->protectionAlg);
msg->header->protectionAlg = NULL;
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index 73c14841ca..c4ef5fa203 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -189,7 +189,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
} else {
OSSL_CRMF_MSGS *reqs = req->body->value.ir; /* same for cr and kur */
- if (sk_OSSL_CRMF_MSG_num(reqs) != 1) { /* TODO: handle case > 1 */
+ if (sk_OSSL_CRMF_MSG_num(reqs) != 1) {
ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED);
return NULL;
}
@@ -228,10 +228,6 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si,
certOut, chainOut, caPubs, 0 /* encrypted */,
srv_ctx->sendUnprotectedErrors);
- /*
- * TODO when implemented in ossl_cmp_certrep_new():
- * in case OSSL_CRMF_POPO_KEYENC, set encrypted
- */
if (msg == NULL)
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP);
@@ -258,7 +254,6 @@ static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
if (sk_OSSL_CMP_REVDETAILS_num(req->body->value.rr) != 1) {
- /* TODO: handle multiple elements if multiple requests have been sent */
ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED);
return NULL;
}
@@ -393,7 +388,7 @@ static OSSL_CMP_MSG *process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
prc = req->body->value.pollReq;
- if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) { /* TODO: handle case > 1 */
+ if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) {
ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED);
return NULL;
}
@@ -559,7 +554,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
rsp = process_pollReq(srv_ctx, req);
break;
default:
- /* TODO possibly support further request message types */
ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY);
break;
}
@@ -571,7 +565,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
int flags = 0;
unsigned long err = ERR_peek_error_data(&data, &flags);
int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest;
- /* TODO fail_info could be more specific */
OSSL_CMP_PKISI *si = NULL;
if (ctx->transactionID == NULL) {
@@ -615,8 +608,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
case OSSL_CMP_PKIBODY_PKICONF:
case OSSL_CMP_PKIBODY_GENP:
case OSSL_CMP_PKIBODY_ERROR:
- /* TODO possibly support further terminating response message types */
- /* prepare for next transaction, ignoring any errors here: */
(void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL);
(void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL);
ctx->status = -1; /* transaction closed */
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 064e8e37b3..28c9a984d2 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -672,7 +672,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
/* validate sender name of received msg */
if (hdr->sender->type != GEN_DIRNAME) {
ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
- return 0; /* TODO FR#42: support for more than X509_NAME */
+ return 0;
}
/*
* Compare actual sender name of response with expected sender name.