fixup! fix sending error when no root CA cert update available

openssl · Apr 17, 2024 · b204e1b · b204e1b
1 parent 68209d0
commit b204e1b
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 16 deletions.
diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
@@ -289,24 +289,23 @@ OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
     OSSL_CMP_ITAV *itav;
     OSSL_CMP_ROOTCAKEYUPDATE *upd = NULL;
 
-    if (newWithNew == NULL)
-        goto null_value;
+    if (newWithNew != NULL) {
+        upd = OSSL_CMP_ROOTCAKEYUPDATE_new();
+        if (upd == NULL)
+            return NULL;
 
-    upd = OSSL_CMP_ROOTCAKEYUPDATE_new();
-    if (upd == NULL)
-        return NULL;
-
-    if ((upd->newWithNew = X509_dup(newWithNew)) == NULL)
-        goto err;
-    if (newWithOld != NULL && (upd->newWithOld = X509_dup(newWithOld)) == NULL)
-        goto err;
-    if (oldWithNew != NULL && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL)
-        goto err;
+        if ((upd->newWithNew = X509_dup(newWithNew)) == NULL)
+            goto err;
+        if (newWithOld != NULL
+            && (upd->newWithOld = X509_dup(newWithOld)) == NULL)
+            goto err;
+        if (oldWithNew != NULL
+            && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL)
+            goto err;
+    }
 
- null_value:
     if ((itav = OSSL_CMP_ITAV_new()) == NULL)
         goto err;
-
     itav->infoType = OBJ_nid2obj(NID_id_it_rootCaKeyUpdate);
     itav->infoValue.rootCaKeyUpdate = upd;
     return itav;

diff --git a/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod b/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod
@@ -59,7 +59,8 @@ If I<newWithOld> is not NULL, it assigns to I<*newWithOld> the internal pointer
 to the certificate contained in the newWithOld infoValue sub-field of I<itav>.
 If I<oldWithNew> is not NULL, it assigns to I<*oldWithNew> the internal pointer
 to the certificate contained in the oldWithNew infoValue sub-field of I<itav>.
-Each of these pointers will be NULL if the respective sub-field is not set.
+Each of these pointers will be set to NULL if update of root CA certificate is
+not included.
 
 =head1 NOTES
 

diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv
@@ -77,7 +77,7 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty
 0,genm rootCaCert oldwithold empty file  , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, empty.txt     , -newwithnew, _RESULT_DIR/test.newwithnew.pem
 0,genm rootCaCert oldwithold random file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, random.bin    , -newwithnew, _RESULT_DIR/test.newwithnew.pem
 0,genm rootCaCert oldwithold nonexistent , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, idontexist    , -newwithnew, _RESULT_DIR/test.newwithnew.pem
-1,genm rootCaCert oldwithold wrong       , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt    , -newwithnew, _RESULT_DIR/test.newwithnew.pem
+1,genm rootCaCert oldwithold different   , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt    , -newwithnew, _RESULT_DIR/test.newwithnew.pem
 0,genm rootCaCert missing newwithnew     , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, BLANK      ,,
 0,genm rootCaCert newwithnew missing arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew,,
 1,genm rootCaCert with oldwithnew        , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew1.pem, -oldwithnew, _RESULT_DIR/test.oldwithnew1.pem