Skip to content

Chunk 8 of CMP contribution to OpenSSL: CMP server#11142

Closed
DDvO wants to merge 7 commits intoopenssl:masterfrom
mpeylo:cmpossl_incremental8
Closed

Chunk 8 of CMP contribution to OpenSSL: CMP server#11142
DDvO wants to merge 7 commits intoopenssl:masterfrom
mpeylo:cmpossl_incremental8

Conversation

@DDvO
Copy link
Contributor

@DDvO DDvO commented Feb 21, 2020
edited
Loading

Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.

8th chunk:

  • generic CMP server code in crypto/cmp/cmp_server.c
  • mock server for testing the CMP client in apps/cmp_mock_srv.c

and related files.

This PR is the continuation of mpeylo#201.

Due to moving the mock server code out of libcrypto as discussed mpeylo#201 (comment)
a couple of further CMP functions had to be exported.

This PR also includes various fixups to earlier CMP contribution chunks that came up during re-structuring the (test) server code and doing tests on the client code in upcoming chunk 9.
Among others, it slightly generalizes
static int ts_check_status_info(TS_RESP *response) in crypto/ts/ts_rsp_verify.c to
sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, char sep) and
makes it accessible within libcrypto by adding its declaration to include/internal/cryptlib.h.

  • documentation is added or updated
  • tests are added or updated

@DDvO DDvO mentioned this pull request Feb 21, 2020
Closed
1 task
@DDvO DDvO force-pushed the cmpossl_incremental8 branch from 664609d to 2021599 Compare February 21, 2020 07:38
@DDvO
Copy link
Contributor Author

DDvO commented Feb 21, 2020

CI builds went fine (except for the one Travis build that notoriously times out these days).

@DDvO DDvO requested a review from mattcaswell February 21, 2020 10:43
@DDvO DDvO force-pushed the cmpossl_incremental8 branch from 2021599 to 81919c9 Compare February 24, 2020 09:40
@DDvO
Copy link
Contributor Author

DDvO commented Feb 24, 2020

Rebased this PR after conflicts with latest master.
@mattcaswell, when do you think you can continue your review of chunk 8?

@mattcaswell
Copy link
Member

mattcaswell commented Feb 25, 2020

@mattcaswell, when do you think you can continue your review of chunk 8?

Probably not until next week. I am away at the RSA conference this week.

@DDvO DDvO force-pushed the cmpossl_incremental8 branch from 04ab728 to d020066 Compare March 3, 2020 14:30
@DDvO
Copy link
Contributor Author

DDvO commented Mar 3, 2020

Rebased this PR again after the usual conflicts with util/libcrypto.num of the latest master.

@DDvO
Copy link
Contributor Author

DDvO commented Mar 4, 2020

Travis fails just due to unrelated doc nit:

doc/man1/openssl-rand.pod:1: found 'non-zero' should use 'nonzero'

DDvO
DDvO commented Mar 4, 2020
View reviewed changes
@DDvO DDvO self-assigned this Mar 4, 2020
@Akretsch Akretsch force-pushed the cmpossl_incremental8 branch from 3d702ab to c412f86 Compare March 4, 2020 14:29
mattcaswell
mattcaswell requested changes Mar 4, 2020
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the record I have already provided significant review comments on a preview of this PR. This is just my comments on the latest iteration.

@richsalz richsalz mentioned this pull request Mar 4, 2020
Closed
@DDvO DDvO force-pushed the cmpossl_incremental8 branch from 84ad597 to 84cb068 Compare March 5, 2020 17:01
@DDvO
Copy link
Contributor Author

DDvO commented Mar 5, 2020

Thanks a lot @mattcaswell for your second review round with pretty good comments mostly on the structure of this CMP chunk!
I've meanwhile handled all of them.

@richsalz
Copy link
Contributor

richsalz commented Mar 5, 2020

You can use TEST_note to print out useful debug notes.

@DDvO
Copy link
Contributor Author

DDvO commented Mar 5, 2020

You can use TEST_note to print out useful debug notes.

Thanks @richsalz for the hint - done.

@DDvO
Copy link
Contributor Author

DDvO commented Mar 9, 2020

@mattcaswell, is there anything more to do on this PR?

mattcaswell
mattcaswell requested changes Mar 9, 2020
View reviewed changes
@DDvO DDvO force-pushed the cmpossl_incremental8 branch from 8bfb2b2 to 6a8645d Compare March 9, 2020 12:58
@DDvO
Copy link
Contributor Author

DDvO commented Mar 9, 2020
edited
Loading

@mattcaswell, all (new) change requests fulfilled and rebased (to handle libcrypto.num conflicts).

mattcaswell
mattcaswell approved these changes Mar 9, 2020
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mattcaswell mattcaswell added the approval: done This pull request has the required number of approvals label Mar 9, 2020
DDvO added 5 commits March 10, 2020 10:41
@DDvO
fix two mistakes w.r.t. ERR_LIB_* parameters in ERR_add_error_txt()
6dfd20c
@DDvO
fix coding style nits w.r.t. 'defined' in http_local.h, http.h, and o…
d4078b0 
…csp.h
@DDvO
Extract sk_ASN1_UTF8STRING2text() from ts_get_status_text() in ts_rsp…
8b4b687 
…_verify.c to asn1_lib.c
@DDvO
Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c…
9563603 
… for testing

Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.
@DDvO
Fix error in case CMP msg POPO is not provided in OSSL_CRMF_MSGS_veri…
ee93953 
…fy_popo()
@DDvO DDvO force-pushed the cmpossl_incremental8 branch from 6a8645d to 089188d Compare March 10, 2020 09:42
@DDvO
Copy link
Contributor Author

DDvO commented Mar 10, 2020

I've re-ordered and partly squashed the commits such that merging (which I plan for this afternoon, after the grace period has passed) should be smooth and clean.

@openssl-machine
Copy link
Collaborator

openssl-machine commented Mar 10, 2020

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

@DDvO DDvO added the approval: ready to merge The 24 hour grace period has passed, ready to merge label Mar 10, 2020
openssl-machine pushed a commit that referenced this pull request Mar 10, 2020
@DDvO
fix two mistakes w.r.t. ERR_LIB_* parameters in ERR_add_error_txt()
4c7f898 
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: David von Oheimb <[email protected]>
(Merged from #11142)
openssl-machine pushed a commit that referenced this pull request Mar 10, 2020
@DDvO
fix coding style nits w.r.t. 'defined' in http_local.h, http.h, and o…
b5adba2 
…csp.h

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: David von Oheimb <[email protected]>
(Merged from #11142)
openssl-machine pushed a commit that referenced this pull request Mar 10, 2020
@DDvO
Extract sk_ASN1_UTF8STRING2text() from ts_get_status_text() in ts_rsp…
da42c2a 
…_verify.c to asn1_lib.c

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: David von Oheimb <[email protected]>
(Merged from #11142)
openssl-machine pushed a commit that referenced this pull request Mar 10, 2020
@DDvO
Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c…
62dcd2a 
… for testing

Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: David von Oheimb <[email protected]>
(Merged from #11142)
openssl-machine pushed a commit that referenced this pull request Mar 10, 2020
@DDvO
Fix error in case CMP msg POPO is not provided in OSSL_CRMF_MSGS_veri…
7269071 
…fy_popo()

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: David von Oheimb <[email protected]>
(Merged from #11142)
openssl-machine pushed a commit that referenced this pull request Mar 10, 2020
@DDvO
Fix handling of CMP msg senderKID and improve doc of related CTX func…
cfca56d 
…tions

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: David von Oheimb <[email protected]>
(Merged from #11142)
openssl-machine pushed a commit that referenced this pull request Mar 10, 2020
@DDvO
Move OSSL_CMP_X509_digest() to x_all.c, renaming it to X509_digest_sig()
44387c9 
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: David von Oheimb <[email protected]>
(Merged from #11142)
@DDvO
Copy link
Contributor Author

DDvO commented Mar 10, 2020

Pushed. Thanks @mattcaswell for your swift review!

@DDvO DDvO closed this Mar 10, 2020
levitte
levitte reviewed Mar 10, 2020
View reviewed changes
@DDvO DDvO mentioned this pull request Mar 11, 2020
Closed
@DDvO DDvO mentioned this pull request May 30, 2020
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@levitte levitte levitte left review comments

@mattcaswell mattcaswell mattcaswell approved these changes

+1 more reviewer

@Akretsch Akretsch Akretsch left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@DDvO DDvO

Labels

approval: done This pull request has the required number of approvals approval: ready to merge The 24 hour grace period has passed, ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@DDvO @mattcaswell @richsalz @openssl-machine @levitte @Akretsch