diff options
| -rw-r--r-- | crypto/cmp/cmp_local.h | 2 | ||||
| -rw-r--r-- | crypto/cmp/cmp_vfy.c | 3 | ||||
| -rw-r--r-- | doc/internal/man3/ossl_cmp_msg_check_update.pod | 2 | ||||
| -rw-r--r-- | include/openssl/cmp.h.in | 4 |
4 files changed, 7 insertions, 4 deletions
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 3da021043b..07a8c8eab2 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -446,7 +446,7 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREPCONTENT) /*- * PKIHeader ::= SEQUENCE { - * pvno INTEGER { cmp1999(1), cmp2000(2) }, + * pvno INTEGER { cmp1999(1), cmp2000(2), cmp2021(3) }, * sender GeneralName, * -- identifies the sender * recipient GeneralName, diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 5553abe914..a269ef49da 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -749,7 +749,8 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, } /* check CMP version number in header */ - if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO) { + if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO_2 + && ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO_3) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PVNO); return 0; diff --git a/doc/internal/man3/ossl_cmp_msg_check_update.pod b/doc/internal/man3/ossl_cmp_msg_check_update.pod index 763de8452a..d1513bf34f 100644 --- a/doc/internal/man3/ossl_cmp_msg_check_update.pod +++ b/doc/internal/man3/ossl_cmp_msg_check_update.pod @@ -33,7 +33,7 @@ The B<msg> is checked for the following: =item its protection is present and valid (or a callback function B<cb> is present and indicates that a missing or invalid protection is acceptable), -=item its CMP protocol version is acceptable, namely B<OSSL_CMP_PVNO>, +=item its CMP protocol version is acceptable, =item its body type is valid, diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index fbe248388c..dd4d9a633d 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -36,7 +36,9 @@ use OpenSSL::stackhash qw(generate_stack_macros); extern "C" { # endif -# define OSSL_CMP_PVNO 2 +# define OSSL_CMP_PVNO_2 2 +# define OSSL_CMP_PVNO_3 3 +# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ /*- * PKIFailureInfo ::= BIT STRING { |