diff options
-rw-r--r-- | crypto/cmp/cmp_client.c | 9 | ||||
-rw-r--r-- | crypto/cmp/cmp_err.c | 2 | ||||
-rw-r--r-- | crypto/cmp/cmp_local.h | 1 | ||||
-rw-r--r-- | crypto/cmp/cmp_msg.c | 4 | ||||
-rw-r--r-- | crypto/cmp/cmp_server.c | 10 | ||||
-rw-r--r-- | crypto/cmp/cmp_vfy.c | 8 | ||||
-rw-r--r-- | crypto/crmf/crmf_lib.c | 36 | ||||
-rw-r--r-- | crypto/err/openssl.txt | 2 | ||||
-rw-r--r-- | doc/man3/OSSL_CMP_MSG_get0_header.pod | 6 | ||||
-rw-r--r-- | doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod | 12 | ||||
-rw-r--r-- | doc/man3/OSSL_CRMF_MSG_set0_validity.pod | 1 | ||||
-rw-r--r-- | doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod | 29 | ||||
-rw-r--r-- | doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod | 21 | ||||
-rw-r--r-- | include/openssl/cmp.h.in | 1 | ||||
-rw-r--r-- | include/openssl/cmperr.h | 2 | ||||
-rw-r--r-- | include/openssl/crmf.h.in | 18 | ||||
-rw-r--r-- | test/cmp_server_test.c | 2 | ||||
-rw-r--r-- | util/libcrypto.num | 10 |
18 files changed, 146 insertions, 28 deletions
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index c7a846f03e..f8d9f0749c 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -34,7 +34,7 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx, int invalid_protection, int expected_type /* ignored here */) { - int rcvd_type = ossl_cmp_msg_get_bodytype(rep /* may be NULL */); + int rcvd_type = OSSL_CMP_MSG_get_bodytype(rep /* may be NULL */); const char *msg_type = NULL; if (!ossl_assert(ctx != NULL && rep != NULL)) @@ -132,7 +132,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, || expected_type == OSSL_CMP_PKIBODY_POLLREP || expected_type == OSSL_CMP_PKIBODY_PKICONF; const char *req_type_str = - ossl_cmp_bodytype_to_string(ossl_cmp_msg_get_bodytype(req)); + ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req)); const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type); int msg_timeout; int bt; @@ -177,7 +177,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, return 0; } - bt = ossl_cmp_msg_get_bodytype(*rep); + bt = OSSL_CMP_MSG_get_bodytype(*rep); /* * The body type in the 'bt' variable is not yet verified. * Still we use this preliminary value already for a progress report because @@ -268,7 +268,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid, goto err; /* handle potential pollRep */ - if (ossl_cmp_msg_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) { + if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) { OSSL_CMP_POLLREPCONTENT *prc = prep->body->value.pollRep; OSSL_CMP_POLLREP *pollRep = NULL; int64_t check_after; @@ -818,6 +818,7 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx) goto err; } if ((cid = ossl_cmp_revrepcontent_get_CertId(rrep, rsid)) == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID); ret = 0; goto err; } diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index e36696bef8..67d9964dbe 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -86,6 +86,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { "fail info out of range"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_ARGS), "invalid args"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_OPTION), "invalid option"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_CERTID), "missing certid"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION), "missing key input for creating protection"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE), @@ -150,6 +151,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_SMALL), "value too small"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_ALGORITHM_OID), "wrong algorithm oid"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID), "wrong certid"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID_IN_RP), "wrong certid in rp"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_PBM_VALUE), "wrong pbm value"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_RP_COMPONENT_COUNT), diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 1cca238916..f2a0587ca4 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -859,7 +859,6 @@ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, const char *propq); const char *ossl_cmp_bodytype_to_string(int type); int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); -int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, const OSSL_CRMF_MSG *crm); diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 4fef006933..5fb67ae2cb 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -93,7 +93,7 @@ int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type) return 1; } -int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg) +int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg) { if (!ossl_assert(msg != NULL && msg->body != NULL)) return -1; @@ -651,7 +651,7 @@ int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav) if (!ossl_assert(msg != NULL && itav != NULL)) return 0; - bodytype = ossl_cmp_msg_get_bodytype(msg); + bodytype = OSSL_CMP_MSG_get_bodytype(msg); if (bodytype != OSSL_CMP_PKIBODY_GENM && bodytype != OSSL_CMP_PKIBODY_GENP) { ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index 593c074f8d..59847f5fe1 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -167,7 +167,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL)) return NULL; - switch (ossl_cmp_msg_get_bodytype(req)) { + switch (OSSL_CMP_MSG_get_bodytype(req)) { case OSSL_CMP_PKIBODY_P10CR: case OSSL_CMP_PKIBODY_CR: bodytype = OSSL_CMP_PKIBODY_CP; @@ -183,7 +183,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, return NULL; } - if (ossl_cmp_msg_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) { + if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) { certReqId = OSSL_CMP_CERTREQID; p10cr = req->body->value.p10cr; } else { @@ -428,7 +428,7 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx, invalid_protection ? "invalid" : "missing"); return 1; } - if (ossl_cmp_msg_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR + if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR && OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS) == 1) { ossl_cmp_warn(ctx, "ignoring missing protection of error message"); return 1; @@ -469,7 +469,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, if (!OSSL_CMP_CTX_set1_recipient(ctx, hdr->sender->d.directoryName)) goto err; - req_type = ossl_cmp_msg_get_bodytype(req); + req_type = OSSL_CMP_MSG_get_bodytype(req); switch (req_type) { case OSSL_CMP_PKIBODY_IR: case OSSL_CMP_PKIBODY_CR: @@ -588,7 +588,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, ctx->secretValue = backup_secret; rsp_type = - rsp != NULL ? ossl_cmp_msg_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR; + rsp != NULL ? OSSL_CMP_MSG_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR; if (rsp != NULL) ossl_cmp_log1(DEBUG, ctx, "sending %s", ossl_cmp_bodytype_to_string(rsp_type)); diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 28c9a984d2..aa4665a562 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -406,7 +406,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, if (mode_3gpp && ((!ctx->permitTAInExtraCertsForIR - || ossl_cmp_msg_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP))) + || OSSL_CMP_MSG_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP))) return 0; ossl_cmp_info(ctx, @@ -576,7 +576,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) * the caPubs field may be directly trusted as a root CA * certificate by the initiator.' */ - switch (ossl_cmp_msg_get_bodytype(msg)) { + switch (OSSL_CMP_MSG_get_bodytype(msg)) { case -1: return 0; case OSSL_CMP_PKIBODY_IP: @@ -732,7 +732,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, #endif } - if (ossl_cmp_msg_get_bodytype(msg) < 0) { + if (OSSL_CMP_MSG_get_bodytype(msg) < 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ERR_raise(ERR_LIB_CMP, CMP_R_PKIBODY_ERROR); return 0; @@ -793,7 +793,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, * the caPubs field may be directly trusted as a root CA * certificate by the initiator.' */ - switch (ossl_cmp_msg_get_bodytype(msg)) { + switch (OSSL_CMP_MSG_get_bodytype(msg)) { case OSSL_CMP_PKIBODY_IP: case OSSL_CMP_PKIBODY_CP: case OSSL_CMP_PKIBODY_KUP: diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index d03904a7bc..22707b160a 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -42,13 +42,29 @@ * valt = Value Type * ctrlinf = "regCtrl" or "regInfo" */ -#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \ -int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, \ - const valt *in) \ +#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \ +valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg) \ +{ \ + int i; \ + STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; \ + OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ + \ + if (msg == NULL || msg->certReq == NULL) \ + return NULL; \ + controls = msg->certReq->controls; \ + for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \ + atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i); \ + if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp) \ + return atav->value.atyp; \ + } \ + return NULL; \ +} \ + \ +int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \ { \ OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ \ - if (msg == NULL || in == NULL) \ + if (msg == NULL || in == NULL) \ goto err; \ if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \ goto err; \ @@ -515,6 +531,12 @@ ASN1_INTEGER return tmpl != NULL ? tmpl->serialNumber : NULL; } +const X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl) +{ + return tmpl != NULL ? tmpl->subject : NULL; +} + /* retrieves the issuer name of the given cert template or NULL on error */ const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) @@ -522,6 +544,12 @@ const X509_NAME return tmpl != NULL ? tmpl->issuer : NULL; } +X509_EXTENSIONS + *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl) +{ + return tmpl != NULL ? tmpl->extensions : NULL; +} + /* retrieves the issuer name of the given CertId or NULL on error */ const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) { diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index eb0ace5474..05005a8eaf 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -225,6 +225,7 @@ CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range CMP_R_INVALID_ARGS:100:invalid args CMP_R_INVALID_OPTION:174:invalid option +CMP_R_MISSING_CERTID:165:missing certid CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\ missing key input for creating protection CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature @@ -268,6 +269,7 @@ CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC:154:\ CMP_R_VALUE_TOO_LARGE:175:value too large CMP_R_VALUE_TOO_SMALL:177:value too small CMP_R_WRONG_ALGORITHM_OID:138:wrong algorithm oid +CMP_R_WRONG_CERTID:189:wrong certid CMP_R_WRONG_CERTID_IN_RP:187:wrong certid in rp CMP_R_WRONG_PBM_VALUE:155:wrong pbm value CMP_R_WRONG_RP_COMPONENT_COUNT:188:wrong rp component count diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index 2ecb48d7a1..32cdf81187 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -3,6 +3,7 @@ =head1 NAME OSSL_CMP_MSG_get0_header, +OSSL_CMP_MSG_get_bodytype, OSSL_CMP_MSG_update_transactionID, OSSL_CMP_CTX_setup_CRM, OSSL_CMP_MSG_read, @@ -16,6 +17,7 @@ i2d_OSSL_CMP_MSG_bio #include <openssl/cmp.h> OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); + int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file); @@ -27,6 +29,8 @@ i2d_OSSL_CMP_MSG_bio OSSL_CMP_MSG_get0_header() returns the header of the given CMP message. +OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message. + OSSL_CMP_MSG_update_transactionID() updates the transactionID field in the header of the given message according to the CMP_CTX. This requires re-protecting the message (if it was protected). @@ -58,6 +62,8 @@ CMP is defined in RFC 4210. OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above or NULL if the respective entry does not exist and on error. +OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error. + OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success, NULL on error. diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod index f59abb4f11..8abd997ecc 100644 --- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod +++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod @@ -4,7 +4,9 @@ OSSL_CRMF_MSG_get0_tmpl, OSSL_CRMF_CERTTEMPLATE_get0_serialNumber, +OSSL_CRMF_CERTTEMPLATE_get0_subject, OSSL_CRMF_CERTTEMPLATE_get0_issuer, +OSSL_CRMF_CERTTEMPLATE_get0_extensions, OSSL_CRMF_CERTID_get0_serialNumber, OSSL_CRMF_CERTID_get0_issuer, OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, @@ -19,7 +21,11 @@ OSSL_CRMF_MSG_get_certReqId ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); + X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); + X509_EXTENSIONS + *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); @@ -39,9 +45,15 @@ OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of I<crm>. OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the given certificate template I<tmpl>. +OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the +given certificate template I<tmpl>. + OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the given certificate template I<tmpl>. +OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions +of the given certificate template I<tmpl>, or NULL if not present. + OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber of the given CertId I<cid>. diff --git a/doc/man3/OSSL_CRMF_MSG_set0_validity.pod b/doc/man3/OSSL_CRMF_MSG_set0_validity.pod index 70a4120e86..fd42159d67 100644 --- a/doc/man3/OSSL_CRMF_MSG_set0_validity.pod +++ b/doc/man3/OSSL_CRMF_MSG_set0_validity.pod @@ -51,6 +51,7 @@ OSSL_CRMF_MSG_set_certReqId() sets I<rid> as the certReqId of I<crm>. OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate I<tmpl> for which non-NULL values are provided: I<pubkey>, I<subject>, I<issuer>, and/or I<serial>. +X.509 extensions may be set using OSSL_CRMF_MSG_set0_extensions(). On success the reference counter of the I<pubkey> (if given) is incremented, while the I<subject>, I<issuer>, and I<serial> structures (if given) are copied. diff --git a/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod b/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod index b1f732257e..77377ef7eb 100644 --- a/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod +++ b/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod @@ -2,23 +2,32 @@ =head1 NAME +OSSL_CRMF_MSG_get0_regCtrl_regToken, OSSL_CRMF_MSG_set1_regCtrl_regToken, +OSSL_CRMF_MSG_get0_regCtrl_authenticator, OSSL_CRMF_MSG_set1_regCtrl_authenticator, OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo, OSSL_CRMF_MSG_set0_SinglePubInfo, OSSL_CRMF_MSG_set_PKIPublicationInfo_action, +OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo, OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo, +OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey, OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey, +OSSL_CRMF_MSG_get0_regCtrl_oldCertID, OSSL_CRMF_MSG_set1_regCtrl_oldCertID, OSSL_CRMF_CERTID_gen -- functions setting CRMF Registration Controls +- functions getting or setting CRMF Registration Controls =head1 SYNOPSIS #include <openssl/crmf.h> + ASN1_UTF8STRING + *OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *tok); + ASN1_UTF8STRING + *OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *auth); int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo( @@ -28,10 +37,16 @@ OSSL_CRMF_CERTID_gen int method, GENERAL_NAME *nm); int OSSL_CRMF_MSG_set_PKIPublicationInfo_action( OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action); + OSSL_CRMF_PKIPUBLICATIONINFO + *OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, const OSSL_CRMF_PKIPUBLICATIONINFO *pi); + X509_PUBKEY + *OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, const X509_PUBKEY *pubkey); + OSSL_CRMF_CERTID + *OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTID *cid); OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, @@ -39,6 +54,9 @@ OSSL_CRMF_CERTID_gen =head1 DESCRIPTION +Each of the OSSL_CRMF_MSG_get0_regCtrl_X() functions +returns the respective control X in the given I<msg>, if present. + OSSL_CRMF_MSG_set1_regCtrl_regToken() sets the regToken control in the given I<msg> copying the given I<tok> as value. See RFC 4211, section 6.1. @@ -79,10 +97,13 @@ given I<issuer> name and I<serial> number. =head1 RETURN VALUES -OSSL_CRMF_CERTID_gen returns a pointer to the resulting structure -or NULL on error. +All OSSL_CRMF_MSG_get0_*() functions +return the respective pointer value or NULL if not present and on error. -All other functions return 1 on success, 0 on error. +All OSSL_CRMF_MSG_set1_*() functions return 1 on success, 0 on error. + +OSSL_CRMF_CERTID_gen() returns a pointer to the resulting structure +or NULL on error. =head1 NOTES diff --git a/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod b/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod index 56a6814ea0..f3d8fb1217 100644 --- a/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod +++ b/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod @@ -2,34 +2,49 @@ =head1 NAME +OSSL_CRMF_MSG_get0_regInfo_utf8Pairs, OSSL_CRMF_MSG_set1_regInfo_utf8Pairs, +OSSL_CRMF_MSG_get0_regInfo_certReq, OSSL_CRMF_MSG_set1_regInfo_certReq -- functions setting CRMF Registration Info +- functions getting or setting CRMF Registration Info =head1 SYNOPSIS #include <openssl/crmf.h> + ASN1_UTF8STRING + *OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *utf8pairs); + OSSL_CRMF_CERTREQUEST + *OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTREQUEST *cr); =head1 DESCRIPTION +OSSL_CRMF_MSG_get0_regInfo_utf8Pairs() returns the first utf8Pairs regInfo +in the given I<msg>, if present. + OSSL_CRMF_MSG_set1_regInfo_utf8Pairs() adds a copy of the given I<utf8pairs> value as utf8Pairs regInfo to the given I<msg>. See RFC 4211 section 7.1. +OSSL_CRMF_MSG_get0_regInfo_certReq() returns the first certReq regInfo +in the given I<msg>, if present. + OSSL_CRMF_MSG_set1_regInfo_certReq() adds a copy of the given I<cr> value as certReq regInfo to the given I<msg>. See RFC 4211 section 7.2. =head1 RETURN VALUES -All functions return 1 on success, 0 on error. +All get0_*() functions return the respective pointer value, NULL if not present. + +All set1_*() functions return 1 on success, 0 on error. =head1 NOTES -Calling these functions multiple times adds multiple instances of the respective +Calling the set1_*() functions multiple times +adds multiple instances of the respective control to the regInfo structure of the given I<msg>. While RFC 4211 expects multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq. diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index 27afa27d6a..b47344215b 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -378,6 +378,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); +int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index b8ac43e525..3a26fd0bda 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -61,6 +61,7 @@ # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 # define CMP_R_INVALID_ARGS 100 # define CMP_R_INVALID_OPTION 174 +# define CMP_R_MISSING_CERTID 165 # define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 # define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 # define CMP_R_MISSING_P10CSR 121 @@ -101,6 +102,7 @@ # define CMP_R_VALUE_TOO_LARGE 175 # define CMP_R_VALUE_TOO_SMALL 177 # define CMP_R_WRONG_ALGORITHM_OID 138 +# define CMP_R_WRONG_CERTID 189 # define CMP_R_WRONG_CERTID_IN_RP 187 # define CMP_R_WRONG_PBM_VALUE 155 # define CMP_R_WRONG_RP_COMPONENT_COUNT 188 diff --git a/include/openssl/crmf.h.in b/include/openssl/crmf.h.in index 73d4a0f1f0..07bd3a6e53 100644 --- a/include/openssl/crmf.h.in +++ b/include/openssl/crmf.h.in @@ -89,8 +89,12 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, /* crmf_lib.c */ int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *tok); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *auth); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, OSSL_CRMF_SINGLEPUBINFO *spi); @@ -106,17 +110,27 @@ int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi int action); int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, const OSSL_CRMF_PKIPUBLICATIONINFO *pi); +OSSL_CRMF_PKIPUBLICATIONINFO +*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, const X509_PUBKEY *pubkey); +X509_PUBKEY +*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTID *cid); +OSSL_CRMF_CERTID +*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, const ASN1_INTEGER *serial); int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *utf8pairs); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTREQUEST *cr); +OSSL_CRMF_CERTREQUEST +*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, ASN1_TIME *notBefore, ASN1_TIME *notAfter); @@ -140,7 +154,11 @@ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME +*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_EXTENSIONS +*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c index 9f20d27ac9..e270bb924b 100644 --- a/test/cmp_server_test.c +++ b/test/cmp_server_test.c @@ -94,7 +94,7 @@ static int execute_test_handle_request(CMP_SRV_TEST_FIXTURE *fixture) goto end; if (!TEST_ptr(rsp = OSSL_CMP_CTX_server_perform(client_ctx, fixture->req)) - || !TEST_int_eq(ossl_cmp_msg_get_bodytype(rsp), + || !TEST_int_eq(OSSL_CMP_MSG_get_bodytype(rsp), OSSL_CMP_PKIBODY_ERROR) || !TEST_ptr(errorContent = rsp->body->value.error) || !TEST_int_eq(ASN1_INTEGER_get(errorContent->errorCode), diff --git a/util/libcrypto.num b/util/libcrypto.num index 73e84ff08e..c7862c568d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4502,16 +4502,23 @@ OSSL_CRMF_MSGS_new ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSGS_it ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_pbmp_new ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_pbm_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set_PKIPublicationInfo_action ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTID_gen ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set0_validity ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set_certReqId ? 3_0_0 EXIST::FUNCTION:CRMF @@ -4522,7 +4529,9 @@ OSSL_CRMF_MSG_create_popo ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSGS_verify_popo ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_get0_tmpl ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTTEMPLATE_get0_serialNumber ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_get0_subject ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTTEMPLATE_get0_issuer ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_get0_extensions ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTTEMPLATE_fill ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_PARAM_locate ? 3_0_0 EXIST::FUNCTION: @@ -4846,6 +4855,7 @@ i2d_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION: RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION: OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_get_bodytype ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_setup_CRM ? 3_0_0 EXIST::FUNCTION:CMP BIO_f_prefix ? 3_0_0 EXIST::FUNCTION: |