diff options
Diffstat (limited to 'crypto/crmf/crmf_lib.c')
-rw-r--r-- | crypto/crmf/crmf_lib.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 4e90cbe02c..e57192fc83 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -505,6 +505,12 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY); return 0; } + + /* + * Should check at this point the contents of the authInfo sub-field + * as requested in FR #19807 according to RFC 4211 section 4.1. + */ + it = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT); asn = sig->poposkInput; } else { @@ -521,6 +527,12 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, return 0; break; case OSSL_CRMF_POPO_KEYENC: + /* + * When OSSL_CMP_certrep_new() supports encrypted certs, + * should return 1 if the type of req->popo->value.keyEncipherment + * is OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE and + * its value.subsequentMessage == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT + */ case OSSL_CRMF_POPO_KEYAGREE: default: ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_POPO_METHOD); |