mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

CMP: Add missing getter functions to CRMF API and CMP API

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
This commit is contained in:
Dr. David von Oheimb 2021-06-16 10:26:26 +02:00 committed by Tomas Mraz
parent b9bc8eb054
commit 7df56adac7
18 changed files with 146 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/cmp/cmp_client.c
View File

@ -34,7 +34,7 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx,
int invalid_protection,
int expected_type /* ignored here */)
{
int rcvd_type = ossl_cmp_msg_get_bodytype(rep /* may be NULL */);
int rcvd_type = OSSL_CMP_MSG_get_bodytype(rep /* may be NULL */);
const char *msg_type = NULL;
if (!ossl_assert(ctx != NULL && rep != NULL))
@ -132,7 +132,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
|| expected_type == OSSL_CMP_PKIBODY_POLLREP
|| expected_type == OSSL_CMP_PKIBODY_PKICONF;
const char *req_type_str =
ossl_cmp_bodytype_to_string(ossl_cmp_msg_get_bodytype(req));
ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req));
const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type);
int msg_timeout;
int bt;
@ -177,7 +177,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
return 0;
}
bt = ossl_cmp_msg_get_bodytype(*rep);
bt = OSSL_CMP_MSG_get_bodytype(*rep);
/*
* The body type in the 'bt' variable is not yet verified.
* Still we use this preliminary value already for a progress report because
@ -268,7 +268,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
goto err;
/* handle potential pollRep */
if (ossl_cmp_msg_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) {
if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) {
OSSL_CMP_POLLREPCONTENT *prc = prep->body->value.pollRep;
OSSL_CMP_POLLREP *pollRep = NULL;
int64_t check_after;
@ -818,6 +818,7 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
goto err;
}
if ((cid = ossl_cmp_revrepcontent_get_CertId(rrep, rsid)) == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID);
ret = 0;
goto err;
}

2
crypto/cmp/cmp_err.c
View File

@ -86,6 +86,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
"fail info out of range"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_ARGS), "invalid args"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_OPTION), "invalid option"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_CERTID), "missing certid"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION),
"missing key input for creating protection"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE),
@ -150,6 +151,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_SMALL), "value too small"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_ALGORITHM_OID),
"wrong algorithm oid"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID), "wrong certid"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID_IN_RP), "wrong certid in rp"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_PBM_VALUE), "wrong pbm value"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_RP_COMPONENT_COUNT),

1
crypto/cmp/cmp_local.h
View File

@ -859,7 +859,6 @@ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
const char *propq);
const char *ossl_cmp_bodytype_to_string(int type);
int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type);
int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg);
OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype);
OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype,
const OSSL_CRMF_MSG *crm);

4
crypto/cmp/cmp_msg.c
View File

@ -93,7 +93,7 @@ int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type)
return 1;
}
int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg)
int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg)
{
if (!ossl_assert(msg != NULL && msg->body != NULL))
return -1;
@ -651,7 +651,7 @@ int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav)
if (!ossl_assert(msg != NULL && itav != NULL))
return 0;
bodytype = ossl_cmp_msg_get_bodytype(msg);
bodytype = OSSL_CMP_MSG_get_bodytype(msg);
if (bodytype != OSSL_CMP_PKIBODY_GENM
&& bodytype != OSSL_CMP_PKIBODY_GENP) {
ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);

10
crypto/cmp/cmp_server.c
View File

@ -167,7 +167,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL))
return NULL;
switch (ossl_cmp_msg_get_bodytype(req)) {
switch (OSSL_CMP_MSG_get_bodytype(req)) {
case OSSL_CMP_PKIBODY_P10CR:
case OSSL_CMP_PKIBODY_CR:
bodytype = OSSL_CMP_PKIBODY_CP;
@ -183,7 +183,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
}
if (ossl_cmp_msg_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) {
if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) {
certReqId = OSSL_CMP_CERTREQID;
p10cr = req->body->value.p10cr;
} else {
@ -428,7 +428,7 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx,
invalid_protection ? "invalid" : "missing");
return 1;
}
if (ossl_cmp_msg_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR
if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR
&& OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS) == 1) {
ossl_cmp_warn(ctx, "ignoring missing protection of error message");
return 1;
@ -469,7 +469,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
if (!OSSL_CMP_CTX_set1_recipient(ctx, hdr->sender->d.directoryName))
goto err;
req_type = ossl_cmp_msg_get_bodytype(req);
req_type = OSSL_CMP_MSG_get_bodytype(req);
switch (req_type) {
case OSSL_CMP_PKIBODY_IR:
case OSSL_CMP_PKIBODY_CR:
@ -588,7 +588,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
ctx->secretValue = backup_secret;
rsp_type =
rsp != NULL ? ossl_cmp_msg_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR;
rsp != NULL ? OSSL_CMP_MSG_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR;
if (rsp != NULL)
ossl_cmp_log1(DEBUG, ctx,
"sending %s", ossl_cmp_bodytype_to_string(rsp_type));

8
crypto/cmp/cmp_vfy.c
View File

@ -406,7 +406,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
if (mode_3gpp
&& ((!ctx->permitTAInExtraCertsForIR
|| ossl_cmp_msg_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP)))
|| OSSL_CMP_MSG_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP)))
return 0;
ossl_cmp_info(ctx,
@ -576,7 +576,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
* the caPubs field may be directly trusted as a root CA
* certificate by the initiator.'
*/
switch (ossl_cmp_msg_get_bodytype(msg)) {
switch (OSSL_CMP_MSG_get_bodytype(msg)) {
case -1:
return 0;
case OSSL_CMP_PKIBODY_IP:
@ -732,7 +732,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
#endif
}
if (ossl_cmp_msg_get_bodytype(msg) < 0) {
if (OSSL_CMP_MSG_get_bodytype(msg) < 0) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
ERR_raise(ERR_LIB_CMP, CMP_R_PKIBODY_ERROR);
return 0;
@ -793,7 +793,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
* the caPubs field may be directly trusted as a root CA
* certificate by the initiator.'
*/
switch (ossl_cmp_msg_get_bodytype(msg)) {
switch (OSSL_CMP_MSG_get_bodytype(msg)) {
case OSSL_CMP_PKIBODY_IP:
case OSSL_CMP_PKIBODY_CP:
case OSSL_CMP_PKIBODY_KUP:

36
crypto/crmf/crmf_lib.c
View File

@ -42,13 +42,29 @@
* valt = Value Type
* ctrlinf = "regCtrl" or "regInfo"
*/
#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \
int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, \
const valt *in) \
#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \
valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg) \
{ \
int i; \
STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; \
OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \
\
if (msg == NULL || msg->certReq == NULL) \
return NULL; \
controls = msg->certReq->controls; \
for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \
atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i); \
if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp) \
return atav->value.atyp; \
} \
return NULL; \
} \
\
int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \
{ \
OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \
\
if (msg == NULL || in == NULL) \
if (msg == NULL || in == NULL) \
goto err; \
if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \
goto err; \
@ -515,6 +531,12 @@ ASN1_INTEGER
return tmpl != NULL ? tmpl->serialNumber : NULL;
}
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl)
{
return tmpl != NULL ? tmpl->subject : NULL;
}
/* retrieves the issuer name of the given cert template or NULL on error */
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
@ -522,6 +544,12 @@ const X509_NAME
return tmpl != NULL ? tmpl->issuer : NULL;
}
X509_EXTENSIONS
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl)
{
return tmpl != NULL ? tmpl->extensions : NULL;
}
/* retrieves the issuer name of the given CertId or NULL on error */
const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
{

2
crypto/err/openssl.txt
View File

@ -225,6 +225,7 @@ CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random
CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range
CMP_R_INVALID_ARGS:100:invalid args
CMP_R_INVALID_OPTION:174:invalid option
CMP_R_MISSING_CERTID:165:missing certid
CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\
missing key input for creating protection
CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature
@ -268,6 +269,7 @@ CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC:154:\
CMP_R_VALUE_TOO_LARGE:175:value too large
CMP_R_VALUE_TOO_SMALL:177:value too small
CMP_R_WRONG_ALGORITHM_OID:138:wrong algorithm oid
CMP_R_WRONG_CERTID:189:wrong certid
CMP_R_WRONG_CERTID_IN_RP:187:wrong certid in rp
CMP_R_WRONG_PBM_VALUE:155:wrong pbm value
CMP_R_WRONG_RP_COMPONENT_COUNT:188:wrong rp component count

6
doc/man3/OSSL_CMP_MSG_get0_header.pod
View File

@ -3,6 +3,7 @@
=head1 NAME
OSSL_CMP_MSG_get0_header,
OSSL_CMP_MSG_get_bodytype,
OSSL_CMP_MSG_update_transactionID,
OSSL_CMP_CTX_setup_CRM,
OSSL_CMP_MSG_read,
@ -16,6 +17,7 @@ i2d_OSSL_CMP_MSG_bio
#include <openssl/cmp.h>
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file);
@ -27,6 +29,8 @@ i2d_OSSL_CMP_MSG_bio
OSSL_CMP_MSG_get0_header() returns the header of the given CMP message.
OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message.
OSSL_CMP_MSG_update_transactionID() updates the transactionID field
in the header of the given message according to the CMP_CTX.
This requires re-protecting the message (if it was protected).
@ -58,6 +62,8 @@ CMP is defined in RFC 4210.
OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above
or NULL if the respective entry does not exist and on error.
OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error.
OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success,
NULL on error.

12
doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
View File

@ -4,7 +4,9 @@
OSSL_CRMF_MSG_get0_tmpl,
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber,
OSSL_CRMF_CERTTEMPLATE_get0_subject,
OSSL_CRMF_CERTTEMPLATE_get0_issuer,
OSSL_CRMF_CERTTEMPLATE_get0_extensions,
OSSL_CRMF_CERTID_get0_serialNumber,
OSSL_CRMF_CERTID_get0_issuer,
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert,
@ -19,7 +21,11 @@ OSSL_CRMF_MSG_get_certReqId
ASN1_INTEGER
*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
X509_EXTENSIONS
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
@ -39,9 +45,15 @@ OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of I<crm>.
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the
given certificate template I<tmpl>.
OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the
given certificate template I<tmpl>.
OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the
given certificate template I<tmpl>.
OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions
of the given certificate template I<tmpl>, or NULL if not present.
OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber
of the given CertId I<cid>.

1
doc/man3/OSSL_CRMF_MSG_set0_validity.pod
View File

@ -51,6 +51,7 @@ OSSL_CRMF_MSG_set_certReqId() sets I<rid> as the certReqId of I<crm>.
OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate I<tmpl>
for which non-NULL values are provided: I<pubkey>, I<subject>, I<issuer>,
and/or I<serial>.
X.509 extensions may be set using OSSL_CRMF_MSG_set0_extensions().
On success the reference counter of the I<pubkey> (if given) is incremented,
while the I<subject>, I<issuer>, and I<serial> structures (if given) are copied.

29
doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod
View File

@ -2,23 +2,32 @@
=head1 NAME
OSSL_CRMF_MSG_get0_regCtrl_regToken,
OSSL_CRMF_MSG_set1_regCtrl_regToken,
OSSL_CRMF_MSG_get0_regCtrl_authenticator,
OSSL_CRMF_MSG_set1_regCtrl_authenticator,
OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo,
OSSL_CRMF_MSG_set0_SinglePubInfo,
OSSL_CRMF_MSG_set_PKIPublicationInfo_action,
OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo,
OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo,
OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey,
OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey,
OSSL_CRMF_MSG_get0_regCtrl_oldCertID,
OSSL_CRMF_MSG_set1_regCtrl_oldCertID,
OSSL_CRMF_CERTID_gen
- functions setting CRMF Registration Controls
- functions getting or setting CRMF Registration Controls
=head1 SYNOPSIS
#include <openssl/crmf.h>
ASN1_UTF8STRING
*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *tok);
ASN1_UTF8STRING
*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *auth);
int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
@ -28,10 +37,16 @@ OSSL_CRMF_CERTID_gen
int method, GENERAL_NAME *nm);
int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action);
OSSL_CRMF_PKIPUBLICATIONINFO
*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
X509_PUBKEY
*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
const X509_PUBKEY *pubkey);
OSSL_CRMF_CERTID
*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_CERTID *cid);
OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
@ -39,6 +54,9 @@ OSSL_CRMF_CERTID_gen
=head1 DESCRIPTION
Each of the OSSL_CRMF_MSG_get0_regCtrl_X() functions
returns the respective control X in the given I<msg>, if present.
OSSL_CRMF_MSG_set1_regCtrl_regToken() sets the regToken control in the given
I<msg> copying the given I<tok> as value. See RFC 4211, section 6.1.
@ -79,10 +97,13 @@ given I<issuer> name and I<serial> number.
=head1 RETURN VALUES
OSSL_CRMF_CERTID_gen returns a pointer to the resulting structure
or NULL on error.
All OSSL_CRMF_MSG_get0_*() functions
return the respective pointer value or NULL if not present and on error.
All other functions return 1 on success, 0 on error.
All OSSL_CRMF_MSG_set1_*() functions return 1 on success, 0 on error.
OSSL_CRMF_CERTID_gen() returns a pointer to the resulting structure
or NULL on error.
=head1 NOTES

21
doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod
View File

@ -2,34 +2,49 @@
=head1 NAME
OSSL_CRMF_MSG_get0_regInfo_utf8Pairs,
OSSL_CRMF_MSG_set1_regInfo_utf8Pairs,
OSSL_CRMF_MSG_get0_regInfo_certReq,
OSSL_CRMF_MSG_set1_regInfo_certReq
- functions setting CRMF Registration Info
- functions getting or setting CRMF Registration Info
=head1 SYNOPSIS
#include <openssl/crmf.h>
ASN1_UTF8STRING
*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *utf8pairs);
OSSL_CRMF_CERTREQUEST
*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_CERTREQUEST *cr);
=head1 DESCRIPTION
OSSL_CRMF_MSG_get0_regInfo_utf8Pairs() returns the first utf8Pairs regInfo
in the given I<msg>, if present.
OSSL_CRMF_MSG_set1_regInfo_utf8Pairs() adds a copy of the given I<utf8pairs>
value as utf8Pairs regInfo to the given I<msg>. See RFC 4211 section 7.1.
OSSL_CRMF_MSG_get0_regInfo_certReq() returns the first certReq regInfo
in the given I<msg>, if present.
OSSL_CRMF_MSG_set1_regInfo_certReq() adds a copy of the given I<cr> value
as certReq regInfo to the given I<msg>. See RFC 4211 section 7.2.
=head1 RETURN VALUES
All functions return 1 on success, 0 on error.
All get0_*() functions return the respective pointer value, NULL if not present.
All set1_*() functions return 1 on success, 0 on error.
=head1 NOTES
Calling these functions multiple times adds multiple instances of the respective
Calling the set1_*() functions multiple times
adds multiple instances of the respective
control to the regInfo structure of the given I<msg>. While RFC 4211 expects
multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq.

1
include/openssl/cmp.h.in
View File

@ -378,6 +378,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
/* from cmp_msg.c */
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,

2
include/openssl/cmperr.h
View File

@ -61,6 +61,7 @@
# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129
# define CMP_R_INVALID_ARGS 100
# define CMP_R_INVALID_OPTION 174
# define CMP_R_MISSING_CERTID 165
# define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130
# define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142
# define CMP_R_MISSING_P10CSR 121
@ -101,6 +102,7 @@
# define CMP_R_VALUE_TOO_LARGE 175
# define CMP_R_VALUE_TOO_SMALL 177
# define CMP_R_WRONG_ALGORITHM_OID 138
# define CMP_R_WRONG_CERTID 189
# define CMP_R_WRONG_CERTID_IN_RP 187
# define CMP_R_WRONG_PBM_VALUE 155
# define CMP_R_WRONG_RP_COMPONENT_COUNT 188

18
include/openssl/crmf.h.in
View File

@ -89,8 +89,12 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
/* crmf_lib.c */
int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *tok);
ASN1_UTF8STRING
*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *auth);
ASN1_UTF8STRING
*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
int
OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
OSSL_CRMF_SINGLEPUBINFO *spi);
@ -106,17 +110,27 @@ int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi
int action);
int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
OSSL_CRMF_PKIPUBLICATIONINFO
*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
const X509_PUBKEY *pubkey);
X509_PUBKEY
*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_CERTID *cid);
OSSL_CRMF_CERTID
*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
const ASN1_INTEGER *serial);
int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *utf8pairs);
ASN1_UTF8STRING
*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_CERTREQUEST *cr);
OSSL_CRMF_CERTREQUEST
*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
ASN1_TIME *notBefore, ASN1_TIME *notAfter);
@ -140,7 +154,11 @@ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
ASN1_INTEGER
*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
X509_EXTENSIONS
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);

2
test/cmp_server_test.c
View File

@ -94,7 +94,7 @@ static int execute_test_handle_request(CMP_SRV_TEST_FIXTURE *fixture)
goto end;
if (!TEST_ptr(rsp = OSSL_CMP_CTX_server_perform(client_ctx, fixture->req))
|| !TEST_int_eq(ossl_cmp_msg_get_bodytype(rsp),
|| !TEST_int_eq(OSSL_CMP_MSG_get_bodytype(rsp),
OSSL_CMP_PKIBODY_ERROR)
|| !TEST_ptr(errorContent = rsp->body->value.error)
|| !TEST_int_eq(ASN1_INTEGER_get(errorContent->errorCode),

10
util/libcrypto.num
View File

@ -4502,16 +4502,23 @@ OSSL_CRMF_MSGS_new ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSGS_it ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_pbmp_new ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_pbm_new ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set_PKIPublicationInfo_action ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTID_gen ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set0_validity ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set_certReqId ? 3_0_0 EXIST::FUNCTION:CRMF
@ -4522,7 +4529,9 @@ OSSL_CRMF_MSG_create_popo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSGS_verify_popo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_tmpl ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTTEMPLATE_get0_subject ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTTEMPLATE_get0_issuer ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTTEMPLATE_get0_extensions ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTTEMPLATE_fill ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_PARAM_locate ? 3_0_0 EXIST::FUNCTION:
@ -4846,6 +4855,7 @@ i2d_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION:
RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION:
OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_get_bodytype ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_setup_CRM ? 3_0_0 EXIST::FUNCTION:CMP
BIO_f_prefix ? 3_0_0 EXIST::FUNCTION: