/*
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
ctx->keep_alive = 1;
ctx->msg_timeout = -1;
+ ctx->tls_used = -1; /* default for backward compatibility */
if ((ctx->untrusted = sk_X509_new_null()) == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_CRYPTO_LIB);
return 0;
}
+#ifndef OPENSSL_NO_HTTP
if (ctx->http_ctx != NULL) {
(void)OSSL_HTTP_close(ctx->http_ctx, 1);
ossl_cmp_debug(ctx, "disconnected from CMP server");
ctx->http_ctx = NULL;
}
+#endif
ctx->status = OSSL_CMP_PKISTATUS_unspecified;
ctx->failInfoCode = -1;
&& ossl_cmp_ctx_set1_caPubs(ctx, NULL)
&& ossl_cmp_ctx_set1_extraCertsIn(ctx, NULL)
&& ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL)
+ && ossl_cmp_ctx_set1_first_senderNonce(ctx, NULL)
&& OSSL_CMP_CTX_set1_transactionID(ctx, NULL)
&& OSSL_CMP_CTX_set1_senderNonce(ctx, NULL)
&& ossl_cmp_ctx_set1_recipNonce(ctx, NULL);
if (ctx == NULL)
return;
+#ifndef OPENSSL_NO_HTTP
if (ctx->http_ctx != NULL) {
(void)OSSL_HTTP_close(ctx->http_ctx, 1);
ossl_cmp_debug(ctx, "disconnected from CMP server");
}
+#endif
OPENSSL_free(ctx->propq);
OPENSSL_free(ctx->serverPath);
OPENSSL_free(ctx->server);
ASN1_OCTET_STRING_free(ctx->transactionID);
ASN1_OCTET_STRING_free(ctx->senderNonce);
ASN1_OCTET_STRING_free(ctx->recipNonce);
+ ASN1_OCTET_STRING_free(ctx->first_senderNonce);
OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs);
OSSL_STACK_OF_X509_free(ctx->extraCertsOut);
EVP_PKEY_free(ctx->newPkey);
X509_NAME_free(ctx->issuer);
+ ASN1_INTEGER_free(ctx->serialNumber);
X509_NAME_free(ctx->subjectName);
sk_GENERAL_NAME_pop_free(ctx->subjectAltNames, GENERAL_NAME_free);
X509_EXTENSIONS_free(ctx->reqExtensions);
return 1;
}
+DEFINE_OSSL_CMP_CTX_get0(geninfo_ITAVs, STACK_OF(OSSL_CMP_ITAV))
+
/* Add an itav for the body of outgoing general messages */
int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav)
{
/* Set the X509 name of the issuer to be placed in the certTemplate */
DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME)
+/* Set the ASN1_INTEGER serial to be placed in the certTemplate for rr */
+DEFINE_OSSL_CMP_CTX_set1(serialNumber, ASN1_INTEGER)
/*
* Set the subject name that will be placed in the certificate
* request. This will be the subject name on the received certificate.
}
/* Get the private/public key to use for cert enrollment, or NULL on error */
+/* In case |priv| == 0, better use ossl_cmp_ctx_get0_newPubkey() below */
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv)
{
if (ctx == NULL) {
return ctx->pkey; /* may be NULL */
}
+EVP_PKEY *ossl_cmp_ctx_get0_newPubkey(const OSSL_CMP_CTX *ctx)
+{
+ if (!ossl_assert(ctx != NULL))
+ return NULL;
+ if (ctx->newPkey != NULL)
+ return ctx->newPkey;
+ if (ctx->p10CSR != NULL)
+ return X509_REQ_get0_pubkey(ctx->p10CSR);
+ if (ctx->oldCert != NULL)
+ return X509_get0_pubkey(ctx->oldCert);
+ if (ctx->cert != NULL)
+ return X509_get0_pubkey(ctx->cert);
+ return ctx->pkey;
+}
+
#define DEFINE_set1_ASN1_OCTET_STRING(PREFIX, FIELD) \
int PREFIX##_set1_##FIELD(OSSL_CMP_CTX *ctx, const ASN1_OCTET_STRING *id) \
{ \
/* Stores the given nonce as the last senderNonce sent out */
DEFINE_set1_ASN1_OCTET_STRING(OSSL_CMP_CTX, senderNonce)
+/* store the first req sender nonce for verifying delayed delivery */
+DEFINE_set1_ASN1_OCTET_STRING(ossl_cmp_ctx, first_senderNonce)
+
/* Set the proxy server to use for HTTP(S) connections */
DEFINE_OSSL_CMP_CTX_set1(proxy, char)
/* Set the server exclusion list of the HTTP proxy server */
DEFINE_OSSL_CMP_CTX_set1(no_proxy, char)
+#ifndef OPENSSL_NO_HTTP
/* Set the http connect/disconnect callback function to be used for HTTP(S) */
DEFINE_OSSL_set(OSSL_CMP_CTX, http_cb, OSSL_HTTP_bio_cb_t)
* Returns callback argument set previously (NULL if not set or on error)
*/
DEFINE_OSSL_get(OSSL_CMP_CTX, http_cb_arg, void *, NULL)
+#endif
/* Set callback function for sending CMP request and receiving response */
DEFINE_OSSL_set(OSSL_CMP_CTX, transfer_cb, OSSL_CMP_transfer_cb_t)
case OSSL_CMP_OPT_UNPROTECTED_ERRORS:
ctx->unprotectedErrors = val;
break;
+ case OSSL_CMP_OPT_NO_CACHE_EXTRACERTS:
+ ctx->noCacheExtraCerts = val;
+ break;
case OSSL_CMP_OPT_VALIDITY_DAYS:
ctx->days = val;
break;
case OSSL_CMP_OPT_TOTAL_TIMEOUT:
ctx->total_timeout = val;
break;
+ case OSSL_CMP_OPT_USE_TLS:
+ ctx->tls_used = val;
+ break;
case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR:
ctx->permitTAInExtraCertsForIR = val;
break;
return ctx->unprotectedSend;
case OSSL_CMP_OPT_UNPROTECTED_ERRORS:
return ctx->unprotectedErrors;
+ case OSSL_CMP_OPT_NO_CACHE_EXTRACERTS:
+ return ctx->noCacheExtraCerts;
case OSSL_CMP_OPT_VALIDITY_DAYS:
return ctx->days;
case OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT:
return ctx->msg_timeout;
case OSSL_CMP_OPT_TOTAL_TIMEOUT:
return ctx->total_timeout;
+ case OSSL_CMP_OPT_USE_TLS:
+ return ctx->tls_used;
case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR:
return ctx->permitTAInExtraCertsForIR;
case OSSL_CMP_OPT_REVOCATION_REASON: