return 1;
}
-int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg)
+int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg)
{
if (!ossl_assert(msg != NULL && msg->body != NULL))
return -1;
}
OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype,
- int certReqId, OSSL_CMP_PKISI *si,
- X509 *cert, STACK_OF(X509) *chain,
- STACK_OF(X509) *caPubs, int encrypted,
+ int certReqId, const OSSL_CMP_PKISI *si,
+ X509 *cert, const X509 *encryption_recip,
+ STACK_OF(X509) *chain, STACK_OF(X509) *caPubs,
int unprotectedErrors)
{
OSSL_CMP_MSG *msg = NULL;
status = ossl_cmp_pkisi_get_status(resp->status);
if (status != OSSL_CMP_PKISTATUS_rejection
&& status != OSSL_CMP_PKISTATUS_waiting && cert != NULL) {
- if (encrypted) {
- ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
+ if (encryption_recip != NULL) {
+ ERR_raise(ERR_LIB_CMP, ERR_R_UNSUPPORTED);
goto err;
}
return NULL;
}
-OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
- OSSL_CRMF_CERTID *cid, int unprot_err)
+OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
+ const OSSL_CRMF_CERTID *cid, int unprotectedErrors)
{
OSSL_CMP_REVREPCONTENT *rep = NULL;
OSSL_CMP_PKISI *si1 = NULL;
}
}
- if (!unprot_err
+ if (!unprotectedErrors
|| ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection)
if (!ossl_cmp_msg_protect(ctx, msg))
goto err;
if (!ossl_assert(msg != NULL && itav != NULL))
return 0;
- bodytype = ossl_cmp_msg_get_bodytype(msg);
+ bodytype = OSSL_CMP_MSG_get_bodytype(msg);
if (bodytype != OSSL_CMP_PKIBODY_GENM
&& bodytype != OSSL_CMP_PKIBODY_GENP) {
ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
OSSL_CMP_PKIBODY_GENP, CMP_R_ERROR_CREATING_GENP);
}
-OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
- int errorCode,
- const char *details, int unprotected)
+OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
+ int64_t errorCode, const char *details,
+ int unprotected)
{
OSSL_CMP_MSG *msg = NULL;
+ const char *lib = NULL, *reason = NULL;
OSSL_CMP_PKIFREETEXT *ft;
if (!ossl_assert(ctx != NULL && si != NULL))
if ((msg->body->value.error->pKIStatusInfo = OSSL_CMP_PKISI_dup(si))
== NULL)
goto err;
- if (errorCode >= 0) {
- if ((msg->body->value.error->errorCode = ASN1_INTEGER_new()) == NULL)
- goto err;
- if (!ASN1_INTEGER_set(msg->body->value.error->errorCode, errorCode))
- goto err;
+ if ((msg->body->value.error->errorCode = ASN1_INTEGER_new()) == NULL)
+ goto err;
+ if (!ASN1_INTEGER_set_int64(msg->body->value.error->errorCode, errorCode))
+ goto err;
+ if (errorCode > 0
+ && (uint64_t)errorCode < ((uint64_t)ERR_SYSTEM_FLAG << 1)) {
+ lib = ERR_lib_error_string((unsigned long)errorCode);
+ reason = ERR_reason_error_string((unsigned long)errorCode);
}
- if (details != NULL) {
+ if (lib != NULL || reason != NULL || details != NULL) {
if ((ft = sk_ASN1_UTF8STRING_new_null()) == NULL)
goto err;
msg->body->value.error->errorDetails = ft;
- if (!ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details))
+ if (lib != NULL && *lib != '\0'
+ && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib))
+ goto err;
+ if (reason != NULL && *reason != '\0'
+ && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason))
+ goto err;
+ if (details != NULL
+ && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details))
goto err;
}
if (!ASN1_INTEGER_set(certStatus->certReqId, OSSL_CMP_CERTREQID))
goto err;
/*
- * the hash of the certificate, using the same hash algorithm
- * as is used to create and verify the certificate signature
+ * The hash of the certificate, using the same hash algorithm
+ * as is used to create and verify the certificate signature.
+ * If not available, a default hash algorithm is used.
*/
- if ((certHash = X509_digest_sig(ctx->newCert)) == NULL)
+ if ((certHash = X509_digest_sig(ctx->newCert, NULL, NULL)) == NULL)
goto err;
if (!ossl_cmp_certstatus_set0_certHash(certStatus, certHash))