]>
Commit | Line | Data |
---|---|---|
3dbc5156 DDO |
1 | /* |
2 | * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * Copyright Nokia 2007-2019 | |
4 | * Copyright Siemens AG 2015-2019 | |
5 | * | |
6 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
7 | * this file except in compliance with the License. You can obtain a copy | |
8 | * in the file LICENSE in the source distribution or at | |
9 | * https://www.openssl.org/source/license.html | |
10 | */ | |
11 | ||
12 | /* CMP functions for PKIMessage construction */ | |
13 | ||
14 | #include "cmp_local.h" | |
15 | ||
16 | /* explicit #includes not strictly needed since implied by the above: */ | |
17 | #include <openssl/asn1t.h> | |
18 | #include <openssl/cmp.h> | |
19 | #include <openssl/crmf.h> | |
20 | #include <openssl/err.h> | |
21 | #include <openssl/x509.h> | |
22 | ||
23 | OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg) | |
24 | { | |
25 | if (msg == NULL) { | |
26 | CMPerr(0, CMP_R_NULL_ARGUMENT); | |
27 | return NULL; | |
28 | } | |
29 | return msg->header; | |
30 | } | |
31 | ||
32 | const char *ossl_cmp_bodytype_to_string(int type) | |
33 | { | |
34 | static const char *type_names[] = { | |
35 | "IR", "IP", "CR", "CP", "P10CR", | |
36 | "POPDECC", "POPDECR", "KUR", "KUP", | |
37 | "KRR", "KRP", "RR", "RP", "CCR", "CCP", | |
38 | "CKUANN", "CANN", "RANN", "CRLANN", "PKICONF", "NESTED", | |
39 | "GENM", "GENP", "ERROR", "CERTCONF", "POLLREQ", "POLLREP", | |
40 | }; | |
41 | ||
42 | if (type < 0 || type > OSSL_CMP_PKIBODY_TYPE_MAX) | |
43 | return "illegal body type"; | |
44 | return type_names[type]; | |
45 | } | |
46 | ||
47 | int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type) | |
48 | { | |
49 | if (!ossl_assert(msg != NULL && msg->body != NULL)) | |
50 | return 0; | |
51 | ||
52 | msg->body->type = type; | |
53 | return 1; | |
54 | } | |
55 | ||
56 | int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg) | |
57 | { | |
58 | if (!ossl_assert(msg != NULL && msg->body != NULL)) | |
59 | return -1; | |
60 | ||
61 | return msg->body->type; | |
62 | } | |
63 | ||
64 | /* Add an extension to the referenced extension stack, which may be NULL */ | |
65 | static int add1_extension(X509_EXTENSIONS **pexts, int nid, int crit, void *ex) | |
66 | { | |
67 | X509_EXTENSION *ext; | |
68 | int res; | |
69 | ||
70 | if (!ossl_assert(pexts != NULL)) /* pointer to var must not be NULL */ | |
71 | return 0; | |
72 | ||
73 | if ((ext = X509V3_EXT_i2d(nid, crit, ex)) == NULL) | |
74 | return 0; | |
75 | ||
76 | res = X509v3_add_ext(pexts, ext, 0) != NULL; | |
77 | X509_EXTENSION_free(ext); | |
78 | return res; | |
79 | } | |
80 | ||
81 | /* Add a CRL revocation reason code to extension stack, which may be NULL */ | |
82 | static int add_crl_reason_extension(X509_EXTENSIONS **pexts, int reason_code) | |
83 | { | |
84 | ASN1_ENUMERATED *val = ASN1_ENUMERATED_new(); | |
85 | int res = 0; | |
86 | ||
87 | if (val != NULL && ASN1_ENUMERATED_set(val, reason_code)) | |
88 | res = add1_extension(pexts, NID_crl_reason, 0 /* non-critical */, val); | |
89 | ASN1_ENUMERATED_free(val); | |
90 | return res; | |
91 | } | |
92 | ||
93 | OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) | |
94 | { | |
95 | OSSL_CMP_MSG *msg = NULL; | |
96 | ||
97 | if (!ossl_assert(ctx != NULL)) | |
98 | return NULL; | |
99 | ||
100 | if ((msg = OSSL_CMP_MSG_new()) == NULL) | |
101 | return NULL; | |
102 | if (!ossl_cmp_hdr_init(ctx, msg->header) | |
103 | || !ossl_cmp_msg_set_bodytype(msg, bodytype)) | |
104 | goto err; | |
105 | if (ctx->geninfo_ITAVs != NULL | |
106 | && !ossl_cmp_hdr_generalInfo_push1_items(msg->header, | |
107 | ctx->geninfo_ITAVs)) | |
108 | goto err; | |
109 | ||
110 | switch (bodytype) { | |
111 | case OSSL_CMP_PKIBODY_IR: | |
112 | case OSSL_CMP_PKIBODY_CR: | |
113 | case OSSL_CMP_PKIBODY_KUR: | |
114 | if ((msg->body->value.ir = OSSL_CRMF_MSGS_new()) == NULL) | |
115 | goto err; | |
116 | return msg; | |
117 | ||
118 | case OSSL_CMP_PKIBODY_P10CR: | |
119 | if (ctx->p10CSR == NULL) { | |
120 | CMPerr(0, CMP_R_ERROR_CREATING_P10CR); | |
121 | goto err; | |
122 | } | |
123 | if ((msg->body->value.p10cr = X509_REQ_dup(ctx->p10CSR)) == NULL) | |
124 | goto err; | |
125 | return msg; | |
126 | ||
127 | case OSSL_CMP_PKIBODY_IP: | |
128 | case OSSL_CMP_PKIBODY_CP: | |
129 | case OSSL_CMP_PKIBODY_KUP: | |
130 | if ((msg->body->value.ip = OSSL_CMP_CERTREPMESSAGE_new()) == NULL) | |
131 | goto err; | |
132 | return msg; | |
133 | ||
134 | case OSSL_CMP_PKIBODY_RR: | |
135 | if ((msg->body->value.rr = sk_OSSL_CMP_REVDETAILS_new_null()) == NULL) | |
136 | goto err; | |
137 | return msg; | |
138 | case OSSL_CMP_PKIBODY_RP: | |
139 | if ((msg->body->value.rp = OSSL_CMP_REVREPCONTENT_new()) == NULL) | |
140 | goto err; | |
141 | return msg; | |
142 | ||
143 | case OSSL_CMP_PKIBODY_CERTCONF: | |
144 | if ((msg->body->value.certConf = | |
145 | sk_OSSL_CMP_CERTSTATUS_new_null()) == NULL) | |
146 | goto err; | |
147 | return msg; | |
148 | case OSSL_CMP_PKIBODY_PKICONF: | |
149 | if ((msg->body->value.pkiconf = ASN1_TYPE_new()) == NULL) | |
150 | goto err; | |
151 | ASN1_TYPE_set(msg->body->value.pkiconf, V_ASN1_NULL, NULL); | |
152 | return msg; | |
153 | ||
154 | case OSSL_CMP_PKIBODY_POLLREQ: | |
155 | if ((msg->body->value.pollReq = sk_OSSL_CMP_POLLREQ_new_null()) == NULL) | |
156 | goto err; | |
157 | return msg; | |
158 | case OSSL_CMP_PKIBODY_POLLREP: | |
159 | if ((msg->body->value.pollRep = sk_OSSL_CMP_POLLREP_new_null()) == NULL) | |
160 | goto err; | |
161 | return msg; | |
162 | ||
163 | case OSSL_CMP_PKIBODY_GENM: | |
164 | case OSSL_CMP_PKIBODY_GENP: | |
165 | if ((msg->body->value.genm = sk_OSSL_CMP_ITAV_new_null()) == NULL) | |
166 | goto err; | |
167 | return msg; | |
168 | ||
169 | case OSSL_CMP_PKIBODY_ERROR: | |
170 | if ((msg->body->value.error = OSSL_CMP_ERRORMSGCONTENT_new()) == NULL) | |
171 | goto err; | |
172 | return msg; | |
173 | ||
174 | default: | |
175 | CMPerr(0, CMP_R_UNEXPECTED_PKIBODY); | |
176 | goto err; | |
177 | } | |
178 | ||
179 | err: | |
180 | OSSL_CMP_MSG_free(msg); | |
181 | return NULL; | |
182 | } | |
183 | ||
184 | #define HAS_SAN(ctx) \ | |
185 | (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ | |
186 | || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) | |
187 | ||
8cc86b81 DDO |
188 | static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, |
189 | int bodytype) | |
3dbc5156 DDO |
190 | { |
191 | if (ctx->subjectName != NULL) | |
192 | return ctx->subjectName; | |
193 | ||
194 | if (refcert != NULL | |
195 | && (bodytype == OSSL_CMP_PKIBODY_KUR || !HAS_SAN(ctx))) | |
196 | /* | |
197 | * For KUR, copy subjectName from reference certificate. | |
198 | * For IR or CR, do the same only if there is no subjectAltName. | |
199 | */ | |
200 | return X509_get_subject_name(refcert); | |
201 | return NULL; | |
202 | } | |
203 | ||
204 | /* | |
205 | * Create CRMF certificate request message for IR/CR/KUR | |
206 | * returns a pointer to the OSSL_CRMF_MSG on success, NULL on error | |
207 | */ | |
62dcd2aa | 208 | static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) |
3dbc5156 DDO |
209 | { |
210 | OSSL_CRMF_MSG *crm = NULL; | |
211 | X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->clCert; | |
212 | /* refcert defaults to current client cert */ | |
62dcd2aa | 213 | EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); |
3dbc5156 | 214 | STACK_OF(GENERAL_NAME) *default_sans = NULL; |
8cc86b81 | 215 | const X509_NAME *subject = determine_subj(ctx, refcert, bodytype); |
3dbc5156 DDO |
216 | int crit = ctx->setSubjectAltNameCritical || subject == NULL; |
217 | /* RFC5280: subjectAltName MUST be critical if subject is null */ | |
218 | X509_EXTENSIONS *exts = NULL; | |
219 | ||
62dcd2aa DDO |
220 | if (rkey == NULL) |
221 | rkey = ctx->pkey; /* default is independent of ctx->oldClCert */ | |
e599d0ae DDO |
222 | if (rkey == NULL) { |
223 | #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION | |
224 | CMPerr(0, CMP_R_NULL_ARGUMENT); | |
225 | return NULL; | |
226 | #endif | |
227 | } | |
228 | if (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL) { | |
753283cd | 229 | CMPerr(0, CMP_R_MISSING_REFERENCE_CERT); |
3dbc5156 DDO |
230 | return NULL; |
231 | } | |
232 | if ((crm = OSSL_CRMF_MSG_new()) == NULL) | |
233 | return NULL; | |
234 | if (!OSSL_CRMF_MSG_set_certReqId(crm, rid) | |
235 | /* | |
236 | * fill certTemplate, corresponding to CertificationRequestInfo | |
237 | * of PKCS#10. The rkey param cannot be NULL so far - | |
238 | * it could be NULL if centralized key creation was supported | |
239 | */ | |
240 | || !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey, | |
241 | subject, ctx->issuer, | |
235595c4 | 242 | NULL /* serial */)) |
3dbc5156 DDO |
243 | goto err; |
244 | if (ctx->days != 0) { | |
245 | time_t notBefore, notAfter; | |
246 | ||
247 | notBefore = time(NULL); | |
248 | notAfter = notBefore + 60 * 60 * 24 * ctx->days; | |
249 | if (!OSSL_CRMF_MSG_set_validity(crm, notBefore, notAfter)) | |
250 | goto err; | |
251 | } | |
252 | ||
253 | /* extensions */ | |
254 | if (refcert != NULL && !ctx->SubjectAltName_nodefault) | |
255 | default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), | |
256 | NID_subject_alt_name, NULL, NULL); | |
257 | /* exts are copied from ctx to allow reuse */ | |
258 | if (ctx->reqExtensions != NULL) { | |
259 | exts = sk_X509_EXTENSION_deep_copy(ctx->reqExtensions, | |
260 | X509_EXTENSION_dup, | |
261 | X509_EXTENSION_free); | |
262 | if (exts == NULL) | |
263 | goto err; | |
264 | } | |
265 | if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 | |
266 | && !add1_extension(&exts, NID_subject_alt_name, | |
267 | crit, ctx->subjectAltNames)) | |
268 | goto err; | |
269 | if (!HAS_SAN(ctx) && default_sans != NULL | |
270 | && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) | |
271 | goto err; | |
272 | if (ctx->policies != NULL | |
273 | && !add1_extension(&exts, NID_certificate_policies, | |
274 | ctx->setPoliciesCritical, ctx->policies)) | |
275 | goto err; | |
276 | if (!OSSL_CRMF_MSG_set0_extensions(crm, exts)) | |
277 | goto err; | |
278 | exts = NULL; | |
279 | /* end fill certTemplate, now set any controls */ | |
280 | ||
281 | /* for KUR, set OldCertId according to D.6 */ | |
282 | if (bodytype == OSSL_CMP_PKIBODY_KUR) { | |
283 | OSSL_CRMF_CERTID *cid = | |
284 | OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert), | |
285 | X509_get_serialNumber(refcert)); | |
286 | int ret; | |
287 | ||
288 | if (cid == NULL) | |
289 | goto err; | |
290 | ret = OSSL_CRMF_MSG_set1_regCtrl_oldCertID(crm, cid); | |
291 | OSSL_CRMF_CERTID_free(cid); | |
292 | if (ret == 0) | |
293 | goto err; | |
294 | } | |
295 | ||
296 | goto end; | |
297 | ||
298 | err: | |
299 | OSSL_CRMF_MSG_free(crm); | |
300 | crm = NULL; | |
301 | ||
302 | end: | |
303 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | |
304 | sk_GENERAL_NAME_pop_free(default_sans, GENERAL_NAME_free); | |
305 | return crm; | |
306 | } | |
307 | ||
308 | OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int type, int err_code) | |
309 | { | |
3dbc5156 DDO |
310 | OSSL_CMP_MSG *msg; |
311 | OSSL_CRMF_MSG *crm = NULL; | |
312 | ||
313 | if (!ossl_assert(ctx != NULL)) | |
314 | return NULL; | |
315 | ||
3dbc5156 DDO |
316 | if (type != OSSL_CMP_PKIBODY_IR && type != OSSL_CMP_PKIBODY_CR |
317 | && type != OSSL_CMP_PKIBODY_KUR && type != OSSL_CMP_PKIBODY_P10CR) { | |
318 | CMPerr(0, CMP_R_INVALID_ARGS); | |
319 | return NULL; | |
320 | } | |
321 | ||
322 | if ((msg = ossl_cmp_msg_create(ctx, type)) == NULL) | |
323 | goto err; | |
324 | ||
325 | /* header */ | |
326 | if (ctx->implicitConfirm && !ossl_cmp_hdr_set_implicitConfirm(msg->header)) | |
327 | goto err; | |
328 | ||
329 | /* body */ | |
330 | /* For P10CR the content has already been set in OSSL_CMP_MSG_create */ | |
331 | if (type != OSSL_CMP_PKIBODY_P10CR) { | |
62dcd2aa DDO |
332 | EVP_PKEY *privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); |
333 | ||
334 | if (privkey == NULL) | |
335 | privkey = ctx->pkey; /* default is independent of ctx->oldCert */ | |
3dbc5156 DDO |
336 | if (ctx->popoMethod == OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) { |
337 | CMPerr(0, CMP_R_MISSING_PRIVATE_KEY); | |
338 | goto err; | |
339 | } | |
62dcd2aa DDO |
340 | if ((crm = crm_new(ctx, type, OSSL_CMP_CERTREQID)) == NULL |
341 | || !OSSL_CRMF_MSG_create_popo(crm, privkey, ctx->digest, | |
342 | ctx->popoMethod) | |
343 | /* value.ir is same for cr and kur */ | |
344 | || !sk_OSSL_CRMF_MSG_push(msg->body->value.ir, crm)) | |
3dbc5156 DDO |
345 | goto err; |
346 | crm = NULL; | |
347 | /* TODO: here optional 2nd certreqmsg could be pushed to the stack */ | |
348 | } | |
349 | ||
350 | if (!ossl_cmp_msg_protect(ctx, msg)) | |
351 | goto err; | |
352 | ||
353 | return msg; | |
354 | ||
355 | err: | |
7e765f46 DDO |
356 | if (err_code != 0) |
357 | CMPerr(0, err_code); | |
3dbc5156 DDO |
358 | OSSL_CRMF_MSG_free(crm); |
359 | OSSL_CMP_MSG_free(msg); | |
360 | return NULL; | |
361 | } | |
362 | ||
363 | OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype, | |
364 | int certReqId, OSSL_CMP_PKISI *si, | |
365 | X509 *cert, STACK_OF(X509) *chain, | |
366 | STACK_OF(X509) *caPubs, int encrypted, | |
367 | int unprotectedErrors) | |
368 | { | |
369 | OSSL_CMP_MSG *msg = NULL; | |
370 | OSSL_CMP_CERTREPMESSAGE *repMsg = NULL; | |
371 | OSSL_CMP_CERTRESPONSE *resp = NULL; | |
372 | int status = -1; | |
373 | ||
374 | if (!ossl_assert(ctx != NULL && si != NULL)) | |
375 | return NULL; | |
376 | ||
377 | if ((msg = ossl_cmp_msg_create(ctx, bodytype)) == NULL) | |
378 | goto err; | |
379 | repMsg = msg->body->value.ip; /* value.ip is same for cp and kup */ | |
380 | ||
381 | /* header */ | |
382 | if (ctx->implicitConfirm && !ossl_cmp_hdr_set_implicitConfirm(msg->header)) | |
383 | goto err; | |
384 | ||
385 | /* body */ | |
386 | if ((resp = OSSL_CMP_CERTRESPONSE_new()) == NULL) | |
387 | goto err; | |
388 | OSSL_CMP_PKISI_free(resp->status); | |
389 | if ((resp->status = OSSL_CMP_PKISI_dup(si)) == NULL | |
390 | || !ASN1_INTEGER_set(resp->certReqId, certReqId)) | |
391 | goto err; | |
392 | ||
62dcd2aa | 393 | status = ossl_cmp_pkisi_get_status(resp->status); |
3dbc5156 DDO |
394 | if (status != OSSL_CMP_PKISTATUS_rejection |
395 | && status != OSSL_CMP_PKISTATUS_waiting && cert != NULL) { | |
396 | if (encrypted) { | |
397 | CMPerr(0, CMP_R_INVALID_ARGS); | |
398 | goto err; | |
399 | } | |
400 | ||
401 | if ((resp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) | |
402 | == NULL) | |
403 | goto err; | |
404 | resp->certifiedKeyPair->certOrEncCert->type = | |
405 | OSSL_CMP_CERTORENCCERT_CERTIFICATE; | |
406 | if (!X509_up_ref(cert)) | |
407 | goto err; | |
408 | resp->certifiedKeyPair->certOrEncCert->value.certificate = cert; | |
409 | } | |
410 | ||
411 | if (!sk_OSSL_CMP_CERTRESPONSE_push(repMsg->response, resp)) | |
412 | goto err; | |
413 | resp = NULL; | |
414 | /* TODO: here optional 2nd certrep could be pushed to the stack */ | |
415 | ||
416 | if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL | |
417 | && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL) | |
418 | goto err; | |
419 | if (chain != NULL | |
420 | && !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0)) | |
421 | goto err; | |
422 | ||
423 | if (!unprotectedErrors | |
62dcd2aa | 424 | || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) |
3dbc5156 DDO |
425 | if (!ossl_cmp_msg_protect(ctx, msg)) |
426 | goto err; | |
427 | ||
428 | return msg; | |
429 | ||
430 | err: | |
431 | CMPerr(0, CMP_R_ERROR_CREATING_CERTREP); | |
432 | OSSL_CMP_CERTRESPONSE_free(resp); | |
433 | OSSL_CMP_MSG_free(msg); | |
434 | return NULL; | |
435 | } | |
436 | ||
437 | OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) | |
438 | { | |
439 | OSSL_CMP_MSG *msg = NULL; | |
440 | OSSL_CMP_REVDETAILS *rd; | |
441 | ||
442 | if (!ossl_assert(ctx != NULL && ctx->oldCert != NULL)) | |
443 | return NULL; | |
444 | ||
445 | if ((rd = OSSL_CMP_REVDETAILS_new()) == NULL) | |
446 | goto err; | |
447 | ||
448 | /* Fill the template from the contents of the certificate to be revoked */ | |
449 | if (!OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, | |
235595c4 DDO |
450 | NULL /* pubkey would be redundant */, |
451 | NULL /* subject would be redundant */, | |
3dbc5156 DDO |
452 | X509_get_issuer_name(ctx->oldCert), |
453 | X509_get_serialNumber(ctx->oldCert))) | |
454 | goto err; | |
455 | ||
456 | /* revocation reason code is optional */ | |
457 | if (ctx->revocationReason != CRL_REASON_NONE | |
458 | && !add_crl_reason_extension(&rd->crlEntryDetails, | |
459 | ctx->revocationReason)) | |
460 | goto err; | |
461 | ||
462 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_RR)) == NULL) | |
463 | goto err; | |
464 | ||
465 | if (!sk_OSSL_CMP_REVDETAILS_push(msg->body->value.rr, rd)) | |
466 | goto err; | |
467 | rd = NULL; | |
468 | ||
469 | /* | |
470 | * TODO: the Revocation Passphrase according to section 5.3.19.9 could be | |
471 | * set here if set in ctx | |
472 | */ | |
473 | ||
474 | if (!ossl_cmp_msg_protect(ctx, msg)) | |
475 | goto err; | |
476 | ||
477 | return msg; | |
478 | ||
479 | err: | |
480 | CMPerr(0, CMP_R_ERROR_CREATING_RR); | |
481 | OSSL_CMP_MSG_free(msg); | |
482 | OSSL_CMP_REVDETAILS_free(rd); | |
483 | return NULL; | |
484 | } | |
485 | ||
486 | OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si, | |
487 | OSSL_CRMF_CERTID *cid, int unprot_err) | |
488 | { | |
489 | OSSL_CMP_REVREPCONTENT *rep = NULL; | |
490 | OSSL_CMP_PKISI *si1 = NULL; | |
491 | OSSL_CRMF_CERTID *cid_copy = NULL; | |
492 | OSSL_CMP_MSG *msg = NULL; | |
493 | ||
494 | if (!ossl_assert(ctx != NULL && si != NULL && cid != NULL)) | |
495 | return NULL; | |
496 | ||
497 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_RP)) == NULL) | |
498 | goto err; | |
499 | rep = msg->body->value.rp; | |
500 | ||
501 | if ((si1 = OSSL_CMP_PKISI_dup(si)) == NULL) | |
502 | goto err; | |
503 | ||
504 | if (!sk_OSSL_CMP_PKISI_push(rep->status, si1)) { | |
505 | OSSL_CMP_PKISI_free(si1); | |
506 | goto err; | |
507 | } | |
508 | ||
509 | if ((rep->revCerts = sk_OSSL_CRMF_CERTID_new_null()) == NULL) | |
510 | goto err; | |
511 | if ((cid_copy = OSSL_CRMF_CERTID_dup(cid)) == NULL) | |
512 | goto err; | |
513 | if (!sk_OSSL_CRMF_CERTID_push(rep->revCerts, cid_copy)) { | |
514 | OSSL_CRMF_CERTID_free(cid_copy); | |
515 | goto err; | |
516 | } | |
517 | ||
518 | if (!unprot_err | |
62dcd2aa | 519 | || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) |
3dbc5156 DDO |
520 | if (!ossl_cmp_msg_protect(ctx, msg)) |
521 | goto err; | |
522 | ||
523 | return msg; | |
524 | ||
525 | err: | |
526 | CMPerr(0, CMP_R_ERROR_CREATING_RP); | |
527 | OSSL_CMP_MSG_free(msg); | |
528 | return NULL; | |
529 | } | |
530 | ||
531 | OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx) | |
532 | { | |
533 | OSSL_CMP_MSG *msg; | |
534 | ||
535 | if (!ossl_assert(ctx != NULL)) | |
536 | return NULL; | |
537 | ||
538 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_PKICONF)) == NULL) | |
539 | goto err; | |
540 | if (ossl_cmp_msg_protect(ctx, msg)) | |
541 | return msg; | |
542 | ||
543 | err: | |
544 | CMPerr(0, CMP_R_ERROR_CREATING_PKICONF); | |
545 | OSSL_CMP_MSG_free(msg); | |
546 | return NULL; | |
547 | } | |
548 | ||
549 | int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav) | |
550 | { | |
551 | int bodytype; | |
552 | ||
553 | if (!ossl_assert(msg != NULL && itav != NULL)) | |
554 | return 0; | |
555 | ||
556 | bodytype = ossl_cmp_msg_get_bodytype(msg); | |
557 | if (bodytype != OSSL_CMP_PKIBODY_GENM | |
558 | && bodytype != OSSL_CMP_PKIBODY_GENP) { | |
559 | CMPerr(0, CMP_R_INVALID_ARGS); | |
560 | return 0; | |
561 | } | |
562 | ||
563 | /* value.genp has the same structure, so this works for genp as well */ | |
564 | return OSSL_CMP_ITAV_push0_stack_item(&msg->body->value.genm, itav); | |
565 | } | |
566 | ||
567 | int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, | |
62dcd2aa | 568 | const STACK_OF(OSSL_CMP_ITAV) *itavs) |
3dbc5156 DDO |
569 | { |
570 | int i; | |
571 | OSSL_CMP_ITAV *itav = NULL; | |
572 | ||
573 | if (!ossl_assert(msg != NULL)) | |
574 | return 0; | |
575 | ||
576 | for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) { | |
235595c4 | 577 | if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i))) == NULL) |
3dbc5156 DDO |
578 | return 0; |
579 | if (!ossl_cmp_msg_gen_push0_ITAV(msg, itav)) { | |
580 | OSSL_CMP_ITAV_free(itav); | |
581 | return 0; | |
582 | } | |
583 | } | |
584 | return 1; | |
585 | } | |
586 | ||
587 | /* | |
588 | * Creates a new General Message/Response with an empty itav stack | |
589 | * returns a pointer to the PKIMessage on success, NULL on error | |
590 | */ | |
62dcd2aa DDO |
591 | static OSSL_CMP_MSG *gen_new(OSSL_CMP_CTX *ctx, |
592 | const STACK_OF(OSSL_CMP_ITAV) *itavs, | |
593 | int body_type, int err_code) | |
3dbc5156 DDO |
594 | { |
595 | OSSL_CMP_MSG *msg = NULL; | |
596 | ||
597 | if (!ossl_assert(ctx != NULL)) | |
598 | return NULL; | |
599 | ||
600 | if ((msg = ossl_cmp_msg_create(ctx, body_type)) == NULL) | |
601 | return NULL; | |
602 | ||
603 | if (ctx->genm_ITAVs != NULL | |
62dcd2aa | 604 | && !ossl_cmp_msg_gen_push1_ITAVs(msg, itavs)) |
3dbc5156 DDO |
605 | goto err; |
606 | ||
607 | if (!ossl_cmp_msg_protect(ctx, msg)) | |
608 | goto err; | |
609 | ||
610 | return msg; | |
611 | ||
612 | err: | |
613 | CMPerr(0, err_code); | |
614 | OSSL_CMP_MSG_free(msg); | |
615 | return NULL; | |
616 | } | |
617 | ||
618 | OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx) | |
619 | { | |
62dcd2aa DDO |
620 | return gen_new(ctx, ctx->genm_ITAVs, |
621 | OSSL_CMP_PKIBODY_GENM, CMP_R_ERROR_CREATING_GENM); | |
3dbc5156 DDO |
622 | } |
623 | ||
62dcd2aa DDO |
624 | OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx, |
625 | const STACK_OF(OSSL_CMP_ITAV) *itavs) | |
3dbc5156 | 626 | { |
62dcd2aa DDO |
627 | return gen_new(ctx, itavs, |
628 | OSSL_CMP_PKIBODY_GENP, CMP_R_ERROR_CREATING_GENP); | |
3dbc5156 DDO |
629 | } |
630 | ||
631 | OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si, | |
632 | int errorCode, | |
62dcd2aa | 633 | const char *details, int unprotected) |
3dbc5156 DDO |
634 | { |
635 | OSSL_CMP_MSG *msg = NULL; | |
62dcd2aa | 636 | OSSL_CMP_PKIFREETEXT *ft; |
3dbc5156 DDO |
637 | |
638 | if (!ossl_assert(ctx != NULL && si != NULL)) | |
639 | return NULL; | |
640 | ||
641 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_ERROR)) == NULL) | |
642 | goto err; | |
643 | ||
644 | OSSL_CMP_PKISI_free(msg->body->value.error->pKIStatusInfo); | |
645 | if ((msg->body->value.error->pKIStatusInfo = OSSL_CMP_PKISI_dup(si)) | |
646 | == NULL) | |
647 | goto err; | |
648 | if (errorCode >= 0) { | |
649 | if ((msg->body->value.error->errorCode = ASN1_INTEGER_new()) == NULL) | |
650 | goto err; | |
651 | if (!ASN1_INTEGER_set(msg->body->value.error->errorCode, errorCode)) | |
652 | goto err; | |
653 | } | |
62dcd2aa DDO |
654 | if (details != NULL) { |
655 | if ((ft = sk_ASN1_UTF8STRING_new_null()) == NULL) | |
656 | goto err; | |
657 | msg->body->value.error->errorDetails = ft; | |
658 | if (!ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details)) | |
3dbc5156 | 659 | goto err; |
62dcd2aa | 660 | } |
3dbc5156 DDO |
661 | |
662 | if (!unprotected && !ossl_cmp_msg_protect(ctx, msg)) | |
663 | goto err; | |
664 | return msg; | |
665 | ||
666 | err: | |
667 | CMPerr(0, CMP_R_ERROR_CREATING_ERROR); | |
668 | OSSL_CMP_MSG_free(msg); | |
669 | return NULL; | |
670 | } | |
671 | ||
672 | /* | |
62dcd2aa DDO |
673 | * Set the certHash field of a OSSL_CMP_CERTSTATUS structure. |
674 | * This is used in the certConf message, for example, | |
675 | * to confirm that the certificate was received successfully. | |
3dbc5156 | 676 | */ |
62dcd2aa DDO |
677 | int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus, |
678 | ASN1_OCTET_STRING *hash) | |
3dbc5156 | 679 | { |
62dcd2aa | 680 | if (!ossl_assert(certStatus != NULL)) |
3dbc5156 | 681 | return 0; |
62dcd2aa DDO |
682 | ASN1_OCTET_STRING_free(certStatus->certHash); |
683 | certStatus->certHash = hash; | |
3dbc5156 | 684 | return 1; |
3dbc5156 DDO |
685 | } |
686 | ||
687 | /* | |
688 | * TODO: handle potential 2nd certificate when signing and encrypting | |
689 | * certificates have been requested/received | |
690 | */ | |
691 | OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info, | |
692 | const char *text) | |
693 | { | |
694 | OSSL_CMP_MSG *msg = NULL; | |
695 | OSSL_CMP_CERTSTATUS *certStatus = NULL; | |
62dcd2aa | 696 | ASN1_OCTET_STRING *certHash = NULL; |
3dbc5156 DDO |
697 | OSSL_CMP_PKISI *sinfo; |
698 | ||
699 | if (!ossl_assert(ctx != NULL && ctx->newCert != NULL)) | |
700 | return NULL; | |
701 | ||
702 | if ((unsigned)fail_info > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) { | |
703 | CMPerr(0, CMP_R_FAIL_INFO_OUT_OF_RANGE); | |
704 | return NULL; | |
705 | } | |
706 | ||
707 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_CERTCONF)) == NULL) | |
708 | goto err; | |
709 | ||
710 | if ((certStatus = OSSL_CMP_CERTSTATUS_new()) == NULL) | |
711 | goto err; | |
712 | /* consume certStatus into msg right away so it gets deallocated with msg */ | |
713 | if (!sk_OSSL_CMP_CERTSTATUS_push(msg->body->value.certConf, certStatus)) | |
714 | goto err; | |
715 | /* set the ID of the certReq */ | |
716 | if (!ASN1_INTEGER_set(certStatus->certReqId, OSSL_CMP_CERTREQID)) | |
717 | goto err; | |
718 | /* | |
719 | * the hash of the certificate, using the same hash algorithm | |
720 | * as is used to create and verify the certificate signature | |
721 | */ | |
44387c90 | 722 | if ((certHash = X509_digest_sig(ctx->newCert)) == NULL) |
62dcd2aa DDO |
723 | goto err; |
724 | ||
725 | if (!ossl_cmp_certstatus_set0_certHash(certStatus, certHash)) | |
3dbc5156 | 726 | goto err; |
62dcd2aa | 727 | certHash = NULL; |
3dbc5156 DDO |
728 | /* |
729 | * For any particular CertStatus, omission of the statusInfo field | |
730 | * indicates ACCEPTANCE of the specified certificate. Alternatively, | |
731 | * explicit status details (with respect to acceptance or rejection) MAY | |
732 | * be provided in the statusInfo field, perhaps for auditing purposes at | |
733 | * the CA/RA. | |
734 | */ | |
735 | sinfo = fail_info != 0 ? | |
62dcd2aa DDO |
736 | OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, fail_info, text) : |
737 | OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_accepted, 0, text); | |
3dbc5156 DDO |
738 | if (sinfo == NULL) |
739 | goto err; | |
740 | certStatus->statusInfo = sinfo; | |
741 | ||
742 | if (!ossl_cmp_msg_protect(ctx, msg)) | |
743 | goto err; | |
744 | ||
745 | return msg; | |
746 | ||
747 | err: | |
748 | CMPerr(0, CMP_R_ERROR_CREATING_CERTCONF); | |
749 | OSSL_CMP_MSG_free(msg); | |
62dcd2aa | 750 | ASN1_OCTET_STRING_free(certHash); |
3dbc5156 DDO |
751 | return NULL; |
752 | } | |
753 | ||
754 | OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid) | |
755 | { | |
756 | OSSL_CMP_MSG *msg = NULL; | |
757 | OSSL_CMP_POLLREQ *preq = NULL; | |
758 | ||
759 | if (!ossl_assert(ctx != NULL)) | |
760 | return NULL; | |
761 | ||
762 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREQ)) == NULL) | |
763 | goto err; | |
764 | ||
765 | /* TODO: support multiple cert request IDs to poll */ | |
766 | if ((preq = OSSL_CMP_POLLREQ_new()) == NULL | |
767 | || !ASN1_INTEGER_set(preq->certReqId, crid) | |
768 | || !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq)) | |
769 | goto err; | |
770 | ||
771 | preq = NULL; | |
772 | if (!ossl_cmp_msg_protect(ctx, msg)) | |
773 | goto err; | |
774 | ||
775 | return msg; | |
776 | ||
777 | err: | |
778 | CMPerr(0, CMP_R_ERROR_CREATING_POLLREQ); | |
779 | OSSL_CMP_POLLREQ_free(preq); | |
780 | OSSL_CMP_MSG_free(msg); | |
781 | return NULL; | |
782 | } | |
783 | ||
784 | OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, | |
785 | int64_t poll_after) | |
786 | { | |
787 | OSSL_CMP_MSG *msg; | |
788 | OSSL_CMP_POLLREP *prep; | |
789 | ||
790 | if (!ossl_assert(ctx != NULL)) | |
791 | return NULL; | |
792 | ||
793 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREP)) == NULL) | |
794 | goto err; | |
795 | if ((prep = OSSL_CMP_POLLREP_new()) == NULL) | |
796 | goto err; | |
797 | if (!sk_OSSL_CMP_POLLREP_push(msg->body->value.pollRep, prep)) | |
798 | goto err; | |
799 | if (!ASN1_INTEGER_set(prep->certReqId, crid)) | |
800 | goto err; | |
801 | if (!ASN1_INTEGER_set_int64(prep->checkAfter, poll_after)) | |
802 | goto err; | |
803 | ||
804 | if (!ossl_cmp_msg_protect(ctx, msg)) | |
805 | goto err; | |
806 | return msg; | |
807 | ||
808 | err: | |
809 | CMPerr(0, CMP_R_ERROR_CREATING_POLLREP); | |
810 | OSSL_CMP_MSG_free(msg); | |
811 | return NULL; | |
812 | } | |
813 | ||
814 | /*- | |
815 | * returns the status field of the RevRepContent with the given | |
816 | * request/sequence id inside a revocation response. | |
817 | * RevRepContent has the revocation statuses in same order as they were sent in | |
818 | * RevReqContent. | |
819 | * returns NULL on error | |
820 | */ | |
821 | OSSL_CMP_PKISI * | |
62dcd2aa | 822 | ossl_cmp_revrepcontent_get_pkisi(OSSL_CMP_REVREPCONTENT *rrep, int rsid) |
3dbc5156 DDO |
823 | { |
824 | OSSL_CMP_PKISI *status; | |
825 | ||
826 | if (!ossl_assert(rrep != NULL)) | |
827 | return NULL; | |
828 | ||
829 | if ((status = sk_OSSL_CMP_PKISI_value(rrep->status, rsid)) != NULL) | |
830 | return status; | |
831 | ||
832 | CMPerr(0, CMP_R_PKISTATUSINFO_NOT_FOUND); | |
833 | return NULL; | |
834 | } | |
835 | ||
836 | /* | |
837 | * returns the CertId field in the revCerts part of the RevRepContent | |
838 | * with the given request/sequence id inside a revocation response. | |
839 | * RevRepContent has the CertIds in same order as they were sent in | |
840 | * RevReqContent. | |
841 | * returns NULL on error | |
842 | */ | |
843 | OSSL_CRMF_CERTID * | |
844 | ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rrep, int rsid) | |
845 | { | |
846 | OSSL_CRMF_CERTID *cid = NULL; | |
847 | ||
848 | if (!ossl_assert(rrep != NULL)) | |
849 | return NULL; | |
850 | ||
851 | if ((cid = sk_OSSL_CRMF_CERTID_value(rrep->revCerts, rsid)) != NULL) | |
852 | return cid; | |
853 | ||
854 | CMPerr(0, CMP_R_CERTID_NOT_FOUND); | |
855 | return NULL; | |
856 | } | |
857 | ||
858 | static int suitable_rid(const ASN1_INTEGER *certReqId, int rid) | |
859 | { | |
860 | int trid; | |
861 | ||
862 | if (rid == -1) | |
863 | return 1; | |
864 | ||
865 | trid = ossl_cmp_asn1_get_int(certReqId); | |
866 | ||
867 | if (trid == -1) { | |
868 | CMPerr(0, CMP_R_BAD_REQUEST_ID); | |
869 | return 0; | |
870 | } | |
871 | return rid == trid; | |
872 | } | |
873 | ||
874 | static void add_expected_rid(int rid) | |
875 | { | |
876 | char str[DECIMAL_SIZE(rid) + 1]; | |
877 | ||
878 | BIO_snprintf(str, sizeof(str), "%d", rid); | |
879 | ERR_add_error_data(2, "expected certReqId = ", str); | |
880 | } | |
881 | ||
882 | /* | |
883 | * returns a pointer to the PollResponse with the given CertReqId | |
884 | * (or the first one in case -1) inside a PollRepContent | |
885 | * returns NULL on error or if no suitable PollResponse available | |
886 | */ | |
887 | OSSL_CMP_POLLREP * | |
888 | ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, | |
889 | int rid) | |
890 | { | |
891 | OSSL_CMP_POLLREP *pollRep = NULL; | |
892 | int i; | |
893 | ||
894 | if (!ossl_assert(prc != NULL)) | |
895 | return NULL; | |
896 | ||
897 | for (i = 0; i < sk_OSSL_CMP_POLLREP_num(prc); i++) { | |
898 | pollRep = sk_OSSL_CMP_POLLREP_value(prc, i); | |
899 | if (suitable_rid(pollRep->certReqId, rid)) | |
900 | return pollRep; | |
901 | } | |
902 | ||
903 | CMPerr(0, CMP_R_CERTRESPONSE_NOT_FOUND); | |
904 | add_expected_rid(rid); | |
905 | return NULL; | |
906 | } | |
907 | ||
908 | /* | |
909 | * returns a pointer to the CertResponse with the given CertReqId | |
910 | * (or the first one in case -1) inside a CertRepMessage | |
911 | * returns NULL on error or if no suitable CertResponse available | |
912 | */ | |
913 | OSSL_CMP_CERTRESPONSE * | |
914 | ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, | |
915 | int rid) | |
916 | { | |
917 | OSSL_CMP_CERTRESPONSE *crep = NULL; | |
918 | int i; | |
919 | ||
920 | if (!ossl_assert(crm != NULL && crm->response != NULL)) | |
921 | return NULL; | |
922 | ||
923 | for (i = 0; i < sk_OSSL_CMP_CERTRESPONSE_num(crm->response); i++) { | |
924 | crep = sk_OSSL_CMP_CERTRESPONSE_value(crm->response, i); | |
925 | if (suitable_rid(crep->certReqId, rid)) | |
926 | return crep; | |
927 | } | |
928 | ||
929 | CMPerr(0, CMP_R_CERTRESPONSE_NOT_FOUND); | |
930 | add_expected_rid(rid); | |
931 | return NULL; | |
932 | } | |
933 | ||
934 | /* | |
935 | * CMP_CERTRESPONSE_get1_certificate() attempts to retrieve the returned | |
936 | * certificate from the given certResponse B<crep>. | |
937 | * Uses the privkey in case of indirect POP from B<ctx>. | |
938 | * Returns a pointer to a copy of the found certificate, or NULL if not found. | |
939 | */ | |
940 | X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, | |
941 | const OSSL_CMP_CERTRESPONSE *crep) | |
942 | { | |
943 | OSSL_CMP_CERTORENCCERT *coec; | |
944 | X509 *crt = NULL; | |
945 | ||
946 | if (!ossl_assert(crep != NULL)) | |
947 | return NULL; | |
948 | ||
949 | if (crep->certifiedKeyPair | |
950 | && (coec = crep->certifiedKeyPair->certOrEncCert) != NULL) { | |
951 | switch (coec->type) { | |
952 | case OSSL_CMP_CERTORENCCERT_CERTIFICATE: | |
953 | crt = X509_dup(coec->value.certificate); | |
954 | break; | |
955 | case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT: | |
956 | /* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */ | |
957 | if (privkey == NULL) { | |
958 | CMPerr(0, CMP_R_MISSING_PRIVATE_KEY); | |
959 | return NULL; | |
960 | } | |
961 | crt = | |
962 | OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(coec->value.encryptedCert, | |
963 | privkey); | |
964 | break; | |
965 | default: | |
966 | CMPerr(0, CMP_R_UNKNOWN_CERT_TYPE); | |
967 | return NULL; | |
968 | } | |
969 | } | |
970 | if (crt == NULL) | |
971 | CMPerr(0, CMP_R_CERTIFICATE_NOT_FOUND); | |
972 | return crt; | |
973 | } | |
974 | ||
975 | OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file) | |
976 | { | |
977 | OSSL_CMP_MSG *msg = NULL; | |
978 | BIO *bio = NULL; | |
979 | ||
980 | if (!ossl_assert(file != NULL)) | |
981 | return NULL; | |
982 | ||
983 | if ((bio = BIO_new_file(file, "rb")) == NULL) | |
984 | return NULL; | |
ae8483d2 | 985 | msg = d2i_OSSL_CMP_MSG_bio(bio, NULL); |
3dbc5156 DDO |
986 | BIO_free(bio); |
987 | return msg; | |
988 | } | |
62dcd2aa | 989 | |
ae8483d2 | 990 | OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg) |
62dcd2aa DDO |
991 | { |
992 | return ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new, | |
993 | d2i_OSSL_CMP_MSG, bio, msg); | |
994 | } | |
995 | ||
ae8483d2 | 996 | int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg) |
62dcd2aa DDO |
997 | { |
998 | return ASN1_i2d_bio_of(OSSL_CMP_MSG, i2d_OSSL_CMP_MSG, bio, msg); | |
999 | } |