From: Dr. David von Oheimb Date: Wed, 16 Jun 2021 08:26:26 +0000 (+0200) Subject: CMP: Add missing getter functions to CRMF API and CMP API X-Git-Tag: openssl-3.0.0-beta2~146 X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=commitdiff_plain;h=7df56adac7cf58b4ad3e8e34077ccd988263f408 CMP: Add missing getter functions to CRMF API and CMP API Reviewed-by: Tim Hudson Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15790) --- diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index c7a846f03e..f8d9f0749c 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -34,7 +34,7 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx, int invalid_protection, int expected_type /* ignored here */) { - int rcvd_type = ossl_cmp_msg_get_bodytype(rep /* may be NULL */); + int rcvd_type = OSSL_CMP_MSG_get_bodytype(rep /* may be NULL */); const char *msg_type = NULL; if (!ossl_assert(ctx != NULL && rep != NULL)) @@ -132,7 +132,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, || expected_type == OSSL_CMP_PKIBODY_POLLREP || expected_type == OSSL_CMP_PKIBODY_PKICONF; const char *req_type_str = - ossl_cmp_bodytype_to_string(ossl_cmp_msg_get_bodytype(req)); + ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req)); const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type); int msg_timeout; int bt; @@ -177,7 +177,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, return 0; } - bt = ossl_cmp_msg_get_bodytype(*rep); + bt = OSSL_CMP_MSG_get_bodytype(*rep); /* * The body type in the 'bt' variable is not yet verified. * Still we use this preliminary value already for a progress report because @@ -268,7 +268,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid, goto err; /* handle potential pollRep */ - if (ossl_cmp_msg_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) { + if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) { OSSL_CMP_POLLREPCONTENT *prc = prep->body->value.pollRep; OSSL_CMP_POLLREP *pollRep = NULL; int64_t check_after; @@ -818,6 +818,7 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx) goto err; } if ((cid = ossl_cmp_revrepcontent_get_CertId(rrep, rsid)) == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID); ret = 0; goto err; } diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index e36696bef8..67d9964dbe 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -86,6 +86,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { "fail info out of range"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_ARGS), "invalid args"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_OPTION), "invalid option"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_CERTID), "missing certid"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION), "missing key input for creating protection"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE), @@ -150,6 +151,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_SMALL), "value too small"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_ALGORITHM_OID), "wrong algorithm oid"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID), "wrong certid"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID_IN_RP), "wrong certid in rp"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_PBM_VALUE), "wrong pbm value"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_RP_COMPONENT_COUNT), diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 1cca238916..f2a0587ca4 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -859,7 +859,6 @@ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, const char *propq); const char *ossl_cmp_bodytype_to_string(int type); int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); -int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, const OSSL_CRMF_MSG *crm); diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 4fef006933..5fb67ae2cb 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -93,7 +93,7 @@ int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type) return 1; } -int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg) +int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg) { if (!ossl_assert(msg != NULL && msg->body != NULL)) return -1; @@ -651,7 +651,7 @@ int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav) if (!ossl_assert(msg != NULL && itav != NULL)) return 0; - bodytype = ossl_cmp_msg_get_bodytype(msg); + bodytype = OSSL_CMP_MSG_get_bodytype(msg); if (bodytype != OSSL_CMP_PKIBODY_GENM && bodytype != OSSL_CMP_PKIBODY_GENP) { ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index 593c074f8d..59847f5fe1 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -167,7 +167,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL)) return NULL; - switch (ossl_cmp_msg_get_bodytype(req)) { + switch (OSSL_CMP_MSG_get_bodytype(req)) { case OSSL_CMP_PKIBODY_P10CR: case OSSL_CMP_PKIBODY_CR: bodytype = OSSL_CMP_PKIBODY_CP; @@ -183,7 +183,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, return NULL; } - if (ossl_cmp_msg_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) { + if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) { certReqId = OSSL_CMP_CERTREQID; p10cr = req->body->value.p10cr; } else { @@ -428,7 +428,7 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx, invalid_protection ? "invalid" : "missing"); return 1; } - if (ossl_cmp_msg_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR + if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR && OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS) == 1) { ossl_cmp_warn(ctx, "ignoring missing protection of error message"); return 1; @@ -469,7 +469,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, if (!OSSL_CMP_CTX_set1_recipient(ctx, hdr->sender->d.directoryName)) goto err; - req_type = ossl_cmp_msg_get_bodytype(req); + req_type = OSSL_CMP_MSG_get_bodytype(req); switch (req_type) { case OSSL_CMP_PKIBODY_IR: case OSSL_CMP_PKIBODY_CR: @@ -588,7 +588,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, ctx->secretValue = backup_secret; rsp_type = - rsp != NULL ? ossl_cmp_msg_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR; + rsp != NULL ? OSSL_CMP_MSG_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR; if (rsp != NULL) ossl_cmp_log1(DEBUG, ctx, "sending %s", ossl_cmp_bodytype_to_string(rsp_type)); diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 28c9a984d2..aa4665a562 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -406,7 +406,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, if (mode_3gpp && ((!ctx->permitTAInExtraCertsForIR - || ossl_cmp_msg_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP))) + || OSSL_CMP_MSG_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP))) return 0; ossl_cmp_info(ctx, @@ -576,7 +576,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) * the caPubs field may be directly trusted as a root CA * certificate by the initiator.' */ - switch (ossl_cmp_msg_get_bodytype(msg)) { + switch (OSSL_CMP_MSG_get_bodytype(msg)) { case -1: return 0; case OSSL_CMP_PKIBODY_IP: @@ -732,7 +732,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, #endif } - if (ossl_cmp_msg_get_bodytype(msg) < 0) { + if (OSSL_CMP_MSG_get_bodytype(msg) < 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ERR_raise(ERR_LIB_CMP, CMP_R_PKIBODY_ERROR); return 0; @@ -793,7 +793,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, * the caPubs field may be directly trusted as a root CA * certificate by the initiator.' */ - switch (ossl_cmp_msg_get_bodytype(msg)) { + switch (OSSL_CMP_MSG_get_bodytype(msg)) { case OSSL_CMP_PKIBODY_IP: case OSSL_CMP_PKIBODY_CP: case OSSL_CMP_PKIBODY_KUP: diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index d03904a7bc..22707b160a 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -42,13 +42,29 @@ * valt = Value Type * ctrlinf = "regCtrl" or "regInfo" */ -#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \ -int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, \ - const valt *in) \ +#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \ +valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg) \ +{ \ + int i; \ + STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; \ + OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ + \ + if (msg == NULL || msg->certReq == NULL) \ + return NULL; \ + controls = msg->certReq->controls; \ + for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \ + atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i); \ + if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp) \ + return atav->value.atyp; \ + } \ + return NULL; \ +} \ + \ +int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \ { \ OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ \ - if (msg == NULL || in == NULL) \ + if (msg == NULL || in == NULL) \ goto err; \ if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \ goto err; \ @@ -515,6 +531,12 @@ ASN1_INTEGER return tmpl != NULL ? tmpl->serialNumber : NULL; } +const X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl) +{ + return tmpl != NULL ? tmpl->subject : NULL; +} + /* retrieves the issuer name of the given cert template or NULL on error */ const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) @@ -522,6 +544,12 @@ const X509_NAME return tmpl != NULL ? tmpl->issuer : NULL; } +X509_EXTENSIONS + *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl) +{ + return tmpl != NULL ? tmpl->extensions : NULL; +} + /* retrieves the issuer name of the given CertId or NULL on error */ const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) { diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index eb0ace5474..05005a8eaf 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -225,6 +225,7 @@ CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range CMP_R_INVALID_ARGS:100:invalid args CMP_R_INVALID_OPTION:174:invalid option +CMP_R_MISSING_CERTID:165:missing certid CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\ missing key input for creating protection CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature @@ -268,6 +269,7 @@ CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC:154:\ CMP_R_VALUE_TOO_LARGE:175:value too large CMP_R_VALUE_TOO_SMALL:177:value too small CMP_R_WRONG_ALGORITHM_OID:138:wrong algorithm oid +CMP_R_WRONG_CERTID:189:wrong certid CMP_R_WRONG_CERTID_IN_RP:187:wrong certid in rp CMP_R_WRONG_PBM_VALUE:155:wrong pbm value CMP_R_WRONG_RP_COMPONENT_COUNT:188:wrong rp component count diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index 2ecb48d7a1..32cdf81187 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -3,6 +3,7 @@ =head1 NAME OSSL_CMP_MSG_get0_header, +OSSL_CMP_MSG_get_bodytype, OSSL_CMP_MSG_update_transactionID, OSSL_CMP_CTX_setup_CRM, OSSL_CMP_MSG_read, @@ -16,6 +17,7 @@ i2d_OSSL_CMP_MSG_bio #include OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); + int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file); @@ -27,6 +29,8 @@ i2d_OSSL_CMP_MSG_bio OSSL_CMP_MSG_get0_header() returns the header of the given CMP message. +OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message. + OSSL_CMP_MSG_update_transactionID() updates the transactionID field in the header of the given message according to the CMP_CTX. This requires re-protecting the message (if it was protected). @@ -58,6 +62,8 @@ CMP is defined in RFC 4210. OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above or NULL if the respective entry does not exist and on error. +OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error. + OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success, NULL on error. diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod index f59abb4f11..8abd997ecc 100644 --- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod +++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod @@ -4,7 +4,9 @@ OSSL_CRMF_MSG_get0_tmpl, OSSL_CRMF_CERTTEMPLATE_get0_serialNumber, +OSSL_CRMF_CERTTEMPLATE_get0_subject, OSSL_CRMF_CERTTEMPLATE_get0_issuer, +OSSL_CRMF_CERTTEMPLATE_get0_extensions, OSSL_CRMF_CERTID_get0_serialNumber, OSSL_CRMF_CERTID_get0_issuer, OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, @@ -19,7 +21,11 @@ OSSL_CRMF_MSG_get_certReqId ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); X509_NAME + *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); + X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); + X509_EXTENSIONS + *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); @@ -39,9 +45,15 @@ OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of I. OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the given certificate template I. +OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the +given certificate template I. + OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the given certificate template I. +OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions +of the given certificate template I, or NULL if not present. + OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber of the given CertId I. diff --git a/doc/man3/OSSL_CRMF_MSG_set0_validity.pod b/doc/man3/OSSL_CRMF_MSG_set0_validity.pod index 70a4120e86..fd42159d67 100644 --- a/doc/man3/OSSL_CRMF_MSG_set0_validity.pod +++ b/doc/man3/OSSL_CRMF_MSG_set0_validity.pod @@ -51,6 +51,7 @@ OSSL_CRMF_MSG_set_certReqId() sets I as the certReqId of I. OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate I for which non-NULL values are provided: I, I, I, and/or I. +X.509 extensions may be set using OSSL_CRMF_MSG_set0_extensions(). On success the reference counter of the I (if given) is incremented, while the I, I, and I structures (if given) are copied. diff --git a/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod b/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod index b1f732257e..77377ef7eb 100644 --- a/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod +++ b/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod @@ -2,23 +2,32 @@ =head1 NAME +OSSL_CRMF_MSG_get0_regCtrl_regToken, OSSL_CRMF_MSG_set1_regCtrl_regToken, +OSSL_CRMF_MSG_get0_regCtrl_authenticator, OSSL_CRMF_MSG_set1_regCtrl_authenticator, OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo, OSSL_CRMF_MSG_set0_SinglePubInfo, OSSL_CRMF_MSG_set_PKIPublicationInfo_action, +OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo, OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo, +OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey, OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey, +OSSL_CRMF_MSG_get0_regCtrl_oldCertID, OSSL_CRMF_MSG_set1_regCtrl_oldCertID, OSSL_CRMF_CERTID_gen -- functions setting CRMF Registration Controls +- functions getting or setting CRMF Registration Controls =head1 SYNOPSIS #include + ASN1_UTF8STRING + *OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *tok); + ASN1_UTF8STRING + *OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *auth); int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo( @@ -28,10 +37,16 @@ OSSL_CRMF_CERTID_gen int method, GENERAL_NAME *nm); int OSSL_CRMF_MSG_set_PKIPublicationInfo_action( OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action); + OSSL_CRMF_PKIPUBLICATIONINFO + *OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, const OSSL_CRMF_PKIPUBLICATIONINFO *pi); + X509_PUBKEY + *OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, const X509_PUBKEY *pubkey); + OSSL_CRMF_CERTID + *OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTID *cid); OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, @@ -39,6 +54,9 @@ OSSL_CRMF_CERTID_gen =head1 DESCRIPTION +Each of the OSSL_CRMF_MSG_get0_regCtrl_X() functions +returns the respective control X in the given I, if present. + OSSL_CRMF_MSG_set1_regCtrl_regToken() sets the regToken control in the given I copying the given I as value. See RFC 4211, section 6.1. @@ -79,10 +97,13 @@ given I name and I number. =head1 RETURN VALUES -OSSL_CRMF_CERTID_gen returns a pointer to the resulting structure -or NULL on error. +All OSSL_CRMF_MSG_get0_*() functions +return the respective pointer value or NULL if not present and on error. -All other functions return 1 on success, 0 on error. +All OSSL_CRMF_MSG_set1_*() functions return 1 on success, 0 on error. + +OSSL_CRMF_CERTID_gen() returns a pointer to the resulting structure +or NULL on error. =head1 NOTES diff --git a/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod b/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod index 56a6814ea0..f3d8fb1217 100644 --- a/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod +++ b/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod @@ -2,34 +2,49 @@ =head1 NAME +OSSL_CRMF_MSG_get0_regInfo_utf8Pairs, OSSL_CRMF_MSG_set1_regInfo_utf8Pairs, +OSSL_CRMF_MSG_get0_regInfo_certReq, OSSL_CRMF_MSG_set1_regInfo_certReq -- functions setting CRMF Registration Info +- functions getting or setting CRMF Registration Info =head1 SYNOPSIS #include + ASN1_UTF8STRING + *OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *utf8pairs); + OSSL_CRMF_CERTREQUEST + *OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTREQUEST *cr); =head1 DESCRIPTION +OSSL_CRMF_MSG_get0_regInfo_utf8Pairs() returns the first utf8Pairs regInfo +in the given I, if present. + OSSL_CRMF_MSG_set1_regInfo_utf8Pairs() adds a copy of the given I value as utf8Pairs regInfo to the given I. See RFC 4211 section 7.1. +OSSL_CRMF_MSG_get0_regInfo_certReq() returns the first certReq regInfo +in the given I, if present. + OSSL_CRMF_MSG_set1_regInfo_certReq() adds a copy of the given I value as certReq regInfo to the given I. See RFC 4211 section 7.2. =head1 RETURN VALUES -All functions return 1 on success, 0 on error. +All get0_*() functions return the respective pointer value, NULL if not present. + +All set1_*() functions return 1 on success, 0 on error. =head1 NOTES -Calling these functions multiple times adds multiple instances of the respective +Calling the set1_*() functions multiple times +adds multiple instances of the respective control to the regInfo structure of the given I. While RFC 4211 expects multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq. diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index 27afa27d6a..b47344215b 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -378,6 +378,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); +int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index b8ac43e525..3a26fd0bda 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -61,6 +61,7 @@ # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 # define CMP_R_INVALID_ARGS 100 # define CMP_R_INVALID_OPTION 174 +# define CMP_R_MISSING_CERTID 165 # define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 # define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 # define CMP_R_MISSING_P10CSR 121 @@ -101,6 +102,7 @@ # define CMP_R_VALUE_TOO_LARGE 175 # define CMP_R_VALUE_TOO_SMALL 177 # define CMP_R_WRONG_ALGORITHM_OID 138 +# define CMP_R_WRONG_CERTID 189 # define CMP_R_WRONG_CERTID_IN_RP 187 # define CMP_R_WRONG_PBM_VALUE 155 # define CMP_R_WRONG_RP_COMPONENT_COUNT 188 diff --git a/include/openssl/crmf.h.in b/include/openssl/crmf.h.in index 73d4a0f1f0..07bd3a6e53 100644 --- a/include/openssl/crmf.h.in +++ b/include/openssl/crmf.h.in @@ -89,8 +89,12 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, /* crmf_lib.c */ int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *tok); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *auth); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, OSSL_CRMF_SINGLEPUBINFO *spi); @@ -106,17 +110,27 @@ int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi int action); int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, const OSSL_CRMF_PKIPUBLICATIONINFO *pi); +OSSL_CRMF_PKIPUBLICATIONINFO +*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, const X509_PUBKEY *pubkey); +X509_PUBKEY +*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTID *cid); +OSSL_CRMF_CERTID +*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, const ASN1_INTEGER *serial); int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, const ASN1_UTF8STRING *utf8pairs); +ASN1_UTF8STRING +*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTREQUEST *cr); +OSSL_CRMF_CERTREQUEST +*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, ASN1_TIME *notBefore, ASN1_TIME *notAfter); @@ -140,7 +154,11 @@ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME +*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_EXTENSIONS +*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c index 9f20d27ac9..e270bb924b 100644 --- a/test/cmp_server_test.c +++ b/test/cmp_server_test.c @@ -94,7 +94,7 @@ static int execute_test_handle_request(CMP_SRV_TEST_FIXTURE *fixture) goto end; if (!TEST_ptr(rsp = OSSL_CMP_CTX_server_perform(client_ctx, fixture->req)) - || !TEST_int_eq(ossl_cmp_msg_get_bodytype(rsp), + || !TEST_int_eq(OSSL_CMP_MSG_get_bodytype(rsp), OSSL_CMP_PKIBODY_ERROR) || !TEST_ptr(errorContent = rsp->body->value.error) || !TEST_int_eq(ASN1_INTEGER_get(errorContent->errorCode), diff --git a/util/libcrypto.num b/util/libcrypto.num index 73e84ff08e..c7862c568d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4502,16 +4502,23 @@ OSSL_CRMF_MSGS_new ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSGS_it ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_pbmp_new ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_pbm_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set_PKIPublicationInfo_action ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTID_gen ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set0_validity ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set_certReqId ? 3_0_0 EXIST::FUNCTION:CRMF @@ -4522,7 +4529,9 @@ OSSL_CRMF_MSG_create_popo ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSGS_verify_popo ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_get0_tmpl ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTTEMPLATE_get0_serialNumber ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_get0_subject ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTTEMPLATE_get0_issuer ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_get0_extensions ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTTEMPLATE_fill ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_PARAM_locate ? 3_0_0 EXIST::FUNCTION: @@ -4846,6 +4855,7 @@ i2d_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION: RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION: OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_get_bodytype ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_setup_CRM ? 3_0_0 EXIST::FUNCTION:CMP BIO_f_prefix ? 3_0_0 EXIST::FUNCTION: