CMP+CRMF: fix formatting nits in crypto/, include/, and test/
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19230)
This commit is contained in:
Dr. David von Oheimb
Dr. David von Oheimb
parent
cd715b7e7f
commit
357bfe7345
@ -28,7 +28,6 @@ ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
|
} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
|
ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
|
||||||
ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
|
ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
|
||||||
ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
|
ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
|
||||||
@ -36,19 +35,16 @@ ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
|
} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
|
||||||
|
|
||||||
|
|
||||||
ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) =
|
ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) =
|
||||||
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
|
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
|
||||||
OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
|
OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
|
||||||
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
|
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) =
|
ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) =
|
||||||
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
|
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
|
||||||
OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
|
OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
|
||||||
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
|
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
|
ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
|
||||||
/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
|
/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
|
||||||
ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
|
ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
|
||||||
@ -59,7 +55,6 @@ ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
|
} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
|
ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
|
||||||
ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
|
ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
|
||||||
ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
|
ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
|
||||||
@ -255,7 +250,6 @@ ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
|
|||||||
} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
|
} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
|
ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
|
||||||
ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
|
ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
|
||||||
OSSL_CMP_CERTORENCCERT),
|
OSSL_CMP_CERTORENCCERT),
|
||||||
@ -266,20 +260,17 @@ ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
|
} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
|
ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
|
||||||
ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
|
ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
|
||||||
ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
|
ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
|
||||||
} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
|
} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
|
||||||
|
|
||||||
|
|
||||||
ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) =
|
ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) =
|
||||||
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
|
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
|
||||||
OSSL_CMP_REVDETAILS)
|
OSSL_CMP_REVDETAILS)
|
||||||
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
|
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
|
ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
|
||||||
ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
|
ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
|
||||||
ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
|
ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
|
||||||
@ -288,7 +279,6 @@ ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
|
} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
|
ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
|
||||||
ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
|
ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
|
||||||
ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
|
ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
|
||||||
@ -298,7 +288,6 @@ ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
|
} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) =
|
ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) =
|
||||||
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
|
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
|
||||||
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)
|
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)
|
||||||
|
|||||||
@ -487,6 +487,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
|
|||||||
{
|
{
|
||||||
X509_STORE *out_trusted = OSSL_CMP_CTX_get_certConf_cb_arg(ctx);
|
X509_STORE *out_trusted = OSSL_CMP_CTX_get_certConf_cb_arg(ctx);
|
||||||
STACK_OF(X509) *chain = NULL;
|
STACK_OF(X509) *chain = NULL;
|
||||||
|
|
||||||
(void)text; /* make (artificial) use of var to prevent compiler warning */
|
(void)text; /* make (artificial) use of var to prevent compiler warning */
|
||||||
|
|
||||||
if (fail_info != 0) /* accept any error flagged by CMP core library */
|
if (fail_info != 0) /* accept any error flagged by CMP core library */
|
||||||
@ -702,7 +703,6 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
|||||||
X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
||||||
const OSSL_CRMF_MSG *crm)
|
const OSSL_CRMF_MSG *crm)
|
||||||
{
|
{
|
||||||
|
|
||||||
OSSL_CMP_MSG *rep = NULL;
|
OSSL_CMP_MSG *rep = NULL;
|
||||||
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
|
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
|
||||||
int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
|
int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
|
||||||
@ -809,7 +809,8 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
|
|||||||
OSSL_CRMF_CERTTEMPLATE *tmpl =
|
OSSL_CRMF_CERTTEMPLATE *tmpl =
|
||||||
sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails;
|
sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails;
|
||||||
const X509_NAME *issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl);
|
const X509_NAME *issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl);
|
||||||
const ASN1_INTEGER *serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl);
|
const ASN1_INTEGER *serial =
|
||||||
|
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl);
|
||||||
|
|
||||||
if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) != num_RevDetails) {
|
if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) != num_RevDetails) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT);
|
||||||
|
|||||||
@ -25,7 +25,7 @@
|
|||||||
# include <openssl/x509v3.h>
|
# include <openssl/x509v3.h>
|
||||||
# include "crypto/x509.h"
|
# include "crypto/x509.h"
|
||||||
|
|
||||||
#define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL)
|
# define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* this structure is used to store the context for CMP sessions
|
* this structure is used to store the context for CMP sessions
|
||||||
|
|||||||
@ -59,7 +59,6 @@ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
|
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
|
||||||
{
|
{
|
||||||
if (msg == NULL) {
|
if (msg == NULL) {
|
||||||
@ -332,9 +331,9 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
|
|||||||
&& (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL)
|
&& (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
if (!ctx->SubjectAltName_nodefault && !HAS_SAN(ctx) && refcert != NULL
|
if (!ctx->SubjectAltName_nodefault && !HAS_SAN(ctx) && refcert != NULL
|
||||||
&& (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert),
|
&& (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert),
|
||||||
NID_subject_alt_name, NULL, NULL))
|
NID_subject_alt_name, NULL, NULL))
|
||||||
!= NULL
|
!= NULL
|
||||||
&& !add1_extension(&exts, NID_subject_alt_name, crit, default_sans))
|
&& !add1_extension(&exts, NID_subject_alt_name, crit, default_sans))
|
||||||
goto err;
|
goto err;
|
||||||
if (ctx->reqExtensions != NULL /* augment/override existing ones */
|
if (ctx->reqExtensions != NULL /* augment/override existing ones */
|
||||||
@ -543,15 +542,15 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
|
|||||||
|
|
||||||
/* Fill the template from the contents of the certificate to be revoked */
|
/* Fill the template from the contents of the certificate to be revoked */
|
||||||
ret = ctx->oldCert != NULL
|
ret = ctx->oldCert != NULL
|
||||||
? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
|
? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
|
||||||
NULL /* pubkey would be redundant */,
|
NULL /* pubkey would be redundant */,
|
||||||
NULL /* subject would be redundant */,
|
NULL /* subject would be redundant */,
|
||||||
X509_get_issuer_name(ctx->oldCert),
|
X509_get_issuer_name(ctx->oldCert),
|
||||||
X509_get0_serialNumber(ctx->oldCert))
|
X509_get0_serialNumber(ctx->oldCert))
|
||||||
: OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
|
: OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
|
||||||
X509_REQ_get0_pubkey(ctx->p10CSR),
|
X509_REQ_get0_pubkey(ctx->p10CSR),
|
||||||
X509_REQ_get_subject_name(ctx->p10CSR),
|
X509_REQ_get_subject_name(ctx->p10CSR),
|
||||||
NULL, NULL);
|
NULL, NULL);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
|||||||
@ -92,7 +92,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
|
|||||||
|
|
||||||
if ((prot = ASN1_BIT_STRING_new()) == NULL)
|
if ((prot = ASN1_BIT_STRING_new()) == NULL)
|
||||||
goto end;
|
goto end;
|
||||||
/* OpenSSL defaults all bit strings to be encoded as ASN.1 NamedBitList */
|
/* OpenSSL by default encodes all bit strings as ASN.1 NamedBitList */
|
||||||
ossl_asn1_string_set_bits_left(prot, 0);
|
ossl_asn1_string_set_bits_left(prot, 0);
|
||||||
if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) {
|
if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) {
|
||||||
ASN1_BIT_STRING_free(prot);
|
ASN1_BIT_STRING_free(prot);
|
||||||
|
|||||||
@ -180,11 +180,11 @@ char *snprint_PKIStatusInfo_parts(int status, int fail_info,
|
|||||||
|| (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL)
|
|| (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
#define ADVANCE_BUFFER \
|
#define ADVANCE_BUFFER \
|
||||||
if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \
|
if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \
|
||||||
return NULL; \
|
return NULL; \
|
||||||
write_ptr += printed_chars; \
|
write_ptr += printed_chars; \
|
||||||
bufsize -= printed_chars;
|
bufsize -= printed_chars;
|
||||||
|
|
||||||
printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string);
|
printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string);
|
||||||
ADVANCE_BUFFER;
|
ADVANCE_BUFFER;
|
||||||
|
|||||||
@ -189,7 +189,7 @@ void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn)
|
|||||||
BIO_free(bio);
|
BIO_free(bio);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
/* ERR_raise(ERR_LIB_CMP, CMP_R_NO_STDIO) makes no sense during error printing */
|
/* ERR_raise(..., CMP_R_NO_STDIO) would make no sense here */
|
||||||
#endif
|
#endif
|
||||||
} else {
|
} else {
|
||||||
if (log_fn(component, file, line, OSSL_CMP_LOG_ERR, msg) <= 0)
|
if (log_fn(component, file, line, OSSL_CMP_LOG_ERR, msg) <= 0)
|
||||||
@ -243,6 +243,7 @@ int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt,
|
|||||||
const ASN1_OCTET_STRING *src)
|
const ASN1_OCTET_STRING *src)
|
||||||
{
|
{
|
||||||
ASN1_OCTET_STRING *new;
|
ASN1_OCTET_STRING *new;
|
||||||
|
|
||||||
if (tgt == NULL) {
|
if (tgt == NULL) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@ -329,6 +329,7 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx,
|
|||||||
ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip,
|
ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip,
|
||||||
OSSL_CMP_CERTREQID);
|
OSSL_CMP_CERTREQID);
|
||||||
X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey);
|
X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* maybe better use get_cert_status() from cmp_client.c, which catches
|
* maybe better use get_cert_status() from cmp_client.c, which catches
|
||||||
* errors
|
* errors
|
||||||
@ -421,6 +422,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|
|||||||
: "no trusted store");
|
: "no trusted store");
|
||||||
} else {
|
} else {
|
||||||
STACK_OF(X509) *trusted = X509_STORE_get1_all_certs(ctx->trusted);
|
STACK_OF(X509) *trusted = X509_STORE_get1_all_certs(ctx->trusted);
|
||||||
|
|
||||||
ret = check_msg_with_certs(ctx, trusted,
|
ret = check_msg_with_certs(ctx, trusted,
|
||||||
mode_3gpp ? "self-issued extraCerts"
|
mode_3gpp ? "self-issued extraCerts"
|
||||||
: "certs in trusted store",
|
: "certs in trusted store",
|
||||||
|
|||||||
@ -26,14 +26,14 @@ ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO)
|
||||||
|
|
||||||
|
|
||||||
ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) = {
|
ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.string, ASN1_UTF8STRING),
|
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER,
|
||||||
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.generalName, GENERAL_NAME)
|
value.string, ASN1_UTF8STRING),
|
||||||
|
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER,
|
||||||
|
value.generalName, GENERAL_NAME)
|
||||||
} ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
|
} ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = {
|
ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID, privateKey, OSSL_CRMF_PRIVATEKEYINFO),
|
ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID, privateKey, OSSL_CRMF_PRIVATEKEYINFO),
|
||||||
ASN1_OPT(OSSL_CRMF_ENCKEYWITHID, identifier,
|
ASN1_OPT(OSSL_CRMF_ENCKEYWITHID, identifier,
|
||||||
@ -41,7 +41,6 @@ ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_CERTID) = {
|
ASN1_SEQUENCE(OSSL_CRMF_CERTID) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_CERTID, issuer, GENERAL_NAME),
|
ASN1_SIMPLE(OSSL_CRMF_CERTID, issuer, GENERAL_NAME),
|
||||||
ASN1_SIMPLE(OSSL_CRMF_CERTID, serialNumber, ASN1_INTEGER)
|
ASN1_SIMPLE(OSSL_CRMF_CERTID, serialNumber, ASN1_INTEGER)
|
||||||
@ -49,7 +48,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTID) = {
|
|||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
|
||||||
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
|
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = {
|
ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = {
|
||||||
ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR, 0),
|
ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR, 0),
|
||||||
ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR, 1),
|
ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR, 1),
|
||||||
@ -66,7 +64,6 @@ ASN1_SEQUENCE(OSSL_CRMF_SINGLEPUBINFO) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = {
|
ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER),
|
ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER),
|
||||||
ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO, pubInfos,
|
ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO, pubInfos,
|
||||||
@ -75,14 +72,12 @@ ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = {
|
|||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
|
||||||
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO)
|
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE) = {
|
ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, algId, X509_ALGOR),
|
ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, algId, X509_ALGOR),
|
||||||
ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, value, ASN1_BIT_STRING)
|
ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, value, ASN1_BIT_STRING)
|
||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE)
|
||||||
|
|
||||||
|
|
||||||
ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = {
|
ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = {
|
||||||
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0),
|
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0),
|
||||||
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1),
|
ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1),
|
||||||
@ -92,7 +87,6 @@ ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = {
|
|||||||
} ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY)
|
} ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = {
|
ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING),
|
ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING),
|
||||||
ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, owf, X509_ALGOR),
|
ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, owf, X509_ALGOR),
|
||||||
@ -101,7 +95,6 @@ ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
|
||||||
|
|
||||||
|
|
||||||
ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = {
|
ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = {
|
||||||
ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender,
|
ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender,
|
||||||
GENERAL_NAME, 0),
|
GENERAL_NAME, 0),
|
||||||
@ -110,7 +103,6 @@ ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = {
|
|||||||
} ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
|
} ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = {
|
ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, authInfo,
|
ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, authInfo,
|
||||||
OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO),
|
OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO),
|
||||||
@ -118,7 +110,6 @@ ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = {
|
ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = {
|
||||||
ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY, poposkInput,
|
ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY, poposkInput,
|
||||||
OSSL_CRMF_POPOSIGNINGKEYINPUT, 0),
|
OSSL_CRMF_POPOSIGNINGKEYINPUT, 0),
|
||||||
@ -127,7 +118,6 @@ ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY)
|
||||||
|
|
||||||
|
|
||||||
ASN1_CHOICE(OSSL_CRMF_POPO) = {
|
ASN1_CHOICE(OSSL_CRMF_POPO) = {
|
||||||
ASN1_IMP(OSSL_CRMF_POPO, value.raVerified, ASN1_NULL, 0),
|
ASN1_IMP(OSSL_CRMF_POPO, value.raVerified, ASN1_NULL, 0),
|
||||||
ASN1_IMP(OSSL_CRMF_POPO, value.signature, OSSL_CRMF_POPOSIGNINGKEY, 1),
|
ASN1_IMP(OSSL_CRMF_POPO, value.signature, OSSL_CRMF_POPOSIGNINGKEY, 1),
|
||||||
@ -136,7 +126,6 @@ ASN1_CHOICE(OSSL_CRMF_POPO) = {
|
|||||||
} ASN1_CHOICE_END(OSSL_CRMF_POPO)
|
} ASN1_CHOICE_END(OSSL_CRMF_POPO)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
|
||||||
|
|
||||||
|
|
||||||
ASN1_ADB_TEMPLATE(attributetypeandvalue_default) =
|
ASN1_ADB_TEMPLATE(attributetypeandvalue_default) =
|
||||||
ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
|
ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
|
||||||
ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
|
ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
|
||||||
@ -165,7 +154,6 @@ ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
|
|||||||
} ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0,
|
} ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0,
|
||||||
&attributetypeandvalue_default_tt, NULL);
|
&attributetypeandvalue_default_tt, NULL);
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
|
ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT),
|
ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT),
|
||||||
ASN1_ADB_OBJECT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
|
ASN1_ADB_OBJECT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
|
||||||
@ -174,14 +162,12 @@ ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
|
|||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
|
||||||
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
|
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY) = {
|
ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY) = {
|
||||||
ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0),
|
ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0),
|
||||||
ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1)
|
ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1)
|
||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
|
ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
|
||||||
ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0),
|
ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0),
|
||||||
/*
|
/*
|
||||||
@ -208,7 +194,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
|
|||||||
} ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE)
|
} ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE)
|
||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = {
|
ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certReqId, ASN1_INTEGER),
|
ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certReqId, ASN1_INTEGER),
|
||||||
ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certTemplate, OSSL_CRMF_CERTTEMPLATE),
|
ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certTemplate, OSSL_CRMF_CERTTEMPLATE),
|
||||||
@ -218,7 +203,6 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = {
|
|||||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST)
|
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST)
|
||||||
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST)
|
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST)
|
||||||
|
|
||||||
|
|
||||||
ASN1_SEQUENCE(OSSL_CRMF_MSG) = {
|
ASN1_SEQUENCE(OSSL_CRMF_MSG) = {
|
||||||
ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST),
|
ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST),
|
||||||
ASN1_OPT(OSSL_CRMF_MSG, popo, OSSL_CRMF_POPO),
|
ASN1_OPT(OSSL_CRMF_MSG, popo, OSSL_CRMF_POPO),
|
||||||
|
|||||||
@ -81,7 +81,6 @@ int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \
|
|||||||
return 0; \
|
return 0; \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Pushes the given control attribute into the controls stack of a CertRequest
|
* Pushes the given control attribute into the controls stack of a CertRequest
|
||||||
* (section 6)
|
* (section 6)
|
||||||
@ -244,7 +243,6 @@ IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs, ASN1_UTF8STRING, regInfo)
|
|||||||
/* id-regInfo-certReq to regInfo (section 7.2) */
|
/* id-regInfo-certReq to regInfo (section 7.2) */
|
||||||
IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo)
|
IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo)
|
||||||
|
|
||||||
|
|
||||||
/* retrieves the certificate template of crm */
|
/* retrieves the certificate template of crm */
|
||||||
OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
|
OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
|
||||||
{
|
{
|
||||||
@ -255,7 +253,6 @@ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
|
|||||||
return crm->certReq->certTemplate;
|
return crm->certReq->certTemplate;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
|
int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
|
||||||
ASN1_TIME *notBefore, ASN1_TIME *notAfter)
|
ASN1_TIME *notBefore, ASN1_TIME *notAfter)
|
||||||
{
|
{
|
||||||
@ -275,7 +272,6 @@ int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid)
|
int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid)
|
||||||
{
|
{
|
||||||
if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) {
|
if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) {
|
||||||
@ -315,7 +311,6 @@ int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm)
|
|||||||
return crmf_asn1_get_int(crm->certReq->certReqId);
|
return crmf_asn1_get_int(crm->certReq->certReqId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
|
int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
|
||||||
X509_EXTENSIONS *exts)
|
X509_EXTENSIONS *exts)
|
||||||
{
|
{
|
||||||
@ -336,7 +331,6 @@ int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm,
|
int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm,
|
||||||
X509_EXTENSION *ext)
|
X509_EXTENSION *ext)
|
||||||
{
|
{
|
||||||
@ -396,7 +390,6 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
|
|||||||
NULL, pkey, digest, libctx, propq);
|
NULL, pkey, digest, libctx, propq);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
|
int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
|
||||||
EVP_PKEY *pkey, const EVP_MD *digest,
|
EVP_PKEY *pkey, const EVP_MD *digest,
|
||||||
OSSL_LIB_CTX *libctx, const char *propq)
|
OSSL_LIB_CTX *libctx, const char *propq)
|
||||||
@ -537,7 +530,7 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
|
|||||||
}
|
}
|
||||||
|
|
||||||
const X509_PUBKEY
|
const X509_PUBKEY
|
||||||
*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl)
|
*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl)
|
||||||
{
|
{
|
||||||
return tmpl != NULL ? tmpl->publicKey : NULL;
|
return tmpl != NULL ? tmpl->publicKey : NULL;
|
||||||
}
|
}
|
||||||
@ -550,20 +543,20 @@ const ASN1_INTEGER
|
|||||||
}
|
}
|
||||||
|
|
||||||
const X509_NAME
|
const X509_NAME
|
||||||
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl)
|
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl)
|
||||||
{
|
{
|
||||||
return tmpl != NULL ? tmpl->subject : NULL;
|
return tmpl != NULL ? tmpl->subject : NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* retrieves the issuer name of the given cert template or NULL on error */
|
/* retrieves the issuer name of the given cert template or NULL on error */
|
||||||
const X509_NAME
|
const X509_NAME
|
||||||
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
|
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
|
||||||
{
|
{
|
||||||
return tmpl != NULL ? tmpl->issuer : NULL;
|
return tmpl != NULL ? tmpl->issuer : NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_EXTENSIONS
|
X509_EXTENSIONS
|
||||||
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl)
|
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl)
|
||||||
{
|
{
|
||||||
return tmpl != NULL ? tmpl->extensions : NULL;
|
return tmpl != NULL ? tmpl->extensions : NULL;
|
||||||
}
|
}
|
||||||
@ -576,7 +569,8 @@ const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* retrieves the serialNumber of the given CertId or NULL on error */
|
/* retrieves the serialNumber of the given CertId or NULL on error */
|
||||||
const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid)
|
const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID
|
||||||
|
*cid)
|
||||||
{
|
{
|
||||||
return cid != NULL ? cid->serialNumber : NULL;
|
return cid != NULL ? cid->serialNumber : NULL;
|
||||||
}
|
}
|
||||||
@ -609,7 +603,6 @@ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Decrypts the certificate in the given encryptedValue using private key pkey.
|
* Decrypts the certificate in the given encryptedValue using private key pkey.
|
||||||
* This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
|
* This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
|
||||||
|
|||||||
@ -126,7 +126,6 @@ struct ossl_crmf_singlepubinfo_st {
|
|||||||
DEFINE_STACK_OF(OSSL_CRMF_SINGLEPUBINFO)
|
DEFINE_STACK_OF(OSSL_CRMF_SINGLEPUBINFO)
|
||||||
typedef STACK_OF(OSSL_CRMF_SINGLEPUBINFO) OSSL_CRMF_PUBINFOS;
|
typedef STACK_OF(OSSL_CRMF_SINGLEPUBINFO) OSSL_CRMF_PUBINFOS;
|
||||||
|
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* PKIPublicationInfo ::= SEQUENCE {
|
* PKIPublicationInfo ::= SEQUENCE {
|
||||||
* action INTEGER {
|
* action INTEGER {
|
||||||
|
|||||||
@ -11,7 +11,6 @@
|
|||||||
* CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
|
* CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
@ -200,7 +199,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
|
|||||||
|
|
||||||
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL)
|
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL)
|
||||||
|| OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname),
|
|| OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname),
|
||||||
OBJ_nid2obj(hmac_md_nid), 0) <= 0) {
|
OBJ_nid2obj(hmac_md_nid), 0) <= 0) {
|
||||||
ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
|
ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@ -44,8 +44,8 @@ extern "C" {
|
|||||||
|
|
||||||
# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0
|
# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0
|
||||||
# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1
|
# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1
|
||||||
|
|
||||||
typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
|
typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
|
||||||
|
|
||||||
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
|
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
|
||||||
typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
|
typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
|
||||||
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
|
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
|
||||||
|
|||||||
@ -104,7 +104,6 @@ static int test_ASN1_OCTET_STRING_set_tgt_is_src(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void cleanup_tests(void)
|
void cleanup_tests(void)
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
|
|||||||
@ -97,6 +97,7 @@ static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixture)
|
|||||||
static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture)
|
static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture)
|
||||||
{
|
{
|
||||||
STACK_OF(OSSL_CMP_ITAV) *itavs = NULL;
|
STACK_OF(OSSL_CMP_ITAV) *itavs = NULL;
|
||||||
|
|
||||||
if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx)))
|
if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx)))
|
||||||
return 0;
|
return 0;
|
||||||
sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
|
sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
|
||||||
@ -184,7 +185,6 @@ static int test_exec_IR_ses_poll_timeout(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int test_exec_CR_ses(void)
|
static int test_exec_CR_ses(void)
|
||||||
{
|
{
|
||||||
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
|
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
|
||||||
@ -299,6 +299,7 @@ static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture)
|
|||||||
ossl_cmp_exchange_certConf(fixture->cmp_ctx,
|
ossl_cmp_exchange_certConf(fixture->cmp_ctx,
|
||||||
OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable,
|
OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable,
|
||||||
"abcdefg");
|
"abcdefg");
|
||||||
|
|
||||||
return TEST_int_eq(fixture->expected, res);
|
return TEST_int_eq(fixture->expected, res);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -393,7 +393,6 @@ static int test_HDR_set_and_check_implicit_confirm(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture)
|
static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture)
|
||||||
{
|
{
|
||||||
ASN1_OCTET_STRING *header_nonce, *header_transactionID;
|
ASN1_OCTET_STRING *header_nonce, *header_transactionID;
|
||||||
@ -413,8 +412,8 @@ static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture)
|
|||||||
fixture->cmp_ctx->senderNonce)))
|
fixture->cmp_ctx->senderNonce)))
|
||||||
return 0;
|
return 0;
|
||||||
header_transactionID = OSSL_CMP_HDR_get0_transactionID(fixture->hdr);
|
header_transactionID = OSSL_CMP_HDR_get0_transactionID(fixture->hdr);
|
||||||
if (!TEST_true(0 == ASN1_OCTET_STRING_cmp(header_transactionID,
|
if (!TEST_true(ASN1_OCTET_STRING_cmp(header_transactionID,
|
||||||
fixture->cmp_ctx->transactionID)))
|
fixture->cmp_ctx->transactionID) == 0))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr);
|
header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr);
|
||||||
@ -463,7 +462,6 @@ static int test_HDR_init_with_subject(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void cleanup_tests(void)
|
void cleanup_tests(void)
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
|
|||||||
@ -338,7 +338,6 @@ static int test_cmp_create_error_msg(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int test_cmp_create_pollreq(void)
|
static int test_cmp_create_pollreq(void)
|
||||||
{
|
{
|
||||||
SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
|
SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
|
||||||
@ -424,7 +423,6 @@ static int test_cmp_create_certrep(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture)
|
static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture)
|
||||||
{
|
{
|
||||||
OSSL_CMP_PKISI *si = OSSL_CMP_STATUSINFO_new(33, 44, "a text");
|
OSSL_CMP_PKISI *si = OSSL_CMP_STATUSINFO_new(33, 44, "a text");
|
||||||
|
|||||||
@ -515,7 +515,6 @@ static int test_X509_STORE_only_self_issued(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void cleanup_tests(void)
|
void cleanup_tests(void)
|
||||||
{
|
{
|
||||||
EVP_PKEY_free(loadedprivkey);
|
EVP_PKEY_free(loadedprivkey);
|
||||||
@ -578,7 +577,7 @@ int setup_tests(void)
|
|||||||
if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
|
if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
|
||||||
loadedpubkey = loadedprivkey;
|
loadedpubkey = loadedprivkey;
|
||||||
if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
|
if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
|
||||||
|| !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
|
|| !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
|
||||||
return 0;
|
return 0;
|
||||||
if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
|
if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
|
||||||
|| !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
|
|| !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
|
||||||
|
|||||||
@ -34,7 +34,6 @@ static void tear_down(CMP_STATUS_TEST_FIXTURE *fixture)
|
|||||||
OPENSSL_free(fixture);
|
OPENSSL_free(fixture);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Tests PKIStatusInfo creation and get-functions
|
* Tests PKIStatusInfo creation and get-functions
|
||||||
*/
|
*/
|
||||||
@ -89,8 +88,6 @@ static int test_PKISI(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void cleanup_tests(void)
|
void cleanup_tests(void)
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
|
|||||||
@ -98,6 +98,7 @@ static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
|
|||||||
if (fixture->expected == 0) {
|
if (fixture->expected == 0) {
|
||||||
const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
|
const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
|
||||||
const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0);
|
const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0);
|
||||||
|
|
||||||
if (req == NULL || !flip_bit(req->popo->value.signature->signature))
|
if (req == NULL || !flip_bit(req->popo->value.signature->signature))
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -218,6 +219,7 @@ static int test_validate_msg_signature_partial_chain(int expired)
|
|||||||
fixture = NULL;
|
fixture = NULL;
|
||||||
} else {
|
} else {
|
||||||
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
|
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
|
||||||
|
|
||||||
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
|
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
|
||||||
if (expired)
|
if (expired)
|
||||||
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
|
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
|
||||||
@ -322,13 +324,13 @@ static int test_validate_msg_signature_sender_cert_extracert(void)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
static int test_validate_msg_signature_sender_cert_absent(void)
|
static int test_validate_msg_signature_sender_cert_absent(void)
|
||||||
{
|
{
|
||||||
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
|
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
|
||||||
fixture->expected = 0;
|
fixture->expected = 0;
|
||||||
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) {
|
if (!TEST_ptr(fixture->msg =
|
||||||
|
load_pkimsg(ir_protected_0_extracerts, libctx))) {
|
||||||
tear_down(fixture);
|
tear_down(fixture);
|
||||||
fixture = NULL;
|
fixture = NULL;
|
||||||
}
|
}
|
||||||
@ -383,6 +385,7 @@ static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired)
|
|||||||
if (expired) {
|
if (expired) {
|
||||||
X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx);
|
X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx);
|
||||||
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
|
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
|
||||||
|
|
||||||
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
|
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
|
||||||
}
|
}
|
||||||
if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong)
|
if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong)
|
||||||
@ -466,6 +469,7 @@ static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected,
|
|||||||
(*fixture) = NULL;
|
(*fixture) = NULL;
|
||||||
} else if (trid_data != NULL) {
|
} else if (trid_data != NULL) {
|
||||||
ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new();
|
ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new();
|
||||||
|
|
||||||
if (trid == NULL
|
if (trid == NULL
|
||||||
|| !ASN1_OCTET_STRING_set(trid, trid_data,
|
|| !ASN1_OCTET_STRING_set(trid, trid_data,
|
||||||
OSSL_CMP_TRANSACTIONID_LENGTH)
|
OSSL_CMP_TRANSACTIONID_LENGTH)
|
||||||
@ -567,7 +571,6 @@ void cleanup_tests(void)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#define USAGE "server.crt client.crt " \
|
#define USAGE "server.crt client.crt " \
|
||||||
"EndEntity1.crt EndEntity2.crt " \
|
"EndEntity1.crt EndEntity2.crt " \
|
||||||
"Root_CA.crt Intermediate_CA.crt " \
|
"Root_CA.crt Intermediate_CA.crt " \
|
||||||
@ -635,7 +638,8 @@ int setup_tests(void)
|
|||||||
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
|
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
|
||||||
goto err;
|
goto err;
|
||||||
if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
|
if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
|
||||||
|| !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx)))
|
|| !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f,
|
||||||
|
libctx)))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* Message validation tests */
|
/* Message validation tests */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user