QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-29 03:04:37 +00:00
Code Issues Projects Releases Wiki Activity

Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM()

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
This commit is contained in:
Dr. David von Oheimb 2020-07-18 16:59:06 +02:00
parent 299e0f1eae
commit 593d6554f8
4 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
crypto/cmp/cmp_msg.c
View File

@ -197,13 +197,12 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype)
|| OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1)
static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert,
int bodytype)
int for_KUR)
{
if (ctx->subjectName != NULL)
return ctx->subjectName;
if (refcert != NULL
&& (bodytype == OSSL_CMP_PKIBODY_KUR || !HAS_SAN(ctx)))
if (refcert != NULL && (for_KUR || !HAS_SAN(ctx)))
/*
* For KUR, copy subjectName from reference certificate.
* For IR or CR, do the same only if there is no subjectAltName.
@ -212,18 +211,14 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert,
return NULL;
}
/*
* Create CRMF certificate request message for IR/CR/KUR
* returns a pointer to the OSSL_CRMF_MSG on success, NULL on error
*/
static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
{
OSSL_CRMF_MSG *crm = NULL;
X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert;
/* refcert defaults to current client cert */
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0);
STACK_OF(GENERAL_NAME) *default_sans = NULL;
const X509_NAME *subject = determine_subj(ctx, refcert, bodytype);
const X509_NAME *subject = determine_subj(ctx, refcert, for_KUR);
int crit = ctx->setSubjectAltNameCritical || subject == NULL;
/* RFC5280: subjectAltName MUST be critical if subject is null */
X509_EXTENSIONS *exts = NULL;
@ -236,7 +231,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
return NULL;
#endif
}
if (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL) {
if (for_KUR && refcert == NULL) {
CMPerr(0, CMP_R_MISSING_REFERENCE_CERT);
return NULL;
}
@ -295,7 +290,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
/* end fill certTemplate, now set any controls */
/* for KUR, set OldCertId according to D.6 */
if (bodytype == OSSL_CMP_PKIBODY_KUR) {
if (for_KUR) {
OSSL_CRMF_CERTID *cid =
OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert),
X509_get0_serialNumber(refcert));
@ -355,7 +350,10 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
goto err;
}
if (crm == NULL) {
if ((local_crm = crm_new(ctx, type, OSSL_CMP_CERTREQID)) == NULL
local_crm = OSSL_CMP_CTX_setup_CRM(ctx,
type == OSSL_CMP_PKIBODY_KUR,
OSSL_CMP_CERTREQID);
if (local_crm == NULL
|| !OSSL_CRMF_MSG_create_popo(local_crm, privkey, ctx->digest,
ctx->popoMethod))
goto err;

13
doc/man3/OSSL_CMP_MSG_get0_header.pod
View File

@ -4,6 +4,7 @@
OSSL_CMP_MSG_get0_header,
OSSL_CMP_MSG_update_transactionID,
OSSL_CMP_CTX_setup_CRM,
d2i_OSSL_CMP_MSG_bio,
i2d_OSSL_CMP_MSG_bio
- function(s) manipulating CMP messages
@ -14,6 +15,7 @@ i2d_OSSL_CMP_MSG_bio
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
@ -25,6 +27,14 @@ OSSL_CMP_MSG_update_transactionID() updates the transactionID field
in the header of the given message according to the CMP_CTX.
This requires re-protecting the message (if it was protected).
OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message
for inclusion in a CMP request message based on details contained in I<ctx>.
If the CMP context does not include a subject name set via
L<OSSL_CMP_CTX_set1_subjectName(3)> but includes a reference certificate
then it copies the subject DN from there
if I<for_KUR> is set or the I<ctx> does not include a subjectAltName.
The I<rid> defines the request identifier to use, which typically is 0.
d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I<bio>.
It assigns a pointer to the new structure to I<*msg> if I<msg> is not NULL.
@ -40,6 +50,9 @@ CMP is defined in RFC 4210.
OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above
or NULL if the respective entry does not exist and on error.
OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success,
NULL on error.
d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error.
i2d_OSSL_CMP_MSG_bio() and OSSL_CMP_MSG_update_transactionID()

1
include/openssl/cmp.h
View File

@ -354,6 +354,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
/* from cmp_msg.c */
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);

1
util/libcrypto.num
View File

@ -4903,6 +4903,7 @@ RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION:
OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_setup_CRM ? 3_0_0 EXIST::FUNCTION:CMP
BIO_f_prefix ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_new_from_name ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_new_from_pkey ? 3_0_0 EXIST::FUNCTION: