diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-07-18 16:59:06 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-07-30 09:38:08 +0200 |
commit | 593d6554f87310f3184c2f45d71c09975ffe9f53 (patch) | |
tree | 8b03e60b9fd337b6af777da9a2a29cfe4c2bccf9 | |
parent | 299e0f1eaea1c57354e50a45ecb1c97ac8adb833 (diff) | |
download | openssl-new-593d6554f87310f3184c2f45d71c09975ffe9f53.tar.gz |
Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
-rw-r--r-- | crypto/cmp/cmp_msg.c | 22 | ||||
-rw-r--r-- | doc/man3/OSSL_CMP_MSG_get0_header.pod | 13 | ||||
-rw-r--r-- | include/openssl/cmp.h | 1 | ||||
-rw-r--r-- | util/libcrypto.num | 1 |
4 files changed, 25 insertions, 12 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 290a4ee10f..d45a803677 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -197,13 +197,12 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, - int bodytype) + int for_KUR) { if (ctx->subjectName != NULL) return ctx->subjectName; - if (refcert != NULL - && (bodytype == OSSL_CMP_PKIBODY_KUR || !HAS_SAN(ctx))) + if (refcert != NULL && (for_KUR || !HAS_SAN(ctx))) /* * For KUR, copy subjectName from reference certificate. * For IR or CR, do the same only if there is no subjectAltName. @@ -212,18 +211,14 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, return NULL; } -/* - * Create CRMF certificate request message for IR/CR/KUR - * returns a pointer to the OSSL_CRMF_MSG on success, NULL on error - */ -static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) +OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) { OSSL_CRMF_MSG *crm = NULL; X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert; /* refcert defaults to current client cert */ EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; - const X509_NAME *subject = determine_subj(ctx, refcert, bodytype); + const X509_NAME *subject = determine_subj(ctx, refcert, for_KUR); int crit = ctx->setSubjectAltNameCritical || subject == NULL; /* RFC5280: subjectAltName MUST be critical if subject is null */ X509_EXTENSIONS *exts = NULL; @@ -236,7 +231,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) return NULL; #endif } - if (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL) { + if (for_KUR && refcert == NULL) { CMPerr(0, CMP_R_MISSING_REFERENCE_CERT); return NULL; } @@ -295,7 +290,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) /* end fill certTemplate, now set any controls */ /* for KUR, set OldCertId according to D.6 */ - if (bodytype == OSSL_CMP_PKIBODY_KUR) { + if (for_KUR) { OSSL_CRMF_CERTID *cid = OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert), X509_get0_serialNumber(refcert)); @@ -355,7 +350,10 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type, goto err; } if (crm == NULL) { - if ((local_crm = crm_new(ctx, type, OSSL_CMP_CERTREQID)) == NULL + local_crm = OSSL_CMP_CTX_setup_CRM(ctx, + type == OSSL_CMP_PKIBODY_KUR, + OSSL_CMP_CERTREQID); + if (local_crm == NULL || !OSSL_CRMF_MSG_create_popo(local_crm, privkey, ctx->digest, ctx->popoMethod)) goto err; diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index 3ab76c14df..f1bf8eac32 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -4,6 +4,7 @@ OSSL_CMP_MSG_get0_header, OSSL_CMP_MSG_update_transactionID, +OSSL_CMP_CTX_setup_CRM, d2i_OSSL_CMP_MSG_bio, i2d_OSSL_CMP_MSG_bio - function(s) manipulating CMP messages @@ -14,6 +15,7 @@ i2d_OSSL_CMP_MSG_bio OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); + OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); @@ -25,6 +27,14 @@ OSSL_CMP_MSG_update_transactionID() updates the transactionID field in the header of the given message according to the CMP_CTX. This requires re-protecting the message (if it was protected). +OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message +for inclusion in a CMP request message based on details contained in I<ctx>. +If the CMP context does not include a subject name set via +L<OSSL_CMP_CTX_set1_subjectName(3)> but includes a reference certificate +then it copies the subject DN from there +if I<for_KUR> is set or the I<ctx> does not include a subjectAltName. +The I<rid> defines the request identifier to use, which typically is 0. + d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I<bio>. It assigns a pointer to the new structure to I<*msg> if I<msg> is not NULL. @@ -40,6 +50,9 @@ CMP is defined in RFC 4210. OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above or NULL if the respective entry does not exist and on error. +OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success, +NULL on error. + d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error. i2d_OSSL_CMP_MSG_bio() and OSSL_CMP_MSG_update_transactionID() diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index eaefd68e8b..378cda641d 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -354,6 +354,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); diff --git a/util/libcrypto.num b/util/libcrypto.num index 4afac9fd6f..d53d04afa6 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4903,6 +4903,7 @@ RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION: OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_setup_CRM ? 3_0_0 EXIST::FUNCTION:CMP BIO_f_prefix ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_new_from_name ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_new_from_pkey ? 3_0_0 EXIST::FUNCTION: |