rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut);
break;
case NID_id_it_rootCaCert:
- rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
- ctx->newWithOld,
- ctx->oldWithNew);
+ {
+ X509 *rootcacert = NULL;
+
+ if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert))
+ return NULL;
+
+ if (rootcacert != NULL
+ && X509_NAME_cmp(X509_get_subject_name(rootcacert),
+ X509_get_subject_name(ctx->newWithNew)) != 0)
+ /* The subjects do not match */
+ rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL);
+ else
+ rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
+ ctx->newWithOld,
+ ctx->oldWithNew);
+ }
break;
default:
rsp = OSSL_CMP_ITAV_dup(req);
const X509 *oldWithNew)
{
OSSL_CMP_ITAV *itav;
- OSSL_CMP_ROOTCAKEYUPDATE *upd = OSSL_CMP_ROOTCAKEYUPDATE_new();
+ OSSL_CMP_ROOTCAKEYUPDATE *upd = NULL;
+
+ if (newWithNew != NULL) {
+ upd = OSSL_CMP_ROOTCAKEYUPDATE_new();
+ if (upd == NULL)
+ return NULL;
+
+ if ((upd->newWithNew = X509_dup(newWithNew)) == NULL)
+ goto err;
+ if (newWithOld != NULL
+ && (upd->newWithOld = X509_dup(newWithOld)) == NULL)
+ goto err;
+ if (oldWithNew != NULL
+ && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL)
+ goto err;
+ }
- if (upd == NULL)
- return NULL;
- if (newWithNew != NULL && (upd->newWithNew = X509_dup(newWithNew)) == NULL)
- goto err;
- if (newWithOld != NULL && (upd->newWithOld = X509_dup(newWithOld)) == NULL)
- goto err;
- if (oldWithNew != NULL && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL)
- goto err;
if ((itav = OSSL_CMP_ITAV_new()) == NULL)
goto err;
itav->infoType = OBJ_nid2obj(NID_id_it_rootCaKeyUpdate);
itav->infoValue.rootCaKeyUpdate = upd;
return itav;
- err:
+ err:
OSSL_CMP_ROOTCAKEYUPDATE_free(upd);
return NULL;
}
return 0;
}
upd = itav->infoValue.rootCaKeyUpdate;
- *newWithNew = upd->newWithNew;
+ *newWithNew = upd != NULL ? upd->newWithNew : NULL;
if (newWithOld != NULL)
- *newWithOld = upd->newWithOld;
+ *newWithOld = upd != NULL ? upd->newWithOld : NULL;
if (oldWithNew != NULL)
- *oldWithNew = upd->oldWithNew;
+ *oldWithNew = upd != NULL ? upd->oldWithNew : NULL;
return 1;
}
OSSL_CMP_ITAV_new_rootCaKeyUpdate() creates a new B<OSSL_CMP_ITAV> structure
of type B<rootCaKeyUpdate> that includes an RootCaKeyUpdateContent structure
with the optional I<newWithNew>, I<newWithOld>, and I<oldWithNew> certificates.
+An RootCaKeyUpdateContent structure is included only if I<newWithNew>
+is not NULL.
OSSL_CMP_ITAV_get0_rootCaKeyUpdate() requires that I<itav> has infoType
B<rootCaKeyUpdate>.
to the certificate contained in the newWithOld infoValue sub-field of I<itav>.
If I<oldWithNew> is not NULL, it assigns to I<*oldWithNew> the internal pointer
to the certificate contained in the oldWithNew infoValue sub-field of I<itav>.
-Each of these pointers will be NULL if the respective sub-field is not set.
+Each of these pointers will be set to NULL if no root CA certificate update
+is present or the respective sub-field is not included.
=head1 NOTES
0,genm rootCaCert oldwithold empty file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, empty.txt , -newwithnew, _RESULT_DIR/test.newwithnew.pem
0,genm rootCaCert oldwithold random file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, random.bin , -newwithnew, _RESULT_DIR/test.newwithnew.pem
0,genm rootCaCert oldwithold nonexistent , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, idontexist , -newwithnew, _RESULT_DIR/test.newwithnew.pem
-0,genm rootCaCert oldwithold wrong , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt , -newwithnew, _RESULT_DIR/test.newwithnew.pem
+1,genm rootCaCert oldwithold different , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt , -newwithnew, _RESULT_DIR/test.newwithnew.pem
0,genm rootCaCert missing newwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, BLANK ,,
0,genm rootCaCert newwithnew missing arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew,,
1,genm rootCaCert with oldwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew1.pem, -oldwithnew, _RESULT_DIR/test.oldwithnew1.pem