2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
12 /* CMP functions for PKIHeader handling */
14 #include "cmp_local.h"
16 #include <openssl/rand.h>
18 /* explicit #includes not strictly needed since implied by the above: */
19 #include <openssl/asn1t.h>
20 #include <openssl/cmp.h>
21 #include <openssl/err.h>
23 DEFINE_STACK_OF(ASN1_UTF8STRING)
24 DEFINE_STACK_OF(OSSL_CMP_ITAV)
26 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
28 if (!ossl_assert(hdr != NULL))
30 return ASN1_INTEGER_set(hdr->pvno, pvno);
33 int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr)
37 if (!ossl_assert(hdr != NULL))
39 if (!ASN1_INTEGER_get_int64(&pvno, hdr->pvno) || pvno < 0 || pvno > INT_MAX)
44 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr)
47 CMPerr(0, CMP_R_NULL_ARGUMENT);
50 return hdr->transactionID;
53 ASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr)
55 if (!ossl_assert(hdr != NULL))
57 return hdr->senderNonce;
60 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr)
63 CMPerr(0, CMP_R_NULL_ARGUMENT);
66 return hdr->recipNonce;
69 int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name)
71 X509_NAME *null = X509_NAME_new();
72 int res = name == NULL || null == NULL
73 || (name->type == GEN_DIRNAME
74 && X509_NAME_cmp(name->d.directoryName, null) == 0);
80 /* assign to *tgt a copy of src (which may be NULL to indicate an empty DN) */
81 static int set1_general_name(GENERAL_NAME **tgt, const X509_NAME *src)
85 if (!ossl_assert(tgt != NULL))
87 if ((name = GENERAL_NAME_new()) == NULL)
89 name->type = GEN_DIRNAME;
91 if (src == NULL) { /* NULL-DN */
92 if ((name->d.directoryName = X509_NAME_new()) == NULL)
94 } else if (!X509_NAME_set(&name->d.directoryName, src)) {
98 GENERAL_NAME_free(*tgt);
104 GENERAL_NAME_free(name);
109 * Set the sender name in PKIHeader.
110 * when nm is NULL, sender is set to an empty string
111 * returns 1 on success, 0 on error
113 int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm)
115 if (!ossl_assert(hdr != NULL))
117 return set1_general_name(&hdr->sender, nm);
120 int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm)
122 if (!ossl_assert(hdr != NULL))
124 return set1_general_name(&hdr->recipient, nm);
127 int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr)
129 if (!ossl_assert(hdr != NULL))
131 if (hdr->messageTime == NULL
132 && (hdr->messageTime = ASN1_GENERALIZEDTIME_new()) == NULL)
134 return ASN1_GENERALIZEDTIME_set(hdr->messageTime, time(NULL)) != NULL;
137 /* assign to *tgt a copy of src (or if NULL a random byte array of given len) */
138 static int set1_aostr_else_random(ASN1_OCTET_STRING **tgt,
139 const ASN1_OCTET_STRING *src, size_t len)
141 unsigned char *bytes = NULL;
144 if (src == NULL) { /* generate a random value if src == NULL */
145 if ((bytes = OPENSSL_malloc(len)) == NULL)
147 if (RAND_bytes(bytes, len) <= 0) {
148 CMPerr(0, CMP_R_FAILURE_OBTAINING_RANDOM);
151 res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len);
153 res = ossl_cmp_asn1_octet_string_set1(tgt, src);
161 int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr,
162 const ASN1_OCTET_STRING *senderKID)
164 if (!ossl_assert(hdr != NULL))
166 return ossl_cmp_asn1_octet_string_set1(&hdr->senderKID, senderKID);
169 /* push the given text string to the given PKIFREETEXT ft */
170 int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text)
172 if (!ossl_assert(hdr != NULL && text != NULL))
175 if (hdr->freeText == NULL
176 && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL)
179 return sk_ASN1_UTF8STRING_push(hdr->freeText, text);
182 int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text)
184 if (!ossl_assert(hdr != NULL && text != NULL))
187 if (hdr->freeText == NULL
188 && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL)
192 ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data);
195 int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr,
198 if (!ossl_assert(hdr != NULL && itav != NULL))
200 return OSSL_CMP_ITAV_push0_stack_item(&hdr->generalInfo, itav);
203 int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr,
204 const STACK_OF(OSSL_CMP_ITAV) *itavs)
209 if (!ossl_assert(hdr != NULL))
212 for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
213 itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i));
217 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) {
218 OSSL_CMP_ITAV_free(itav);
225 int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr)
230 if (!ossl_assert(hdr != NULL))
232 asn1null = (ASN1_TYPE *)ASN1_NULL_new();
233 if (asn1null == NULL)
235 if ((itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm),
238 if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav))
243 ASN1_TYPE_free(asn1null);
244 OSSL_CMP_ITAV_free(itav);
248 /* return 1 if implicitConfirm in the generalInfo field of the header is set */
249 int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr)
255 if (!ossl_assert(hdr != NULL))
258 itavCount = sk_OSSL_CMP_ITAV_num(hdr->generalInfo);
259 for (i = 0; i < itavCount; i++) {
260 itav = sk_OSSL_CMP_ITAV_value(hdr->generalInfo, i);
262 && OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm)
269 /* fill in all fields of the hdr according to the info given in ctx */
270 int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
272 const X509_NAME *sender;
273 const X509_NAME *rcp = NULL;
275 if (!ossl_assert(ctx != NULL && hdr != NULL))
278 /* set the CMP version */
279 if (!ossl_cmp_hdr_set_pvno(hdr, OSSL_CMP_PVNO))
283 * The sender name is copied from the subject of the client cert, if any,
284 * or else from the subject name provided for certification requests.
286 sender = ctx->clCert != NULL ?
287 X509_get_subject_name(ctx->clCert) : ctx->subjectName;
288 if (!ossl_cmp_hdr_set1_sender(hdr, sender))
291 /* determine recipient entry in PKIHeader */
292 if (ctx->srvCert != NULL) {
293 rcp = X509_get_subject_name(ctx->srvCert);
294 /* set also as expected_sender of responses unless set explicitly */
295 if (ctx->expected_sender == NULL && rcp != NULL
296 && !OSSL_CMP_CTX_set1_expected_sender(ctx, rcp))
298 } else if (ctx->recipient != NULL) {
299 rcp = ctx->recipient;
300 } else if (ctx->issuer != NULL) {
302 } else if (ctx->oldCert != NULL) {
303 rcp = X509_get_issuer_name(ctx->oldCert);
304 } else if (ctx->clCert != NULL) {
305 rcp = X509_get_issuer_name(ctx->clCert);
307 if (!ossl_cmp_hdr_set1_recipient(hdr, rcp))
310 /* set current time as message time */
311 if (!ossl_cmp_hdr_update_messageTime(hdr))
314 if (ctx->recipNonce != NULL
315 && !ossl_cmp_asn1_octet_string_set1(&hdr->recipNonce,
320 * set ctx->transactionID in CMP header
321 * if ctx->transactionID is NULL, a random one is created with 128 bit
322 * according to section 5.1.1:
324 * It is RECOMMENDED that the clients fill the transactionID field with
325 * 128 bits of (pseudo-) random data for the start of a transaction to
326 * reduce the probability of having the transactionID in use at the server.
328 if (ctx->transactionID == NULL
329 && !set1_aostr_else_random(&ctx->transactionID, NULL,
330 OSSL_CMP_TRANSACTIONID_LENGTH))
332 if (!ossl_cmp_asn1_octet_string_set1(&hdr->transactionID,
337 * set random senderNonce
338 * according to section 5.1.1:
340 * senderNonce present
341 * -- 128 (pseudo-)random bits
342 * The senderNonce and recipNonce fields protect the PKIMessage against
343 * replay attacks. The senderNonce will typically be 128 bits of
344 * (pseudo-) random data generated by the sender, whereas the recipNonce
345 * is copied from the senderNonce of the previous message in the
348 if (!set1_aostr_else_random(&hdr->senderNonce, NULL,
349 OSSL_CMP_SENDERNONCE_LENGTH))
352 /* store senderNonce - for cmp with recipNonce in next outgoing msg */
353 if (!OSSL_CMP_CTX_set1_senderNonce(ctx, hdr->senderNonce))
357 * freeText [7] PKIFreeText OPTIONAL,
358 * -- this may be used to indicate context-specific instructions
359 * -- (this field is intended for human consumption)
361 if (ctx->freeText != NULL
362 && !ossl_cmp_hdr_push1_freeText(hdr, ctx->freeText))