/*
- * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
#include <openssl/err.h>
#include <openssl/x509.h>
+DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(OSSL_CMP_PKISI)
+DEFINE_STACK_OF(OSSL_CRMF_MSG)
+DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+DEFINE_STACK_OF(OSSL_CRMF_CERTID)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
{
if (msg == NULL) {
static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
{
OSSL_CRMF_MSG *crm = NULL;
- X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->clCert;
+ X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert;
/* refcert defaults to current client cert */
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0);
STACK_OF(GENERAL_NAME) *default_sans = NULL;
X509_EXTENSIONS *exts = NULL;
if (rkey == NULL)
- rkey = ctx->pkey; /* default is independent of ctx->oldClCert */
- if (rkey == NULL
- || (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL)) {
- CMPerr(0, CMP_R_INVALID_ARGS);
+ rkey = ctx->pkey; /* default is independent of ctx->oldCert */
+ if (rkey == NULL) {
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ CMPerr(0, CMP_R_NULL_ARGUMENT);
+ return NULL;
+#endif
+ }
+ if (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL) {
+ CMPerr(0, CMP_R_MISSING_REFERENCE_CERT);
return NULL;
}
if ((crm = OSSL_CRMF_MSG_new()) == NULL)
return msg;
err:
- CMPerr(0, err_code);
+ if (err_code != 0)
+ CMPerr(0, err_code);
OSSL_CRMF_MSG_free(crm);
OSSL_CMP_MSG_free(msg);
return NULL;
if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL
&& (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL)
goto err;
- if (chain != NULL
- && !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0))
+ if (sk_X509_num(chain) > 0) {
+ msg->extraCerts = sk_X509_new_reserve(NULL, sk_X509_num(chain));
+ if (msg->extraCerts == NULL
+ || !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0))
goto err;
+ }
if (!unprotectedErrors
|| ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection)
return 0;
for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
- if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i))) == NULL)
- return 0;
- if (!ossl_cmp_msg_gen_push0_ITAV(msg, itav)) {
+ itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i));
+ if (itav == NULL
+ || !ossl_cmp_msg_gen_push0_ITAV(msg, itav)) {
OSSL_CMP_ITAV_free(itav);
return 0;
}
return crt;
}
+int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
+{
+ if (ctx == NULL || msg == NULL) {
+ CMPerr(0, CMP_R_NULL_ARGUMENT);
+ return 0;
+ }
+ if (!ossl_cmp_hdr_set_transactionID(ctx, msg->header))
+ return 0;
+ return msg->header->protectionAlg == NULL
+ || ossl_cmp_msg_protect(ctx, msg);
+}
+
OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file)
{
OSSL_CMP_MSG *msg = NULL;