crypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)

diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index a7e22d874ade5604983ab2b566cbc7e23cda2890..8a7fb129db16f9dfb99bd63d61f4a5758d26a64f 100644 (file)
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -100,6 +100,34 @@ int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg)
     return msg->body->type;
 }
 
+X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg)
+{
+    const OSSL_CRMF_MSGS *reqs;
+    const OSSL_CRMF_MSG *crm;
+    const OSSL_CRMF_CERTTEMPLATE *tmpl;
+    X509_PUBKEY *pubkey;
+
+    switch (OSSL_CMP_MSG_get_bodytype(msg)) {
+    case OSSL_CMP_PKIBODY_IR:
+    case OSSL_CMP_PKIBODY_CR:
+    case OSSL_CMP_PKIBODY_KUR:
+        reqs = msg->body->value.ir; /* value.ir is same for cr and kur */
+        if ((crm = sk_OSSL_CRMF_MSG_value(reqs, 0)) == NULL) {
+            ERR_raise(ERR_LIB_CMP, CMP_R_CERTREQMSG_NOT_FOUND);
+            return NULL;
+        }
+        if ((tmpl = OSSL_CRMF_MSG_get0_tmpl(crm)) == NULL
+            || (pubkey = OSSL_CRMF_CERTTEMPLATE_get0_publicKey(tmpl)) == NULL) {
+            ERR_raise(ERR_LIB_CMP, CRMF_R_POPO_MISSING_PUBLIC_KEY);
+            return NULL;
+        }
+        return pubkey;
+    default:
+        ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY);
+        return NULL;
+    }
+}
+
 /* Add an extension to the referenced extension stack, which may be NULL */
 static int add1_extension(X509_EXTENSIONS **pexts, int nid, int crit, void *ex)
 {
@@ -542,8 +570,7 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
     } else if (ctx->p10CSR != NULL) {
         pubkey = X509_REQ_get0_pubkey(ctx->p10CSR);
         subject = X509_REQ_get_subject_name(ctx->p10CSR);
-    }
-    else {
+    } else {
         goto err;
     }
 

diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod
index b3175683c782f39c7fc837c556cc2a2e2dcd1d42..97321bebc0775a4fdfb0d712e3545f7511857f90 100644 (file)
--- a/doc/man3/OSSL_CMP_MSG_get0_header.pod
+++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod
@@ -4,6 +4,7 @@
 
 OSSL_CMP_MSG_get0_header,
 OSSL_CMP_MSG_get_bodytype,
+OSSL_CMP_MSG_get0_certreq_publickey,
 OSSL_CMP_MSG_update_transactionID,
 OSSL_CMP_MSG_update_recipNonce,
 OSSL_CMP_CTX_setup_CRM,
@@ -19,6 +20,7 @@ i2d_OSSL_CMP_MSG_bio
 
   OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
   int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
+  X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg);
   int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
   int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
   OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
@@ -33,6 +35,9 @@ OSSL_CMP_MSG_get0_header() returns the header of the given CMP message.
 
 OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message.
 
+OSSL_CMP_MSG_get0_certreq_publickey() expects that I<msg> is a certificate request
+messsage and returns the public key in its certificate template if present.
+
 OSSL_CMP_MSG_update_transactionID() updates the transactionID field
 in the header of the given message according to the CMP_CTX.
 If I<ctx> does not contain a transaction ID, a fresh one is created before.
@@ -118,6 +123,8 @@ or NULL if the respective entry does not exist and on error.
 
 OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error.
 
+OSSL_CMP_MSG_get0_certreq_publickey() returns a public key or NULL on error.
+
 OSSL_CMP_CTX_setup_CRM() returns a pointer to a B<OSSL_CRMF_MSG> on success,
 NULL on error.
 
@@ -146,6 +153,8 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
 
 OSSL_CMP_MSG_update_recipNonce() was added in OpenSSL 3.0.9.
 
+OSSL_CMP_MSG_get0_certreq_publickey() was added in OpenSSL 3.3.
+
 =head1 COPYRIGHT
 
 Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.

diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in
index 3eb6a95324004bc632b32b694b4815dce44aaa4e..da82a3f41927ad4700744c909fce1b4f7c706664 100644 (file)
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -416,6 +416,7 @@ STACK_OF(OSSL_CMP_ITAV)
 /* from cmp_msg.c */
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
+X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 7373b002b7f43f7dedd34b67baa132d577b82029..7f646cbba9926811c030f7a78a04239bd4b0f34d 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5540,6 +5540,7 @@ OSSL_CMP_CTX_get0_geninfo_ITAVs         ? 3_3_0   EXIST::FUNCTION:CMP
 OSSL_CMP_HDR_get0_geninfo_ITAVs         ?      3_3_0   EXIST::FUNCTION:CMP
 OSSL_CMP_ITAV_new0_certProfile          ?      3_3_0   EXIST::FUNCTION:CMP
 OSSL_CMP_ITAV_get0_certProfile          ?      3_3_0   EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_get0_certreq_publickey     ?      3_3_0   EXIST::FUNCTION:CMP
 OSSL_CMP_SRV_CTX_init_trans             ?      3_3_0   EXIST::FUNCTION:CMP
 EVP_DigestSqueeze                       ?      3_3_0   EXIST::FUNCTION:
 ERR_pop                                 ?      3_3_0   EXIST::FUNCTION: