#include <openssl/crmf.h>
#include <openssl/err.h>
#include <openssl/x509.h>
+#include "crypto/x509.h" /* for x509_set0_libctx() */
DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
DEFINE_STACK_OF(OSSL_CMP_PKISI)
DEFINE_STACK_OF(OSSL_CRMF_MSG)
DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
DEFINE_STACK_OF(OSSL_CRMF_CERTID)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
{
type == OSSL_CMP_PKIBODY_KUR,
OSSL_CMP_CERTREQID);
if (local_crm == NULL
- || !OSSL_CRMF_MSG_create_popo(local_crm, privkey, ctx->digest,
- ctx->popoMethod))
+ || !OSSL_CRMF_MSG_create_popo(ctx->popoMethod, local_crm,
+ privkey, ctx->digest,
+ ctx->libctx, ctx->propq))
goto err;
} else {
if ((local_crm = OSSL_CRMF_MSG_dup(crm)) == NULL)
if (sk_X509_num(chain) > 0) {
msg->extraCerts = sk_X509_new_reserve(NULL, sk_X509_num(chain));
if (msg->extraCerts == NULL
- || !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0))
+ || !X509_add_certs(msg->extraCerts, chain,
+ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto err;
}
return NULL;
}
-/*
- * CMP_CERTRESPONSE_get1_certificate() attempts to retrieve the returned
- * certificate from the given certResponse B<crep>.
- * Uses the privkey in case of indirect POP from B<ctx>.
+/*-
+ * Retrieve the newly enrolled certificate from the given certResponse crep.
+ * In case of indirect POPO uses the libctx and propq from ctx and private key.
* Returns a pointer to a copy of the found certificate, or NULL if not found.
*/
-X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey,
- const OSSL_CMP_CERTRESPONSE *crep)
+X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
+ const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey)
{
OSSL_CMP_CERTORENCCERT *coec;
X509 *crt = NULL;
- if (!ossl_assert(crep != NULL))
+ if (!ossl_assert(crep != NULL && ctx != NULL))
return NULL;
if (crep->certifiedKeyPair
break;
case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT:
/* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */
- if (privkey == NULL) {
+ if (pkey == NULL) {
CMPerr(0, CMP_R_MISSING_PRIVATE_KEY);
return NULL;
}
crt =
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(coec->value.encryptedCert,
- privkey);
+ ctx->libctx, ctx->propq,
+ pkey);
break;
default:
CMPerr(0, CMP_R_UNKNOWN_CERT_TYPE);
}
if (crt == NULL)
CMPerr(0, CMP_R_CERTIFICATE_NOT_FOUND);
+ else
+ (void)x509_set0_libctx(crt, ctx->libctx, ctx->propq);
return crt;
}
|| ossl_cmp_msg_protect(ctx, msg);
}
-OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file)
+OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file)
{
OSSL_CMP_MSG *msg = NULL;
BIO *bio = NULL;
- if (!ossl_assert(file != NULL))
+ if (file == NULL) {
+ CMPerr(0, CMP_R_NULL_ARGUMENT);
return NULL;
+ }
if ((bio = BIO_new_file(file, "rb")) == NULL)
return NULL;
return msg;
}
+int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg)
+{
+ BIO *bio;
+ int res;
+
+ if (file == NULL || msg == NULL) {
+ CMPerr(0, CMP_R_NULL_ARGUMENT);
+ return -1;
+ }
+
+ bio = BIO_new_file(file, "wb");
+ if (bio == NULL)
+ return -2;
+ res = i2d_OSSL_CMP_MSG_bio(bio, msg);
+ BIO_free(bio);
+ return res;
+}
+
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg)
{
return ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new,