/*
- * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
#include <openssl/err.h> /* should be implied by cmperr.h */
#include <openssl/x509v3.h>
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_OBJECT)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
/*
* use trace API for CMP-specific logging, prefixed by "CMP " and severity
*/
*/
static const char *improve_location_name(const char *func, const char *fallback)
{
- if (!ossl_assert(fallback != NULL))
- return NULL;
+ if (fallback == NULL)
+ return func == NULL ? UNKNOWN_FUNC : func;
+
return func == NULL || *func == '\0' || strcmp(func, UNKNOWN_FUNC) == 0
? fallback : func;
}
#define ERR_PRINT_BUF_SIZE 4096
/* this is similar to ERR_print_errors_cb, but uses the CMP-specific cb type */
-void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn)
+void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn)
{
unsigned long err;
char msg[ERR_PRINT_BUF_SIZE];
}
int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs,
- int no_self_issued, int no_dups, int prepend)
+ int no_self_signed, int no_dups, int prepend)
/* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */
{
int i;
for (i = 0; i < sk_X509_num(certs); i++) { /* certs may be NULL */
X509 *cert = sk_X509_value(certs, i);
- if (!no_self_issued || X509_check_issued(cert, cert) != X509_V_OK) {
+ if (!no_self_signed || X509_self_signed(cert, 0) != 1) {
if (!ossl_cmp_sk_X509_add1_cert(sk, cert, no_dups, prepend))
return 0;
}
}
int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs,
- int only_self_issued)
+ int only_self_signed)
{
int i;
for (i = 0; i < sk_X509_num(certs); i++) {
X509 *cert = sk_X509_value(certs, i);
- if (!only_self_issued || X509_check_issued(cert, cert) == X509_V_OK)
+ if (!only_self_signed || X509_self_signed(cert, 0) == 1)
if (!X509_STORE_add_cert(store, cert)) /* ups cert ref counter */
return 0;
}
*tgt = new;
return 1;
}
-
-/*
- * calculate a digest of the given certificate,
- * using the same hash algorithm as in the certificate signature.
- */
-ASN1_OCTET_STRING *OSSL_CMP_X509_digest(const X509 *cert)
-{
- unsigned int len;
- unsigned char hash[EVP_MAX_MD_SIZE];
- int md_NID;
- const EVP_MD *md = NULL;
- ASN1_OCTET_STRING *new = NULL;
-
- if (!ossl_assert(cert != NULL))
- return NULL;
-
- /*-
- * select hash algorithm, as stated in CMP RFC 4210 Appendix F.
- * Compilable ASN.1 defs:
- * the hash of the certificate, using the same hash algorithm
- * as is used to create and verify the certificate signature
- */
- if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &md_NID, NULL)
- || (md = EVP_get_digestbynid(md_NID)) == NULL) {
- CMPerr(0, CMP_R_UNSUPPORTED_ALGORITHM);
- return NULL;
- }
- if (!X509_digest(cert, md, hash, &len)
- || (new = ASN1_OCTET_STRING_new()) == NULL)
- return NULL;
- if (!(ASN1_OCTET_STRING_set(new, hash, len))) {
- ASN1_OCTET_STRING_free(new);
- return NULL;
- }
- return new;
-}