From bcd3707dba1cceffba56ee3226105b64575f2b14 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 4 Aug 2023 21:45:07 +0200 Subject: [PATCH] crypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/21660) --- crypto/cmp/cmp_msg.c | 31 +++++++++++++++++++++++++-- doc/man3/OSSL_CMP_MSG_get0_header.pod | 9 ++++++++ include/openssl/cmp.h.in | 1 + util/libcrypto.num | 1 + 4 files changed, 40 insertions(+), 2 deletions(-) diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index a7e22d874a..8a7fb129db 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -100,6 +100,34 @@ int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg) return msg->body->type; } +X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg) +{ + const OSSL_CRMF_MSGS *reqs; + const OSSL_CRMF_MSG *crm; + const OSSL_CRMF_CERTTEMPLATE *tmpl; + X509_PUBKEY *pubkey; + + switch (OSSL_CMP_MSG_get_bodytype(msg)) { + case OSSL_CMP_PKIBODY_IR: + case OSSL_CMP_PKIBODY_CR: + case OSSL_CMP_PKIBODY_KUR: + reqs = msg->body->value.ir; /* value.ir is same for cr and kur */ + if ((crm = sk_OSSL_CRMF_MSG_value(reqs, 0)) == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_CERTREQMSG_NOT_FOUND); + return NULL; + } + if ((tmpl = OSSL_CRMF_MSG_get0_tmpl(crm)) == NULL + || (pubkey = OSSL_CRMF_CERTTEMPLATE_get0_publicKey(tmpl)) == NULL) { + ERR_raise(ERR_LIB_CMP, CRMF_R_POPO_MISSING_PUBLIC_KEY); + return NULL; + } + return pubkey; + default: + ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); + return NULL; + } +} + /* Add an extension to the referenced extension stack, which may be NULL */ static int add1_extension(X509_EXTENSIONS **pexts, int nid, int crit, void *ex) { @@ -542,8 +570,7 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) } else if (ctx->p10CSR != NULL) { pubkey = X509_REQ_get0_pubkey(ctx->p10CSR); subject = X509_REQ_get_subject_name(ctx->p10CSR); - } - else { + } else { goto err; } diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index b3175683c7..97321bebc0 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -4,6 +4,7 @@ OSSL_CMP_MSG_get0_header, OSSL_CMP_MSG_get_bodytype, +OSSL_CMP_MSG_get0_certreq_publickey, OSSL_CMP_MSG_update_transactionID, OSSL_CMP_MSG_update_recipNonce, OSSL_CMP_CTX_setup_CRM, @@ -19,6 +20,7 @@ i2d_OSSL_CMP_MSG_bio OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); + X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); @@ -33,6 +35,9 @@ OSSL_CMP_MSG_get0_header() returns the header of the given CMP message. OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message. +OSSL_CMP_MSG_get0_certreq_publickey() expects that I is a certificate request +messsage and returns the public key in its certificate template if present. + OSSL_CMP_MSG_update_transactionID() updates the transactionID field in the header of the given message according to the CMP_CTX. If I does not contain a transaction ID, a fresh one is created before. @@ -118,6 +123,8 @@ or NULL if the respective entry does not exist and on error. OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error. +OSSL_CMP_MSG_get0_certreq_publickey() returns a public key or NULL on error. + OSSL_CMP_CTX_setup_CRM() returns a pointer to a B on success, NULL on error. @@ -146,6 +153,8 @@ The OpenSSL CMP support was added in OpenSSL 3.0. OSSL_CMP_MSG_update_recipNonce() was added in OpenSSL 3.0.9. +OSSL_CMP_MSG_get0_certreq_publickey() was added in OpenSSL 3.3. + =head1 COPYRIGHT Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index 3eb6a95324..da82a3f419 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -416,6 +416,7 @@ STACK_OF(OSSL_CMP_ITAV) /* from cmp_msg.c */ OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); +X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); diff --git a/util/libcrypto.num b/util/libcrypto.num index 7373b002b7..7f646cbba9 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5540,6 +5540,7 @@ OSSL_CMP_CTX_get0_geninfo_ITAVs ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_HDR_get0_geninfo_ITAVs ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_ITAV_new0_certProfile ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_ITAV_get0_certProfile ? 3_3_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_get0_certreq_publickey ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_SRV_CTX_init_trans ? 3_3_0 EXIST::FUNCTION:CMP EVP_DigestSqueeze ? 3_3_0 EXIST::FUNCTION: ERR_pop ? 3_3_0 EXIST::FUNCTION: -- 2.34.1