| 1 | /* |
|---|---|
| 2 | * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * Copyright Nokia 2007-2019 |
| 4 | * Copyright Siemens AG 2015-2019 |
| 5 | * |
| 6 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 7 | * this file except in compliance with the License. You can obtain a copy |
| 8 | * in the file LICENSE in the source distribution or at |
| 9 | * https://www.openssl.org/source/license.html |
| 10 | */ |
| 11 | |
| 12 | /* CMP functions for PKIMessage construction */ |
| 13 | |
| 14 | #include "cmp_local.h" |
| 15 | |
| 16 | /* explicit #includes not strictly needed since implied by the above: */ |
| 17 | #include <openssl/asn1t.h> |
| 18 | #include <openssl/cmp.h> |
| 19 | #include <openssl/crmf.h> |
| 20 | #include <openssl/err.h> |
| 21 | #include <openssl/x509.h> |
| 22 | |
| 23 | OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg) |
| 24 | { |
| 25 | if (msg == NULL) { |
| 26 | CMPerr(0, CMP_R_NULL_ARGUMENT); |
| 27 | return NULL; |
| 28 | } |
| 29 | return msg->header; |
| 30 | } |
| 31 | |
| 32 | const char *ossl_cmp_bodytype_to_string(int type) |
| 33 | { |
| 34 | static const char *type_names[] = { |
| 35 | "IR", "IP", "CR", "CP", "P10CR", |
| 36 | "POPDECC", "POPDECR", "KUR", "KUP", |
| 37 | "KRR", "KRP", "RR", "RP", "CCR", "CCP", |
| 38 | "CKUANN", "CANN", "RANN", "CRLANN", "PKICONF", "NESTED", |
| 39 | "GENM", "GENP", "ERROR", "CERTCONF", "POLLREQ", "POLLREP", |
| 40 | }; |
| 41 | |
| 42 | if (type < 0 || type > OSSL_CMP_PKIBODY_TYPE_MAX) |
| 43 | return "illegal body type"; |
| 44 | return type_names[type]; |
| 45 | } |
| 46 | |
| 47 | int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type) |
| 48 | { |
| 49 | if (!ossl_assert(msg != NULL && msg->body != NULL)) |
| 50 | return 0; |
| 51 | |
| 52 | msg->body->type = type; |
| 53 | return 1; |
| 54 | } |
| 55 | |
| 56 | int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg) |
| 57 | { |
| 58 | if (!ossl_assert(msg != NULL && msg->body != NULL)) |
| 59 | return -1; |
| 60 | |
| 61 | return msg->body->type; |
| 62 | } |
| 63 | |
| 64 | /* Add an extension to the referenced extension stack, which may be NULL */ |
| 65 | static int add1_extension(X509_EXTENSIONS **pexts, int nid, int crit, void *ex) |
| 66 | { |
| 67 | X509_EXTENSION *ext; |
| 68 | int res; |
| 69 | |
| 70 | if (!ossl_assert(pexts != NULL)) /* pointer to var must not be NULL */ |
| 71 | return 0; |
| 72 | |
| 73 | if ((ext = X509V3_EXT_i2d(nid, crit, ex)) == NULL) |
| 74 | return 0; |
| 75 | |
| 76 | res = X509v3_add_ext(pexts, ext, 0) != NULL; |
| 77 | X509_EXTENSION_free(ext); |
| 78 | return res; |
| 79 | } |
| 80 | |
| 81 | /* Add a CRL revocation reason code to extension stack, which may be NULL */ |
| 82 | static int add_crl_reason_extension(X509_EXTENSIONS **pexts, int reason_code) |
| 83 | { |
| 84 | ASN1_ENUMERATED *val = ASN1_ENUMERATED_new(); |
| 85 | int res = 0; |
| 86 | |
| 87 | if (val != NULL && ASN1_ENUMERATED_set(val, reason_code)) |
| 88 | res = add1_extension(pexts, NID_crl_reason, 0 /* non-critical */, val); |
| 89 | ASN1_ENUMERATED_free(val); |
| 90 | return res; |
| 91 | } |
| 92 | |
| 93 | OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) |
| 94 | { |
| 95 | OSSL_CMP_MSG *msg = NULL; |
| 96 | |
| 97 | if (!ossl_assert(ctx != NULL)) |
| 98 | return NULL; |
| 99 | |
| 100 | if ((msg = OSSL_CMP_MSG_new()) == NULL) |
| 101 | return NULL; |
| 102 | if (!ossl_cmp_hdr_init(ctx, msg->header) |
| 103 | || !ossl_cmp_msg_set_bodytype(msg, bodytype)) |
| 104 | goto err; |
| 105 | if (ctx->geninfo_ITAVs != NULL |
| 106 | && !ossl_cmp_hdr_generalInfo_push1_items(msg->header, |
| 107 | ctx->geninfo_ITAVs)) |
| 108 | goto err; |
| 109 | |
| 110 | switch (bodytype) { |
| 111 | case OSSL_CMP_PKIBODY_IR: |
| 112 | case OSSL_CMP_PKIBODY_CR: |
| 113 | case OSSL_CMP_PKIBODY_KUR: |
| 114 | if ((msg->body->value.ir = OSSL_CRMF_MSGS_new()) == NULL) |
| 115 | goto err; |
| 116 | return msg; |
| 117 | |
| 118 | case OSSL_CMP_PKIBODY_P10CR: |
| 119 | if (ctx->p10CSR == NULL) { |
| 120 | CMPerr(0, CMP_R_ERROR_CREATING_P10CR); |
| 121 | goto err; |
| 122 | } |
| 123 | if ((msg->body->value.p10cr = X509_REQ_dup(ctx->p10CSR)) == NULL) |
| 124 | goto err; |
| 125 | return msg; |
| 126 | |
| 127 | case OSSL_CMP_PKIBODY_IP: |
| 128 | case OSSL_CMP_PKIBODY_CP: |
| 129 | case OSSL_CMP_PKIBODY_KUP: |
| 130 | if ((msg->body->value.ip = OSSL_CMP_CERTREPMESSAGE_new()) == NULL) |
| 131 | goto err; |
| 132 | return msg; |
| 133 | |
| 134 | case OSSL_CMP_PKIBODY_RR: |
| 135 | if ((msg->body->value.rr = sk_OSSL_CMP_REVDETAILS_new_null()) == NULL) |
| 136 | goto err; |
| 137 | return msg; |
| 138 | case OSSL_CMP_PKIBODY_RP: |
| 139 | if ((msg->body->value.rp = OSSL_CMP_REVREPCONTENT_new()) == NULL) |
| 140 | goto err; |
| 141 | return msg; |
| 142 | |
| 143 | case OSSL_CMP_PKIBODY_CERTCONF: |
| 144 | if ((msg->body->value.certConf = |
| 145 | sk_OSSL_CMP_CERTSTATUS_new_null()) == NULL) |
| 146 | goto err; |
| 147 | return msg; |
| 148 | case OSSL_CMP_PKIBODY_PKICONF: |
| 149 | if ((msg->body->value.pkiconf = ASN1_TYPE_new()) == NULL) |
| 150 | goto err; |
| 151 | ASN1_TYPE_set(msg->body->value.pkiconf, V_ASN1_NULL, NULL); |
| 152 | return msg; |
| 153 | |
| 154 | case OSSL_CMP_PKIBODY_POLLREQ: |
| 155 | if ((msg->body->value.pollReq = sk_OSSL_CMP_POLLREQ_new_null()) == NULL) |
| 156 | goto err; |
| 157 | return msg; |
| 158 | case OSSL_CMP_PKIBODY_POLLREP: |
| 159 | if ((msg->body->value.pollRep = sk_OSSL_CMP_POLLREP_new_null()) == NULL) |
| 160 | goto err; |
| 161 | return msg; |
| 162 | |
| 163 | case OSSL_CMP_PKIBODY_GENM: |
| 164 | case OSSL_CMP_PKIBODY_GENP: |
| 165 | if ((msg->body->value.genm = sk_OSSL_CMP_ITAV_new_null()) == NULL) |
| 166 | goto err; |
| 167 | return msg; |
| 168 | |
| 169 | case OSSL_CMP_PKIBODY_ERROR: |
| 170 | if ((msg->body->value.error = OSSL_CMP_ERRORMSGCONTENT_new()) == NULL) |
| 171 | goto err; |
| 172 | return msg; |
| 173 | |
| 174 | default: |
| 175 | CMPerr(0, CMP_R_UNEXPECTED_PKIBODY); |
| 176 | goto err; |
| 177 | } |
| 178 | |
| 179 | err: |
| 180 | OSSL_CMP_MSG_free(msg); |
| 181 | return NULL; |
| 182 | } |
| 183 | |
| 184 | #define HAS_SAN(ctx) \ |
| 185 | (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ |
| 186 | || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) |
| 187 | |
| 188 | static X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, |
| 189 | int bodytype) |
| 190 | { |
| 191 | if (ctx->subjectName != NULL) |
| 192 | return ctx->subjectName; |
| 193 | |
| 194 | if (refcert != NULL |
| 195 | && (bodytype == OSSL_CMP_PKIBODY_KUR || !HAS_SAN(ctx))) |
| 196 | /* |
| 197 | * For KUR, copy subjectName from reference certificate. |
| 198 | * For IR or CR, do the same only if there is no subjectAltName. |
| 199 | */ |
| 200 | return X509_get_subject_name(refcert); |
| 201 | return NULL; |
| 202 | } |
| 203 | |
| 204 | /* |
| 205 | * Create CRMF certificate request message for IR/CR/KUR |
| 206 | * returns a pointer to the OSSL_CRMF_MSG on success, NULL on error |
| 207 | */ |
| 208 | static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, |
| 209 | int rid, EVP_PKEY *rkey) |
| 210 | { |
| 211 | OSSL_CRMF_MSG *crm = NULL; |
| 212 | X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->clCert; |
| 213 | /* refcert defaults to current client cert */ |
| 214 | STACK_OF(GENERAL_NAME) *default_sans = NULL; |
| 215 | X509_NAME *subject = determine_subj(ctx, refcert, bodytype); |
| 216 | int crit = ctx->setSubjectAltNameCritical || subject == NULL; |
| 217 | /* RFC5280: subjectAltName MUST be critical if subject is null */ |
| 218 | X509_EXTENSIONS *exts = NULL; |
| 219 | |
| 220 | if (rkey == NULL |
| 221 | || (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL)) { |
| 222 | CMPerr(0, CMP_R_INVALID_ARGS); |
| 223 | return NULL; |
| 224 | } |
| 225 | if ((crm = OSSL_CRMF_MSG_new()) == NULL) |
| 226 | return NULL; |
| 227 | if (!OSSL_CRMF_MSG_set_certReqId(crm, rid) |
| 228 | /* |
| 229 | * fill certTemplate, corresponding to CertificationRequestInfo |
| 230 | * of PKCS#10. The rkey param cannot be NULL so far - |
| 231 | * it could be NULL if centralized key creation was supported |
| 232 | */ |
| 233 | || !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey, |
| 234 | subject, ctx->issuer, |
| 235 | NULL/* serial */)) |
| 236 | goto err; |
| 237 | if (ctx->days != 0) { |
| 238 | time_t notBefore, notAfter; |
| 239 | |
| 240 | notBefore = time(NULL); |
| 241 | notAfter = notBefore + 60 * 60 * 24 * ctx->days; |
| 242 | if (!OSSL_CRMF_MSG_set_validity(crm, notBefore, notAfter)) |
| 243 | goto err; |
| 244 | } |
| 245 | |
| 246 | /* extensions */ |
| 247 | if (refcert != NULL && !ctx->SubjectAltName_nodefault) |
| 248 | default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), |
| 249 | NID_subject_alt_name, NULL, NULL); |
| 250 | /* exts are copied from ctx to allow reuse */ |
| 251 | if (ctx->reqExtensions != NULL) { |
| 252 | exts = sk_X509_EXTENSION_deep_copy(ctx->reqExtensions, |
| 253 | X509_EXTENSION_dup, |
| 254 | X509_EXTENSION_free); |
| 255 | if (exts == NULL) |
| 256 | goto err; |
| 257 | } |
| 258 | if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 |
| 259 | && !add1_extension(&exts, NID_subject_alt_name, |
| 260 | crit, ctx->subjectAltNames)) |
| 261 | goto err; |
| 262 | if (!HAS_SAN(ctx) && default_sans != NULL |
| 263 | && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) |
| 264 | goto err; |
| 265 | if (ctx->policies != NULL |
| 266 | && !add1_extension(&exts, NID_certificate_policies, |
| 267 | ctx->setPoliciesCritical, ctx->policies)) |
| 268 | goto err; |
| 269 | if (!OSSL_CRMF_MSG_set0_extensions(crm, exts)) |
| 270 | goto err; |
| 271 | exts = NULL; |
| 272 | /* end fill certTemplate, now set any controls */ |
| 273 | |
| 274 | /* for KUR, set OldCertId according to D.6 */ |
| 275 | if (bodytype == OSSL_CMP_PKIBODY_KUR) { |
| 276 | OSSL_CRMF_CERTID *cid = |
| 277 | OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert), |
| 278 | X509_get_serialNumber(refcert)); |
| 279 | int ret; |
| 280 | |
| 281 | if (cid == NULL) |
| 282 | goto err; |
| 283 | ret = OSSL_CRMF_MSG_set1_regCtrl_oldCertID(crm, cid); |
| 284 | OSSL_CRMF_CERTID_free(cid); |
| 285 | if (ret == 0) |
| 286 | goto err; |
| 287 | } |
| 288 | |
| 289 | goto end; |
| 290 | |
| 291 | err: |
| 292 | OSSL_CRMF_MSG_free(crm); |
| 293 | crm = NULL; |
| 294 | |
| 295 | end: |
| 296 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); |
| 297 | sk_GENERAL_NAME_pop_free(default_sans, GENERAL_NAME_free); |
| 298 | return crm; |
| 299 | } |
| 300 | |
| 301 | OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int type, int err_code) |
| 302 | { |
| 303 | EVP_PKEY *rkey; |
| 304 | EVP_PKEY *privkey; |
| 305 | OSSL_CMP_MSG *msg; |
| 306 | OSSL_CRMF_MSG *crm = NULL; |
| 307 | |
| 308 | if (!ossl_assert(ctx != NULL)) |
| 309 | return NULL; |
| 310 | |
| 311 | rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); |
| 312 | if (rkey == NULL) |
| 313 | return NULL; |
| 314 | privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); |
| 315 | |
| 316 | if (type != OSSL_CMP_PKIBODY_IR && type != OSSL_CMP_PKIBODY_CR |
| 317 | && type != OSSL_CMP_PKIBODY_KUR && type != OSSL_CMP_PKIBODY_P10CR) { |
| 318 | CMPerr(0, CMP_R_INVALID_ARGS); |
| 319 | return NULL; |
| 320 | } |
| 321 | |
| 322 | if ((msg = ossl_cmp_msg_create(ctx, type)) == NULL) |
| 323 | goto err; |
| 324 | |
| 325 | /* header */ |
| 326 | if (ctx->implicitConfirm && !ossl_cmp_hdr_set_implicitConfirm(msg->header)) |
| 327 | goto err; |
| 328 | |
| 329 | /* body */ |
| 330 | /* For P10CR the content has already been set in OSSL_CMP_MSG_create */ |
| 331 | if (type != OSSL_CMP_PKIBODY_P10CR) { |
| 332 | if (ctx->popoMethod == OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) { |
| 333 | CMPerr(0, CMP_R_MISSING_PRIVATE_KEY); |
| 334 | goto err; |
| 335 | } |
| 336 | if ((crm = crm_new(ctx, type, OSSL_CMP_CERTREQID, rkey)) == NULL |
| 337 | || !OSSL_CRMF_MSG_create_popo(crm, privkey, ctx->digest, |
| 338 | ctx->popoMethod) |
| 339 | /* value.ir is same for cr and kur */ |
| 340 | || !sk_OSSL_CRMF_MSG_push(msg->body->value.ir, crm)) |
| 341 | goto err; |
| 342 | crm = NULL; |
| 343 | /* TODO: here optional 2nd certreqmsg could be pushed to the stack */ |
| 344 | } |
| 345 | |
| 346 | if (!ossl_cmp_msg_protect(ctx, msg)) |
| 347 | goto err; |
| 348 | |
| 349 | return msg; |
| 350 | |
| 351 | err: |
| 352 | CMPerr(0, err_code); |
| 353 | OSSL_CRMF_MSG_free(crm); |
| 354 | OSSL_CMP_MSG_free(msg); |
| 355 | return NULL; |
| 356 | } |
| 357 | |
| 358 | OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype, |
| 359 | int certReqId, OSSL_CMP_PKISI *si, |
| 360 | X509 *cert, STACK_OF(X509) *chain, |
| 361 | STACK_OF(X509) *caPubs, int encrypted, |
| 362 | int unprotectedErrors) |
| 363 | { |
| 364 | OSSL_CMP_MSG *msg = NULL; |
| 365 | OSSL_CMP_CERTREPMESSAGE *repMsg = NULL; |
| 366 | OSSL_CMP_CERTRESPONSE *resp = NULL; |
| 367 | int status = -1; |
| 368 | |
| 369 | if (!ossl_assert(ctx != NULL && si != NULL)) |
| 370 | return NULL; |
| 371 | |
| 372 | if ((msg = ossl_cmp_msg_create(ctx, bodytype)) == NULL) |
| 373 | goto err; |
| 374 | repMsg = msg->body->value.ip; /* value.ip is same for cp and kup */ |
| 375 | |
| 376 | /* header */ |
| 377 | if (ctx->implicitConfirm && !ossl_cmp_hdr_set_implicitConfirm(msg->header)) |
| 378 | goto err; |
| 379 | |
| 380 | /* body */ |
| 381 | if ((resp = OSSL_CMP_CERTRESPONSE_new()) == NULL) |
| 382 | goto err; |
| 383 | OSSL_CMP_PKISI_free(resp->status); |
| 384 | if ((resp->status = OSSL_CMP_PKISI_dup(si)) == NULL |
| 385 | || !ASN1_INTEGER_set(resp->certReqId, certReqId)) |
| 386 | goto err; |
| 387 | |
| 388 | status = ossl_cmp_pkisi_get_pkistatus(resp->status); |
| 389 | if (status != OSSL_CMP_PKISTATUS_rejection |
| 390 | && status != OSSL_CMP_PKISTATUS_waiting && cert != NULL) { |
| 391 | if (encrypted) { |
| 392 | CMPerr(0, CMP_R_INVALID_ARGS); |
| 393 | goto err; |
| 394 | } |
| 395 | |
| 396 | if ((resp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) |
| 397 | == NULL) |
| 398 | goto err; |
| 399 | resp->certifiedKeyPair->certOrEncCert->type = |
| 400 | OSSL_CMP_CERTORENCCERT_CERTIFICATE; |
| 401 | if (!X509_up_ref(cert)) |
| 402 | goto err; |
| 403 | resp->certifiedKeyPair->certOrEncCert->value.certificate = cert; |
| 404 | } |
| 405 | |
| 406 | if (!sk_OSSL_CMP_CERTRESPONSE_push(repMsg->response, resp)) |
| 407 | goto err; |
| 408 | resp = NULL; |
| 409 | /* TODO: here optional 2nd certrep could be pushed to the stack */ |
| 410 | |
| 411 | if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL |
| 412 | && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL) |
| 413 | goto err; |
| 414 | if (chain != NULL |
| 415 | && !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0)) |
| 416 | goto err; |
| 417 | |
| 418 | if (!unprotectedErrors |
| 419 | || ossl_cmp_pkisi_get_pkistatus(si) != OSSL_CMP_PKISTATUS_rejection) |
| 420 | if (!ossl_cmp_msg_protect(ctx, msg)) |
| 421 | goto err; |
| 422 | |
| 423 | return msg; |
| 424 | |
| 425 | err: |
| 426 | CMPerr(0, CMP_R_ERROR_CREATING_CERTREP); |
| 427 | OSSL_CMP_CERTRESPONSE_free(resp); |
| 428 | OSSL_CMP_MSG_free(msg); |
| 429 | return NULL; |
| 430 | } |
| 431 | |
| 432 | OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) |
| 433 | { |
| 434 | OSSL_CMP_MSG *msg = NULL; |
| 435 | OSSL_CMP_REVDETAILS *rd; |
| 436 | |
| 437 | if (!ossl_assert(ctx != NULL && ctx->oldCert != NULL)) |
| 438 | return NULL; |
| 439 | |
| 440 | if ((rd = OSSL_CMP_REVDETAILS_new()) == NULL) |
| 441 | goto err; |
| 442 | |
| 443 | /* Fill the template from the contents of the certificate to be revoked */ |
| 444 | if (!OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, |
| 445 | NULL/* pubkey would be redundant */, |
| 446 | NULL/* subject would be redundant */, |
| 447 | X509_get_issuer_name(ctx->oldCert), |
| 448 | X509_get_serialNumber(ctx->oldCert))) |
| 449 | goto err; |
| 450 | |
| 451 | /* revocation reason code is optional */ |
| 452 | if (ctx->revocationReason != CRL_REASON_NONE |
| 453 | && !add_crl_reason_extension(&rd->crlEntryDetails, |
| 454 | ctx->revocationReason)) |
| 455 | goto err; |
| 456 | |
| 457 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_RR)) == NULL) |
| 458 | goto err; |
| 459 | |
| 460 | if (!sk_OSSL_CMP_REVDETAILS_push(msg->body->value.rr, rd)) |
| 461 | goto err; |
| 462 | rd = NULL; |
| 463 | |
| 464 | /* |
| 465 | * TODO: the Revocation Passphrase according to section 5.3.19.9 could be |
| 466 | * set here if set in ctx |
| 467 | */ |
| 468 | |
| 469 | if (!ossl_cmp_msg_protect(ctx, msg)) |
| 470 | goto err; |
| 471 | |
| 472 | return msg; |
| 473 | |
| 474 | err: |
| 475 | CMPerr(0, CMP_R_ERROR_CREATING_RR); |
| 476 | OSSL_CMP_MSG_free(msg); |
| 477 | OSSL_CMP_REVDETAILS_free(rd); |
| 478 | return NULL; |
| 479 | } |
| 480 | |
| 481 | OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si, |
| 482 | OSSL_CRMF_CERTID *cid, int unprot_err) |
| 483 | { |
| 484 | OSSL_CMP_REVREPCONTENT *rep = NULL; |
| 485 | OSSL_CMP_PKISI *si1 = NULL; |
| 486 | OSSL_CRMF_CERTID *cid_copy = NULL; |
| 487 | OSSL_CMP_MSG *msg = NULL; |
| 488 | |
| 489 | if (!ossl_assert(ctx != NULL && si != NULL && cid != NULL)) |
| 490 | return NULL; |
| 491 | |
| 492 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_RP)) == NULL) |
| 493 | goto err; |
| 494 | rep = msg->body->value.rp; |
| 495 | |
| 496 | if ((si1 = OSSL_CMP_PKISI_dup(si)) == NULL) |
| 497 | goto err; |
| 498 | |
| 499 | if (!sk_OSSL_CMP_PKISI_push(rep->status, si1)) { |
| 500 | OSSL_CMP_PKISI_free(si1); |
| 501 | goto err; |
| 502 | } |
| 503 | |
| 504 | if ((rep->revCerts = sk_OSSL_CRMF_CERTID_new_null()) == NULL) |
| 505 | goto err; |
| 506 | if ((cid_copy = OSSL_CRMF_CERTID_dup(cid)) == NULL) |
| 507 | goto err; |
| 508 | if (!sk_OSSL_CRMF_CERTID_push(rep->revCerts, cid_copy)) { |
| 509 | OSSL_CRMF_CERTID_free(cid_copy); |
| 510 | goto err; |
| 511 | } |
| 512 | |
| 513 | if (!unprot_err |
| 514 | || ossl_cmp_pkisi_get_pkistatus(si) != OSSL_CMP_PKISTATUS_rejection) |
| 515 | if (!ossl_cmp_msg_protect(ctx, msg)) |
| 516 | goto err; |
| 517 | |
| 518 | return msg; |
| 519 | |
| 520 | err: |
| 521 | CMPerr(0, CMP_R_ERROR_CREATING_RP); |
| 522 | OSSL_CMP_MSG_free(msg); |
| 523 | return NULL; |
| 524 | } |
| 525 | |
| 526 | OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx) |
| 527 | { |
| 528 | OSSL_CMP_MSG *msg; |
| 529 | |
| 530 | if (!ossl_assert(ctx != NULL)) |
| 531 | return NULL; |
| 532 | |
| 533 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_PKICONF)) == NULL) |
| 534 | goto err; |
| 535 | if (ossl_cmp_msg_protect(ctx, msg)) |
| 536 | return msg; |
| 537 | |
| 538 | err: |
| 539 | CMPerr(0, CMP_R_ERROR_CREATING_PKICONF); |
| 540 | OSSL_CMP_MSG_free(msg); |
| 541 | return NULL; |
| 542 | } |
| 543 | |
| 544 | int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav) |
| 545 | { |
| 546 | int bodytype; |
| 547 | |
| 548 | if (!ossl_assert(msg != NULL && itav != NULL)) |
| 549 | return 0; |
| 550 | |
| 551 | bodytype = ossl_cmp_msg_get_bodytype(msg); |
| 552 | if (bodytype != OSSL_CMP_PKIBODY_GENM |
| 553 | && bodytype != OSSL_CMP_PKIBODY_GENP) { |
| 554 | CMPerr(0, CMP_R_INVALID_ARGS); |
| 555 | return 0; |
| 556 | } |
| 557 | |
| 558 | /* value.genp has the same structure, so this works for genp as well */ |
| 559 | return OSSL_CMP_ITAV_push0_stack_item(&msg->body->value.genm, itav); |
| 560 | } |
| 561 | |
| 562 | int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, |
| 563 | STACK_OF(OSSL_CMP_ITAV) *itavs) |
| 564 | { |
| 565 | int i; |
| 566 | OSSL_CMP_ITAV *itav = NULL; |
| 567 | |
| 568 | if (!ossl_assert(msg != NULL)) |
| 569 | return 0; |
| 570 | |
| 571 | for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) { |
| 572 | if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs,i))) == NULL) |
| 573 | return 0; |
| 574 | if (!ossl_cmp_msg_gen_push0_ITAV(msg, itav)) { |
| 575 | OSSL_CMP_ITAV_free(itav); |
| 576 | return 0; |
| 577 | } |
| 578 | } |
| 579 | return 1; |
| 580 | } |
| 581 | |
| 582 | /* |
| 583 | * Creates a new General Message/Response with an empty itav stack |
| 584 | * returns a pointer to the PKIMessage on success, NULL on error |
| 585 | */ |
| 586 | static OSSL_CMP_MSG *gen_new(OSSL_CMP_CTX *ctx, int body_type, int err_code) |
| 587 | { |
| 588 | OSSL_CMP_MSG *msg = NULL; |
| 589 | |
| 590 | if (!ossl_assert(ctx != NULL)) |
| 591 | return NULL; |
| 592 | |
| 593 | if ((msg = ossl_cmp_msg_create(ctx, body_type)) == NULL) |
| 594 | return NULL; |
| 595 | |
| 596 | if (ctx->genm_ITAVs != NULL |
| 597 | && !ossl_cmp_msg_gen_push1_ITAVs(msg, ctx->genm_ITAVs)) |
| 598 | goto err; |
| 599 | |
| 600 | if (!ossl_cmp_msg_protect(ctx, msg)) |
| 601 | goto err; |
| 602 | |
| 603 | return msg; |
| 604 | |
| 605 | err: |
| 606 | CMPerr(0, err_code); |
| 607 | OSSL_CMP_MSG_free(msg); |
| 608 | return NULL; |
| 609 | } |
| 610 | |
| 611 | OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx) |
| 612 | { |
| 613 | return gen_new(ctx, OSSL_CMP_PKIBODY_GENM, CMP_R_ERROR_CREATING_GENM); |
| 614 | } |
| 615 | |
| 616 | OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx) |
| 617 | { |
| 618 | return gen_new(ctx, OSSL_CMP_PKIBODY_GENP, CMP_R_ERROR_CREATING_GENP); |
| 619 | } |
| 620 | |
| 621 | OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si, |
| 622 | int errorCode, |
| 623 | OSSL_CMP_PKIFREETEXT *errorDetails, |
| 624 | int unprotected) |
| 625 | { |
| 626 | OSSL_CMP_MSG *msg = NULL; |
| 627 | |
| 628 | if (!ossl_assert(ctx != NULL && si != NULL)) |
| 629 | return NULL; |
| 630 | |
| 631 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_ERROR)) == NULL) |
| 632 | goto err; |
| 633 | |
| 634 | OSSL_CMP_PKISI_free(msg->body->value.error->pKIStatusInfo); |
| 635 | if ((msg->body->value.error->pKIStatusInfo = OSSL_CMP_PKISI_dup(si)) |
| 636 | == NULL) |
| 637 | goto err; |
| 638 | if (errorCode >= 0) { |
| 639 | if ((msg->body->value.error->errorCode = ASN1_INTEGER_new()) == NULL) |
| 640 | goto err; |
| 641 | if (!ASN1_INTEGER_set(msg->body->value.error->errorCode, errorCode)) |
| 642 | goto err; |
| 643 | } |
| 644 | if (errorDetails != NULL) |
| 645 | if ((msg->body->value.error->errorDetails = |
| 646 | sk_ASN1_UTF8STRING_deep_copy(errorDetails, ASN1_STRING_dup, |
| 647 | ASN1_STRING_free)) == NULL) |
| 648 | goto err; |
| 649 | |
| 650 | if (!unprotected && !ossl_cmp_msg_protect(ctx, msg)) |
| 651 | goto err; |
| 652 | return msg; |
| 653 | |
| 654 | err: |
| 655 | CMPerr(0, CMP_R_ERROR_CREATING_ERROR); |
| 656 | OSSL_CMP_MSG_free(msg); |
| 657 | return NULL; |
| 658 | } |
| 659 | |
| 660 | /* |
| 661 | * OSSL_CMP_CERTSTATUS_set_certHash() calculates a hash of the certificate, |
| 662 | * using the same hash algorithm as is used to create and verify the |
| 663 | * certificate signature, and places the hash into the certHash field of a |
| 664 | * OSSL_CMP_CERTSTATUS structure. This is used in the certConf message, |
| 665 | * for example, to confirm that the certificate was received successfully. |
| 666 | */ |
| 667 | int ossl_cmp_certstatus_set_certHash(OSSL_CMP_CERTSTATUS *certStatus, |
| 668 | const X509 *cert) |
| 669 | { |
| 670 | unsigned int len; |
| 671 | unsigned char hash[EVP_MAX_MD_SIZE]; |
| 672 | int md_NID; |
| 673 | const EVP_MD *md = NULL; |
| 674 | |
| 675 | if (!ossl_assert(certStatus != NULL && cert != NULL)) |
| 676 | return 0; |
| 677 | |
| 678 | /*- |
| 679 | * select hash algorithm, as stated in Appendix F. Compilable ASN.1 defs: |
| 680 | * the hash of the certificate, using the same hash algorithm |
| 681 | * as is used to create and verify the certificate signature |
| 682 | */ |
| 683 | if (OBJ_find_sigid_algs(X509_get_signature_nid(cert), &md_NID, NULL) |
| 684 | && (md = EVP_get_digestbynid(md_NID)) != NULL) { |
| 685 | if (!X509_digest(cert, md, hash, &len)) |
| 686 | goto err; |
| 687 | if (!ossl_cmp_asn1_octet_string_set1_bytes(&certStatus->certHash, hash, |
| 688 | len)) |
| 689 | goto err; |
| 690 | } else { |
| 691 | CMPerr(0, CMP_R_UNSUPPORTED_ALGORITHM); |
| 692 | return 0; |
| 693 | } |
| 694 | |
| 695 | return 1; |
| 696 | err: |
| 697 | CMPerr(0, CMP_R_ERROR_SETTING_CERTHASH); |
| 698 | return 0; |
| 699 | } |
| 700 | |
| 701 | /* |
| 702 | * TODO: handle potential 2nd certificate when signing and encrypting |
| 703 | * certificates have been requested/received |
| 704 | */ |
| 705 | OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info, |
| 706 | const char *text) |
| 707 | { |
| 708 | OSSL_CMP_MSG *msg = NULL; |
| 709 | OSSL_CMP_CERTSTATUS *certStatus = NULL; |
| 710 | OSSL_CMP_PKISI *sinfo; |
| 711 | |
| 712 | if (!ossl_assert(ctx != NULL && ctx->newCert != NULL)) |
| 713 | return NULL; |
| 714 | |
| 715 | if ((unsigned)fail_info > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) { |
| 716 | CMPerr(0, CMP_R_FAIL_INFO_OUT_OF_RANGE); |
| 717 | return NULL; |
| 718 | } |
| 719 | |
| 720 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_CERTCONF)) == NULL) |
| 721 | goto err; |
| 722 | |
| 723 | if ((certStatus = OSSL_CMP_CERTSTATUS_new()) == NULL) |
| 724 | goto err; |
| 725 | /* consume certStatus into msg right away so it gets deallocated with msg */ |
| 726 | if (!sk_OSSL_CMP_CERTSTATUS_push(msg->body->value.certConf, certStatus)) |
| 727 | goto err; |
| 728 | /* set the ID of the certReq */ |
| 729 | if (!ASN1_INTEGER_set(certStatus->certReqId, OSSL_CMP_CERTREQID)) |
| 730 | goto err; |
| 731 | /* |
| 732 | * the hash of the certificate, using the same hash algorithm |
| 733 | * as is used to create and verify the certificate signature |
| 734 | */ |
| 735 | if (!ossl_cmp_certstatus_set_certHash(certStatus, ctx->newCert)) |
| 736 | goto err; |
| 737 | /* |
| 738 | * For any particular CertStatus, omission of the statusInfo field |
| 739 | * indicates ACCEPTANCE of the specified certificate. Alternatively, |
| 740 | * explicit status details (with respect to acceptance or rejection) MAY |
| 741 | * be provided in the statusInfo field, perhaps for auditing purposes at |
| 742 | * the CA/RA. |
| 743 | */ |
| 744 | sinfo = fail_info != 0 ? |
| 745 | ossl_cmp_statusinfo_new(OSSL_CMP_PKISTATUS_rejection, fail_info, text) : |
| 746 | ossl_cmp_statusinfo_new(OSSL_CMP_PKISTATUS_accepted, 0, text); |
| 747 | if (sinfo == NULL) |
| 748 | goto err; |
| 749 | certStatus->statusInfo = sinfo; |
| 750 | |
| 751 | if (!ossl_cmp_msg_protect(ctx, msg)) |
| 752 | goto err; |
| 753 | |
| 754 | return msg; |
| 755 | |
| 756 | err: |
| 757 | CMPerr(0, CMP_R_ERROR_CREATING_CERTCONF); |
| 758 | OSSL_CMP_MSG_free(msg); |
| 759 | return NULL; |
| 760 | } |
| 761 | |
| 762 | OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid) |
| 763 | { |
| 764 | OSSL_CMP_MSG *msg = NULL; |
| 765 | OSSL_CMP_POLLREQ *preq = NULL; |
| 766 | |
| 767 | if (!ossl_assert(ctx != NULL)) |
| 768 | return NULL; |
| 769 | |
| 770 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREQ)) == NULL) |
| 771 | goto err; |
| 772 | |
| 773 | /* TODO: support multiple cert request IDs to poll */ |
| 774 | if ((preq = OSSL_CMP_POLLREQ_new()) == NULL |
| 775 | || !ASN1_INTEGER_set(preq->certReqId, crid) |
| 776 | || !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq)) |
| 777 | goto err; |
| 778 | |
| 779 | preq = NULL; |
| 780 | if (!ossl_cmp_msg_protect(ctx, msg)) |
| 781 | goto err; |
| 782 | |
| 783 | return msg; |
| 784 | |
| 785 | err: |
| 786 | CMPerr(0, CMP_R_ERROR_CREATING_POLLREQ); |
| 787 | OSSL_CMP_POLLREQ_free(preq); |
| 788 | OSSL_CMP_MSG_free(msg); |
| 789 | return NULL; |
| 790 | } |
| 791 | |
| 792 | OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, |
| 793 | int64_t poll_after) |
| 794 | { |
| 795 | OSSL_CMP_MSG *msg; |
| 796 | OSSL_CMP_POLLREP *prep; |
| 797 | |
| 798 | if (!ossl_assert(ctx != NULL)) |
| 799 | return NULL; |
| 800 | |
| 801 | if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREP)) == NULL) |
| 802 | goto err; |
| 803 | if ((prep = OSSL_CMP_POLLREP_new()) == NULL) |
| 804 | goto err; |
| 805 | if (!sk_OSSL_CMP_POLLREP_push(msg->body->value.pollRep, prep)) |
| 806 | goto err; |
| 807 | if (!ASN1_INTEGER_set(prep->certReqId, crid)) |
| 808 | goto err; |
| 809 | if (!ASN1_INTEGER_set_int64(prep->checkAfter, poll_after)) |
| 810 | goto err; |
| 811 | |
| 812 | if (!ossl_cmp_msg_protect(ctx, msg)) |
| 813 | goto err; |
| 814 | return msg; |
| 815 | |
| 816 | err: |
| 817 | CMPerr(0, CMP_R_ERROR_CREATING_POLLREP); |
| 818 | OSSL_CMP_MSG_free(msg); |
| 819 | return NULL; |
| 820 | } |
| 821 | |
| 822 | /*- |
| 823 | * returns the status field of the RevRepContent with the given |
| 824 | * request/sequence id inside a revocation response. |
| 825 | * RevRepContent has the revocation statuses in same order as they were sent in |
| 826 | * RevReqContent. |
| 827 | * returns NULL on error |
| 828 | */ |
| 829 | OSSL_CMP_PKISI * |
| 830 | ossl_cmp_revrepcontent_get_pkistatusinfo(OSSL_CMP_REVREPCONTENT *rrep, int rsid) |
| 831 | { |
| 832 | OSSL_CMP_PKISI *status; |
| 833 | |
| 834 | if (!ossl_assert(rrep != NULL)) |
| 835 | return NULL; |
| 836 | |
| 837 | if ((status = sk_OSSL_CMP_PKISI_value(rrep->status, rsid)) != NULL) |
| 838 | return status; |
| 839 | |
| 840 | CMPerr(0, CMP_R_PKISTATUSINFO_NOT_FOUND); |
| 841 | return NULL; |
| 842 | } |
| 843 | |
| 844 | /* |
| 845 | * returns the CertId field in the revCerts part of the RevRepContent |
| 846 | * with the given request/sequence id inside a revocation response. |
| 847 | * RevRepContent has the CertIds in same order as they were sent in |
| 848 | * RevReqContent. |
| 849 | * returns NULL on error |
| 850 | */ |
| 851 | OSSL_CRMF_CERTID * |
| 852 | ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rrep, int rsid) |
| 853 | { |
| 854 | OSSL_CRMF_CERTID *cid = NULL; |
| 855 | |
| 856 | if (!ossl_assert(rrep != NULL)) |
| 857 | return NULL; |
| 858 | |
| 859 | if ((cid = sk_OSSL_CRMF_CERTID_value(rrep->revCerts, rsid)) != NULL) |
| 860 | return cid; |
| 861 | |
| 862 | CMPerr(0, CMP_R_CERTID_NOT_FOUND); |
| 863 | return NULL; |
| 864 | } |
| 865 | |
| 866 | static int suitable_rid(const ASN1_INTEGER *certReqId, int rid) |
| 867 | { |
| 868 | int trid; |
| 869 | |
| 870 | if (rid == -1) |
| 871 | return 1; |
| 872 | |
| 873 | trid = ossl_cmp_asn1_get_int(certReqId); |
| 874 | |
| 875 | if (trid == -1) { |
| 876 | CMPerr(0, CMP_R_BAD_REQUEST_ID); |
| 877 | return 0; |
| 878 | } |
| 879 | return rid == trid; |
| 880 | } |
| 881 | |
| 882 | static void add_expected_rid(int rid) |
| 883 | { |
| 884 | char str[DECIMAL_SIZE(rid) + 1]; |
| 885 | |
| 886 | BIO_snprintf(str, sizeof(str), "%d", rid); |
| 887 | ERR_add_error_data(2, "expected certReqId = ", str); |
| 888 | } |
| 889 | |
| 890 | /* |
| 891 | * returns a pointer to the PollResponse with the given CertReqId |
| 892 | * (or the first one in case -1) inside a PollRepContent |
| 893 | * returns NULL on error or if no suitable PollResponse available |
| 894 | */ |
| 895 | OSSL_CMP_POLLREP * |
| 896 | ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, |
| 897 | int rid) |
| 898 | { |
| 899 | OSSL_CMP_POLLREP *pollRep = NULL; |
| 900 | int i; |
| 901 | |
| 902 | if (!ossl_assert(prc != NULL)) |
| 903 | return NULL; |
| 904 | |
| 905 | for (i = 0; i < sk_OSSL_CMP_POLLREP_num(prc); i++) { |
| 906 | pollRep = sk_OSSL_CMP_POLLREP_value(prc, i); |
| 907 | if (suitable_rid(pollRep->certReqId, rid)) |
| 908 | return pollRep; |
| 909 | } |
| 910 | |
| 911 | CMPerr(0, CMP_R_CERTRESPONSE_NOT_FOUND); |
| 912 | add_expected_rid(rid); |
| 913 | return NULL; |
| 914 | } |
| 915 | |
| 916 | /* |
| 917 | * returns a pointer to the CertResponse with the given CertReqId |
| 918 | * (or the first one in case -1) inside a CertRepMessage |
| 919 | * returns NULL on error or if no suitable CertResponse available |
| 920 | */ |
| 921 | OSSL_CMP_CERTRESPONSE * |
| 922 | ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, |
| 923 | int rid) |
| 924 | { |
| 925 | OSSL_CMP_CERTRESPONSE *crep = NULL; |
| 926 | int i; |
| 927 | |
| 928 | if (!ossl_assert(crm != NULL && crm->response != NULL)) |
| 929 | return NULL; |
| 930 | |
| 931 | for (i = 0; i < sk_OSSL_CMP_CERTRESPONSE_num(crm->response); i++) { |
| 932 | crep = sk_OSSL_CMP_CERTRESPONSE_value(crm->response, i); |
| 933 | if (suitable_rid(crep->certReqId, rid)) |
| 934 | return crep; |
| 935 | } |
| 936 | |
| 937 | CMPerr(0, CMP_R_CERTRESPONSE_NOT_FOUND); |
| 938 | add_expected_rid(rid); |
| 939 | return NULL; |
| 940 | } |
| 941 | |
| 942 | /* |
| 943 | * CMP_CERTRESPONSE_get1_certificate() attempts to retrieve the returned |
| 944 | * certificate from the given certResponse B<crep>. |
| 945 | * Uses the privkey in case of indirect POP from B<ctx>. |
| 946 | * Returns a pointer to a copy of the found certificate, or NULL if not found. |
| 947 | */ |
| 948 | X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, |
| 949 | const OSSL_CMP_CERTRESPONSE *crep) |
| 950 | { |
| 951 | OSSL_CMP_CERTORENCCERT *coec; |
| 952 | X509 *crt = NULL; |
| 953 | |
| 954 | if (!ossl_assert(crep != NULL)) |
| 955 | return NULL; |
| 956 | |
| 957 | if (crep->certifiedKeyPair |
| 958 | && (coec = crep->certifiedKeyPair->certOrEncCert) != NULL) { |
| 959 | switch (coec->type) { |
| 960 | case OSSL_CMP_CERTORENCCERT_CERTIFICATE: |
| 961 | crt = X509_dup(coec->value.certificate); |
| 962 | break; |
| 963 | case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT: |
| 964 | /* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */ |
| 965 | if (privkey == NULL) { |
| 966 | CMPerr(0, CMP_R_MISSING_PRIVATE_KEY); |
| 967 | return NULL; |
| 968 | } |
| 969 | crt = |
| 970 | OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(coec->value.encryptedCert, |
| 971 | privkey); |
| 972 | break; |
| 973 | default: |
| 974 | CMPerr(0, CMP_R_UNKNOWN_CERT_TYPE); |
| 975 | return NULL; |
| 976 | } |
| 977 | } |
| 978 | if (crt == NULL) |
| 979 | CMPerr(0, CMP_R_CERTIFICATE_NOT_FOUND); |
| 980 | return crt; |
| 981 | } |
| 982 | |
| 983 | OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file) |
| 984 | { |
| 985 | OSSL_CMP_MSG *msg = NULL; |
| 986 | BIO *bio = NULL; |
| 987 | |
| 988 | if (!ossl_assert(file != NULL)) |
| 989 | return NULL; |
| 990 | |
| 991 | if ((bio = BIO_new_file(file, "rb")) == NULL) |
| 992 | return NULL; |
| 993 | msg = OSSL_d2i_CMP_MSG_bio(bio, NULL); |
| 994 | BIO_free(bio); |
| 995 | return msg; |
| 996 | } |
| 997 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.