From 819a78bcf896c9d7bff5adeddcac25294208fdd9 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 4 Aug 2023 21:45:07 +0200 Subject: [PATCH] crypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit --- crypto/cmp/cmp_msg.c | 31 +++++++++++++++++++++++++-- doc/man3/OSSL_CMP_MSG_get0_header.pod | 9 ++++++++ include/openssl/cmp.h.in | 1 + util/libcrypto.num | 1 + 4 files changed, 40 insertions(+), 2 deletions(-) diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index e00afc809e2b8a..1c41a41363444e 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -100,6 +100,34 @@ int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg) return msg->body->type; } +X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg) +{ + const OSSL_CRMF_MSGS *reqs; + const OSSL_CRMF_MSG *crm; + const OSSL_CRMF_CERTTEMPLATE *tmpl; + X509_PUBKEY *pubkey; + + switch (OSSL_CMP_MSG_get_bodytype(msg)) { + case OSSL_CMP_PKIBODY_IR: + case OSSL_CMP_PKIBODY_CR: + case OSSL_CMP_PKIBODY_KUR: + reqs = msg->body->value.ir; /* value.ir is same for cr and kur */ + if ((crm = sk_OSSL_CRMF_MSG_value(reqs, 0)) == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_CERTREQMSG_NOT_FOUND); + return NULL; + } + if ((tmpl = OSSL_CRMF_MSG_get0_tmpl(crm)) == NULL + || (pubkey = OSSL_CRMF_CERTTEMPLATE_get0_publicKey(tmpl)) == NULL) { + ERR_raise(ERR_LIB_CMP, CRMF_R_POPO_MISSING_PUBLIC_KEY); + return 0; + } + return pubkey; + default: + ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); + return NULL; + } +} + /* Add an extension to the referenced extension stack, which may be NULL */ static int add1_extension(X509_EXTENSIONS **pexts, int nid, int crit, void *ex) { @@ -542,8 +570,7 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) } else if (ctx->p10CSR != NULL) { pubkey = X509_REQ_get0_pubkey(ctx->p10CSR); subject = X509_REQ_get_subject_name(ctx->p10CSR); - } - else { + } else { goto err; } diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index b3175683c782f3..24ef3422ffede6 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -4,6 +4,7 @@ OSSL_CMP_MSG_get0_header, OSSL_CMP_MSG_get_bodytype, +OSSL_CMP_MSG_get0_certreq_publickey, OSSL_CMP_MSG_update_transactionID, OSSL_CMP_MSG_update_recipNonce, OSSL_CMP_CTX_setup_CRM, @@ -19,6 +20,7 @@ i2d_OSSL_CMP_MSG_bio OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); + X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); @@ -33,6 +35,9 @@ OSSL_CMP_MSG_get0_header() returns the header of the given CMP message. OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message. +OSSL_CMP_MSG_get0_certreq_publickey() expects that I is a certificate request +messsage and returns the public key in its certificate template if present. + OSSL_CMP_MSG_update_transactionID() updates the transactionID field in the header of the given message according to the CMP_CTX. If I does not contain a transaction ID, a fresh one is created before. @@ -118,6 +123,8 @@ or NULL if the respective entry does not exist and on error. OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error. +OSSL_CMP_MSG_get0_certreq_publickey() returns a public key or NULL on error. + OSSL_CMP_CTX_setup_CRM() returns a pointer to a B on success, NULL on error. @@ -146,6 +153,8 @@ The OpenSSL CMP support was added in OpenSSL 3.0. OSSL_CMP_MSG_update_recipNonce() was added in OpenSSL 3.0.9. +OSSL_CMP_MSG_get0_certreq_publickey() was added in OpenSSL 3.2. + =head1 COPYRIGHT Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index e6af016c7fe4d7..6e11405bf889b1 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -406,6 +406,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); +X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); diff --git a/util/libcrypto.num b/util/libcrypto.num index 6af1fe1707b9a3..3501191bca21c7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5459,6 +5459,7 @@ OSSL_CMP_CTX_reset_geninfo_ITAVs ? 3_0_8 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get0_validatedSrvCert ? 3_2_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_serialNumber ? 3_2_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_update_recipNonce ? 3_0_9 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_get0_certreq_publickey ? 3_2_0 EXIST::FUNCTION:CMP OSSL_CRMF_CERTTEMPLATE_get0_publicKey ? 3_2_0 EXIST::FUNCTION:CRMF CMS_final_digest ? 3_2_0 EXIST::FUNCTION:CMS CMS_EnvelopedData_it ? 3_2_0 EXIST::FUNCTION:CMS