From 83625607f8023f13f1890af5e54e5c367088ba64 Mon Sep 17 00:00:00 2001 From: Rajeev Ranjan Date: Tue, 11 Jun 2024 00:00:56 +0200 Subject: [PATCH] WIP --- crypto/cmp/cmp_local.h | 2 + crypto/cmp/cmp_msg.c | 55 ++++++-- crypto/cmp/cmp_server.c | 6 +- crypto/cms/cms_asn1.c | 12 ++ crypto/cms/cms_env.c | 11 +- crypto/cms/cms_local.h | 34 ++++- crypto/crmf/crmf_err.c | 1 + crypto/crmf/crmf_lib.c | 45 +++++-- crypto/err/openssl.txt | 1 + crypto/objects/obj_dat.h | 22 ++- crypto/objects/obj_mac.num | 2 + crypto/objects/obj_xref.h | 2 +- crypto/objects/objects.txt | 3 + fuzz/oids.txt | 4 +- include/crypto/crmferr.h | 2 +- include/openssl/cms.h.in | 3 +- include/openssl/crmf.h.in | 4 + include/openssl/crmferr.h | 1 + include/openssl/obj_mac.h | 10 +- .../80-test_cmp_http_data/Mock/kem.crt | 62 +++------ .../80-test_cmp_http_data/Mock/kem.key | 126 ++++-------------- .../80-test_cmp_http_data/Mock/test.cnf | 4 +- util/libcrypto.num | 89 +++++++++++++ 23 files changed, 317 insertions(+), 184 deletions(-) diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 7bfe4e3efcc7bd..2574b8e93dd22c 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -998,6 +998,8 @@ int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, const OSSL_CRMF_MSG *crm); +OSSL_CMP_CERTIFIEDKEYPAIR *ossl_cmp_Enccert_init(X509* cert, + const X509* encryption_recip); OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, int certReqId, const OSSL_CMP_PKISI *si, X509 *cert, const X509 *encryption_recip, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 659c1774ec5174..379f346ab65cb6 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -19,6 +19,7 @@ #include #include #include +#include OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq) { @@ -449,6 +450,37 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type, return NULL; } +OSSL_CMP_CERTIFIEDKEYPAIR *ossl_cmp_Enccert_init(X509 *cert, const X509 *encryption_recip) +{ + OSSL_CMP_CERTIFIEDKEYPAIR *certifiedKeyPair = NULL; + CMS_EnvelopedData *env = NULL; + CMS_ContentInfo *cms; + EVP_CIPHER *cipher; + OSSL_CRMF_ENCRYPTEDKEY *encKey = NULL; + + if ((certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) == NULL) + goto err; + + if ((cipher = EVP_CIPHER_fetch(NULL, "aes-256-cbc", NULL)) == NULL) + goto err; + + cms = CMS_EnvelopedData_create(cipher); + env = OSSL_CMS_get0_enveloped(cms); + if ((encKey = + OSSL_CRMF_ENCRYPTEDKEY_init_envdata(env)) + == NULL) + goto err; + + certifiedKeyPair->certOrEncCert->type = OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT; + certifiedKeyPair->certOrEncCert->value.encryptedCert = encKey; + return certifiedKeyPair; + + err: + OSSL_CMP_CERTIFIEDKEYPAIR_free(certifiedKeyPair); + EVP_CIPHER_free(cipher); + return NULL; +} + OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, int certReqId, const OSSL_CMP_PKISI *si, X509 *cert, const X509 *encryption_recip, @@ -483,18 +515,19 @@ OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, if (status != OSSL_CMP_PKISTATUS_rejection && status != OSSL_CMP_PKISTATUS_waiting && cert != NULL) { if (encryption_recip != NULL) { - ERR_raise(ERR_LIB_CMP, ERR_R_UNSUPPORTED); - goto err; + if ((resp->certifiedKeyPair + = ossl_cmp_Enccert_init(cert, encryption_recip)) == NULL) + goto err; + } else { + if ((resp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) + == NULL) + goto err; + resp->certifiedKeyPair->certOrEncCert->type = + OSSL_CMP_CERTORENCCERT_CERTIFICATE; + if (!X509_up_ref(cert)) + goto err; + resp->certifiedKeyPair->certOrEncCert->value.certificate = cert; } - - if ((resp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) - == NULL) - goto err; - resp->certifiedKeyPair->certOrEncCert->type = - OSSL_CMP_CERTORENCCERT_CERTIFICATE; - if (!X509_up_ref(cert)) - goto err; - resp->certifiedKeyPair->certOrEncCert->value.certificate = cert; } if (!sk_OSSL_CMP_CERTRESPONSE_push(repMsg->response, resp)) diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index a002faa8c27319..df5a117adf7f0c 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -217,6 +217,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, OSSL_CMP_MSG *msg = NULL; OSSL_CMP_PKISI *si = NULL; X509 *certOut = NULL; + X509 *encryption_recip = NULL; STACK_OF(X509) *chainOut = NULL, *caPubs = NULL; const OSSL_CRMF_MSG *crm = NULL; const X509_REQ *p10cr = NULL; @@ -309,8 +310,11 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, goto err; } + if (OSSL_CRMF_MSG_certreq_encrcert_popo(crm)) + encryption_recip = certOut; /* for indirect POP */ + msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si, - certOut, NULL /* enc */, chainOut, caPubs, + certOut, encryption_recip /* enc */, chainOut, caPubs, srv_ctx->sendUnprotectedErrors); /* When supporting OSSL_CRMF_POPO_KEYENC, "enc" will need to be set */ if (msg == NULL) diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index bc6b2769f98cdf..a4fe9a66d07198 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -195,6 +195,18 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) } static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) +ASN1_SEQUENCE(CMS_KEMRecipientInfo) = { + ASN1_EMBED(CMS_KEMRecipientInfo, version, INT32), + ASN1_SIMPLE(CMS_KEMRecipientInfo, rid, CMS_SignerIdentifier), + ASN1_SIMPLE(CMS_KEMRecipientInfo, kem, X509_ALGOR), + ASN1_SIMPLE(CMS_KEMRecipientInfo, kemct, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMS_KEMRecipientInfo, kdf, X509_ALGOR), + ASN1_SIMPLE(CMS_KEMRecipientInfo, kekLength, ASN1_INTEGER), + ASN1_EXP_OPT(CMS_KEMRecipientInfo, ukm, ASN1_OCTET_STRING, 0), + ASN1_SIMPLE(CMS_KEMRecipientInfo, wrap, X509_ALGOR), + ASN1_SIMPLE(CMS_KEMRecipientInfo, encryptedKey, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMS_KEMRecipientInfo) + /* Free up RecipientInfo additional data */ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index b877e106199aee..72b8449695a4b1 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -60,7 +60,7 @@ void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf) } } -CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms) +CMS_EnvelopedData *OSSL_CMS_get0_enveloped(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); @@ -93,7 +93,7 @@ static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); return cms->d.envelopedData; } - return ossl_cms_get0_enveloped(cms); + return OSSL_CMS_get0_enveloped(cms); } static CMS_AuthEnvelopedData * @@ -426,6 +426,9 @@ CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, goto err; break; + case CMS_RECIPINFO_OTHER_KEM: + break; + default: ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; @@ -1264,7 +1267,7 @@ int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) EVP_CIPHER_CTX *ctx = NULL; BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER); - env = ossl_cms_get0_enveloped(cms); + env = OSSL_CMS_get0_enveloped(cms); if (env == NULL) return 0; @@ -1350,7 +1353,7 @@ int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk) else if (EVP_PKEY_is_a(pk, "EC")) return CMS_RECIPINFO_AGREE; else if (EVP_PKEY_is_a(pk, "RSA")) - return CMS_RECIPINFO_TRANS; + return CMS_RECIPINFO_OTHER_KEM; /* for testing RSA KEM */ /* * Otherwise this might ben an engine implementation, so see if we can get diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h index 7069021267defa..899e6d24d9226f 100644 --- a/crypto/cms/cms_local.h +++ b/crypto/cms/cms_local.h @@ -41,6 +41,7 @@ typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; +typedef struct CMS_KEMRecipientInfo_st CMS_KEMRecipientInfo; typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; typedef struct CMS_CTX_st CMS_CTX; @@ -241,6 +242,36 @@ struct CMS_PasswordRecipientInfo_st { const CMS_CTX *cms_ctx; }; +/* + KEMRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 + rid RecipientIdentifier, + kem KEMAlgorithmIdentifier, + kemct OCTET STRING, + kdf KeyDerivationAlgorithmIdentifier, + kekLength INTEGER (1..65535), + ukm [0] EXPLICIT UserKeyingMaterial OPTIONAL, + wrap KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey } +*/ +struct CMS_KEMRecipientInfo_st { + int32_t version; + CMS_RecipientIdentifier *rid; + X509_ALGOR *kem; + ASN1_OCTET_STRING *kemct; + X509_ALGOR *kdf; + ASN1_INTEGER *kekLength; + ASN1_OCTET_STRING *ukm; + X509_ALGOR *wrap; + ASN1_OCTET_STRING *encryptedKey; + /* Recipient Key and cert */ + X509 *recip; + EVP_PKEY *pkey; + /* Public key context for this operation */ + EVP_PKEY_CTX *pctx; + const CMS_CTX *cms_ctx; +}; + struct CMS_OtherRecipientInfo_st { ASN1_OBJECT *oriType; ASN1_TYPE *oriValue; @@ -448,7 +479,7 @@ int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain); BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms); int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio); void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf); -CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms); +/* CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms); */ CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms); CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms); @@ -493,6 +524,7 @@ DECLARE_ASN1_ITEM(CMS_AuthEnvelopedData) DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) +DECLARE_ASN1_ITEM(CMS_KEMRecipientInfo) DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) DECLARE_ASN1_ITEM(CMS_Receipt) diff --git a/crypto/crmf/crmf_err.c b/crypto/crmf/crmf_err.c index 48543cb41a7029..86cbc8f594c7a6 100644 --- a/crypto/crmf/crmf_err.c +++ b/crypto/crmf/crmf_err.c @@ -19,6 +19,7 @@ static const ERR_STRING_DATA CRMF_str_reasons[] = { {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_BAD_PBM_ITERATIONCOUNT), "bad pbm iterationcount"}, + {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_CMS_NOT_SUPPORTED), "cms not supported"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_CRMFERROR), "crmferror"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR), "error"}, {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECODING_CERTIFICATE), diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 37dc0cc939ce49..1d873d9fb8b930 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -457,6 +457,28 @@ int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, return 0; } +int OSSL_CRMF_MSG_certreq_encrcert_popo(const OSSL_CRMF_MSG *req) +{ + OSSL_CRMF_POPOPRIVKEY *keyEnc; + + if (req == NULL || req->popo == NULL) { + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); + return 0; + } + + keyEnc = req->popo->value.keyEncipherment; + if (keyEnc == NULL) { + ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_KEYENCIPHERMENT); + return 0; + } + if( keyEnc->type == OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE + && keyEnc->value.subsequentMessage != NULL + && ASN1_INTEGER_get(keyEnc->value.subsequentMessage) + == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT) + return 1; + return 0; +} + /* verifies the Proof-of-Possession of the request with the given rid in reqs */ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, int rid, int acceptRAVerified, @@ -528,23 +550,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, return 0; break; case OSSL_CRMF_POPO_KEYENC: - { /* * When OSSL_CMP_certrep_new() supports encrypted certs, * should return 1 if the type of req->popo->value.keyEncipherment * is OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE and * its value.subsequentMessage == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT */ - OSSL_CRMF_POPOPRIVKEY *keyEnc = req->popo->value.keyEncipherment; - if (keyEnc == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_KEYENCIPHERMENT); - return 0; - } - if( keyEnc->type == OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE - && keyEnc->value.subsequentMessage != NULL - && ASN1_INTEGER_get(keyEnc->value.subsequentMessage) == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT) + if (OSSL_CRMF_MSG_certreq_encrcert_popo(req)) return 1; - } /* fall through */ case OSSL_CRMF_POPO_KEYAGREE: default: @@ -760,4 +773,16 @@ X509 ERR_raise(ERR_LIB_CRMF, CRMF_R_CMS_NOT_SUPPORTED); return NULL; #endif /* OPENSSL_NO_CMS */ +} + +OSSL_CRMF_ENCRYPTEDKEY +*OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata) +{ + OSSL_CRMF_ENCRYPTEDKEY *ek = OSSL_CRMF_ENCRYPTEDKEY_new(); + if (ek == NULL) + return NULL; + + ek->type = OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA; + ek->value.envelopedData = envdata; + return ek; } \ No newline at end of file diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a432d789ee2440..d6fc0d72e4eae0 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -441,6 +441,7 @@ CONF_R_UNKNOWN_MODULE_NAME:113:unknown module name CONF_R_VARIABLE_EXPANSION_TOO_LONG:116:variable expansion too long CONF_R_VARIABLE_HAS_NO_VALUE:104:variable has no value CRMF_R_BAD_PBM_ITERATIONCOUNT:100:bad pbm iterationcount +CRMF_R_CMS_NOT_SUPPORTED:123:cms not supported CRMF_R_CRMFERROR:102:crmferror CRMF_R_ERROR:103:error CRMF_R_ERROR_DECODING_CERTIFICATE:104:error decoding certificate diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 78e690aa59e0b9..1247b8b9e83fa0 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[8518] = { +static const unsigned char so[8539] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1187,9 +1187,11 @@ static const unsigned char so[8518] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x1C, /* [ 8492] OBJ_hkdfWithSHA256 */ 0x28,0x81,0x8C,0x71,0x02,0x02,0x04, /* [ 8503] OBJ_id_kem_rsa */ 0x28,0x81,0x8C,0x71,0x02,0x05,0x02, /* [ 8510] OBJ_id_kdf_kdf2 */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x0D, /* [ 8517] OBJ_id_smime_ori */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x0D,0x03, /* [ 8527] OBJ_id_smime_ori_kem */ }; -#define NUM_NID 1325 +#define NUM_NID 1327 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2516,9 +2518,11 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"hkdfWithSHA256", "HKDF with SHA256", NID_hkdfWithSHA256, 11, &so[8492]}, {"id-kem-rsa", "id-kem-rsa", NID_id_kem_rsa, 7, &so[8503]}, {"id-kdf-kdf2", "id-kdf-kdf2", NID_id_kdf_kdf2, 7, &so[8510]}, + {"id-smime-ori", "id-smime-ori", NID_id_smime_ori, 10, &so[8517]}, + {"id-smime-ori-kem", "id-smime-ori-kem", NID_id_smime_ori_kem, 11, &so[8527]}, }; -#define NUM_SN 1316 +#define NUM_SN 1318 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -3362,6 +3366,8 @@ static const unsigned int sn_objs[NUM_SN] = { 201, /* "id-smime-mod-ets-eSignature-97" */ 199, /* "id-smime-mod-msg-v3" */ 198, /* "id-smime-mod-oid" */ + 1325, /* "id-smime-ori" */ + 1326, /* "id-smime-ori-kem" */ 194, /* "id-smime-spq" */ 250, /* "id-smime-spq-ets-sqt-unotice" */ 249, /* "id-smime-spq-ets-sqt-uri" */ @@ -3838,7 +3844,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1289, /* "zstd" */ }; -#define NUM_LN 1316 +#define NUM_LN 1318 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -4682,6 +4688,8 @@ static const unsigned int ln_objs[NUM_LN] = { 201, /* "id-smime-mod-ets-eSignature-97" */ 199, /* "id-smime-mod-msg-v3" */ 198, /* "id-smime-mod-oid" */ + 1325, /* "id-smime-ori" */ + 1326, /* "id-smime-ori-kem" */ 194, /* "id-smime-spq" */ 250, /* "id-smime-spq-ets-sqt-unotice" */ 249, /* "id-smime-spq-ets-sqt-uri" */ @@ -5158,7 +5166,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1182 +#define NUM_OBJ 1184 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -6203,6 +6211,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ 194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ 195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ + 1325, /* OBJ_id_smime_ori 1 2 840 113549 1 9 16 13 */ 158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ 159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ 160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ @@ -6318,6 +6327,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ 255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ 256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ + 1326, /* OBJ_id_smime_ori_kem 1 2 840 113549 1 9 16 13 3 */ 150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ 151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ 152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 36d45cb5e68bc9..47b63545d66220 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1322,3 +1322,5 @@ id_KemBasedMac 1321 hkdfWithSHA256 1322 id_kem_rsa 1323 id_kdf_kdf2 1324 +id_smime_ori 1325 +id_smime_ori_kem 1326 diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 913606f1754d46..01339d9da088d1 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index fccd47767ee8a3..93d56d16196d59 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -257,6 +257,7 @@ SMIME 3 : id-smime-alg SMIME 4 : id-smime-cd SMIME 5 : id-smime-spq SMIME 6 : id-smime-cti +SMIME 13 : id-smime-ori # S/MIME Modules id-smime-mod 1 : id-smime-mod-cms @@ -357,6 +358,8 @@ id-smime-cti 4 : id-smime-cti-ets-proofOfSender id-smime-cti 5 : id-smime-cti-ets-proofOfApproval id-smime-cti 6 : id-smime-cti-ets-proofOfCreation +id-smime-ori 3 : id-smime-ori-kem + pkcs9 20 : : friendlyName pkcs9 21 : : localKeyID !Alias ms-corp 1 3 6 1 4 1 311 diff --git a/fuzz/oids.txt b/fuzz/oids.txt index 9e01c6b66f2a1f..125c878ca1985e 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1,7 +1,7 @@ # WARNING: do not edit! # Generated by fuzz/mkfuzzoids.pl # -# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1183,3 +1183,5 @@ OBJ_id_KemBasedMac="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x10" OBJ_hkdfWithSHA256="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x1C" OBJ_id_kem_rsa="\x28\x81\x8C\x71\x02\x02\x04" OBJ_id_kdf_kdf2="\x28\x81\x8C\x71\x02\x05\x02" +OBJ_id_smime_ori="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x0D" +OBJ_id_smime_ori_kem="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x0D\x03" diff --git a/include/crypto/crmferr.h b/include/crypto/crmferr.h index f1a27e04993b60..89f80eee6b1545 100644 --- a/include/crypto/crmferr.h +++ b/include/crypto/crmferr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/cms.h.in b/include/openssl/cms.h.in index 239667700aacd2..a46f00df090d33 100644 --- a/include/openssl/cms.h.in +++ b/include/openssl/cms.h.in @@ -68,6 +68,7 @@ CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq) # define CMS_RECIPINFO_KEK 2 # define CMS_RECIPINFO_PASS 3 # define CMS_RECIPINFO_OTHER 4 +# define CMS_RECIPINFO_OTHER_KEM 5 /* S/MIME related flags */ @@ -209,7 +210,7 @@ BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, EVP_PKEY *pkey, X509 *cert, ASN1_OCTET_STRING *secret, unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); - +CMS_EnvelopedData *OSSL_CMS_get0_enveloped(CMS_ContentInfo *cms); CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags); CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, diff --git a/include/openssl/crmf.h.in b/include/openssl/crmf.h.in index 34b1d05277715f..0d131fa6a6eeb5 100644 --- a/include/openssl/crmf.h.in +++ b/include/openssl/crmf.h.in @@ -27,6 +27,7 @@ use OpenSSL::stackhash qw(generate_stack_macros); # include # include # include /* for GENERAL_NAME etc. */ +# include /* explicit #includes not strictly needed since implied by the above: */ # include @@ -151,6 +152,7 @@ int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, EVP_PKEY *pkey, const EVP_MD *digest, OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_CRMF_MSG_certreq_encrcert_popo(const OSSL_CRMF_MSG *req); int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, int rid, int acceptRAVerified, OSSL_LIB_CTX *libctx, const char *propq); @@ -182,6 +184,8 @@ X509 *OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY *ecert, OSSL_LIB_CTX *libctx, const char *propq, EVP_PKEY *pkey, unsigned int flags); +OSSL_CRMF_ENCRYPTEDKEY +*OSSL_CRMF_ENCRYPTEDKEY_init_envdata( CMS_EnvelopedData *envdata); # ifdef __cplusplus } diff --git a/include/openssl/crmferr.h b/include/openssl/crmferr.h index 410dec5b609a8d..2b3f7ce0baa666 100644 --- a/include/openssl/crmferr.h +++ b/include/openssl/crmferr.h @@ -24,6 +24,7 @@ * CRMF reason codes. */ # define CRMF_R_BAD_PBM_ITERATIONCOUNT 100 +# define CRMF_R_CMS_NOT_SUPPORTED 123 # define CRMF_R_CRMFERROR 102 # define CRMF_R_ERROR 103 # define CRMF_R_ERROR_DECODING_CERTIFICATE 104 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 27ee80f7c53724..bb6e59772e5d06 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -791,6 +791,10 @@ #define NID_id_smime_cti 195 #define OBJ_id_smime_cti OBJ_SMIME,6L +#define SN_id_smime_ori "id-smime-ori" +#define NID_id_smime_ori 1325 +#define OBJ_id_smime_ori OBJ_SMIME,13L + #define SN_id_smime_mod_cms "id-smime-mod-cms" #define NID_id_smime_mod_cms 196 #define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L @@ -1107,6 +1111,10 @@ #define NID_id_smime_cti_ets_proofOfCreation 256 #define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L +#define SN_id_smime_ori_kem "id-smime-ori-kem" +#define NID_id_smime_ori_kem 1326 +#define OBJ_id_smime_ori_kem OBJ_id_smime_ori,3L + #define LN_friendlyName "friendlyName" #define NID_friendlyName 156 #define OBJ_friendlyName OBJ_pkcs9,20L diff --git a/test/recipes/80-test_cmp_http_data/Mock/kem.crt b/test/recipes/80-test_cmp_http_data/Mock/kem.crt index 3af72d02f46bf1..682e062f138093 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/kem.crt +++ b/test/recipes/80-test_cmp_http_data/Mock/kem.crt @@ -1,48 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIIbTCCB1WgAwIBAgIUenD0adt4paVWXXt99SFndc81IlgwDQYJKoZIhvcNAQEL +MIIDkjCCAnqgAwIBAgIUCIoReKKPB6Yh4B0HEeykhscAQ68wDQYJKoZIhvcNAQEL BQAwWjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMKc3ViaW50ZXJDQTAe -Fw0yNDAxMTAxMjIwMjBaFw0yNDAyMDkxMjIwMjBaMBMxETAPBgNVBAMMCEtFTV9D -RVJUMIIGNDANBgsrBgEEAYGwGgUGAwOCBiEAgnCeD2wSfUcRVHJyW3a7EkiGw3dj -IRhld6QbJOE02BYn5zyqIBWsKgYo4vVIafwA45lujTjCTQFSkLy7z3panly5u4qw -J6zINNOb5/PEuDtk07l/65OAAYW8erGwPrazaGxnwCEVIRCK5WW7tFUSoTMQ9Zef -fcNnVTVl1RIMSXvB9eIVv8J2eMN7VNrKnPcliUAALrC6lVeWMGOa1Bghs3VB1NXM -+iGKHFlqeoZ153CLNvSuqyaIGYRNv2p9q4bKKuGL97u6DbtBdFFKpCTGiqKTahcB -aRFjGBAb61S3Riun7ssgqSEv/zKGEFbOuBBaxQnGqWTBWJt9OoYg06xgSqWmE7in -JmZLdaGxCLg26rdnCCwz5lB25aCD0WBxHFIX+7d4/BXN9wmdW9aaBBpZHjnBDAcu -+AwN5suYpMScVtldFTlHLqoRzlIWEjVVAePIHBwBkQM2COYn4BSdIksLa/gtWqI8 -IjhCDxOJ/eVwPBim7Qcpnjeerjd19+arcYFuE/tresctWrVob5XFDqCFPesmTMpF -fWxpZ+CU3pqSf1ZsnmVxyKuCvbAohSxCDWCgpGygP8RQ7ySpAfRAYpUsGquS4zVK -CJKicqWjZKCOqGNCp6Ut2gKbx6w60vKsqIJL0QGklUzJxkM1cJx7kiCuXoOqlrrO -kbqAtDdVJco40eXFf1U3Dho1MrzNvTeDVLkc8mBRUMw6wXbHIqyvuAzKlrRZhPO5 -jfOrqyTI/HqzPjYbl6h11ytu28hda9wRRbLEFBgmqawWUFUXGQZCQBsX11KTpKG1 -V1Jj30YCmSJmSBZKaqK8bUVFHEkoBEuaXxCpxqJocxEtSXGuhPUJl7Y4B+NVtoN9 -UFKZQqgqQIEgYvALjGKHyKFw5ty4C1eF0/dm6Tg47Og2lpEz3IyRrNswWEWAyveh -4PXO24AIxjiJdGWjz+CZsHDOEdoouDINc3QKxvBxHQozvmQwlmC20JnIZ3OXBDIk -i3DNg+lJ/OZ6QYs4buhzHBiqRqgMSMKuJ5K1qfKN21m+RuOGAJY8LKWPpJYK9Ve8 -jToszoi3k8WpRqRHhKcTOdKcdGVXnBxcFeCfrQHQpdmG8Dme8yGpFfErV9e3mjEV -CTgx1buQLSS0bfQZeMOnGrkUkcWAl1YdO1k0NZWre5t/vzCoyrKK4fYdiEVWbGuJ -a+yEYowCC5Eiz1EhKayzMhND0roHqyeAFtIf07wezcoqYRLOPWYArlDHDFmYgCw+ -LdVvgSKZ8GpvVlVYmzh8V0Yj/0CSzlex+EMGqmKNOVd+uUF5KFvBSDZgcSZzrVgN -SKlmskNrVTlR5jRJ9IcqpUIYaDq6AgR5GGOTLqFfIHbFMxglTfBXTptzunNqTUsQ -8BqDuhCHgqmgH5uPPUHLRBtNaHUh7Gkk/1QrHeEL/TUucOx1U8l/aYEr3FhYkKZU -exYSXrrLItOylKyxW6BOESeSUaq3ofp6KcuBS2oCdJVqoYGlZyCbssqYWiqKshWS -B6Ua15FgPchlJ8iyNxqK9hlASBkMsKvDntPCpmuFK/R0QycNlMR/m2dnIHdESQiu -N5mJQhoL/kusDcGGtVuV56axRbXEw6ACoShY/lBReIJzurO1sUqLAoO3bWrGOvqJ -hnQGsgBSUZs0jqA73NHJzrd9bvlI3TOYdEgzdqZVabnKPzR8qTuxDglnFBiQiJmO -4jefp+fB3XALNJh379OTH0Wngppt15SxOAEk+guTPDEy4pNUxFW9IrzFWiKZmVdb -+tQdVXBb4lSGxugP3fUyKjEaEnCy6tbHCopcPsi126RK4QnKmqlwaSHHyvyYTQgD -/2pnf2IpPJFB3IS0Bcm5TQE3PfcLSkPOopF17DrGoWmW/SiTT2dJbOky7pgHA9xX -VEF2NCtMWMgJ4PmC8ci58hFJyLmmNZBSy9LC/NSs9JYHAYJ0HmGpUoSBV8E7OHB3 -ZACsxwMkwzYxfjtmpiyvUSlAgdjOXGcamLhsMaxbk4MDC0xSZzRLQ3i6emOPt6NY -7JMq6jhb6Uu/k2COZleIUsQ6G0rBQSeJECVW3vdWHxK6zsDsbCzn8yj5gwOPEHNv -aIB6gLtYUaoe7bGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgUgMB0G -A1UdDgQWBBTIXhEhWdEMkDP+XTfpHgk5OT4PEzAfBgNVHSMEGDAWgBTpZ30QdMGa -rrhMPwk+HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAwOJPi4A9GoKmo3oOSRkQ -clW+16bFPPpmyi5cmdxDgG1fJPRAj25dk7qGIY2dMIZIOJBNuQz4D/VboIx53dqG -b6jJ2G1fsXbOqrcsn5AngHJOr4zHuEO1q3737MQ8wIBRX15cPyLPBiAFEqmR902N -STvD/XbAJmuIqRAOZKa1iyS6CLu9/Z768YaaM/hS6mS3/9r8upefO4rUbFt+3na9 -D+NSHpAvgmA6DOQWdPiDChdqW2UPBeoif7jqbBUKwR55HiCWcSxhRsXACY7FlHBk -6VFF+DO+pfjxONgC5q1eu0ELzfWBNdzuW/csRY9nOyCMnqm+U4Ait4Zrw0WcE1Ps -Cg== +Fw0yMzA3MTMxNDM5NDVaFw0zMzA3MTAxNDM5NDVaMFgxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxETAPBgNVBAMMCGxlYWYtS0VNMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAw9GYW2QMjkZ3UJOJL3y65cQoXD9/1J5BEPGjuJKBETnxK8xnRMta +FQiDAg5qwxvRilPk38hYmvbVbvGmrGwWpwC4y9eHeF0GL39wGzWW4oY7kqi+D9jv +y5knBpvB6dn0DQjAm01uigU26YtCAZ7Va8+/Ankwp41+sVKzwgKBn19oBMHU1YNd +UCFEPR5d2yM72MEeHGhjTZybBm4+ueCNSNzyC/jZMpy3oHXlmlJE2mvEsOQZA4n6 +xIUe+RwokfAXlwYFl19pbdj5G42IhLzr9ZSu6uvjm5RvCxoPdmtQZ6FxaBUNfRMG +jqEOkYuwCJ2718yaURgbRqfmlKNdECyy4QIDAQABo1IwUDAOBgNVHQ8BAf8EBAMC +BSAwHQYDVR0OBBYEFEQ91872uHULE2j0VfkvlMW56822MB8GA1UdIwQYMBaAFOln +fRB0wZquuEw/CT4ccBXdHxpPMA0GCSqGSIb3DQEBCwUAA4IBAQBZIyZsem85ca5U +Fzz88Bvvl2oKsIW8ixlhXkc4fA4pzcuXmgt0l31dO6NTEkxfDWfIinENB7kEmNmE +XD6Cll/uvtKICViAZMdrYZZZYkToyrN6Jkrf+svdjfk4Bjr1ufixYSzj6NIb1KIa +9vgyG0LGLEzDbUH3XCnmgYHc/c/6nt6ZoN/iVROmgcTafOv3S9/2ertAFPEpdRxX +Axj3V2qgguBJCyhJ7VuaBhJhpWgHUjtzH61etyLoCMVKTaR9L8ocS217LeGCHKto +d3tuL7nQctvpTqG7jvvujUlPs2uKY0Fzsqw66ez51mWVyop9rkvudkZIZ0ftMYli +DcOpACyZ -----END CERTIFICATE----- diff --git a/test/recipes/80-test_cmp_http_data/Mock/kem.key b/test/recipes/80-test_cmp_http_data/Mock/kem.key index 1977ebf10b5520..deb103ad68826a 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/kem.key +++ b/test/recipes/80-test_cmp_http_data/Mock/kem.key @@ -1,102 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIISmgIBADANBgsrBgEEAYGwGgUGAwSCEoQEghKAKPxbIfWzBZUJDKBIVLpE9cax -8qFDRMlyeNeZyohP4sdaM4k4uOtWxkeTqGGobsVeLMMtiuCeRvRIL0zOKWCKyeKD -5mPA8JDPbmM8EjpX98uv30Cq6hwRuOxQPJxMnNWMveY2B6WiFEiSvaVDMBHA2/Fa -BokxdLOB0wqLnJpEuHxPRQKOWRaPmIy0p9q9P6sXUdW+rwE6Qwp8F6pNWmRW++gq -DixKc6ZtSKEijDVRWfgqZJixo5yL10SS2lNrRyFi3IsARpJriznNhejDcrYAufEg -8gWwMEAn49sRLrwU3JBGk4tfE0F5OcE+nvrAy3a+fjOkSytnmPeL1/RzrMZ5QmOL -rtIOLtugTJYJGxlArKAEtKiZyrOUa2Y0ltpyINap9RhZ4wg/k8CqBUlIetddZ5BN -fzDB9gEHETl3HHmVychszoovpOqi0xkifeK1z+sDgBPNsFZF2AGMqLzJ1ntWRKGa -9tAlrfWJL6AvXvAb7KKCqOZeXYJFLThQVNxD3+Z01KbA4GFKteOiMUKHmYS89QNW -/NskyiYMJduP/3SlwQS5Hix2PsCyZwR2dVIXdfGZX1EJ9IJFBik/LSRSdLlD2WUJ -zoRqSUUI0mYG3nd8fKq5iLkCYBCWhdQOODzNkQupKsV94vg++SOee+cfrXvNuoxN -blUsVsYgWSyegJAFkYsBfVyz83pkphpLzmJiQyoogkYVu9SI8hA2fBU+QbNRCiOe -aKVRzftFN4pEbFmVnNNkA8SyUzBqUmwYAGgl5cY4YHAkorpdMteRkRWjxGGxAHY7 -BOy658ixCNJtFPAG+7ptD0m/FrTEI+tx+fQnp+liS8lbcxBqIVI4vEe4H6msmqF7 -U9kfzbBkBUuF+NG7yLkJ/QKkmuQfAM1og/UNtJtLj4moKmeNzRnE/EaaSdxIBCxT -xpIATAcRXtCPPxV2z3kMLqZAiwEMSwo9r9lqxGLIWNso22tSf7gcObd2LKrOoflX -zdrPqXymWZqEHnCf1BlKzBlT1JMDZtaw1XUlMmQDsHNZFGC1wuRS7juWjOYkm5hn -3KNFw6cCVznCsrWxosjF2SAAdkoGJsG423tmRCvLggl5xyGqCbR63BkiXedDI7y5 -FDhLK7Z3zGm87oAsPxGVlAqt+XpCHLBQ9hKCAWHFaNQ13dIv72CIxEYg72eCDHGp -FpJJIfKwBAabnrpu9mWMrrpoiSE2vUZ3fQSBxzhm+XmsGaB0nRELh+XCoRsEfdYb -Y3WQZrolXIIfIKsR9tnCn6VGrQjLgkyB7bCAuhSVkPzPA2S5oVqAszxigeawHJaG -9SUnvLtffvie10A5sRISz0R5U6qui1kSyNJ5VQy9i5ZhCWUuyDbAz7MyvPITgTzK -PmIcLbxPAdgkb5aMovi377EKFTVhflw8dFQ2AlWPrWyBZIc66YNPs6Krd8Fozpab -AEFjCDg66WwDquIkcNVIOFJOXJszotkSEDoBUIGobsEYdilNKyMeIPU4ZFu/oDbE -gNSVorahT1WwdIt2BbgpJfhFOsF4k0WH8ONCThizPTOH5hiyHfdbhJBZmtFVNLM4 -YfzHxXU/blm6A8KBPjQo3VgyqhsLgXdQjlvJOTeA2kw8MWIatyFdW1PJsuVM79sH -NRHFTlu1K8M/FrnNLPMyqobPzleqK+N1ujaJFzeyimh3WPl23qkIXjZ9HbO38dFD -l6J4xSdZ9iMwbPZjZ4DO62c0IQZkqQwqB9OLRoBxh9h/p2QHaAE9EhLF+3YYXkYy -GXaE7atMBkQSahNnGkgMQolkLAGPcxIwyDKx+3vBpYLFbpB7MRC7qRddJ4mMziuk -kHvNoVIvReBGVbCh2ByLLiM1O/lU8ZNeKwEMwlF9BBLDjnafhFXD3Bm2xStu9Xqf -i+YLlVpYxuwqNNlvOLKAx7o8GFubTqlFqaNrj6S+GgwKgjs256JlUmIF7mAn9pKY -t4xDp9qrOkUp4vqCnpUZgowg0HE2JqJn3hzLPoRBP7M8XzwjJGl2+TJUKAEl90m2 -DLqRwwEDG4EB5AuKhHSe1Qcqned6FQSGIxmh9GeXgnCeD2wSfUcRVHJyW3a7EkiG -w3djIRhld6QbJOE02BYn5zyqIBWsKgYo4vVIafwA45lujTjCTQFSkLy7z3panly5 -u4qwJ6zINNOb5/PEuDtk07l/65OAAYW8erGwPrazaGxnwCEVIRCK5WW7tFUSoTMQ -9ZeffcNnVTVl1RIMSXvB9eIVv8J2eMN7VNrKnPcliUAALrC6lVeWMGOa1Bghs3VB -1NXM+iGKHFlqeoZ153CLNvSuqyaIGYRNv2p9q4bKKuGL97u6DbtBdFFKpCTGiqKT -ahcBaRFjGBAb61S3Riun7ssgqSEv/zKGEFbOuBBaxQnGqWTBWJt9OoYg06xgSqWm -E7inJmZLdaGxCLg26rdnCCwz5lB25aCD0WBxHFIX+7d4/BXN9wmdW9aaBBpZHjnB -DAcu+AwN5suYpMScVtldFTlHLqoRzlIWEjVVAePIHBwBkQM2COYn4BSdIksLa/gt -WqI8IjhCDxOJ/eVwPBim7Qcpnjeerjd19+arcYFuE/tresctWrVob5XFDqCFPesm -TMpFfWxpZ+CU3pqSf1ZsnmVxyKuCvbAohSxCDWCgpGygP8RQ7ySpAfRAYpUsGquS -4zVKCJKicqWjZKCOqGNCp6Ut2gKbx6w60vKsqIJL0QGklUzJxkM1cJx7kiCuXoOq -lrrOkbqAtDdVJco40eXFf1U3Dho1MrzNvTeDVLkc8mBRUMw6wXbHIqyvuAzKlrRZ -hPO5jfOrqyTI/HqzPjYbl6h11ytu28hda9wRRbLEFBgmqawWUFUXGQZCQBsX11KT -pKG1V1Jj30YCmSJmSBZKaqK8bUVFHEkoBEuaXxCpxqJocxEtSXGuhPUJl7Y4B+NV -toN9UFKZQqgqQIEgYvALjGKHyKFw5ty4C1eF0/dm6Tg47Og2lpEz3IyRrNswWEWA -yveh4PXO24AIxjiJdGWjz+CZsHDOEdoouDINc3QKxvBxHQozvmQwlmC20JnIZ3OX -BDIki3DNg+lJ/OZ6QYs4buhzHBiqRqgMSMKuJ5K1qfKN21m+RuOGAJY8LKWPpJYK -9Ve8jToszoi3k8WpRqRHhKcTOdKcdGVXnBxcFeCfrQHQpdmG8Dme8yGpFfErV9e3 -mjEVCTgx1buQLSS0bfQZeMOnGrkUkcWAl1YdO1k0NZWre5t/vzCoyrKK4fYdiEVW -bGuJa+yEYowCC5Eiz1EhKayzMhND0roHqyeAFtIf07wezcoqYRLOPWYArlDHDFmY -gCw+LdVvgSKZ8GpvVlVYmzh8V0Yj/0CSzlex+EMGqmKNOVd+uUF5KFvBSDZgcSZz -rVgNSKlmskNrVTlR5jRJ9IcqpUIYaDq6AgR5GGOTLqFfIHbFMxglTfBXTptzunNq -TUsQ8BqDuhCHgqmgH5uPPUHLRBtNaHUh7Gkk/1QrHeEL/TUucOx1U8l/aYEr3FhY -kKZUexYSXrrLItOylKyxW6BOESeSUaq3ofp6KcuBS2oCdJVqoYGlZyCbssqYWiqK -shWSB6Ua15FgPchlJ8iyNxqK9hlASBkMsKvDntPCpmuFK/R0QycNlMR/m2dnIHdE -SQiuN5mJQhoL/kusDcGGtVuV56axRbXEw6ACoShY/lBReIJzurO1sUqLAoO3bWrG -OvqJhnQGsgBSUZs0jqA73NHJzrd9bvlI3TOYdEgzdqZVabnKPzR8qTuxDglnFBiQ -iJmO4jefp+fB3XALNJh379OTH0Wngppt15SxOAEk+guTPDEy4pNUxFW9IrzFWiKZ -mVdb+tQdVXBb4lSGxugP3fUyKjEaEnCy6tbHCopcPsi126RK4QnKmqlwaSHHyvyY -TQgD/2pnf2IpPJFB3IS0Bcm5TQE3PfcLSkPOopF17DrGoWmW/SiTT2dJbOky7pgH -A9xXVEF2NCtMWMgJ4PmC8ci58hFJyLmmNZBSy9LC/NSs9JYHAYJ0HmGpUoSBV8E7 -OHB3ZACsxwMkwzYxfjtmpiyvUSlAgdjOXGcamLhsMaxbk4MDC0xSZzRLQ3i6emOP -t6NY7JMq6jhb6Uu/k2COZleIUsQ6G0rBQSeJECVW3vdWHxK6zsDsbCzn8yj5gwOP -EHNvaIB6gLtYUaoe7bEdH/Mi3ixboZPkdqNBb8PmY2dQkaypdNCOLWGUE2AWAOQJ -dhdBHk3xbolBhviBIdMUhH6svdfNP4+YD7Hz+MsggnCeD2wSfUcRVHJyW3a7EkiG -w3djIRhld6QbJOE02BYn5zyqIBWsKgYo4vVIafwA45lujTjCTQFSkLy7z3panly5 -u4qwJ6zINNOb5/PEuDtk07l/65OAAYW8erGwPrazaGxnwCEVIRCK5WW7tFUSoTMQ -9ZeffcNnVTVl1RIMSXvB9eIVv8J2eMN7VNrKnPcliUAALrC6lVeWMGOa1Bghs3VB -1NXM+iGKHFlqeoZ153CLNvSuqyaIGYRNv2p9q4bKKuGL97u6DbtBdFFKpCTGiqKT -ahcBaRFjGBAb61S3Riun7ssgqSEv/zKGEFbOuBBaxQnGqWTBWJt9OoYg06xgSqWm -E7inJmZLdaGxCLg26rdnCCwz5lB25aCD0WBxHFIX+7d4/BXN9wmdW9aaBBpZHjnB -DAcu+AwN5suYpMScVtldFTlHLqoRzlIWEjVVAePIHBwBkQM2COYn4BSdIksLa/gt -WqI8IjhCDxOJ/eVwPBim7Qcpnjeerjd19+arcYFuE/tresctWrVob5XFDqCFPesm -TMpFfWxpZ+CU3pqSf1ZsnmVxyKuCvbAohSxCDWCgpGygP8RQ7ySpAfRAYpUsGquS -4zVKCJKicqWjZKCOqGNCp6Ut2gKbx6w60vKsqIJL0QGklUzJxkM1cJx7kiCuXoOq -lrrOkbqAtDdVJco40eXFf1U3Dho1MrzNvTeDVLkc8mBRUMw6wXbHIqyvuAzKlrRZ -hPO5jfOrqyTI/HqzPjYbl6h11ytu28hda9wRRbLEFBgmqawWUFUXGQZCQBsX11KT -pKG1V1Jj30YCmSJmSBZKaqK8bUVFHEkoBEuaXxCpxqJocxEtSXGuhPUJl7Y4B+NV -toN9UFKZQqgqQIEgYvALjGKHyKFw5ty4C1eF0/dm6Tg47Og2lpEz3IyRrNswWEWA -yveh4PXO24AIxjiJdGWjz+CZsHDOEdoouDINc3QKxvBxHQozvmQwlmC20JnIZ3OX -BDIki3DNg+lJ/OZ6QYs4buhzHBiqRqgMSMKuJ5K1qfKN21m+RuOGAJY8LKWPpJYK -9Ve8jToszoi3k8WpRqRHhKcTOdKcdGVXnBxcFeCfrQHQpdmG8Dme8yGpFfErV9e3 -mjEVCTgx1buQLSS0bfQZeMOnGrkUkcWAl1YdO1k0NZWre5t/vzCoyrKK4fYdiEVW -bGuJa+yEYowCC5Eiz1EhKayzMhND0roHqyeAFtIf07wezcoqYRLOPWYArlDHDFmY -gCw+LdVvgSKZ8GpvVlVYmzh8V0Yj/0CSzlex+EMGqmKNOVd+uUF5KFvBSDZgcSZz -rVgNSKlmskNrVTlR5jRJ9IcqpUIYaDq6AgR5GGOTLqFfIHbFMxglTfBXTptzunNq -TUsQ8BqDuhCHgqmgH5uPPUHLRBtNaHUh7Gkk/1QrHeEL/TUucOx1U8l/aYEr3FhY -kKZUexYSXrrLItOylKyxW6BOESeSUaq3ofp6KcuBS2oCdJVqoYGlZyCbssqYWiqK -shWSB6Ua15FgPchlJ8iyNxqK9hlASBkMsKvDntPCpmuFK/R0QycNlMR/m2dnIHdE -SQiuN5mJQhoL/kusDcGGtVuV56axRbXEw6ACoShY/lBReIJzurO1sUqLAoO3bWrG -OvqJhnQGsgBSUZs0jqA73NHJzrd9bvlI3TOYdEgzdqZVabnKPzR8qTuxDglnFBiQ -iJmO4jefp+fB3XALNJh379OTH0Wngppt15SxOAEk+guTPDEy4pNUxFW9IrzFWiKZ -mVdb+tQdVXBb4lSGxugP3fUyKjEaEnCy6tbHCopcPsi126RK4QnKmqlwaSHHyvyY -TQgD/2pnf2IpPJFB3IS0Bcm5TQE3PfcLSkPOopF17DrGoWmW/SiTT2dJbOky7pgH -A9xXVEF2NCtMWMgJ4PmC8ci58hFJyLmmNZBSy9LC/NSs9JYHAYJ0HmGpUoSBV8E7 -OHB3ZACsxwMkwzYxfjtmpiyvUSlAgdjOXGcamLhsMaxbk4MDC0xSZzRLQ3i6emOP -t6NY7JMq6jhb6Uu/k2COZleIUsQ6G0rBQSeJECVW3vdWHxK6zsDsbCzn8yj5gwOP -EHNvaIB6gLtYUaoe7bE= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDD0ZhbZAyORndQ +k4kvfLrlxChcP3/UnkEQ8aO4koEROfErzGdEy1oVCIMCDmrDG9GKU+TfyFia9tVu +8aasbBanALjL14d4XQYvf3AbNZbihjuSqL4P2O/LmScGm8Hp2fQNCMCbTW6KBTbp +i0IBntVrz78CeTCnjX6xUrPCAoGfX2gEwdTVg11QIUQ9Hl3bIzvYwR4caGNNnJsG +bj654I1I3PIL+NkynLegdeWaUkTaa8Sw5BkDifrEhR75HCiR8BeXBgWXX2lt2Pkb +jYiEvOv1lK7q6+OblG8LGg92a1BnoXFoFQ19EwaOoQ6Ri7AInbvXzJpRGBtGp+aU +o10QLLLhAgMBAAECggEAJQLhnCx93wpclOM947bckH8R7dWmsKY0wCIcAs/WC057 +Uf7xaeRRo3YXZPUaosQIR+/xa4avkKKk1rJgAWjwoyIUy5pyJYLXn3Sj2NC5MxmR ++vdf7Rjgwgexg6M+9JdYdHo6BWCOSxIPPfcvQ6Uky5rZjHshghnRX2y1Qy88FsYZ +5TUMa7qQjbtzZPM7dePCvHy0Euw3ggjyzwN4n/TUm9U9AlEUfNWvjP56RjLHrUBc +kiBbdMgvipu5/MMq5V63WpWxUrCOFnyofOsfuZ632CVfxy4d6fiBX0KrD0I96A1Z +GrelDpuyq7/GL6khiO3IBkOUJgsZO/lgTCq/gd4iEQKBgQDqlv82MGDWaX2tSszW +l/tvTR1y1aV9IcqLi32r9cuLIVNA7aJoWQLAtt5KRiE7pT6BZ4OEGbhAS+t+jXON +UTqc8ixa9/TRhEA4aVrhevLfOIJfaT2TNCivuuAHXKmXPM8IqArfnZyat7p8Xfp6 +vNxYxWIga8CZ0ogLB+RUmqhx7QKBgQDVsL4Z8q1XF6kgL8oRyiA+IA81Jw1qL4f5 +Hpg1nJlY29ajQqBz6RPJmMN/X5Pt5/xD9WOGZwFxATkUXzwSQw1hfHdggOonVuNc +SONCBinUtq5TdpB4H7LFqbaVgSrU1YZPiQekTyv+hfsYN4IOLCDuQxgxZ4moiHf5 +sQP7+/Y2RQKBgGyWeIwc2LZnHkWY2jh7IWfjyj3dpzzE53ywlPuESzObuW3Ukdi7 +WwrZmwvGapuxYb2ErNv5C9C3U8rArzw63WbIsr9pB2n0TcXO/sJgpwusnKyNinMZ +MbwmRI0j11yqSSs4nc/kpRj48tmeptMpmNV+iG15cy3AxjhU7tw6ur4BAoGBAIU8 ++Zs2PCyEnThrc8QZ0nbKCJFssymVT2PeVqt+5AKKuE79eQwstODLNoJR9uus7Rb2 +h0LDMRvj1lJEezEry8kQEWMDnnw+6e6dp82ACE8QRKvXzoaHxTEH+8dGTY19QYyP +9UrW7qh5o7Fa0uXBUBsfjJMpaqTByoTOgZx5YvA9AoGAUsqA4GdiBt+HCJv+uwP3 +21XcxdhwmT9PYMh7MdONpe9kEZUu1o/MVuCSascsF5qIewIlynqnACoS/E3yILxy +/Q4IyxJpvaocvO94xvHYa1T//FQG+JO7gOjLyF5c8IK7V3O+luxRy1I99Y87ePlq +aPBrRRPu2ZIxrPmdPmdNp1s= -----END PRIVATE KEY----- diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf index 35060297970706..2e5957b6f33042 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf +++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf @@ -119,8 +119,8 @@ policyIdentifier = 1.2.3.4 [reqexts] basicConstraints = CA:FALSE #basicConstraints = critical, CA:TRUE -keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation -extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning +keyUsage = critical, keyEncipherment # digitalSignature keyAgreement, keyEncipherment, nonRepudiation +#extendedKeyUsage = critical, clientAuth serverAuth, codeSigning #crlDistributionPoints = URI:http: #authorityInfoAccess = URI:http: subjectAltName = @alt_names diff --git a/util/libcrypto.num b/util/libcrypto.num index 3ef2f18ac1cd2a..79317edb49ebb8 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5546,3 +5546,92 @@ OSSL_CMP_get_ssk ? 3_3_0 EXIST::FUNCTION:CMP OSSL_CMP_SRV_kem_get_ss ? 3_3_0 EXIST::FUNCTION:CMP EVP_DigestSqueeze ? 3_3_0 EXIST::FUNCTION: ERR_pop ? 3_3_0 EXIST::FUNCTION: +d2i_OSSL_CRMF_ENCRYPTEDKEY ? 3_3_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_ENCRYPTEDKEY ? 3_3_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDKEY_free ? 3_3_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDKEY_new ? 3_3_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDKEY_it ? 3_3_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDKEY_get1_encCert ? 3_3_0 EXIST::FUNCTION:CRMF +d2i_X509_ACERT ? 3_3_0 EXIST::FUNCTION: +i2d_X509_ACERT ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_free ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_new ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_it ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_dup ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_INFO_it ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_INFO_free ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_INFO_new ? 3_3_0 EXIST::FUNCTION: +OSSL_OBJECT_DIGEST_INFO_free ? 3_3_0 EXIST::FUNCTION: +OSSL_OBJECT_DIGEST_INFO_new ? 3_3_0 EXIST::FUNCTION: +OSSL_ISSUER_SERIAL_free ? 3_3_0 EXIST::FUNCTION: +OSSL_ISSUER_SERIAL_new ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_ISSUER_V2FORM_free ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_ISSUER_V2FORM_new ? 3_3_0 EXIST::FUNCTION: +d2i_X509_ACERT_fp ? 3_3_0 EXIST::FUNCTION:STDIO +i2d_X509_ACERT_fp ? 3_3_0 EXIST::FUNCTION:STDIO +PEM_read_X509_ACERT ? 3_3_0 EXIST::FUNCTION:STDIO +PEM_write_X509_ACERT ? 3_3_0 EXIST::FUNCTION:STDIO +PEM_read_bio_X509_ACERT ? 3_3_0 EXIST::FUNCTION: +PEM_write_bio_X509_ACERT ? 3_3_0 EXIST::FUNCTION: +d2i_X509_ACERT_bio ? 3_3_0 EXIST::FUNCTION: +i2d_X509_ACERT_bio ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_sign ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_sign_ctx ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_verify ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_holder_entityName ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_holder_baseCertId ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_holder_digest ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_issuerName ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get_version ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_signature ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get_signature_nid ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_info_sigalg ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_serialNumber ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_notBefore ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_notAfter ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_issuerUID ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_print ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_print_ex ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get_attr_count ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get_attr_by_NID ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get_attr_by_OBJ ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get_attr ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_delete_attr ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get_ext_d2i ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_add1_ext_i2d ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_get0_extensions ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_set_version ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_set0_holder_entityName ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_set0_holder_baseCertId ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_set0_holder_digest ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_add1_attr ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_add1_attr_by_OBJ ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_add1_attr_by_NID ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_add1_attr_by_txt ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_add_attr_nconf ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_set1_issuerName ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_set1_serialNumber ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_set1_notBefore ? 3_3_0 EXIST::FUNCTION: +X509_ACERT_set1_notAfter ? 3_3_0 EXIST::FUNCTION: +OSSL_OBJECT_DIGEST_INFO_get0_digest ? 3_3_0 EXIST::FUNCTION: +OSSL_OBJECT_DIGEST_INFO_set1_digest ? 3_3_0 EXIST::FUNCTION: +OSSL_ISSUER_SERIAL_get0_issuer ? 3_3_0 EXIST::FUNCTION: +OSSL_ISSUER_SERIAL_get0_serial ? 3_3_0 EXIST::FUNCTION: +OSSL_ISSUER_SERIAL_get0_issuerUID ? 3_3_0 EXIST::FUNCTION: +OSSL_ISSUER_SERIAL_set1_issuer ? 3_3_0 EXIST::FUNCTION: +OSSL_ISSUER_SERIAL_set1_serial ? 3_3_0 EXIST::FUNCTION: +OSSL_ISSUER_SERIAL_set1_issuerUID ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_VALUE_it ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_VALUE_free ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_VALUE_new ? 3_3_0 EXIST::FUNCTION: +d2i_OSSL_IETF_ATTR_SYNTAX ? 3_3_0 EXIST::FUNCTION: +i2d_OSSL_IETF_ATTR_SYNTAX ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_free ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_new ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_it ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_get_value_num ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_get0_value ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_add1_value ? 3_3_0 EXIST::FUNCTION: +OSSL_IETF_ATTR_SYNTAX_print ? 3_3_0 EXIST::FUNCTION: