[openssl] master update
tomas at openssl.org
tomas at openssl.org
Wed Jun 30 08:39:06 UTC 2021
The branch master has been updated
via 1986f6152fe3766c99f1f18d90028ba940d6923b (commit)
via 66be663b64e05fb5524edd051b85fb919f59e054 (commit)
via 7df56adac7cf58b4ad3e8e34077ccd988263f408 (commit)
from b9bc8eb0546b22d7b23b25dc62eb5a459f745b98 (commit)
- Log -----------------------------------------------------------------
commit 1986f6152fe3766c99f1f18d90028ba940d6923b
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue Jun 29 11:11:05 2021 +0200
OSSL_CRMF_{CERTTEMPLATE,CERTID}_get0_serialNumber(): Make result const for consistency
Also make doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod consistent with crmf.h.in regarding const results
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
commit 66be663b64e05fb5524edd051b85fb919f59e054
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue Jun 22 15:40:49 2021 +0200
cmp_mock_srv.c: Add missing OldCertID check for 'kur' cert update requests
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
commit 7df56adac7cf58b4ad3e8e34077ccd988263f408
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Wed Jun 16 10:26:26 2021 +0200
CMP: Add missing getter functions to CRMF API and CMP API
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/cmp_mock_srv.c | 23 +++++++++++++
crypto/cmp/cmp_client.c | 11 +++---
crypto/cmp/cmp_err.c | 2 ++
crypto/cmp/cmp_local.h | 1 -
crypto/cmp/cmp_msg.c | 4 +--
crypto/cmp/cmp_server.c | 12 +++----
crypto/cmp/cmp_vfy.c | 8 ++---
crypto/crmf/crmf_lib.c | 40 ++++++++++++++++++----
crypto/err/openssl.txt | 2 ++
doc/man3/OSSL_CMP_MSG_get0_header.pod | 6 ++++
doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod | 19 ++++++++--
doc/man3/OSSL_CRMF_MSG_set0_validity.pod | 1 +
doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod | 29 +++++++++++++---
doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod | 21 ++++++++++--
include/openssl/cmp.h.in | 1 +
include/openssl/cmperr.h | 2 ++
include/openssl/crmf.h.in | 23 +++++++++++--
test/cmp_server_test.c | 2 +-
.../80-test_cmp_http_data/test_enrollment.csv | 3 +-
util/libcrypto.num | 10 ++++++
20 files changed, 182 insertions(+), 38 deletions(-)
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index cf82000c7f..1fb5adca1a 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -212,6 +212,29 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
/* give final response after polling */
ctx->curr_pollCount = 0;
+ if (OSSL_CMP_MSG_get_bodytype(cert_req) == OSSL_CMP_KUR
+ && crm != NULL && ctx->certOut != NULL) {
+ const OSSL_CRMF_CERTID *cid = OSSL_CRMF_MSG_get0_regCtrl_oldCertID(crm);
+ const X509_NAME *issuer = X509_get_issuer_name(ctx->certOut);
+ const ASN1_INTEGER *serial = X509_get0_serialNumber(ctx->certOut);
+
+ if (cid == NULL) {
+ ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID);
+ return NULL;
+ }
+ if (issuer != NULL
+ && X509_NAME_cmp(issuer, OSSL_CRMF_CERTID_get0_issuer(cid)) != 0) {
+ ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID);
+ return NULL;
+ }
+ if (serial != NULL
+ && ASN1_INTEGER_cmp(serial,
+ OSSL_CRMF_CERTID_get0_serialNumber(cid)) != 0) {
+ ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID);
+ return NULL;
+ }
+ }
+
if (ctx->certOut != NULL
&& (*certOut = X509_dup(ctx->certOut)) == NULL)
goto err;
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index c7a846f03e..c7674ce088 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -34,7 +34,7 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx,
int invalid_protection,
int expected_type /* ignored here */)
{
- int rcvd_type = ossl_cmp_msg_get_bodytype(rep /* may be NULL */);
+ int rcvd_type = OSSL_CMP_MSG_get_bodytype(rep /* may be NULL */);
const char *msg_type = NULL;
if (!ossl_assert(ctx != NULL && rep != NULL))
@@ -132,7 +132,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
|| expected_type == OSSL_CMP_PKIBODY_POLLREP
|| expected_type == OSSL_CMP_PKIBODY_PKICONF;
const char *req_type_str =
- ossl_cmp_bodytype_to_string(ossl_cmp_msg_get_bodytype(req));
+ ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req));
const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type);
int msg_timeout;
int bt;
@@ -177,7 +177,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
return 0;
}
- bt = ossl_cmp_msg_get_bodytype(*rep);
+ bt = OSSL_CMP_MSG_get_bodytype(*rep);
/*
* The body type in the 'bt' variable is not yet verified.
* Still we use this preliminary value already for a progress report because
@@ -268,7 +268,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
goto err;
/* handle potential pollRep */
- if (ossl_cmp_msg_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) {
+ if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) {
OSSL_CMP_POLLREPCONTENT *prc = prep->body->value.pollRep;
OSSL_CMP_POLLREP *pollRep = NULL;
int64_t check_after;
@@ -810,7 +810,7 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
OSSL_CRMF_CERTTEMPLATE *tmpl =
sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails;
const X509_NAME *issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl);
- ASN1_INTEGER *serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl);
+ const ASN1_INTEGER *serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl);
if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) != num_RevDetails) {
ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT);
@@ -818,6 +818,7 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
goto err;
}
if ((cid = ossl_cmp_revrepcontent_get_CertId(rrep, rsid)) == NULL) {
+ ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID);
ret = 0;
goto err;
}
diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c
index e36696bef8..67d9964dbe 100644
--- a/crypto/cmp/cmp_err.c
+++ b/crypto/cmp/cmp_err.c
@@ -86,6 +86,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
"fail info out of range"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_ARGS), "invalid args"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_OPTION), "invalid option"},
+ {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_CERTID), "missing certid"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION),
"missing key input for creating protection"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE),
@@ -150,6 +151,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_SMALL), "value too small"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_ALGORITHM_OID),
"wrong algorithm oid"},
+ {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID), "wrong certid"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID_IN_RP), "wrong certid in rp"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_PBM_VALUE), "wrong pbm value"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_RP_COMPONENT_COUNT),
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index 1cca238916..f2a0587ca4 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -859,7 +859,6 @@ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
const char *propq);
const char *ossl_cmp_bodytype_to_string(int type);
int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type);
-int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg);
OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype);
OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype,
const OSSL_CRMF_MSG *crm);
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 4fef006933..5fb67ae2cb 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -93,7 +93,7 @@ int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type)
return 1;
}
-int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg)
+int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg)
{
if (!ossl_assert(msg != NULL && msg->body != NULL))
return -1;
@@ -651,7 +651,7 @@ int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav)
if (!ossl_assert(msg != NULL && itav != NULL))
return 0;
- bodytype = ossl_cmp_msg_get_bodytype(msg);
+ bodytype = OSSL_CMP_MSG_get_bodytype(msg);
if (bodytype != OSSL_CMP_PKIBODY_GENM
&& bodytype != OSSL_CMP_PKIBODY_GENP) {
ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index 593c074f8d..6f3409468d 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -167,7 +167,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL))
return NULL;
- switch (ossl_cmp_msg_get_bodytype(req)) {
+ switch (OSSL_CMP_MSG_get_bodytype(req)) {
case OSSL_CMP_PKIBODY_P10CR:
case OSSL_CMP_PKIBODY_CR:
bodytype = OSSL_CMP_PKIBODY_CP;
@@ -183,7 +183,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
}
- if (ossl_cmp_msg_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) {
+ if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) {
certReqId = OSSL_CMP_CERTREQID;
p10cr = req->body->value.p10cr;
} else {
@@ -247,7 +247,7 @@ static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
OSSL_CRMF_CERTID *certId = NULL;
OSSL_CRMF_CERTTEMPLATE *tmpl;
const X509_NAME *issuer;
- ASN1_INTEGER *serial;
+ const ASN1_INTEGER *serial;
OSSL_CMP_PKISI *si;
if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL))
@@ -428,7 +428,7 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx,
invalid_protection ? "invalid" : "missing");
return 1;
}
- if (ossl_cmp_msg_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR
+ if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR
&& OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS) == 1) {
ossl_cmp_warn(ctx, "ignoring missing protection of error message");
return 1;
@@ -469,7 +469,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
if (!OSSL_CMP_CTX_set1_recipient(ctx, hdr->sender->d.directoryName))
goto err;
- req_type = ossl_cmp_msg_get_bodytype(req);
+ req_type = OSSL_CMP_MSG_get_bodytype(req);
switch (req_type) {
case OSSL_CMP_PKIBODY_IR:
case OSSL_CMP_PKIBODY_CR:
@@ -588,7 +588,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
ctx->secretValue = backup_secret;
rsp_type =
- rsp != NULL ? ossl_cmp_msg_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR;
+ rsp != NULL ? OSSL_CMP_MSG_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR;
if (rsp != NULL)
ossl_cmp_log1(DEBUG, ctx,
"sending %s", ossl_cmp_bodytype_to_string(rsp_type));
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 28c9a984d2..aa4665a562 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -406,7 +406,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
if (mode_3gpp
&& ((!ctx->permitTAInExtraCertsForIR
- || ossl_cmp_msg_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP)))
+ || OSSL_CMP_MSG_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP)))
return 0;
ossl_cmp_info(ctx,
@@ -576,7 +576,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
* the caPubs field may be directly trusted as a root CA
* certificate by the initiator.'
*/
- switch (ossl_cmp_msg_get_bodytype(msg)) {
+ switch (OSSL_CMP_MSG_get_bodytype(msg)) {
case -1:
return 0;
case OSSL_CMP_PKIBODY_IP:
@@ -732,7 +732,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
#endif
}
- if (ossl_cmp_msg_get_bodytype(msg) < 0) {
+ if (OSSL_CMP_MSG_get_bodytype(msg) < 0) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
ERR_raise(ERR_LIB_CMP, CMP_R_PKIBODY_ERROR);
return 0;
@@ -793,7 +793,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
* the caPubs field may be directly trusted as a root CA
* certificate by the initiator.'
*/
- switch (ossl_cmp_msg_get_bodytype(msg)) {
+ switch (OSSL_CMP_MSG_get_bodytype(msg)) {
case OSSL_CMP_PKIBODY_IP:
case OSSL_CMP_PKIBODY_CP:
case OSSL_CMP_PKIBODY_KUP:
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index d03904a7bc..ea1e2dda09 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -42,13 +42,29 @@
* valt = Value Type
* ctrlinf = "regCtrl" or "regInfo"
*/
-#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \
-int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, \
- const valt *in) \
+#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \
+valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg) \
+{ \
+ int i; \
+ STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; \
+ OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \
+ \
+ if (msg == NULL || msg->certReq == NULL) \
+ return NULL; \
+ controls = msg->certReq->controls; \
+ for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \
+ atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i); \
+ if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp) \
+ return atav->value.atyp; \
+ } \
+ return NULL; \
+} \
+ \
+int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \
{ \
OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \
\
- if (msg == NULL || in == NULL) \
+ if (msg == NULL || in == NULL) \
goto err; \
if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \
goto err; \
@@ -509,12 +525,18 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
}
/* retrieves the serialNumber of the given cert template or NULL on error */
-ASN1_INTEGER
+const ASN1_INTEGER
*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl)
{
return tmpl != NULL ? tmpl->serialNumber : NULL;
}
+const X509_NAME
+ *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl)
+{
+ return tmpl != NULL ? tmpl->subject : NULL;
+}
+
/* retrieves the issuer name of the given cert template or NULL on error */
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
@@ -522,6 +544,12 @@ const X509_NAME
return tmpl != NULL ? tmpl->issuer : NULL;
}
+X509_EXTENSIONS
+ *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl)
+{
+ return tmpl != NULL ? tmpl->extensions : NULL;
+}
+
/* retrieves the issuer name of the given CertId or NULL on error */
const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
{
@@ -530,7 +558,7 @@ const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
}
/* retrieves the serialNumber of the given CertId or NULL on error */
-ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid)
+const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid)
{
return cid != NULL ? cid->serialNumber : NULL;
}
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index eb0ace5474..05005a8eaf 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -225,6 +225,7 @@ CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random
CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range
CMP_R_INVALID_ARGS:100:invalid args
CMP_R_INVALID_OPTION:174:invalid option
+CMP_R_MISSING_CERTID:165:missing certid
CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\
missing key input for creating protection
CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature
@@ -268,6 +269,7 @@ CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC:154:\
CMP_R_VALUE_TOO_LARGE:175:value too large
CMP_R_VALUE_TOO_SMALL:177:value too small
CMP_R_WRONG_ALGORITHM_OID:138:wrong algorithm oid
+CMP_R_WRONG_CERTID:189:wrong certid
CMP_R_WRONG_CERTID_IN_RP:187:wrong certid in rp
CMP_R_WRONG_PBM_VALUE:155:wrong pbm value
CMP_R_WRONG_RP_COMPONENT_COUNT:188:wrong rp component count
diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod
index 2ecb48d7a1..32cdf81187 100644
--- a/doc/man3/OSSL_CMP_MSG_get0_header.pod
+++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod
@@ -3,6 +3,7 @@
=head1 NAME
OSSL_CMP_MSG_get0_header,
+OSSL_CMP_MSG_get_bodytype,
OSSL_CMP_MSG_update_transactionID,
OSSL_CMP_CTX_setup_CRM,
OSSL_CMP_MSG_read,
@@ -16,6 +17,7 @@ i2d_OSSL_CMP_MSG_bio
#include <openssl/cmp.h>
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
+ int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file);
@@ -27,6 +29,8 @@ i2d_OSSL_CMP_MSG_bio
OSSL_CMP_MSG_get0_header() returns the header of the given CMP message.
+OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message.
+
OSSL_CMP_MSG_update_transactionID() updates the transactionID field
in the header of the given message according to the CMP_CTX.
This requires re-protecting the message (if it was protected).
@@ -58,6 +62,8 @@ CMP is defined in RFC 4210.
OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above
or NULL if the respective entry does not exist and on error.
+OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error.
+
OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success,
NULL on error.
diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
index f59abb4f11..bc268d64ca 100644
--- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
+++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
@@ -4,7 +4,9 @@
OSSL_CRMF_MSG_get0_tmpl,
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber,
+OSSL_CRMF_CERTTEMPLATE_get0_subject,
OSSL_CRMF_CERTTEMPLATE_get0_issuer,
+OSSL_CRMF_CERTTEMPLATE_get0_extensions,
OSSL_CRMF_CERTID_get0_serialNumber,
OSSL_CRMF_CERTID_get0_issuer,
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert,
@@ -16,12 +18,17 @@ OSSL_CRMF_MSG_get_certReqId
#include <openssl/crmf.h>
OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
- ASN1_INTEGER
+ const ASN1_INTEGER
*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
- X509_NAME
+ const X509_NAME
+ *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+ const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+ X509_EXTENSIONS
+ *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
- ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
+ const ASN1_INTEGER
+ *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
X509
@@ -39,9 +46,15 @@ OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of I<crm>.
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the
given certificate template I<tmpl>.
+OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the
+given certificate template I<tmpl>.
+
OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the
given certificate template I<tmpl>.
+OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions
+of the given certificate template I<tmpl>, or NULL if not present.
+
OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber
of the given CertId I<cid>.
diff --git a/doc/man3/OSSL_CRMF_MSG_set0_validity.pod b/doc/man3/OSSL_CRMF_MSG_set0_validity.pod
index 70a4120e86..fd42159d67 100644
--- a/doc/man3/OSSL_CRMF_MSG_set0_validity.pod
+++ b/doc/man3/OSSL_CRMF_MSG_set0_validity.pod
@@ -51,6 +51,7 @@ OSSL_CRMF_MSG_set_certReqId() sets I<rid> as the certReqId of I<crm>.
OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate I<tmpl>
for which non-NULL values are provided: I<pubkey>, I<subject>, I<issuer>,
and/or I<serial>.
+X.509 extensions may be set using OSSL_CRMF_MSG_set0_extensions().
On success the reference counter of the I<pubkey> (if given) is incremented,
while the I<subject>, I<issuer>, and I<serial> structures (if given) are copied.
diff --git a/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod b/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod
index b1f732257e..77377ef7eb 100644
--- a/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod
+++ b/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod
@@ -2,23 +2,32 @@
=head1 NAME
+OSSL_CRMF_MSG_get0_regCtrl_regToken,
OSSL_CRMF_MSG_set1_regCtrl_regToken,
+OSSL_CRMF_MSG_get0_regCtrl_authenticator,
OSSL_CRMF_MSG_set1_regCtrl_authenticator,
OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo,
OSSL_CRMF_MSG_set0_SinglePubInfo,
OSSL_CRMF_MSG_set_PKIPublicationInfo_action,
+OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo,
OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo,
+OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey,
OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey,
+OSSL_CRMF_MSG_get0_regCtrl_oldCertID,
OSSL_CRMF_MSG_set1_regCtrl_oldCertID,
OSSL_CRMF_CERTID_gen
-- functions setting CRMF Registration Controls
+- functions getting or setting CRMF Registration Controls
=head1 SYNOPSIS
#include <openssl/crmf.h>
+ ASN1_UTF8STRING
+ *OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *tok);
+ ASN1_UTF8STRING
+ *OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *auth);
int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
@@ -28,10 +37,16 @@ OSSL_CRMF_CERTID_gen
int method, GENERAL_NAME *nm);
int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action);
+ OSSL_CRMF_PKIPUBLICATIONINFO
+ *OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
+ X509_PUBKEY
+ *OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
const X509_PUBKEY *pubkey);
+ OSSL_CRMF_CERTID
+ *OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_CERTID *cid);
OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
@@ -39,6 +54,9 @@ OSSL_CRMF_CERTID_gen
=head1 DESCRIPTION
+Each of the OSSL_CRMF_MSG_get0_regCtrl_X() functions
+returns the respective control X in the given I<msg>, if present.
+
OSSL_CRMF_MSG_set1_regCtrl_regToken() sets the regToken control in the given
I<msg> copying the given I<tok> as value. See RFC 4211, section 6.1.
@@ -79,10 +97,13 @@ given I<issuer> name and I<serial> number.
=head1 RETURN VALUES
-OSSL_CRMF_CERTID_gen returns a pointer to the resulting structure
-or NULL on error.
+All OSSL_CRMF_MSG_get0_*() functions
+return the respective pointer value or NULL if not present and on error.
-All other functions return 1 on success, 0 on error.
+All OSSL_CRMF_MSG_set1_*() functions return 1 on success, 0 on error.
+
+OSSL_CRMF_CERTID_gen() returns a pointer to the resulting structure
+or NULL on error.
=head1 NOTES
diff --git a/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod b/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod
index 56a6814ea0..f3d8fb1217 100644
--- a/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod
+++ b/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod
@@ -2,34 +2,49 @@
=head1 NAME
+OSSL_CRMF_MSG_get0_regInfo_utf8Pairs,
OSSL_CRMF_MSG_set1_regInfo_utf8Pairs,
+OSSL_CRMF_MSG_get0_regInfo_certReq,
OSSL_CRMF_MSG_set1_regInfo_certReq
-- functions setting CRMF Registration Info
+- functions getting or setting CRMF Registration Info
=head1 SYNOPSIS
#include <openssl/crmf.h>
+ ASN1_UTF8STRING
+ *OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *utf8pairs);
+ OSSL_CRMF_CERTREQUEST
+ *OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_CERTREQUEST *cr);
=head1 DESCRIPTION
+OSSL_CRMF_MSG_get0_regInfo_utf8Pairs() returns the first utf8Pairs regInfo
+in the given I<msg>, if present.
+
OSSL_CRMF_MSG_set1_regInfo_utf8Pairs() adds a copy of the given I<utf8pairs>
value as utf8Pairs regInfo to the given I<msg>. See RFC 4211 section 7.1.
+OSSL_CRMF_MSG_get0_regInfo_certReq() returns the first certReq regInfo
+in the given I<msg>, if present.
+
OSSL_CRMF_MSG_set1_regInfo_certReq() adds a copy of the given I<cr> value
as certReq regInfo to the given I<msg>. See RFC 4211 section 7.2.
=head1 RETURN VALUES
-All functions return 1 on success, 0 on error.
+All get0_*() functions return the respective pointer value, NULL if not present.
+
+All set1_*() functions return 1 on success, 0 on error.
=head1 NOTES
-Calling these functions multiple times adds multiple instances of the respective
+Calling the set1_*() functions multiple times
+adds multiple instances of the respective
control to the regInfo structure of the given I<msg>. While RFC 4211 expects
multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq.
diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in
index 27afa27d6a..b47344215b 100644
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -378,6 +378,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
/* from cmp_msg.c */
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
+int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h
index b8ac43e525..3a26fd0bda 100644
--- a/include/openssl/cmperr.h
+++ b/include/openssl/cmperr.h
@@ -61,6 +61,7 @@
# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129
# define CMP_R_INVALID_ARGS 100
# define CMP_R_INVALID_OPTION 174
+# define CMP_R_MISSING_CERTID 165
# define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130
# define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142
# define CMP_R_MISSING_P10CSR 121
@@ -101,6 +102,7 @@
# define CMP_R_VALUE_TOO_LARGE 175
# define CMP_R_VALUE_TOO_SMALL 177
# define CMP_R_WRONG_ALGORITHM_OID 138
+# define CMP_R_WRONG_CERTID 189
# define CMP_R_WRONG_CERTID_IN_RP 187
# define CMP_R_WRONG_PBM_VALUE 155
# define CMP_R_WRONG_RP_COMPONENT_COUNT 188
diff --git a/include/openssl/crmf.h.in b/include/openssl/crmf.h.in
index 73d4a0f1f0..beb73d7bf0 100644
--- a/include/openssl/crmf.h.in
+++ b/include/openssl/crmf.h.in
@@ -89,8 +89,12 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
/* crmf_lib.c */
int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *tok);
+ASN1_UTF8STRING
+*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *auth);
+ASN1_UTF8STRING
+*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
int
OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
OSSL_CRMF_SINGLEPUBINFO *spi);
@@ -106,17 +110,27 @@ int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi
int action);
int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
+OSSL_CRMF_PKIPUBLICATIONINFO
+*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
const X509_PUBKEY *pubkey);
+X509_PUBKEY
+*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_CERTID *cid);
+OSSL_CRMF_CERTID
+*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
const ASN1_INTEGER *serial);
int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
const ASN1_UTF8STRING *utf8pairs);
+ASN1_UTF8STRING
+*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
const OSSL_CRMF_CERTREQUEST *cr);
+OSSL_CRMF_CERTREQUEST
+*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
ASN1_TIME *notBefore, ASN1_TIME *notAfter);
@@ -137,13 +151,18 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
int rid, int acceptRAVerified,
OSSL_LIB_CTX *libctx, const char *propq);
OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-ASN1_INTEGER
+const ASN1_INTEGER
*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
+*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+X509_EXTENSIONS
+*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
-ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
EVP_PKEY *pubkey,
const X509_NAME *subject,
diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c
index 9f20d27ac9..e270bb924b 100644
--- a/test/cmp_server_test.c
+++ b/test/cmp_server_test.c
@@ -94,7 +94,7 @@ static int execute_test_handle_request(CMP_SRV_TEST_FIXTURE *fixture)
goto end;
if (!TEST_ptr(rsp = OSSL_CMP_CTX_server_perform(client_ctx, fixture->req))
- || !TEST_int_eq(ossl_cmp_msg_get_bodytype(rsp),
+ || !TEST_int_eq(OSSL_CMP_MSG_get_bodytype(rsp),
OSSL_CMP_PKIBODY_ERROR)
|| !TEST_ptr(errorContent = rsp->body->value.error)
|| !TEST_int_eq(ASN1_INTEGER_get(errorContent->errorCode),
diff --git a/test/recipes/80-test_cmp_http_data/test_enrollment.csv b/test/recipes/80-test_cmp_http_data/test_enrollment.csv
index db44b46d27..358521de28 100644
--- a/test/recipes/80-test_cmp_http_data/test_enrollment.csv
+++ b/test/recipes/80-test_cmp_http_data/test_enrollment.csv
@@ -47,7 +47,7 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val,
1,sans 2 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_two_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
1,sans 1 uri, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,https://www.sample.com,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_uri.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
1,san_nodefault, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4, -san_nodefault,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_nodefault.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,san default, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_default.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,
+1,san default via oldcert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_default.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
1,popo SIGNATURE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,1,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
0,popo RAVERIFIED, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,0,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
@@ -105,5 +105,6 @@ TODO,p10cr wrong csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:
0,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur3.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
0,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur4.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
0,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+0,kur wrong oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,root.crt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
0,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur7.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
0,kur without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur8.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 73e84ff08e..c7862c568d 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4502,16 +4502,23 @@ OSSL_CRMF_MSGS_new ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSGS_it ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_pbmp_new ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_pbm_new ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get0_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get0_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set_PKIPublicationInfo_action ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get0_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTID_gen ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get0_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get0_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set1_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set0_validity ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_set_certReqId ? 3_0_0 EXIST::FUNCTION:CRMF
@@ -4522,7 +4529,9 @@ OSSL_CRMF_MSG_create_popo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSGS_verify_popo ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_get0_tmpl ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTTEMPLATE_get0_subject ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTTEMPLATE_get0_issuer ? 3_0_0 EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTTEMPLATE_get0_extensions ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_CERTTEMPLATE_fill ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_PARAM_locate ? 3_0_0 EXIST::FUNCTION:
@@ -4846,6 +4855,7 @@ i2d_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION:
RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION:
OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_get_bodytype ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_setup_CRM ? 3_0_0 EXIST::FUNCTION:CMP
BIO_f_prefix ? 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list