summaryrefslogtreecommitdiff
path: root/crypto/cmp/cmp_ctx.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/cmp/cmp_ctx.c')
-rw-r--r--crypto/cmp/cmp_ctx.c208
1 files changed, 105 insertions, 103 deletions
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index 9d9bd357daf7..c018f779cf0e 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -71,12 +71,12 @@ int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
return 0;
}
if (!ossl_x509_add_certs_new(&untrusted, certs,
- X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
+ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto err;
sk_X509_pop_free(ctx->untrusted, X509_free);
ctx->untrusted = untrusted;
return 1;
- err:
+err:
sk_X509_pop_free(untrusted, X509_free);
return 0;
}
@@ -135,9 +135,9 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
/* all other elements are initialized to 0 or NULL, respectively */
return ctx;
- oom:
+oom:
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
- err:
+err:
OSSL_CMP_CTX_free(ctx);
return NULL;
}
@@ -273,7 +273,7 @@ OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx)
}
int ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx,
- OSSL_CMP_PKIFREETEXT *text)
+ OSSL_CMP_PKIFREETEXT *text)
{
if (!ossl_assert(ctx != NULL))
return 0;
@@ -332,7 +332,7 @@ void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx)
#ifndef OPENSSL_NO_TRACE
static size_t ossl_cmp_log_trace_cb(const char *buf, size_t cnt,
- int category, int cmd, void *vdata)
+ int category, int cmd, void *vdata)
{
OSSL_CMP_CTX *ctx = vdata;
const char *msg;
@@ -352,11 +352,11 @@ static size_t ossl_cmp_log_trace_cb(const char *buf, size_t cnt,
goto end; /* suppress output since severity is not sufficient */
if (!ctx->log_cb(func != NULL ? func : "(no func)",
- file != NULL ? file : "(no file)",
- line, level, msg))
+ file != NULL ? file : "(no file)",
+ line, level, msg))
cnt = 0;
- end:
+end:
OPENSSL_free(func);
OPENSSL_free(file);
return cnt;
@@ -365,8 +365,8 @@ static size_t ossl_cmp_log_trace_cb(const char *buf, size_t cnt,
/* Print CMP log messages (i.e., diagnostic info) via the log cb of the ctx */
int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx,
- const char *func, const char *file, int line,
- const char *level_str, const char *format, ...)
+ const char *func, const char *file, int line,
+ const char *level_str, const char *format, ...)
{
va_list args;
char hugebuf[1024 * 2];
@@ -392,17 +392,19 @@ int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx,
#ifndef OPENSSL_NO_TRACE
if (OSSL_TRACE_ENABLED(CMP)) {
- OSSL_TRACE_BEGIN(CMP) {
- int printed =
- BIO_snprintf(hugebuf, sizeof(hugebuf),
- "%s:%s:%d:" OSSL_CMP_LOG_PREFIX "%s: ",
- func, file, line, level_str);
+ OSSL_TRACE_BEGIN(CMP)
+ {
+ int printed = BIO_snprintf(hugebuf, sizeof(hugebuf),
+ "%s:%s:%d:" OSSL_CMP_LOG_PREFIX "%s: ",
+ func, file, line, level_str);
if (printed > 0 && (size_t)printed < sizeof(hugebuf)) {
if (BIO_vsnprintf(hugebuf + printed,
- sizeof(hugebuf) - printed, format, args) > 0)
+ sizeof(hugebuf) - printed, format, args)
+ > 0)
res = BIO_puts(trc_out, hugebuf) > 0;
}
- } OSSL_TRACE_END(CMP);
+ }
+ OSSL_TRACE_END(CMP);
}
#else /* compensate for disabled trace API */
{
@@ -426,7 +428,7 @@ int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb)
#ifndef OPENSSL_NO_TRACE
/* do also in case cb == NULL, to switch off logging output: */
if (!OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_CMP,
- ossl_cmp_log_trace_cb, ctx))
+ ossl_cmp_log_trace_cb, ctx))
return 0;
#endif
@@ -446,19 +448,19 @@ void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx)
* (i.e., the user name) when using PBMAC.
*/
int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
- const unsigned char *ref, int len)
+ const unsigned char *ref, int len)
{
if (ctx == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->referenceValue, ref,
- len);
+ len);
}
/* Set or clear the password to be used for protecting messages with PBMAC */
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
- const unsigned char *sec, int len)
+ const unsigned char *sec, int len)
{
ASN1_OCTET_STRING *secretValue = NULL;
if (ctx == NULL) {
@@ -496,8 +498,7 @@ int ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain)
sk_X509_pop_free(ctx->newChain, X509_free);
ctx->newChain = NULL;
- return newChain == NULL ||
- (ctx->newChain = X509_chain_up_ref(newChain)) != NULL;
+ return newChain == NULL || (ctx->newChain = X509_chain_up_ref(newChain)) != NULL;
}
/* Returns the stack of extraCerts received in CertRepMessage, NULL on error */
@@ -515,7 +516,7 @@ STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx)
* of the OSSL_CMP_CTX structure so that they may be retrieved later.
*/
int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx,
- STACK_OF(X509) *extraCertsIn)
+ STACK_OF(X509) *extraCertsIn)
{
if (!ossl_assert(ctx != NULL))
return 0;
@@ -531,7 +532,7 @@ int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx,
* certificates to send out in the extraCerts field.
*/
int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
- STACK_OF(X509) *extraCertsOut)
+ STACK_OF(X509) *extraCertsOut)
{
if (ctx == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
@@ -556,7 +557,7 @@ int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo)
}
if (ctx->policies == NULL
- && (ctx->policies = CERTIFICATEPOLICIES_new()) == NULL)
+ && (ctx->policies = CERTIFICATEPOLICIES_new()) == NULL)
return 0;
return sk_POLICYINFO_push(ctx->policies, pinfo);
@@ -623,44 +624,44 @@ int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs)
#define char_dup OPENSSL_strdup
#define char_free OPENSSL_free
-#define DEFINE_OSSL_CMP_CTX_set1(FIELD, TYPE) /* this uses _dup */ \
-int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \
-{ \
- TYPE *val_dup = NULL; \
- \
- if (ctx == NULL) { \
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
- return 0; \
- } \
- \
- if (val != NULL && (val_dup = TYPE##_dup(val)) == NULL) \
- return 0; \
- TYPE##_free(ctx->FIELD); \
- ctx->FIELD = val_dup; \
- return 1; \
-}
+#define DEFINE_OSSL_CMP_CTX_set1(FIELD, TYPE) /* this uses _dup */ \
+ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \
+ { \
+ TYPE *val_dup = NULL; \
+ \
+ if (ctx == NULL) { \
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
+ return 0; \
+ } \
+ \
+ if (val != NULL && (val_dup = TYPE##_dup(val)) == NULL) \
+ return 0; \
+ TYPE##_free(ctx->FIELD); \
+ ctx->FIELD = val_dup; \
+ return 1; \
+ }
#define X509_invalid(cert) (!ossl_x509v3_cache_extensions(cert))
#define EVP_PKEY_invalid(key) 0
-#define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \
-int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
-{ \
- if (ctx == NULL) { \
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
- return 0; \
- } \
- \
- /* prevent misleading error later on malformed cert or provider issue */ \
- if (val != NULL && TYPE##_invalid(val)) { \
- ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); \
- return 0; \
- } \
- if (val != NULL && !TYPE##_up_ref(val)) \
- return 0; \
- TYPE##_free(ctx->FIELD); \
- ctx->FIELD = val; \
- return 1; \
-}
+#define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \
+ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
+ { \
+ if (ctx == NULL) { \
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
+ return 0; \
+ } \
+ \
+ /* prevent misleading error later on malformed cert or provider issue */ \
+ if (val != NULL && TYPE##_invalid(val)) { \
+ ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); \
+ return 0; \
+ } \
+ if (val != NULL && !TYPE##_up_ref(val)) \
+ return 0; \
+ TYPE##_free(ctx->FIELD); \
+ ctx->FIELD = val; \
+ return 1; \
+ }
/*
* Pins the server certificate to be directly trusted (even if it is expired)
@@ -669,23 +670,23 @@ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
*/
DEFINE_OSSL_CMP_CTX_set1_up_ref(srvCert, X509)
-/* Set the X509 name of the recipient to be placed in the PKIHeader */
-DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME)
+ /* Set the X509 name of the recipient to be placed in the PKIHeader */
+ DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME)
-/* Store the X509 name of the expected sender in the PKIHeader of responses */
-DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME)
+ /* Store the X509 name of the expected sender in the PKIHeader of responses */
+ DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME)
-/* Set the X509 name of the issuer to be placed in the certTemplate */
-DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME)
+ /* Set the X509 name of the issuer to be placed in the certTemplate */
+ DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME)
-/*
- * Set the subject name that will be placed in the certificate
- * request. This will be the subject name on the received certificate.
- */
-DEFINE_OSSL_CMP_CTX_set1(subjectName, X509_NAME)
+ /*
+ * Set the subject name that will be placed in the certificate
+ * request. This will be the subject name on the received certificate.
+ */
+ DEFINE_OSSL_CMP_CTX_set1(subjectName, X509_NAME)
-/* Set the X.509v3 certificate request extensions to be used in IR/CR/KUR */
-int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts)
+ /* Set the X.509v3 certificate request extensions to be used in IR/CR/KUR */
+ int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts)
{
if (ctx == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
@@ -693,7 +694,7 @@ int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts)
}
if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 && exts != NULL
- && X509v3_get_ext_by_NID(exts, NID_subject_alt_name, -1) >= 0) {
+ && X509v3_get_ext_by_NID(exts, NID_subject_alt_name, -1) >= 0) {
ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES);
return 0;
}
@@ -712,7 +713,8 @@ int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx)
/* if one of the following conditions 'fail' this is not an error */
return ctx->reqExtensions != NULL
&& X509v3_get_ext_by_NID(ctx->reqExtensions,
- NID_subject_alt_name, -1) >= 0;
+ NID_subject_alt_name, -1)
+ >= 0;
}
/*
@@ -720,7 +722,7 @@ int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx)
* request's extensions field to request subject alternative names.
*/
int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
- const GENERAL_NAME *name)
+ const GENERAL_NAME *name)
{
GENERAL_NAME *name_dup;
@@ -735,7 +737,7 @@ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
}
if (ctx->subjectAltNames == NULL
- && (ctx->subjectAltNames = sk_GENERAL_NAME_new_null()) == NULL)
+ && (ctx->subjectAltNames = sk_GENERAL_NAME_new_null()) == NULL)
return 0;
if ((name_dup = GENERAL_NAME_dup(name)) == NULL)
return 0;
@@ -752,8 +754,8 @@ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
*/
DEFINE_OSSL_CMP_CTX_set1_up_ref(cert, X509)
-int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
- STACK_OF(X509) *candidates)
+ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
+ STACK_OF(X509) *candidates)
{
STACK_OF(X509) *chain;
@@ -763,12 +765,12 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
}
if (!ossl_x509_add_certs_new(&ctx->untrusted, candidates,
- X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
+ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
return 0;
ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert");
chain = X509_build_chain(ctx->cert, ctx->untrusted, own_trusted, 0,
- ctx->libctx, ctx->propq);
+ ctx->libctx, ctx->propq);
if (chain == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_FAILED_BUILDING_OWN_CHAIN);
return 0;
@@ -786,14 +788,14 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
*/
DEFINE_OSSL_CMP_CTX_set1_up_ref(oldCert, X509)
-/* Set the PKCS#10 CSR to be sent in P10CR */
-DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ)
+ /* Set the PKCS#10 CSR to be sent in P10CR */
+ DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ)
-/*
- * Set the (newly received in IP/KUP/CP) certificate in the context.
- * This only permits for one cert to be enrolled at a time.
- */
-int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert)
+ /*
+ * Set the (newly received in IP/KUP/CP) certificate in the context.
+ * This only permits for one cert to be enrolled at a time.
+ */
+ int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert)
{
if (!ossl_assert(ctx != NULL))
return 0;
@@ -819,8 +821,8 @@ X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx)
/* Set the client's current private key */
DEFINE_OSSL_CMP_CTX_set1_up_ref(pkey, EVP_PKEY)
-/* Set new key pair. Used e.g. when doing Key Update */
-int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey)
+ /* Set new key pair. Used e.g. when doing Key Update */
+ int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey)
{
if (ctx == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
@@ -866,7 +868,7 @@ EVP_PKEY *ossl_cmp_ctx_get0_newPubkey(const OSSL_CMP_CTX *ctx)
/* Set the given transactionID to the context */
int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
- const ASN1_OCTET_STRING *id)
+ const ASN1_OCTET_STRING *id)
{
if (ctx == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
@@ -877,7 +879,7 @@ int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
/* Set the nonce to be used for the recipNonce in the message created next */
int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx,
- const ASN1_OCTET_STRING *nonce)
+ const ASN1_OCTET_STRING *nonce)
{
if (!ossl_assert(ctx != NULL))
return 0;
@@ -886,7 +888,7 @@ int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx,
/* Stores the given nonce as the last senderNonce sent out */
int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
- const ASN1_OCTET_STRING *nonce)
+ const ASN1_OCTET_STRING *nonce)
{
if (ctx == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
@@ -898,14 +900,14 @@ int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
/* Set the proxy server to use for HTTP(S) connections */
DEFINE_OSSL_CMP_CTX_set1(proxy, char)
-/* Set the (HTTP) host name of the CMP server */
-DEFINE_OSSL_CMP_CTX_set1(server, char)
+ /* Set the (HTTP) host name of the CMP server */
+ DEFINE_OSSL_CMP_CTX_set1(server, char)
-/* Set the server exclusion list of the HTTP proxy server */
-DEFINE_OSSL_CMP_CTX_set1(no_proxy, char)
+ /* Set the server exclusion list of the HTTP proxy server */
+ DEFINE_OSSL_CMP_CTX_set1(no_proxy, char)
-/* Set the http connect/disconnect callback function to be used for HTTP(S) */
-int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb)
+ /* Set the http connect/disconnect callback function to be used for HTTP(S) */
+ int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb)
{
if (ctx == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
@@ -988,8 +990,8 @@ int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port)
/* Set the HTTP path to be used on the server (e.g "pkix/") */
DEFINE_OSSL_CMP_CTX_set1(serverPath, char)
-/* Set the failInfo error code as bit encoding in OSSL_CMP_CTX */
-int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info)
+ /* Set the failInfo error code as bit encoding in OSSL_CMP_CTX */
+ int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info)
{
if (!ossl_assert(ctx != NULL))
return 0;
generated by cgit v1.3 (git 2.53.0) at 2026-04-18 12:03:56 +0000