Changeset View
Changeset View
Standalone View
Standalone View
crypto/cmp/cmp_vfy.c
/* | /* | ||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. | * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. | ||||
* Copyright Nokia 2007-2020 | * Copyright Nokia 2007-2020 | ||||
* Copyright Siemens AG 2015-2020 | * Copyright Siemens AG 2015-2020 | ||||
* | * | ||||
Context not available. | |||||
* verify that the newly enrolled certificate (which assumed rid == | * verify that the newly enrolled certificate (which assumed rid == | ||||
* OSSL_CMP_CERTREQID) can also be validated with the same trusted store | * OSSL_CMP_CERTREQID) can also be validated with the same trusted store | ||||
*/ | */ | ||||
EVP_PKEY *pkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); | |||||
OSSL_CMP_CERTRESPONSE *crep = | OSSL_CMP_CERTRESPONSE *crep = | ||||
ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, | ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, | ||||
OSSL_CMP_CERTREQID); | OSSL_CMP_CERTREQID); | ||||
X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey); | X509 *newcrt = ossl_cmp_certresponse_get1_cert(ctx, crep); | ||||
/* | /* | ||||
* maybe better use get_cert_status() from cmp_client.c, which catches | * maybe better use get_cert_status() from cmp_client.c, which catches | ||||
* errors | * errors | ||||
Context not available. | |||||
return 0; | return 0; | ||||
} | } | ||||
/*- | /*- | ||||
* Check received message (i.e., response by server or request from client) | * Check received message (i.e., response by server or request from client) | ||||
* Any msg->extraCerts are prepended to ctx->untrusted. | * Any msg->extraCerts are prepended to ctx->untrusted. | ||||
Context not available. | |||||
#endif | #endif | ||||
} | } | ||||
/* if not yet present, learn transactionID */ | |||||
if (ctx->transactionID == NULL | |||||
&& !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID)) | |||||
return 0; | |||||
/* | /* | ||||
* RFC 4210 section 5.1.1 states: the recipNonce is copied from | * RFC 4210 section 5.1.1 states: the recipNonce is copied from | ||||
* the senderNonce of the previous message in the transaction. | * the senderNonce of the previous message in the transaction. | ||||
Context not available. | |||||
if (!ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce)) | if (!ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce)) | ||||
return 0; | return 0; | ||||
/* if not yet present, learn transactionID */ | |||||
if (ctx->transactionID == NULL | |||||
&& !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID)) | |||||
return -1; | |||||
/* | /* | ||||
* Store any provided extraCerts in ctx for future use, | * Store any provided extraCerts in ctx for future use, | ||||
* such that they are available to ctx->certConf_cb and | * such that they are available to ctx->certConf_cb and | ||||
Context not available. | |||||
/* this allows self-signed certs */ | /* this allows self-signed certs */ | ||||
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP | X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP | ||||
| X509_ADD_FLAG_PREPEND)) | | X509_ADD_FLAG_PREPEND)) | ||||
return -1; | return 0; | ||||
if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) { | if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) { | ||||
/* | /* | ||||
Context not available. |