Lines Matching refs:msg
26 const OSSL_CMP_MSG *msg, X509 *cert) in verify_signature() argument
33 if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL)) in verify_signature()
52 prot_part.header = msg->header; in verify_signature()
53 prot_part.body = msg->body; in verify_signature()
56 msg->header->protectionAlg, msg->protection, in verify_signature()
78 static int verify_PBMAC(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) in verify_PBMAC() argument
84 if ((protection = ossl_cmp_calc_protection(ctx, msg)) == NULL) in verify_PBMAC()
87 valid = msg->protection != NULL && msg->protection->length >= 0 in verify_PBMAC()
88 && msg->protection->type == protection->type in verify_PBMAC()
89 && msg->protection->length == protection->length in verify_PBMAC()
90 && CRYPTO_memcmp(msg->protection->data, protection->data, in verify_PBMAC()
248 const OSSL_CMP_MSG *msg) in cert_acceptable() argument
289 "sender field", msg->header->sender->d.directoryName)) in cert_acceptable()
292 if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID)) in cert_acceptable()
299 if (!verify_signature(ctx, msg, cert)) { in cert_acceptable()
327 const OSSL_CMP_MSG *msg, X509 *scrt) in check_cert_path_3gpp() argument
336 || !ossl_cmp_X509_STORE_add1_certs(store, msg->extraCerts, in check_cert_path_3gpp()
351 ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, in check_cert_path_3gpp()
369 const OSSL_CMP_MSG *msg) in check_msg_given_cert() argument
372 cert, NULL, NULL, msg) in check_msg_given_cert()
374 || check_cert_path_3gpp(ctx, msg, cert)); in check_msg_given_cert()
386 const OSSL_CMP_MSG *msg, int mode_3gpp) in check_msg_with_certs() argument
403 already_checked1, already_checked2, msg)) in check_msg_with_certs()
406 if (mode_3gpp ? check_cert_path_3gpp(ctx, msg, cert) in check_msg_with_certs()
422 static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, in check_msg_all_certs() argument
428 && OSSL_CMP_MSG_get_bodytype(msg) == OSSL_CMP_PKIBODY_IP) in check_msg_all_certs()
435 if (check_msg_with_certs(ctx, msg->extraCerts, "extraCerts", in check_msg_all_certs()
436 NULL, NULL, msg, mode_3gpp)) in check_msg_all_certs()
439 msg->extraCerts, NULL, msg, mode_3gpp)) in check_msg_all_certs()
451 msg->extraCerts, ctx->untrusted, in check_msg_all_certs()
452 msg, mode_3gpp); in check_msg_all_certs()
462 static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) in check_msg_find_cert() argument
465 GENERAL_NAME *sender = msg->header->sender; in check_msg_find_cert()
468 const ASN1_OCTET_STRING *skid = msg->header->senderKID; in check_msg_find_cert()
472 if (sender == NULL || msg->body == NULL) in check_msg_find_cert()
492 if (check_msg_given_cert(ctx, scrt, msg)) { in check_msg_find_cert()
502 (void)check_msg_given_cert(ctx, scrt, msg); in check_msg_find_cert()
505 res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */) in check_msg_find_cert()
506 || check_msg_all_certs(ctx, msg, 1 /* 3gpp */); in check_msg_find_cert()
527 (void)check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */); in check_msg_find_cert()
528 (void)check_msg_all_certs(ctx, msg, 1 /* 3gpp */); in check_msg_find_cert()
563 int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) in OSSL_CMP_validate_msg() argument
568 if (ctx == NULL || msg == NULL in OSSL_CMP_validate_msg()
569 || msg->header == NULL || msg->body == NULL) { in OSSL_CMP_validate_msg()
574 if (msg->header->protectionAlg == NULL /* unprotected message */ in OSSL_CMP_validate_msg()
575 || msg->protection == NULL || msg->protection->data == NULL) { in OSSL_CMP_validate_msg()
580 switch (ossl_cmp_hdr_get_protection_nid(msg->header)) { in OSSL_CMP_validate_msg()
588 if (verify_PBMAC(ctx, msg)) { in OSSL_CMP_validate_msg()
595 switch (OSSL_CMP_MSG_get_bodytype(msg)) { in OSSL_CMP_validate_msg()
603 STACK_OF(X509) *certs = msg->body->value.ip->caPubs; in OSSL_CMP_validate_msg()
640 if (check_msg_find_cert(ctx, msg)) { in OSSL_CMP_validate_msg()
647 if (verify_signature(ctx, msg, scrt)) { in OSSL_CMP_validate_msg()
703 int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, in ossl_cmp_msg_check_update() argument
710 if (!ossl_assert(ctx != NULL && msg != NULL && msg->header != NULL)) in ossl_cmp_msg_check_update()
712 hdr = OSSL_CMP_MSG_get0_header(msg); in ossl_cmp_msg_check_update()
743 num_added = sk_X509_num(msg->extraCerts); in ossl_cmp_msg_check_update()
757 res = ossl_x509_add_certs_new(&ctx->untrusted, msg->extraCerts, in ossl_cmp_msg_check_update()
770 res = OSSL_CMP_validate_msg(ctx, msg) in ossl_cmp_msg_check_update()
772 || (cb != NULL && (*cb)(ctx, msg, 1, cb_arg) > 0); in ossl_cmp_msg_check_update()
775 res = cb != NULL && (*cb)(ctx, msg, 0, cb_arg) > 0; in ossl_cmp_msg_check_update()
802 if (OSSL_CMP_MSG_get_bodytype(msg) < 0) { in ossl_cmp_msg_check_update()
824 || OSSL_CMP_MSG_get_bodytype(msg) == OSSL_CMP_PKIBODY_POLLREP in ossl_cmp_msg_check_update()
855 switch (OSSL_CMP_MSG_get_bodytype(msg)) { in ossl_cmp_msg_check_update()
861 STACK_OF(X509) *certs = msg->body->value.ip->caPubs; in ossl_cmp_msg_check_update()
877 const OSSL_CMP_MSG *msg, int acceptRAVerified) in ossl_cmp_verify_popo() argument
879 if (!ossl_assert(msg != NULL && msg->body != NULL)) in ossl_cmp_verify_popo()
881 switch (msg->body->type) { in ossl_cmp_verify_popo()
884 X509_REQ *req = msg->body->value.p10cr; in ossl_cmp_verify_popo()
898 if (!OSSL_CRMF_MSGS_verify_popo(msg->body->value.ir, OSSL_CMP_CERTREQID, in ossl_cmp_verify_popo()
