Lines Matching refs:msg
18 const OSSL_CMP_MSG *msg, X509 *cert) in verify_signature() argument
25 if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL)) in verify_signature()
44 prot_part.header = msg->header; in verify_signature()
45 prot_part.body = msg->body; in verify_signature()
48 msg->header->protectionAlg, msg->protection, in verify_signature()
70 static int verify_PBMAC(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) in verify_PBMAC() argument
76 if ((protection = ossl_cmp_calc_protection(ctx, msg)) == NULL) in verify_PBMAC()
79 valid = msg->protection != NULL && msg->protection->length >= 0 in verify_PBMAC()
80 && msg->protection->type == protection->type in verify_PBMAC()
81 && msg->protection->length == protection->length in verify_PBMAC()
82 && CRYPTO_memcmp(msg->protection->data, protection->data, in verify_PBMAC()
240 const OSSL_CMP_MSG *msg) in cert_acceptable() argument
281 "sender field", msg->header->sender->d.directoryName)) in cert_acceptable()
284 if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID)) in cert_acceptable()
291 if (!verify_signature(ctx, msg, cert)) { in cert_acceptable()
319 const OSSL_CMP_MSG *msg, X509 *scrt) in check_cert_path_3gpp() argument
328 || !ossl_cmp_X509_STORE_add1_certs(store, msg->extraCerts, in check_cert_path_3gpp()
343 ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, in check_cert_path_3gpp()
361 const OSSL_CMP_MSG *msg) in check_msg_given_cert() argument
364 cert, NULL, NULL, msg) in check_msg_given_cert()
366 || check_cert_path_3gpp(ctx, msg, cert)); in check_msg_given_cert()
378 const OSSL_CMP_MSG *msg, int mode_3gpp) in check_msg_with_certs() argument
395 already_checked1, already_checked2, msg)) in check_msg_with_certs()
398 if (mode_3gpp ? check_cert_path_3gpp(ctx, msg, cert) in check_msg_with_certs()
414 static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, in check_msg_all_certs() argument
420 && OSSL_CMP_MSG_get_bodytype(msg) == OSSL_CMP_PKIBODY_IP) in check_msg_all_certs()
427 if (check_msg_with_certs(ctx, msg->extraCerts, "extraCerts", in check_msg_all_certs()
428 NULL, NULL, msg, mode_3gpp)) in check_msg_all_certs()
431 msg->extraCerts, NULL, msg, mode_3gpp)) in check_msg_all_certs()
443 msg->extraCerts, ctx->untrusted, in check_msg_all_certs()
444 msg, mode_3gpp); in check_msg_all_certs()
454 static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) in check_msg_find_cert() argument
457 GENERAL_NAME *sender = msg->header->sender; in check_msg_find_cert()
460 const ASN1_OCTET_STRING *skid = msg->header->senderKID; in check_msg_find_cert()
464 if (sender == NULL || msg->body == NULL) in check_msg_find_cert()
484 if (check_msg_given_cert(ctx, scrt, msg)) { in check_msg_find_cert()
494 (void)check_msg_given_cert(ctx, scrt, msg); in check_msg_find_cert()
497 res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */) in check_msg_find_cert()
498 || check_msg_all_certs(ctx, msg, 1 /* 3gpp */); in check_msg_find_cert()
519 (void)check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */); in check_msg_find_cert()
520 (void)check_msg_all_certs(ctx, msg, 1 /* 3gpp */); in check_msg_find_cert()
555 int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) in OSSL_CMP_validate_msg() argument
560 if (ctx == NULL || msg == NULL in OSSL_CMP_validate_msg()
561 || msg->header == NULL || msg->body == NULL) { in OSSL_CMP_validate_msg()
566 if (msg->header->protectionAlg == NULL /* unprotected message */ in OSSL_CMP_validate_msg()
567 || msg->protection == NULL || msg->protection->data == NULL) { in OSSL_CMP_validate_msg()
572 switch (ossl_cmp_hdr_get_protection_nid(msg->header)) { in OSSL_CMP_validate_msg()
580 if (verify_PBMAC(ctx, msg)) { in OSSL_CMP_validate_msg()
587 switch (OSSL_CMP_MSG_get_bodytype(msg)) { in OSSL_CMP_validate_msg()
595 STACK_OF(X509) *certs = msg->body->value.ip->caPubs; in OSSL_CMP_validate_msg()
632 if (check_msg_find_cert(ctx, msg)) { in OSSL_CMP_validate_msg()
639 if (verify_signature(ctx, msg, scrt)) { in OSSL_CMP_validate_msg()
695 int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, in ossl_cmp_msg_check_update() argument
702 if (!ossl_assert(ctx != NULL && msg != NULL && msg->header != NULL)) in ossl_cmp_msg_check_update()
704 hdr = OSSL_CMP_MSG_get0_header(msg); in ossl_cmp_msg_check_update()
735 num_added = sk_X509_num(msg->extraCerts); in ossl_cmp_msg_check_update()
749 res = ossl_x509_add_certs_new(&ctx->untrusted, msg->extraCerts, in ossl_cmp_msg_check_update()
762 res = OSSL_CMP_validate_msg(ctx, msg) in ossl_cmp_msg_check_update()
764 || (cb != NULL && (*cb)(ctx, msg, 1, cb_arg) > 0); in ossl_cmp_msg_check_update()
767 res = cb != NULL && (*cb)(ctx, msg, 0, cb_arg) > 0; in ossl_cmp_msg_check_update()
794 if (OSSL_CMP_MSG_get_bodytype(msg) < 0) { in ossl_cmp_msg_check_update()
816 || OSSL_CMP_MSG_get_bodytype(msg) == OSSL_CMP_PKIBODY_POLLREP in ossl_cmp_msg_check_update()
847 switch (OSSL_CMP_MSG_get_bodytype(msg)) { in ossl_cmp_msg_check_update()
853 STACK_OF(X509) *certs = msg->body->value.ip->caPubs; in ossl_cmp_msg_check_update()
869 const OSSL_CMP_MSG *msg, int acceptRAVerified) in ossl_cmp_verify_popo() argument
871 if (!ossl_assert(msg != NULL && msg->body != NULL)) in ossl_cmp_verify_popo()
873 switch (msg->body->type) { in ossl_cmp_verify_popo()
876 X509_REQ *req = msg->body->value.p10cr; in ossl_cmp_verify_popo()
890 if (!OSSL_CRMF_MSGS_verify_popo(msg->body->value.ir, OSSL_CMP_CERTREQID, in ossl_cmp_verify_popo()