cmp_protect.c - OpenGrok cross reference for /third_party/openssl/crypto/cmp/cmp

Lines Matching refs:ctx
26  * using the credentials, library context, and property criteria in the ctx.
30 ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
39     if (!ossl_assert(ctx != NULL && msg != NULL))
62         if (ctx->secretValue == NULL) {
86         if (!OSSL_CRMF_pbm_new(ctx->libctx, ctx->propq,
88                                ctx->secretValue->data, ctx->secretValue->length,
110         if (ctx->pkey == NULL) {
124                               NULL, prot, &prot_part, NULL, ctx->pkey, md,
125                               ctx->libctx, ctx->propq))
132 /* ctx is not const just because ctx->chain may get adapted */
133 int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
135     if (!ossl_assert(ctx != NULL && msg != NULL))
138     /* Add first ctx->cert and its chain if using signature-based protection */
139     if (!ctx->unprotectedSend && ctx->secretValue == NULL
140             && ctx->cert != NULL && ctx->pkey != NULL) {
145         if (ctx->chain == NULL) {
146             ossl_cmp_debug(ctx,
148             ctx->chain = X509_build_chain(ctx->cert, ctx->untrusted, NULL, 0,
149                                           ctx->libctx, ctx->propq);
150             if (ctx->chain != NULL) {
151                 ossl_cmp_debug(ctx,
155                 OSSL_CMP_CTX_print_errors(ctx);
156                 ossl_cmp_warn(ctx,
160         if (ctx->chain != NULL) {
161             if (!ossl_x509_add_certs_new(&msg->extraCerts, ctx->chain, prepend))
165             if (!ossl_x509_add_cert_new(&msg->extraCerts, ctx->cert, prepend))
167             ossl_cmp_debug(ctx, "fallback: adding just own CMP signer cert");
171     /* add any additional certificates from ctx->extraCertsOut */
172     if (!ossl_x509_add_certs_new(&msg->extraCerts, ctx->extraCertsOut,
188 static int set_pbmac_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg)
195     if (!ossl_assert(ctx != NULL))
198     pbm = OSSL_CRMF_pbmp_new(ctx->libctx, ctx->pbm_slen,
199                              EVP_MD_get_type(ctx->pbm_owf), ctx->pbm_itercnt,
200                              ctx->pbm_mac);
226 static int set_sig_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg)
231     if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_get_type(ctx->digest),
232                                 EVP_PKEY_get_id(ctx->pkey))) {
247 static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg,
251         id = ctx->referenceValue; /* standard for PBM, fallback for sig-based */
255 /* ctx is not const just because ctx->chain may get adapted */
256 int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
258     if (!ossl_assert(ctx != NULL && msg != NULL))
269     if (ctx->unprotectedSend) {
270         if (!set_senderKID(ctx, msg, NULL))
272     } else if (ctx->secretValue != NULL) {
274         if (!set_pbmac_algor(ctx, &msg->header->protectionAlg))
276         if (!set_senderKID(ctx, msg, NULL))
280          * will add any additional certificates from ctx->extraCertsOut
284     } else if (ctx->cert != NULL && ctx->pkey != NULL) {
288         if (!X509_check_private_key(ctx->cert, ctx->pkey)) {
293         if (!set_sig_algor(ctx, &msg->header->protectionAlg))
296         if (!set_senderKID(ctx, msg, X509_get0_subject_key_id(ctx->cert)))
300          * will add ctx->cert followed, if possible, by its chain built
301          * from ctx->untrusted, and then ctx->extraCertsOut
308     if (!ctx->unprotectedSend
309             && ((msg->protection = ossl_cmp_calc_protection(ctx, msg)) == NULL))
313      * For signature-based protection add ctx->cert followed by its chain.
314      * Finally add any additional certificates from ctx->extraCertsOut;
318     if (!ossl_cmp_msg_add_extraCerts(ctx, msg))