openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() 

Also update documentation and example code in openssl-cmp.pod.in

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
This commit is contained in:
Dr. David von Oheimb 2020-05-08 13:30:44 +02:00
parent 143be4748e
commit 63f1883dca
14 changed files with 90 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/cmp.c
View File

@ -1535,7 +1535,8 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *e)
if (opt_srv_cert != NULL) {
X509 *srv_cert = load_cert_pwd(opt_srv_cert, opt_srv_keypass,
"certificate of the server");
if (srv_cert == NULL || !OSSL_CMP_CTX_set1_clCert(ctx, srv_cert)) {
if (srv_cert == NULL || !OSSL_CMP_CTX_set1_cert(ctx, srv_cert)) {
X509_free(srv_cert);
goto err;
}
@ -1939,7 +1940,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *e)
}
if (opt_cert != NULL) {
X509 *clcert;
X509 *cert;
STACK_OF(X509) *certs = NULL;
int ok;
@ -1948,14 +1949,14 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *e)
/* opt_keypass is needed if opt_cert is an encrypted PKCS#12 file */
goto err;
clcert = sk_X509_delete(certs, 0);
if (clcert == NULL) {
cert = sk_X509_delete(certs, 0);
if (cert == NULL) {
CMP_err("no client certificate found");
sk_X509_pop_free(certs, X509_free);
goto err;
}
ok = OSSL_CMP_CTX_set1_clCert(ctx, clcert);
X509_free(clcert);
ok = OSSL_CMP_CTX_set1_cert(ctx, cert);
X509_free(cert);
if (ok) {
/* add any remaining certs to the list of untrusted certs */

6
crypto/cmp/cmp_ctx.c
View File

@ -164,7 +164,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
X509_STORE_free(ctx->trusted);
sk_X509_pop_free(ctx->untrusted_certs, X509_free);
X509_free(ctx->clCert);
X509_free(ctx->cert);
EVP_PKEY_free(ctx->pkey);
ASN1_OCTET_STRING_free(ctx->referenceValue);
if (ctx->secretValue != NULL)
@ -676,12 +676,12 @@ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
* Set our own client certificate, used for example in KUR and when
* doing the IR with existing certificate.
*/
DEFINE_OSSL_CMP_CTX_set1_up_ref(clCert, X509)
DEFINE_OSSL_CMP_CTX_set1_up_ref(cert, X509)
/*
* Set the old certificate that we are updating in KUR
* or the certificate to be revoked in RR, respectively.
* Also used as reference cert (defaulting to clCert) for deriving subject DN
* Also used as reference cert (defaulting to cert) for deriving subject DN
* and SANs. Its issuer is used as default recipient in the CMP message header.
*/
DEFINE_OSSL_CMP_CTX_set1_up_ref(oldCert, X509)

8
crypto/cmp/cmp_hdr.c
View File

@ -303,8 +303,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
* The sender name is copied from the subject of the client cert, if any,
* or else from the subject name provided for certification requests.
*/
sender = ctx->clCert != NULL ?
X509_get_subject_name(ctx->clCert) : ctx->subjectName;
sender = ctx->cert != NULL ?
X509_get_subject_name(ctx->cert) : ctx->subjectName;
if (!ossl_cmp_hdr_set1_sender(hdr, sender))
return 0;
@ -321,8 +321,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
rcp = ctx->issuer;
} else if (ctx->oldCert != NULL) {
rcp = X509_get_issuer_name(ctx->oldCert);
} else if (ctx->clCert != NULL) {
rcp = X509_get_issuer_name(ctx->clCert);
} else if (ctx->cert != NULL) {
rcp = X509_get_issuer_name(ctx->cert);
}
if (!ossl_cmp_hdr_set1_recipient(hdr, rcp))
return 0;

4
crypto/cmp/cmp_local.h
View File

@ -68,8 +68,8 @@ struct ossl_cmp_ctx_st {
/* client authentication */
int unprotectedSend; /* send unprotected PKI messages */
X509 *clCert; /* client cert used to identify and sign for MSG_SIG_ALG */
EVP_PKEY *pkey; /* the key pair corresponding to clCert */
X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */
EVP_PKEY *pkey; /* the key pair corresponding to cert */
ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */
ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */
/* PBMParameters for MSG_MAC_ALG */

2
crypto/cmp/cmp_msg.c
View File

@ -218,7 +218,7 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert,
static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
{
OSSL_CRMF_MSG *crm = NULL;
X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->clCert;
X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert;
/* refcert defaults to current client cert */
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0);
STACK_OF(GENERAL_NAME) *default_sans = NULL;

14
crypto/cmp/cmp_protect.c
View File

@ -145,14 +145,14 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
&& (msg->extraCerts = sk_X509_new_null()) == NULL)
return 0;
if (ctx->clCert != NULL && ctx->pkey != NULL) {
if (ctx->cert != NULL && ctx->pkey != NULL) {
/* make sure that our own cert is included in the first position */
if (!ossl_cmp_sk_X509_add1_cert(msg->extraCerts, ctx->clCert, 1, 1))
if (!ossl_cmp_sk_X509_add1_cert(msg->extraCerts, ctx->cert, 1, 1))
return 0;
/* if we have untrusted certs, try to add intermediate certs */
if (ctx->untrusted_certs != NULL) {
STACK_OF(X509) *chain =
ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->clCert);
ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->cert);
int res = ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain,
1 /* no self-issued */,
1 /* no duplicates */, 0);
@ -244,7 +244,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
&& !ossl_cmp_hdr_set1_senderKID(msg->header,
ctx->referenceValue))
goto err;
} else if (ctx->clCert != NULL && ctx->pkey != NULL) {
} else if (ctx->cert != NULL && ctx->pkey != NULL) {
/*
* use MSG_SIG_ALG according to 5.1.3.3 if client Certificate and
* private key is given
@ -254,7 +254,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
ASN1_OBJECT *alg = NULL;
/* make sure that key and certificate match */
if (!X509_check_private_key(ctx->clCert, ctx->pkey)) {
if (!X509_check_private_key(ctx->cert, ctx->pkey)) {
CMPerr(0, CMP_R_CERT_AND_KEY_DO_NOT_MATCH);
goto err;
}
@ -280,7 +280,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
* set senderKID to keyIdentifier of the used certificate according
* to section 5.1.1
*/
subjKeyIDStr = X509_get0_subject_key_id(ctx->clCert);
subjKeyIDStr = X509_get0_subject_key_id(ctx->cert);
if (subjKeyIDStr == NULL)
subjKeyIDStr = ctx->referenceValue; /* fallback */
if (subjKeyIDStr != NULL
@ -295,7 +295,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
goto err;
/*
* If present, add ctx->clCert followed by its chain as far as possible.
* If present, add ctx->cert followed by its chain as far as possible.
* Finally add any additional certificates from ctx->extraCertsOut;
* even if not needed to validate the protection
* the option to do this might be handy for certain use cases.

2
doc/internal/man3/ossl_cmp_msg_protect.pod
View File

@ -17,7 +17,7 @@ ossl_cmp_msg_add_extraCerts
ossl_cmp_msg_protect() (re-)protects the given message B<msg> using an algorithm
depending on the available context information given in the B<ctx>.
If there is a secretValue it selects PBMAC, else if there is a clCert
If there is a secretValue it selects PBMAC, else if there is a protection cert
it selects Signature and uses B<ossl_cmp_msg_add_extraCerts()>.
It also sets the protectionAlg field in the message header accordingly.

112
doc/man3/OSSL_CMP_CTX_new.pod
View File

@ -28,7 +28,7 @@ OSSL_CMP_CTX_set0_trustedStore,
OSSL_CMP_CTX_get0_trustedStore,
OSSL_CMP_CTX_set1_untrusted_certs,
OSSL_CMP_CTX_get0_untrusted_certs,
OSSL_CMP_CTX_set1_clCert,
OSSL_CMP_CTX_set1_cert,
OSSL_CMP_CTX_set1_pkey,
OSSL_CMP_CTX_set1_referenceValue,
OSSL_CMP_CTX_set1_secretValue,
@ -102,7 +102,7 @@ OSSL_CMP_CTX_set1_senderNonce
STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx);
/* client authentication: */
int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert);
int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
const unsigned char *ref, int len);
@ -411,18 +411,18 @@ The reference counts of those certificates handled successfully are increased.
OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the
list of untrusted certs, which may be empty if unset.
OSSL_CMP_CTX_set1_clCert() sets the client certificate in the given B<ctx>.
The public key of this B<clCert> must correspond to
OSSL_CMP_CTX_set1_cert() sets the certificate used for CMP message protection.
The public key of this B<cert> must correspond to
the private key set via B<OSSL_CMP_CTX_set1_pkey()>.
When using signature-based protection of CMP request messages
this "protection certificate" will be included first in the extraCerts field.
The subject of this B<clCert> will be used as the "sender" field
The subject of this B<cert> will be used as the "sender" field
of outgoing CMP messages, with the fallback being
the B<subjectName> set via B<OSSL_CMP_CTX_set1_subjectName()>.
The B<cert> argument may be NULL to clear the entry.
OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to
the client certificate B<clCert> set via B<OSSL_CMP_CTX_set1_clCert()>.
OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the
protecting certificate B<cert> set via B<OSSL_CMP_CTX_set1_cert()>.
This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG)
of outgoing messages
unless a PBM secret has been set via B<OSSL_CMP_CTX_set1_secretValue()>.
@ -438,11 +438,11 @@ PBM-based protection takes precedence over signature-based protection.
OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue B<ref> with
length B<len> in the given B<ctx> or clears it if the B<ref> argument is NULL.
According to RFC 4210 section 5.1.1, if no value for the "sender" field in
CMP message headers can be determined (i.e., no B<clCert> and no B<subjectName>
is given) then the "sender" field will contain the NULL-DN
CMP message headers can be determined (i.e., no protecting certificate B<cert>
and no B<subjectName> is given) then the "sender" field will contain the NULL-DN
and the senderKID field of the CMP message header must be set.
When signature-based protection is used the senderKID will be set to
the subjectKeyIdentifier of the <clCert> as far as present.
the subjectKeyIdentifier of the protecting B<cert> as far as present.
If not present or when PBM-based protection is used
the B<ref> value is taken as the fallback value for the senderKID.
@ -451,7 +451,7 @@ PKIHeader of a request message, i.e. the X509 name of the (CA) server.
Setting is overruled by subject of B<srvCert> if set.
If neither B<srvCert> nor recipient are set, the recipient of the PKI message is
determined in the following order: issuer, issuer of old cert (oldCert),
issuer of client cert (B<clCert>), else NULL-DN.
issuer of protecting certificate (B<cert>), else NULL-DN.
When a response is received, its sender must match the recipient of the request.
OSSL_CMP_CTX_push0_geninfo_ITAV() adds B<itav> to the stack in the B<ctx> to be
@ -481,7 +481,7 @@ the CertTemplate structure when requesting a new cert. For Key Update Requests
see B<OSSL_CMP_CTX_set1_oldCert()>. This default is used for Initialization
Requests (IR) and Certification Requests (CR) only if no SANs are set.
The B<subjectName> is also used as the "sender" field for outgoing CMP messages
if no B<clCert> has been set (e.g., in case requests are protected using PBM).
if no B<cert> has been set (e.g., in case requests are protected using PBM).
OSSL_CMP_CTX_push1_subjectAltName() adds the given X509 name to the list of
alternate names on the certificate template request. This cannot be used if
@ -507,7 +507,7 @@ to the X509_EXTENSIONS of the requested certificate template.
OSSL_CMP_CTX_set1_oldCert() sets the old certificate to be updated in
Key Update Requests (KUR) or to be revoked in Revocation Requests (RR).
It must be given for RR, else it defaults to B<clCert>.
It must be given for RR, else it defaults to the protecting B<cert>.
The B<reference certificate> determined in this way, if any, is also used for
deriving default subject DN and Subject Alternative Names for IR, CR, and KUR.
Its issuer, if any, is used as default recipient in the CMP message header.
@ -608,53 +608,57 @@ All other functions return 1 on success, 0 on error.
=head1 EXAMPLES
The following code does an Initialization Request:
The following code omits error handling.
cmp_ctx = OSSL_CMP_CTX_new();
OSSL_CMP_CTX_set1_server(cmp_ctx, address);
OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len);
OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len);
OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx);
The following code does an Initialization Request using an
external identity certificate (RFC 4210, Appendix E.7):
cmp_ctx = OSSL_CMP_CTX_new();
OSSL_CMP_CTX_set1_server(cmp_ctx, sname);
OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert);
OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey);
OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx);
Here externalCert is an X509 certificate granted to the EE by another CA
which is trusted by the current CA the code will connect to.
The following code does a Key Update Request:
cmp_ctx = OSSL_CMP_CTX_new();
OSSL_CMP_CTX_set1_server(cmp_ctx, url);
OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey);
OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert);
OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
updatedClCert = OSSL_CMP_exec_KUR_ses(cmp_ctx);
The following code (which omits error handling) sends a General Message
including, as an example, the id-it-signKeyPairTypes OID and prints info on
the General Response contents.
Set up a CMP client context for sending requests and verifying responses:
cmp_ctx = OSSL_CMP_CTX_new();
OSSL_CMP_CTX_set1_server(cmp_ctx, sname);
OSSL_CMP_CTX_set1_server(cmp_ctx, name_or_address);
OSSL_CMP_CTX_set1_serverPort(cmp_ctx, port_string);
OSSL_CMP_CTX_set1_serverPath(cmp_ctx, path_or_alias);
OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts);
Set up client credentials for password-based protection (PBM):
OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len);
OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len);
Set up the details for certificate requests:
OSSL_CMP_CTX_set1_subjectName(cmp_ctx, name);
OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, initialKey);
Perform an Initialization Request transaction:
initialCert = OSSL_CMP_exec_IR_ses(cmp_ctx);
Reset the transaction state of the CMP context and the credentials:
OSSL_CMP_CTX_reinit(cmp_ctx);
OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, NULL, 0);
OSSL_CMP_CTX_set1_secretValue(cmp_ctx, NULL, 0);
Perform a Certification Request transaction, making use of the new credentials:
OSSL_CMP_CTX_set1_cert(cmp_ctx, initialCert);
OSSL_CMP_CTX_set1_pkey(cmp_ctx, initialKey);
OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, curentKey);
currentCert = OSSL_CMP_exec_CR_ses(cmp_ctx);
Perform a Key Update Request, signed using the cert (and key) to be updated:
OSSL_CMP_CTX_reinit(cmp_ctx);
OSSL_CMP_CTX_set1_cert(cmp_ctx, currentCert);
OSSL_CMP_CTX_set1_pkey(cmp_ctx, currentKey);
OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, updatedKey);
currentCert = OSSL_CMP_exec_KUR_ses(cmp_ctx);
currentKey = updatedKey;
Perform a General Message transaction including, as an example,
the id-it-signKeyPairTypes OID and prints info on the General Response contents:
OSSL_CMP_CTX_reinit(cmp_ctx);
ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1);
OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL);
OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav);

2
include/openssl/cmp.h
View File

@ -294,7 +294,7 @@ X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx);
/* client authentication: */
int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert);
int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
const unsigned char *ref, int len);

2
test/cmp_client_test.c
View File

@ -67,7 +67,7 @@ static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name)
|| !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert)
|| (srv_cmp_ctx =
OSSL_CMP_SRV_CTX_get0_cmp_ctx(fixture->srv_ctx)) == NULL
|| !OSSL_CMP_CTX_set1_clCert(srv_cmp_ctx, server_cert)
|| !OSSL_CMP_CTX_set1_cert(srv_cmp_ctx, server_cert)
|| !OSSL_CMP_CTX_set1_pkey(srv_cmp_ctx, server_key))
goto err;
if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new())

4
test/cmp_ctx_test.c
View File

@ -746,7 +746,7 @@ DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore,
DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free)
DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted_certs)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, clCert, X509)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, cert, X509)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, pkey, EVP_PKEY)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, recipient, X509_NAME)
@ -829,7 +829,7 @@ int setup_tests(void)
ADD_TEST(test_CTX_set0_get0_trustedStore);
ADD_TEST(test_CTX_set1_get0_untrusted_certs);
/* client authentication: */
ADD_TEST(test_CTX_set1_get0_clCert);
ADD_TEST(test_CTX_set1_get0_cert);
ADD_TEST(test_CTX_set1_get0_pkey);
/* the following two also test ossl_cmp_asn1_octet_string_set1_bytes(): */
ADD_TEST(test_CTX_set1_get1_referenceValue_str);

2
test/cmp_msg_test.c
View File

@ -165,7 +165,7 @@ static int test_cmp_create_ir_protection_fails(void)
if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, newkey))
|| !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
/* newkey used by default for signing does not match cert: */
|| !TEST_true(OSSL_CMP_CTX_set1_clCert(fixture->cmp_ctx, cert))) {
|| !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
tear_down(fixture);
fixture = NULL;
}

2
test/cmp_protect_test.c
View File

@ -242,7 +242,7 @@ static int test_MSG_protect_with_certificate_and_key(void)
OSSL_CMP_MSG_dup(ir_unprotected))
|| !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
|| !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey))
|| !TEST_true(OSSL_CMP_CTX_set1_clCert(fixture->cmp_ctx, cert))) {
|| !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
tear_down(fixture);
fixture = NULL;
}

2
util/libcrypto.num
View File

@ -4771,7 +4771,7 @@ OSSL_CMP_CTX_set0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_get0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_get0_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_clCert ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_cert ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_pkey ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_referenceValue ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_secretValue ? 3_0_0 EXIST::FUNCTION:CMP