64 assert(
isWritePtr( encDataPtrPtr,
sizeof(
void * ) ) );
65 assert(
isWritePtr( encDataLength,
sizeof(
int ) ) );
67 REQUIRES( minLength >= 32 && minLength < maxLength && \
71 *encDataPtrPtr = NULL;
75 status = readBitStringHole( stream, &length, minLength,
81 status = sMemGetDataBlock( stream, &dataPtr, length );
83 status = sSkip( stream, length );
86 *encDataPtrPtr = dataPtr;
95 OUT_BUFFER( outDataMaxLength, *outDataLength ) \
118 readSequence( stream, NULL );
120 readUniversal( stream );
121 status = readContextAlgoID( stream, &iSessionKey, &queryInfo,
124 status = readEncryptedDataInfo( stream, &encKeyPtr, &encKeyLength,
130 "Invalid encrypted certificate CEK information" ) );
133 readUniversal( stream );
135 readUniversal( stream );
136 status = readEncryptedDataInfo( stream, &encCertPtr, &encCertLength,
150 ( queryInfo.
size % blockSize ) != 0 )
158 "Invalid encrypted certificate data" ) );
163 NULL, 0, iSessionKey, iImportContext );
172 "Couldn't decrypt encrypted certificate CEK" ) );
179 encCertPtr, encCertLength );
185 "Couldn't decrypt returned encrypted certificate using "
188 return( attributeCopyParams( outData, outDataMaxLength, outDataLength,
189 encCertPtr, encCertLength ) );
205 } EXT_ERROR_MAP_INFO;
207 static const EXT_ERROR_MAP_INFO extErrorMapTbl[] = {
209 "Certificate request DN differs from PKI user DN" },
211 "Certificate request contains an empty DN" },
213 "Certificate request subjectAltName conflicts with PKI user "
216 "Certificate request DN is missing a CommonName" },
218 "Certificate request CommonName differs from PKI user CommonName" },
227 const EXT_ERROR_MAP_INFO *extErrorInfoPtr = NULL;
248 "Information in certificate request can't be reconciled "
249 "with our information for the user (no further problem "
250 "details are available)" ) );
260 if( extErrorMapTbl[ i ].errorLocus == errorLocus && \
261 extErrorMapTbl[ i ].errorType == errorType )
263 extErrorInfoPtr = &extErrorMapTbl[ i ];
268 if( extErrorInfoPtr == NULL )
274 "Information in certificate request can't be reconciled "
275 "with our information for the user, error type %d, error "
276 "locus %d", errorType, errorLocus ) );
286 "%s", extErrorInfoPtr->errorString ) );
290 #define reportExtendedCertErrorInfo( sessionInfoPtr, errorStatus ) \
291 return( errorStatus );
316 CMP_INFO *cmpInfo = sessionInfoPtr->sessionCMP;
330 status = importCertFromStream( stream,
331 &sessionInfoPtr->iCertRequest,
371 "CRMF request is for a signing key but the request "
374 protocolInfo->cryptOnlyKey =
TRUE;
383 sessionInfoPtr->iAuthInContext,
389 CRYPT_IATTRIBUTE_AUTHCERTID );
418 CRYPT_IATTRIBUTE_PKIUSERINFO );
425 return( reportExtendedCertErrorInfo( sessionInfoPtr, status ) );
469 if( peekTag( stream ) ==
MAKE_CTAG( 1 ) )
471 status = readUniversal( stream );
480 readSequence( stream, NULL );
481 return( readPkiStatusInfo( stream,
isServer( sessionInfoPtr ),
482 &sessionInfoPtr->errorInfo ) );
487 readSequence( stream, NULL );
488 readSequence( stream, NULL );
489 readUniversal( stream );
490 status = readPkiStatusInfo( stream,
isServer( sessionInfoPtr ),
491 &sessionInfoPtr->errorInfo );
494 readSequence( stream, NULL );
495 tag = peekTag( stream );
499 status = readConstructed( stream, &bodyLength, tag );
501 status = sMemGetDataBlock( stream, &bodyInfoPtr, bodyLength );
517 status = readEncryptedCert( stream, sessionInfoPtr->privateKey,
524 status = envelopeUnwrap( bodyInfoPtr, bodyLength,
525 bodyInfoPtr, bodyLength, &bodyLength,
526 sessionInfoPtr->privateKey );
533 "Couldn't decrypt CMS enveloped certificate" ) );
540 "Unknown returned certificate encapsulation type %d",
556 "Invalid returned certificate" ) );
558 sessionInfoPtr->iCertResponse = createInfo.
cryptHandle;
569 CRYPT_IATTRIBUTE_CERTHASHALGO );
574 "Couldn't extract confirmation hash type from returned "
585 "Can't confirm certificate issue using hash algorithm %d",
588 protocolInfo->confHashAlgo =
value;
612 static const MAP_TABLE hashMapTable[] = {
636 if( messageLength <= 0 )
643 readSequence( stream, NULL );
650 "Invalid certificate confirmation" ) );
656 status = mapValue( protocolInfo->confHashAlgo, &compareMessageValue,
663 compareMessageValue );
671 "Returned certificate hash doesn't match issued "
706 readSequence( stream, NULL );
713 "Invalid genMsg type, expected PKIBoot request" ) );
724 status = importCertFromStream( stream, &sessionInfoPtr->iCertResponse,
726 CRYPT_ICERTTYPE_CTL, messageLength );
750 ERROR_INFO *errorInfo = &sessionInfoPtr->errorInfo;
751 const char *peerTypeString =
isServer( sessionInfoPtr ) ? \
764 status = readPkiStatusInfo( stream,
isServer( sessionInfoPtr ),
765 &sessionInfoPtr->errorInfo );
773 if( stell( stream ) < endPos && peekTag( stream ) ==
BER_INTEGER )
787 "%s returned nonspecific failure code %d",
788 peerTypeString, errorCode ) );
791 if( stell( stream ) < endPos && peekTag( stream ) ==
BER_SEQUENCE )
792 status = readUniversal( stream );
800 "%s returned nonspecific failure code", peerTypeString ) );
811 const READMESSAGE_FUNCTION
function;
813 static const MESSAGEREAD_INFO
FAR_BSS messageReadTable[] = {
845 if( messageReadTable[ i ].
type == messageType )
846 return( messageReadTable[ i ].
function );