Browse Source

Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq()

Fixes #12395

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12431)
master
Dr. David von Oheimb 2 years ago
parent
commit
299e0f1eae
22 changed files with 140 additions and 125 deletions
  1. +15
    -30
      crypto/cmp/cmp_client.c
  2. +3
    -5
      crypto/cmp/cmp_err.c
  3. +3
    -3
      crypto/cmp/cmp_local.h
  4. +20
    -13
      crypto/cmp/cmp_msg.c
  5. +1
    -1
      crypto/cmp/cmp_server.c
  6. +1
    -1
      crypto/crmf/crmf_asn.c
  7. +2
    -4
      crypto/err/openssl.txt
  8. +8
    -8
      doc/internal/man3/ossl_cmp_certreq_new.pod
  9. +1
    -1
      doc/internal/man3/ossl_cmp_msg_create.pod
  10. +1
    -1
      doc/internal/man3/ossl_cmp_pkisi_get_status.pod
  11. +3
    -2
      doc/man3/OSSL_CMP_CTX_new.pod
  12. +30
    -15
      doc/man3/OSSL_CMP_exec_certreq.pod
  13. +1
    -1
      doc/man3/OSSL_CMP_validate_msg.pod
  14. +1
    -0
      doc/man3/X509_dup.pod
  15. +1
    -1
      fuzz/cmp.c
  16. +16
    -9
      include/openssl/cmp.h
  17. +2
    -4
      include/openssl/cmperr.h
  18. +1
    -0
      include/openssl/crmf.h
  19. +20
    -18
      test/cmp_client_test.c
  20. +4
    -4
      test/cmp_msg_test.c
  21. +2
    -4
      util/libcrypto.num
  22. +4
    -0
      util/other.syms

+ 15
- 30
crypto/cmp/cmp_client.c View File

@ -630,7 +630,8 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
return ret;
}
int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter)
int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
const OSSL_CRMF_MSG *crm, int *checkAfter)
{
OSSL_CMP_MSG *req = NULL;
OSSL_CMP_MSG *rep = NULL;
@ -652,7 +653,7 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter)
if (ctx->total_timeout > 0) /* else ctx->end_time is not used */
ctx->end_time = time(NULL) + ctx->total_timeout;
req = ossl_cmp_certReq_new(ctx, req_type, 0 /* req_err */);
req = ossl_cmp_certreq_new(ctx, req_type, crm);
if (req == NULL) /* also checks if all necessary options are set */
return 0;
@ -685,18 +686,26 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter)
* TODO: another function to request two certificates at once should be created.
* Returns pointer to received certificate, or NULL if none was received.
*/
static X509 *do_certreq_seq(OSSL_CMP_CTX *ctx, int req_type, int req_err,
int rep_type)
X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
const OSSL_CRMF_MSG *crm)
{
OSSL_CMP_MSG *req = NULL;
OSSL_CMP_MSG *rep = NULL;
int rid = (req_type == OSSL_CMP_PKIBODY_P10CR) ? -1 : OSSL_CMP_CERTREQID;
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
X509 *result = NULL;
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return NULL;
}
if (is_p10 && crm != NULL) {
CMPerr(0, CMP_R_INVALID_ARGS);
return NULL;
}
ctx->status = -1;
if (!ossl_cmp_ctx_set0_newCert(ctx, NULL))
return NULL;
@ -705,7 +714,7 @@ static X509 *do_certreq_seq(OSSL_CMP_CTX *ctx, int req_type, int req_err,
ctx->end_time = time(NULL) + ctx->total_timeout;
/* OSSL_CMP_certreq_new() also checks if all necessary options are set */
if ((req = ossl_cmp_certReq_new(ctx, req_type, req_err)) == NULL)
if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL)
goto err;
if (!send_receive_check(ctx, req, &rep, rep_type))
@ -722,30 +731,6 @@ static X509 *do_certreq_seq(OSSL_CMP_CTX *ctx, int req_type, int req_err,
return result;
}
X509 *OSSL_CMP_exec_IR_ses(OSSL_CMP_CTX *ctx)
{
return do_certreq_seq(ctx, OSSL_CMP_PKIBODY_IR,
CMP_R_ERROR_CREATING_IR, OSSL_CMP_PKIBODY_IP);
}
X509 *OSSL_CMP_exec_CR_ses(OSSL_CMP_CTX *ctx)
{
return do_certreq_seq(ctx, OSSL_CMP_PKIBODY_CR,
CMP_R_ERROR_CREATING_CR, OSSL_CMP_PKIBODY_CP);
}
X509 *OSSL_CMP_exec_KUR_ses(OSSL_CMP_CTX *ctx)
{
return do_certreq_seq(ctx, OSSL_CMP_PKIBODY_KUR,
CMP_R_ERROR_CREATING_KUR, OSSL_CMP_PKIBODY_KUP);
}
X509 *OSSL_CMP_exec_P10CR_ses(OSSL_CMP_CTX *ctx)
{
return do_certreq_seq(ctx, OSSL_CMP_PKIBODY_P10CR,
CMP_R_ERROR_CREATING_P10CR, OSSL_CMP_PKIBODY_CP);
}
X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
{
OSSL_CMP_MSG *rr = NULL;


+ 3
- 5
crypto/cmp/cmp_err.c View File

@ -45,17 +45,14 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
"error creating certconf"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREP),
"error creating certrep"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CR), "error creating cr"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREQ),
"error creating certreq"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_ERROR),
"error creating error"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENM),
"error creating genm"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENP),
"error creating genp"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_IR), "error creating ir"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_KUR), "error creating kur"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_P10CR),
"error creating p10cr"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_PKICONF),
"error creating pkiconf"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_POLLREP),
@ -90,6 +87,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
"missing key input for creating protection"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE),
"missing key usage digitalsignature"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_P10CSR), "missing p10csr"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY),
"missing private key"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"},


+ 3
- 3
crypto/cmp/cmp_local.h View File

@ -855,9 +855,9 @@ const char *ossl_cmp_bodytype_to_string(int type);
int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type);
int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg);
OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype);
OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int bodytype,
int err_code);
OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype,
OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype,
const OSSL_CRMF_MSG *crm);
OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype,
int certReqId, OSSL_CMP_PKISI *si,
X509 *cert, STACK_OF(X509) *chain,
STACK_OF(X509) *caPubs, int encrypted,


+ 20
- 13
crypto/cmp/cmp_msg.c View File

@ -128,7 +128,7 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype)
case OSSL_CMP_PKIBODY_P10CR:
if (ctx->p10CSR == NULL) {
CMPerr(0, CMP_R_ERROR_CREATING_P10CR);
CMPerr(0, CMP_R_MISSING_P10CSR);
goto err;
}
if ((msg->body->value.p10cr = X509_REQ_dup(ctx->p10CSR)) == NULL)
@ -321,10 +321,11 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
return crm;
}
OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int type, int err_code)
OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
const OSSL_CRMF_MSG *crm)
{
OSSL_CMP_MSG *msg;
OSSL_CRMF_MSG *crm = NULL;
OSSL_CRMF_MSG *local_crm = NULL;
if (!ossl_assert(ctx != NULL))
return NULL;
@ -353,13 +354,20 @@ OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int type, int err_code)
CMPerr(0, CMP_R_MISSING_PRIVATE_KEY);
goto err;
}
if ((crm = crm_new(ctx, type, OSSL_CMP_CERTREQID)) == NULL
|| !OSSL_CRMF_MSG_create_popo(crm, privkey, ctx->digest,
ctx->popoMethod)
/* value.ir is same for cr and kur */
|| !sk_OSSL_CRMF_MSG_push(msg->body->value.ir, crm))
if (crm == NULL) {
if ((local_crm = crm_new(ctx, type, OSSL_CMP_CERTREQID)) == NULL
|| !OSSL_CRMF_MSG_create_popo(local_crm, privkey, ctx->digest,
ctx->popoMethod))
goto err;
} else {
if ((local_crm = OSSL_CRMF_MSG_dup(crm)) == NULL)
goto err;
}
/* value.ir is same for cr and kur */
if (!sk_OSSL_CRMF_MSG_push(msg->body->value.ir, local_crm))
goto err;
crm = NULL;
local_crm = NULL;
/* TODO: here optional 2nd certreqmsg could be pushed to the stack */
}
@ -369,14 +377,13 @@ OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int type, int err_code)
return msg;
err:
if (err_code != 0)
CMPerr(0, err_code);
OSSL_CRMF_MSG_free(crm);
CMPerr(0, CMP_R_ERROR_CREATING_CERTREQ);
OSSL_CRMF_MSG_free(local_crm);
OSSL_CMP_MSG_free(msg);
return NULL;
}
OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype,
OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype,
int certReqId, OSSL_CMP_PKISI *si,
X509 *cert, STACK_OF(X509) *chain,
STACK_OF(X509) *caPubs, int encrypted,


+ 1
- 1
crypto/cmp/cmp_server.c View File

@ -230,7 +230,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
goto err;
}
msg = ossl_cmp_certRep_new(srv_ctx->ctx, bodytype, certReqId, si,
msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si,
certOut, chainOut, caPubs, 0 /* encrypted */,
srv_ctx->sendUnprotectedErrors);
/*


+ 1
- 1
crypto/crmf/crmf_asn.c View File

@ -230,7 +230,7 @@ ASN1_SEQUENCE(OSSL_CRMF_MSG) = {
OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
} ASN1_SEQUENCE_END(OSSL_CRMF_MSG)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,


+ 2
- 4
crypto/err/openssl.txt View File

@ -2098,13 +2098,10 @@ CMP_R_ENCOUNTERED_WAITING:162:encountered waiting
CMP_R_ERROR_CALCULATING_PROTECTION:115:error calculating protection
CMP_R_ERROR_CREATING_CERTCONF:116:error creating certconf
CMP_R_ERROR_CREATING_CERTREP:117:error creating certrep
CMP_R_ERROR_CREATING_CR:163:error creating cr
CMP_R_ERROR_CREATING_CERTREQ:163:error creating certreq
CMP_R_ERROR_CREATING_ERROR:118:error creating error
CMP_R_ERROR_CREATING_GENM:119:error creating genm
CMP_R_ERROR_CREATING_GENP:120:error creating genp
CMP_R_ERROR_CREATING_IR:164:error creating ir
CMP_R_ERROR_CREATING_KUR:165:error creating kur
CMP_R_ERROR_CREATING_P10CR:121:error creating p10cr
CMP_R_ERROR_CREATING_PKICONF:122:error creating pkiconf
CMP_R_ERROR_CREATING_POLLREP:123:error creating pollrep
CMP_R_ERROR_CREATING_POLLREQ:124:error creating pollreq
@ -2125,6 +2122,7 @@ CMP_R_INVALID_OPTION:174:invalid option
CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\
missing key input for creating protection
CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature
CMP_R_MISSING_P10CSR:121:missing p10csr
CMP_R_MISSING_PRIVATE_KEY:131:missing private key
CMP_R_MISSING_PROTECTION:143:missing protection
CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert


doc/internal/man3/ossl_cmp_certReq_new.pod → doc/internal/man3/ossl_cmp_certreq_new.pod View File


+ 1
- 1
doc/internal/man3/ossl_cmp_msg_create.pod View File

@ -62,7 +62,7 @@ See the individual functions above.
=head1 SEE ALSO
L<OSSL_CMP_CTX_new(3)>, L<OSSL_CMP_exec_IR_ses(3)>
L<OSSL_CMP_CTX_new(3)>, L<OSSL_CMP_exec_certreq(3)>
=head1 HISTORY


+ 1
- 1
doc/internal/man3/ossl_cmp_pkisi_get_status.pod View File

@ -74,7 +74,7 @@ See the individual functions above.
=head1 SEE ALSO
L<OSSL_CMP_CTX_new(3)>, L<ossl_cmp_certReq_new(3)>
L<OSSL_CMP_CTX_new(3)>, L<ossl_cmp_certreq_new(3)>
=head1 HISTORY


+ 3
- 2
doc/man3/OSSL_CMP_CTX_new.pod View File

@ -682,8 +682,9 @@ the id-it-signKeyPairTypes OID and prints info on the General Response contents:
=head1 SEE ALSO
L<OSSL_CMP_exec_IR_ses(3)>, L<OSSL_CMP_exec_KUR_ses(3)>,
L<OSSL_CMP_exec_GENM_ses(3)>
L<OSSL_CMP_exec_IR_ses(3)>, L<OSSL_CMP_exec_CR_ses(3)>,
L<OSSL_CMP_exec_KUR_ses(3)>, L<OSSL_CMP_exec_GENM_ses(3)>,
L<OSSL_CMP_exec_certreq(3)>
=head1 HISTORY


doc/man3/OSSL_CMP_exec_IR_ses.pod → doc/man3/OSSL_CMP_exec_certreq.pod View File


+ 1
- 1
doc/man3/OSSL_CMP_validate_msg.pod View File

@ -61,7 +61,7 @@ return 1 on success, 0 on error or validation failed.
=head1 SEE ALSO
L<OSSL_CMP_CTX_new(3)>, L<OSSL_CMP_exec_IR_ses(3)>
L<OSSL_CMP_CTX_new(3)>, L<OSSL_CMP_exec_certreq(3)>
=head1 HISTORY


+ 1
- 0
doc/man3/X509_dup.pod View File

@ -152,6 +152,7 @@ OSSL_CRMF_ENCRYPTEDVALUE_new,
OSSL_CRMF_MSGS_free,
OSSL_CRMF_MSGS_it,
OSSL_CRMF_MSGS_new,
OSSL_CRMF_MSG_dup,
OSSL_CRMF_MSG_free,
OSSL_CRMF_MSG_it,
OSSL_CRMF_MSG_new,


+ 1
- 1
fuzz/cmp.c View File

@ -84,7 +84,7 @@ static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
break;
case OSSL_CMP_PKIBODY_POLLREP:
ctx->status = OSSL_CMP_PKISTATUS_waiting;
(void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL);
(void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL, NULL);
break;
case OSSL_CMP_PKIBODY_RP:
(void)OSSL_CMP_exec_RR_ses(ctx);


+ 16
- 9
include/openssl/cmp.h View File

@ -417,15 +417,22 @@ int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
int val);
/* from cmp_client.c */
X509 *OSSL_CMP_exec_IR_ses(OSSL_CMP_CTX *ctx);
X509 *OSSL_CMP_exec_CR_ses(OSSL_CMP_CTX *ctx);
X509 *OSSL_CMP_exec_P10CR_ses(OSSL_CMP_CTX *ctx);
X509 *OSSL_CMP_exec_KUR_ses(OSSL_CMP_CTX *ctx);
# define OSSL_CMP_IR OSSL_CMP_PKIBODY_IR
# define OSSL_CMP_CR OSSL_CMP_PKIBODY_CR
# define OSSL_CMP_P10CR OSSL_CMP_PKIBODY_P10CR
# define OSSL_CMP_KUR OSSL_CMP_PKIBODY_KUR
int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter);
X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
const OSSL_CRMF_MSG *crm);
# define OSSL_CMP_IR 0
# define OSSL_CMP_CR 2
# define OSSL_CMP_P10CR 4
# define OSSL_CMP_KUR 7
# define OSSL_CMP_exec_IR_ses(ctx) \
OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
# define OSSL_CMP_exec_CR_ses(ctx) \
OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
# define OSSL_CMP_exec_P10CR_ses(ctx) \
OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
# define OSSL_CMP_exec_KUR_ses(ctx) \
OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
const OSSL_CRMF_MSG *crm, int *checkAfter);
int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
const char **text);
X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);


+ 2
- 4
include/openssl/cmperr.h View File

@ -51,13 +51,10 @@ int ERR_load_CMP_strings(void);
# define CMP_R_ERROR_CALCULATING_PROTECTION 115
# define CMP_R_ERROR_CREATING_CERTCONF 116
# define CMP_R_ERROR_CREATING_CERTREP 117
# define CMP_R_ERROR_CREATING_CR 163
# define CMP_R_ERROR_CREATING_CERTREQ 163
# define CMP_R_ERROR_CREATING_ERROR 118
# define CMP_R_ERROR_CREATING_GENM 119
# define CMP_R_ERROR_CREATING_GENP 120
# define CMP_R_ERROR_CREATING_IR 164
# define CMP_R_ERROR_CREATING_KUR 165
# define CMP_R_ERROR_CREATING_P10CR 121
# define CMP_R_ERROR_CREATING_PKICONF 122
# define CMP_R_ERROR_CREATING_POLLREP 123
# define CMP_R_ERROR_CREATING_POLLREQ 124
@ -77,6 +74,7 @@ int ERR_load_CMP_strings(void);
# define CMP_R_INVALID_OPTION 174
# define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130
# define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142
# define CMP_R_MISSING_P10CSR 121
# define CMP_R_MISSING_PRIVATE_KEY 131
# define CMP_R_MISSING_PROTECTION 143
# define CMP_R_MISSING_REFERENCE_CERT 168


+ 1
- 0
include/openssl/crmf.h View File

@ -43,6 +43,7 @@ typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_MSG)
typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;


+ 20
- 18
test/cmp_client_test.c View File

@ -28,8 +28,8 @@ typedef struct test_fixture {
const char *test_case_name;
OSSL_CMP_CTX *cmp_ctx;
OSSL_CMP_SRV_CTX *srv_ctx;
int req_type;
int expected;
X509 *(*exec_cert_ses_cb) (OSSL_CMP_CTX *);
STACK_OF(X509) *caPubs;
} CMP_SES_TEST_FIXTURE;
@ -81,7 +81,7 @@ static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name)
|| !OSSL_CMP_CTX_set1_srvCert(ctx, server_cert)
|| !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref)))
goto err;
fixture->exec_cert_ses_cb = NULL;
fixture->req_type = -1;
return fixture;
err:
@ -107,13 +107,13 @@ static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture)
static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture)
{
X509 *res;
X509 *res = OSSL_CMP_exec_certreq(fixture->cmp_ctx,
fixture->req_type, NULL);
if (fixture->expected == 0)
return TEST_ptr_null(fixture->exec_cert_ses_cb(fixture->cmp_ctx));
return TEST_ptr_null(res);
if (!TEST_ptr(res = fixture->exec_cert_ses_cb(fixture->cmp_ctx))
|| !TEST_int_eq(X509_cmp(res, client_cert), 0))
if (!TEST_ptr(res) || !TEST_int_eq(X509_cmp(res, client_cert), 0))
return 0;
/* TODO: check that cerfConf has been exchanged unless implicitConfirm */
if (fixture->caPubs != NULL) {
@ -150,7 +150,7 @@ static int test_exec_RR_ses_receive_error(void)
static int test_exec_IR_ses(void)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->exec_cert_ses_cb = OSSL_CMP_exec_IR_ses;
fixture->req_type = OSSL_CMP_IR;
fixture->expected = 1;
fixture->caPubs = sk_X509_new_null();
sk_X509_push(fixture->caPubs, server_cert);
@ -164,7 +164,7 @@ static const int checkAfter = 1;
static int test_exec_IR_ses_poll(void)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->exec_cert_ses_cb = OSSL_CMP_exec_IR_ses;
fixture->req_type = OSSL_CMP_IR;
fixture->expected = 1;
ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 2);
ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter);
@ -179,7 +179,7 @@ static int test_exec_IR_ses_poll_timeout(void)
const int tout = pollCount * checkAfter;
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->exec_cert_ses_cb = OSSL_CMP_exec_IR_ses;
fixture->req_type = OSSL_CMP_IR;
fixture->expected = 0;
ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, pollCount + 1);
ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter);
@ -192,7 +192,7 @@ static int test_exec_IR_ses_poll_timeout(void)
static int test_exec_CR_ses(void)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->exec_cert_ses_cb = OSSL_CMP_exec_CR_ses;
fixture->req_type = OSSL_CMP_CR;
fixture->expected = 1;
EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
return result;
@ -201,7 +201,7 @@ static int test_exec_CR_ses(void)
static int test_exec_CR_ses_implicit_confirm(void)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->exec_cert_ses_cb = OSSL_CMP_exec_CR_ses;
fixture->req_type = OSSL_CMP_CR;
fixture->expected = 1;
OSSL_CMP_CTX_set_option(fixture->cmp_ctx,
OSSL_CMP_OPT_IMPLICIT_CONFIRM, 1);
@ -213,7 +213,7 @@ static int test_exec_CR_ses_implicit_confirm(void)
static int test_exec_KUR_ses(void)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->exec_cert_ses_cb = OSSL_CMP_exec_KUR_ses;
fixture->req_type = OSSL_CMP_KUR;
fixture->expected = 1;
EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
return result;
@ -224,7 +224,7 @@ static int test_exec_P10CR_ses(void)
X509_REQ *req = NULL;
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->exec_cert_ses_cb = OSSL_CMP_exec_P10CR_ses;
fixture->req_type = OSSL_CMP_P10CR;
fixture->expected = 1;
if (!TEST_ptr(req = load_csr(pkcs10_f))
|| !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) {
@ -245,13 +245,14 @@ static int execute_try_certreq_poll_test(CMP_SES_TEST_FIXTURE *fixture)
ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3);
ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER);
return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, &check_after))
return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after))
&& check_after == CHECK_AFTER
&& TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL)
&& TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, &check_after))
&& TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after))
&& check_after == CHECK_AFTER
&& TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL)
&& TEST_int_eq(fixture->expected, OSSL_CMP_try_certreq(ctx, TYPE, NULL))
&& TEST_int_eq(fixture->expected,
OSSL_CMP_try_certreq(ctx, TYPE, NULL, NULL))
&& TEST_int_eq(0,
X509_cmp(OSSL_CMP_CTX_get0_newCert(ctx), client_cert));
}
@ -273,10 +274,11 @@ static int execute_try_certreq_poll_abort_test(CMP_SES_TEST_FIXTURE *fixture)
ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3);
ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER);
return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, &check_after))
return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after))
&& check_after == CHECK_AFTER
&& TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL)
&& TEST_int_eq(fixture->expected, OSSL_CMP_try_certreq(ctx, -1, NULL))
&& TEST_int_eq(fixture->expected,
OSSL_CMP_try_certreq(ctx, -1, NULL, NULL))
&& TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(fixture->cmp_ctx), NULL);
}


+ 4
- 4
test/cmp_msg_test.c View File

@ -84,9 +84,9 @@ static X509 *cert = NULL;
*/
static int execute_certreq_create_test(CMP_MSG_TEST_FIXTURE *fixture)
{
EXECUTE_MSG_CREATION_TEST(ossl_cmp_certReq_new(fixture->cmp_ctx,
EXECUTE_MSG_CREATION_TEST(ossl_cmp_certreq_new(fixture->cmp_ctx,
fixture->bodytype,
fixture->err_code));
NULL));
}
static int execute_errormsg_create_test(CMP_MSG_TEST_FIXTURE *fixture)
@ -218,7 +218,7 @@ static int test_cmp_create_p10cr(void)
X509_REQ *p10cr = NULL;
fixture->bodytype = OSSL_CMP_PKIBODY_P10CR;
fixture->err_code = CMP_R_ERROR_CREATING_P10CR;
fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ;
fixture->expected = 1;
if (!TEST_ptr(p10cr = load_csr(pkcs10_f))
|| !TEST_true(set1_newPkey(ctx, newkey))
@ -235,7 +235,7 @@ static int test_cmp_create_p10cr_null(void)
{
SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
fixture->bodytype = OSSL_CMP_PKIBODY_P10CR;
fixture->err_code = CMP_R_ERROR_CREATING_P10CR;
fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ;
fixture->expected = 0;
if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) {
tear_down(fixture);


+ 2
- 4
util/libcrypto.num View File

@ -4498,6 +4498,7 @@ OSSL_CRMF_ENCRYPTEDVALUE_new ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_ENCRYPTEDVALUE_it ? 3_0_0 EXIST::FUNCTION:CRMF
d2i_OSSL_CRMF_MSG ? 3_0_0 EXIST::FUNCTION:CRMF
i2d_OSSL_CRMF_MSG ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_dup ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_free ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_new ? 3_0_0 EXIST::FUNCTION:CRMF
OSSL_CRMF_MSG_it ? 3_0_0 EXIST::FUNCTION:CRMF
@ -4985,10 +4986,7 @@ OSSL_CMP_SRV_CTX_set_send_unprotected_errors ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_SRV_CTX_set_accept_unprotected ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_SRV_CTX_set_accept_raverified ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_SRV_CTX_set_grant_implicit_confirm ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_IR_ses ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_CR_ses ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_P10CR_ses ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_KUR_ses ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_certreq ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_try_certreq ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_certConf_cb ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_exec_RR_ses ? 3_0_0 EXIST::FUNCTION:CMP


+ 4
- 0
util/other.syms View File

@ -368,6 +368,10 @@ OpenSSL_add_all_algorithms define deprecated 1.1.0
OpenSSL_add_all_ciphers define deprecated 1.1.0
OpenSSL_add_all_digests define deprecated 1.1.0
OpenSSL_add_ssl_algorithms define
OSSL_CMP_exec_IR_ses define
OSSL_CMP_exec_CR_ses define
OSSL_CMP_exec_P10CR_ses define
OSSL_CMP_exec_KUR_ses define
OSSL_CMP_CTX_set_log_verbosity define
OSSL_CMP_CR define
OSSL_CMP_IR define


Loading…
Cancel
Save