aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/apps/lib/cmp_mock_srv.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/apps/lib/cmp_mock_srv.c')
-rw-r--r--crypto/openssl/apps/lib/cmp_mock_srv.c369
1 files changed, 199 insertions, 170 deletions
diff --git a/crypto/openssl/apps/lib/cmp_mock_srv.c b/crypto/openssl/apps/lib/cmp_mock_srv.c
index 73ab1eb5600e..cf21e8277887 100644
--- a/crypto/openssl/apps/lib/cmp_mock_srv.c
+++ b/crypto/openssl/apps/lib/cmp_mock_srv.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -10,6 +10,7 @@
#include "apps.h"
#include "cmp_mock_srv.h"
+#include "../../crypto/cmp/cmp_local.h" /* for access to msg->protection */
#include <openssl/cmp.h>
#include <openssl/err.h>
@@ -17,21 +18,22 @@
/* the context for the CMP mock server */
typedef struct {
- X509 *refCert; /* cert to expect for oldCertID in kur/rr msg */
- X509 *certOut; /* certificate to be returned in cp/ip/kup msg */
- EVP_PKEY *keyOut; /* Private key to be returned for central keygen */
- X509_CRL *crlOut; /* CRL to be returned in genp for crls */
- STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
+ X509 *refCert; /* cert to expect for oldCertID in kur/rr msg */
+ X509 *certOut; /* certificate to be returned in cp/ip/kup msg */
+ EVP_PKEY *keyOut; /* Private key to be returned for central keygen */
+ X509_CRL *crlOut; /* CRL to be returned in genp for crls */
+ STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
STACK_OF(X509) *caPubsOut; /* used in caPubs of ip and in caCerts of genp */
- X509 *newWithNew; /* to return in newWithNew of rootKeyUpdate */
- X509 *newWithOld; /* to return in newWithOld of rootKeyUpdate */
- X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */
+ X509 *newWithNew; /* to return in newWithNew of rootKeyUpdate */
+ X509 *newWithOld; /* to return in newWithOld of rootKeyUpdate */
+ X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
- int sendError; /* send error response on given request type */
- OSSL_CMP_MSG *req; /* original request message during polling */
- int pollCount; /* number of polls before actual cert response */
- int curr_pollCount; /* number of polls so far for current request */
- int checkAfterTime; /* time the client should wait between polling */
+ int sendError; /* send error response on given request type */
+ int useBadProtection; /* use bad protection on given response type */
+ OSSL_CMP_MSG *req; /* original request message during polling */
+ int pollCount; /* number of polls before actual cert response */
+ int curr_pollCount; /* number of polls so far for current request */
+ int checkAfterTime; /* time the client should wait between polling */
} mock_srv_ctx;
static void mock_srv_ctx_free(mock_srv_ctx *ctx)
@@ -59,30 +61,31 @@ static mock_srv_ctx *mock_srv_ctx_new(void)
goto err;
ctx->sendError = -1;
+ ctx->useBadProtection = -1;
/* all other elements are initialized to 0 or NULL, respectively */
return ctx;
- err:
+err:
mock_srv_ctx_free(ctx);
return NULL;
}
-#define DEFINE_OSSL_SET1_CERT(FIELD) \
- int ossl_cmp_mock_srv_set1_##FIELD(OSSL_CMP_SRV_CTX *srv_ctx, \
- X509 *cert) \
- { \
+#define DEFINE_OSSL_SET1_CERT(FIELD) \
+ int ossl_cmp_mock_srv_set1_##FIELD(OSSL_CMP_SRV_CTX *srv_ctx, \
+ X509 *cert) \
+ { \
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); \
- \
- if (ctx == NULL) { \
- ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
- return 0; \
- } \
- if (cert == NULL || X509_up_ref(cert)) { \
- X509_free(ctx->FIELD); \
- ctx->FIELD = cert; \
- return 1; \
- } \
- return 0; \
+ \
+ if (ctx == NULL) { \
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
+ return 0; \
+ } \
+ if (cert == NULL || X509_up_ref(cert)) { \
+ X509_free(ctx->FIELD); \
+ ctx->FIELD = cert; \
+ return 1; \
+ } \
+ return 0; \
}
DEFINE_OSSL_SET1_CERT(refCert)
@@ -104,7 +107,7 @@ int ossl_cmp_mock_srv_set1_keyOut(OSSL_CMP_SRV_CTX *srv_ctx, EVP_PKEY *pkey)
}
int ossl_cmp_mock_srv_set1_crlOut(OSSL_CMP_SRV_CTX *srv_ctx,
- X509_CRL *crl)
+ X509_CRL *crl)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -120,7 +123,7 @@ int ossl_cmp_mock_srv_set1_crlOut(OSSL_CMP_SRV_CTX *srv_ctx,
}
int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
- STACK_OF(X509) *chain)
+ STACK_OF(X509) *chain)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
STACK_OF(X509) *chain_copy = NULL;
@@ -137,7 +140,7 @@ int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
}
int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
- STACK_OF(X509) *caPubs)
+ STACK_OF(X509) *caPubs)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
STACK_OF(X509) *caPubs_copy = NULL;
@@ -158,7 +161,7 @@ DEFINE_OSSL_SET1_CERT(newWithOld)
DEFINE_OSSL_SET1_CERT(oldWithNew)
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
- int fail_info, const char *text)
+ int fail_info, const char *text)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
OSSL_CMP_PKISI *si;
@@ -187,6 +190,19 @@ int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
return 1;
}
+int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
+{
+ mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
+
+ if (ctx == NULL) {
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
+ return 0;
+ }
+ /* might check bodytype, but this would require exporting all body types */
+ ctx->useBadProtection = bodytype;
+ return 1;
+}
+
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -249,7 +265,7 @@ static int delayed_delivery(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req)
/* check for matching reference cert components, as far as given */
static int refcert_cmp(const X509 *refcert,
- const X509_NAME *issuer, const ASN1_INTEGER *serial)
+ const X509_NAME *issuer, const ASN1_INTEGER *serial)
{
const X509_NAME *ref_issuer;
const ASN1_INTEGER *ref_serial;
@@ -264,7 +280,7 @@ static int refcert_cmp(const X509 *refcert,
/* reset the state that belongs to a transaction */
static int clean_transaction(OSSL_CMP_SRV_CTX *srv_ctx,
- ossl_unused const ASN1_OCTET_STRING *id)
+ ossl_unused const ASN1_OCTET_STRING *id)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -280,13 +296,13 @@ static int clean_transaction(OSSL_CMP_SRV_CTX *srv_ctx,
}
static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *cert_req,
- ossl_unused int certReqId,
- const OSSL_CRMF_MSG *crm,
- const X509_REQ *p10cr,
- X509 **certOut,
- STACK_OF(X509) **chainOut,
- STACK_OF(X509) **caPubs)
+ const OSSL_CMP_MSG *cert_req,
+ ossl_unused int certReqId,
+ const OSSL_CRMF_MSG *crm,
+ const X509_REQ *p10cr,
+ X509 **certOut,
+ STACK_OF(X509) **chainOut,
+ STACK_OF(X509) **caPubs)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
int bodytype, central_keygen;
@@ -294,7 +310,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
EVP_PKEY *keyOut = NULL;
if (ctx == NULL || cert_req == NULL
- || certOut == NULL || chainOut == NULL || caPubs == NULL) {
+ || certOut == NULL || chainOut == NULL || caPubs == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
@@ -320,8 +336,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
/* accept cert profile for cr messages only with the configured name */
if (OSSL_CMP_MSG_get_bodytype(cert_req) == OSSL_CMP_CR) {
- STACK_OF(OSSL_CMP_ITAV) *itavs =
- OSSL_CMP_HDR_get0_geninfo_ITAVs(OSSL_CMP_MSG_get0_header(cert_req));
+ STACK_OF(OSSL_CMP_ITAV) *itavs = OSSL_CMP_HDR_get0_geninfo_ITAVs(OSSL_CMP_MSG_get0_header(cert_req));
int i;
for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
@@ -340,8 +355,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
}
str = sk_ASN1_UTF8STRING_value(strs, 0);
if (str == NULL
- || (data =
- (const char *)ASN1_STRING_get0_data(str)) == NULL) {
+ || (data = (const char *)ASN1_STRING_get0_data(str)) == NULL) {
ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
return NULL;
}
@@ -356,7 +370,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
/* accept cert update request only for the reference cert, if given */
if (bodytype == OSSL_CMP_KUR
- && crm != NULL /* thus not p10cr */ && ctx->refCert != NULL) {
+ && crm != NULL /* thus not p10cr */ && ctx->refCert != NULL) {
const OSSL_CRMF_CERTID *cid = OSSL_CRMF_MSG_get0_regCtrl_oldCertID(crm);
if (cid == NULL) {
@@ -364,15 +378,15 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
}
if (!refcert_cmp(ctx->refCert,
- OSSL_CRMF_CERTID_get0_issuer(cid),
- OSSL_CRMF_CERTID_get0_serialNumber(cid))) {
+ OSSL_CRMF_CERTID_get0_issuer(cid),
+ OSSL_CRMF_CERTID_get0_serialNumber(cid))) {
ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID);
return NULL;
}
}
if (ctx->certOut != NULL
- && (*certOut = X509_dup(ctx->certOut)) == NULL)
+ && (*certOut = X509_dup(ctx->certOut)) == NULL)
/* Should return a cert produced from request template, see FR #16054 */
goto err;
@@ -383,7 +397,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
&& (ctx->keyOut == NULL
|| (keyOut = EVP_PKEY_dup(ctx->keyOut)) == NULL
|| !OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx),
- 1 /* priv */, keyOut))) {
+ 1 /* priv */, keyOut))) {
EVP_PKEY_free(keyOut);
goto err;
}
@@ -393,17 +407,17 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
*/
if (ctx->chainOut != NULL
- && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL)
+ && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL)
goto err;
if (ctx->caPubsOut != NULL /* OSSL_CMP_PKIBODY_IP not visible here */
- && (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL)
+ && (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL)
goto err;
if (ctx->statusOut != NULL
- && (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL)
+ && (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL)
goto err;
return si;
- err:
+err:
X509_free(*certOut);
*certOut = NULL;
OSSL_STACK_OF_X509_free(*chainOut);
@@ -414,9 +428,9 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
}
static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *rr,
- const X509_NAME *issuer,
- const ASN1_INTEGER *serial)
+ const OSSL_CMP_MSG *rr,
+ const X509_NAME *issuer,
+ const ASN1_INTEGER *serial)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -425,7 +439,7 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
}
if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return NULL;
}
@@ -433,9 +447,9 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
/* allow any RR derived from CSR which does not include issuer and serial */
if ((issuer != NULL || serial != NULL)
/* accept revocation only for the reference cert, if given */
- && !refcert_cmp(ctx->refCert, issuer, serial)) {
+ && !refcert_cmp(ctx->refCert, issuer, serial)) {
ERR_raise_data(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED,
- "wrong certificate to revoke");
+ "wrong certificate to revoke");
return NULL;
}
return OSSL_CMP_PKISI_dup(ctx->statusOut);
@@ -443,7 +457,7 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
/* return -1 for error, 0 for no update available */
static int check_client_crl(const STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList,
- const X509_CRL *crl)
+ const X509_CRL *crl)
{
OSSL_CMP_CRLSTATUS *crlstatus;
DIST_POINT_NAME *dpn = NULL;
@@ -471,9 +485,9 @@ static int check_client_crl(const STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList,
ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_CRL_ISSUER);
return -1;
}
- } else {
- ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
- return -1; /* error according to RFC 9483 section 4.3.4 */
+ } else {
+ ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
+ return -1; /* error according to RFC 9483 section 4.3.4 */
}
}
@@ -482,7 +496,7 @@ static int check_client_crl(const STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList,
}
static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid,
- const OSSL_CMP_ITAV *req)
+ const OSSL_CMP_ITAV *req)
{
OSSL_CMP_ITAV *rsp = NULL;
@@ -490,81 +504,76 @@ static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid,
case NID_id_it_caCerts:
rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut);
break;
- case NID_id_it_rootCaCert:
- {
- X509 *rootcacert = NULL;
-
- if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert))
- return NULL;
-
- if (rootcacert != NULL
- && X509_NAME_cmp(X509_get_subject_name(rootcacert),
- X509_get_subject_name(ctx->newWithNew)) != 0)
- /* The subjects do not match */
- rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL);
- else
- rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
- ctx->newWithOld,
- ctx->oldWithNew);
- }
- break;
- case NID_id_it_crlStatusList:
- {
- STACK_OF(OSSL_CMP_CRLSTATUS) *crlstatuslist = NULL;
- int res = 0;
-
- if (!OSSL_CMP_ITAV_get0_crlStatusList(req, &crlstatuslist))
- return NULL;
-
- res = check_client_crl(crlstatuslist, ctx->crlOut);
- if (res < 0)
- rsp = NULL;
- else
- rsp = OSSL_CMP_ITAV_new_crls(res == 0 ? NULL : ctx->crlOut);
- }
- break;
- case NID_id_it_certReqTemplate:
- {
- OSSL_CRMF_CERTTEMPLATE *reqtemp;
- OSSL_CMP_ATAVS *keyspec = NULL;
- X509_ALGOR *keyalg = NULL;
- OSSL_CMP_ATAV *rsakeylen, *eckeyalg;
- int ok = 0;
-
- if ((reqtemp = OSSL_CRMF_CERTTEMPLATE_new()) == NULL)
- return NULL;
-
- if (!OSSL_CRMF_CERTTEMPLATE_fill(reqtemp, NULL, NULL,
- X509_get_issuer_name(ctx->refCert),
- NULL))
- goto crt_err;
-
- if ((keyalg = X509_ALGOR_new()) == NULL)
- goto crt_err;
-
- (void)X509_ALGOR_set0(keyalg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
- V_ASN1_UNDEF, NULL); /* cannot fail */
-
- eckeyalg = OSSL_CMP_ATAV_new_algId(keyalg);
- rsakeylen = OSSL_CMP_ATAV_new_rsaKeyLen(4096);
- ok = OSSL_CMP_ATAV_push1(&keyspec, eckeyalg)
- && OSSL_CMP_ATAV_push1(&keyspec, rsakeylen);
- OSSL_CMP_ATAV_free(eckeyalg);
- OSSL_CMP_ATAV_free(rsakeylen);
- X509_ALGOR_free(keyalg);
-
- if (!ok)
- goto crt_err;
-
- rsp = OSSL_CMP_ITAV_new0_certReqTemplate(reqtemp, keyspec);
- return rsp;
-
- crt_err:
- OSSL_CRMF_CERTTEMPLATE_free(reqtemp);
- OSSL_CMP_ATAVS_free(keyspec);
+ case NID_id_it_rootCaCert: {
+ X509 *rootcacert = NULL;
+
+ if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert))
return NULL;
- }
- break;
+
+ if (rootcacert != NULL
+ && X509_NAME_cmp(X509_get_subject_name(rootcacert),
+ X509_get_subject_name(ctx->newWithNew))
+ != 0)
+ /* The subjects do not match */
+ rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL);
+ else
+ rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
+ ctx->newWithOld,
+ ctx->oldWithNew);
+ } break;
+ case NID_id_it_crlStatusList: {
+ STACK_OF(OSSL_CMP_CRLSTATUS) *crlstatuslist = NULL;
+ int res = 0;
+
+ if (!OSSL_CMP_ITAV_get0_crlStatusList(req, &crlstatuslist))
+ return NULL;
+
+ res = check_client_crl(crlstatuslist, ctx->crlOut);
+ if (res < 0)
+ rsp = NULL;
+ else
+ rsp = OSSL_CMP_ITAV_new_crls(res == 0 ? NULL : ctx->crlOut);
+ } break;
+ case NID_id_it_certReqTemplate: {
+ OSSL_CRMF_CERTTEMPLATE *reqtemp;
+ OSSL_CMP_ATAVS *keyspec = NULL;
+ X509_ALGOR *keyalg = NULL;
+ OSSL_CMP_ATAV *rsakeylen, *eckeyalg;
+ int ok = 0;
+
+ if ((reqtemp = OSSL_CRMF_CERTTEMPLATE_new()) == NULL)
+ return NULL;
+
+ if (!OSSL_CRMF_CERTTEMPLATE_fill(reqtemp, NULL, NULL,
+ X509_get_issuer_name(ctx->refCert),
+ NULL))
+ goto crt_err;
+
+ if ((keyalg = X509_ALGOR_new()) == NULL)
+ goto crt_err;
+
+ (void)X509_ALGOR_set0(keyalg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
+ V_ASN1_UNDEF, NULL); /* cannot fail */
+
+ eckeyalg = OSSL_CMP_ATAV_new_algId(keyalg);
+ rsakeylen = OSSL_CMP_ATAV_new_rsaKeyLen(4096);
+ ok = OSSL_CMP_ATAV_push1(&keyspec, eckeyalg)
+ && OSSL_CMP_ATAV_push1(&keyspec, rsakeylen);
+ OSSL_CMP_ATAV_free(eckeyalg);
+ OSSL_CMP_ATAV_free(rsakeylen);
+ X509_ALGOR_free(keyalg);
+
+ if (!ok)
+ goto crt_err;
+
+ rsp = OSSL_CMP_ITAV_new0_certReqTemplate(reqtemp, keyspec);
+ return rsp;
+
+ crt_err:
+ OSSL_CRMF_CERTTEMPLATE_free(reqtemp);
+ OSSL_CMP_ATAVS_free(keyspec);
+ return NULL;
+ } break;
default:
rsp = OSSL_CMP_ITAV_dup(req);
}
@@ -572,9 +581,9 @@ static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid,
}
static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *genm,
- const STACK_OF(OSSL_CMP_ITAV) *in,
- STACK_OF(OSSL_CMP_ITAV) **out)
+ const OSSL_CMP_MSG *genm,
+ const STACK_OF(OSSL_CMP_ITAV) *in,
+ STACK_OF(OSSL_CMP_ITAV) **out)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -583,8 +592,8 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
return 0;
}
if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)
- || sk_OSSL_CMP_ITAV_num(in) > 1) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)
+ || sk_OSSL_CMP_ITAV_num(in) > 1) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
@@ -598,18 +607,19 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp))
return 1;
sk_OSSL_CMP_ITAV_free(*out);
+ OSSL_CMP_ITAV_free(rsp);
return 0;
}
*out = sk_OSSL_CMP_ITAV_deep_copy(in, OSSL_CMP_ITAV_dup,
- OSSL_CMP_ITAV_free);
+ OSSL_CMP_ITAV_free);
return *out != NULL;
}
static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
- const OSSL_CMP_PKISI *statusInfo,
- const ASN1_INTEGER *errorCode,
- const OSSL_CMP_PKIFREETEXT *errorDetails)
+ const OSSL_CMP_PKISI *statusInfo,
+ const ASN1_INTEGER *errorCode,
+ const OSSL_CMP_PKIFREETEXT *errorDetails)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
char buf[OSSL_CMP_PKISI_BUFLEN];
@@ -628,7 +638,7 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
} else {
sibuf = OSSL_CMP_snprint_PKIStatusInfo(statusInfo, buf, sizeof(buf));
BIO_printf(bio_err, "pkiStatusInfo: %s\n",
- sibuf != NULL ? sibuf: "<invalid>");
+ sibuf != NULL ? sibuf : "<invalid>");
}
if (errorCode == NULL)
@@ -644,18 +654,18 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
if (i > 0)
BIO_printf(bio_err, ", ");
ASN1_STRING_print_ex(bio_err,
- sk_ASN1_UTF8STRING_value(errorDetails, i),
- ASN1_STRFLGS_ESC_QUOTE);
+ sk_ASN1_UTF8STRING_value(errorDetails, i),
+ ASN1_STRFLGS_ESC_QUOTE);
}
BIO_printf(bio_err, "\n");
}
}
static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *certConf,
- ossl_unused int certReqId,
- const ASN1_OCTET_STRING *certHash,
- const OSSL_CMP_PKISI *si)
+ const OSSL_CMP_MSG *certConf,
+ ossl_unused int certReqId,
+ const ASN1_OCTET_STRING *certHash,
+ const OSSL_CMP_PKISI *si)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
ASN1_OCTET_STRING *digest;
@@ -665,8 +675,8 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
return 0;
}
if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)
- || ctx->certOut == NULL) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)
+ || ctx->certOut == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
@@ -684,22 +694,22 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
/* return 0 on failure, 1 on success, setting *req or otherwise *check_after */
static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *pollReq,
- ossl_unused int certReqId,
- OSSL_CMP_MSG **req, int64_t *check_after)
+ const OSSL_CMP_MSG *pollReq,
+ ossl_unused int certReqId,
+ OSSL_CMP_MSG **req, int64_t *check_after)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
if (req != NULL)
*req = NULL;
if (ctx == NULL || pollReq == NULL
- || req == NULL || check_after == NULL) {
+ || req == NULL || check_after == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
@@ -719,17 +729,36 @@ static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
return 1;
}
+OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
+ const OSSL_CMP_MSG *req)
+{
+ OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(ctx);
+ OSSL_CMP_MSG *rsp = OSSL_CMP_CTX_server_perform(ctx, req);
+
+ if (srv_ctx != NULL && rsp != NULL) {
+ mock_srv_ctx *mock_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
+
+ if (mock_ctx != NULL && OSSL_CMP_MSG_get_bodytype(rsp) == mock_ctx->useBadProtection) {
+ ASN1_BIT_STRING *prot = rsp->protection;
+
+ if (prot != NULL && prot->length != 0 && prot->data != NULL)
+ prot->data[0] ^= 0x80; /* flip most significant bit of the first byte */
+ }
+ }
+ return rsp;
+}
+
OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq)
{
OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq);
mock_srv_ctx *ctx = mock_srv_ctx_new();
if (srv_ctx != NULL && ctx != NULL
- && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request,
- process_rr, process_genm, process_error,
- process_certConf, process_pollReq)
- && OSSL_CMP_SRV_CTX_init_trans(srv_ctx,
- delayed_delivery, clean_transaction))
+ && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request,
+ process_rr, process_genm, process_error,
+ process_certConf, process_pollReq)
+ && OSSL_CMP_SRV_CTX_init_trans(srv_ctx,
+ delayed_delivery, clean_transaction))
return srv_ctx;
mock_srv_ctx_free(ctx);
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-26 01:27:35 +0000