/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT),
"missing reference cert"},
+ {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SECRET), "missing secret"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SENDER_IDENTIFICATION),
"missing sender identification"},
+ {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_ANCHOR),
+ "missing trust anchor"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_STORE),
"missing trust store"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED),
static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
static OSSL_CMP_MSG *ir_unprotected, *ir_rmprotection;
+/* secret value used for IP_waitingStatus_PBM.der */
+static const unsigned char sec_1[] = {
+ '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
+ 'Q', '-', 'u', 'd', 'N', 'R'
+};
+
static int flip_bit(ASN1_BIT_STRING *bitstr)
{
int bit_num = 7;
return res;
}
-static int test_validate_msg_mac_alg_protection(void)
+static int test_validate_msg_mac_alg_protection(int miss, int wrong)
{
- /* secret value belonging to cmp-test/CMP_IP_waitingStatus_PBM.der */
- const unsigned char sec_1[] = {
- '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
- 'Q', '-', 'u', 'd', 'N', 'R'
- };
-
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->cert = NULL;
- fixture->expected = 1;
- if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
- sizeof(sec_1)))
+ fixture->expected = !miss && !wrong;
+ if (!TEST_true(miss ? OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, NULL)
+ : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
+ wrong ? 4 : sizeof(sec_1)))
|| !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
tear_down(fixture);
fixture = NULL;
return result;
}
+static int test_validate_msg_mac_alg_protection_ok(void)
+{
+ return test_validate_msg_mac_alg_protection(0, 0);
+}
+
+static int test_validate_msg_mac_alg_protection_missing(void)
+{
+ return test_validate_msg_mac_alg_protection(1, 0);
+}
+
+static int test_validate_msg_mac_alg_protection_wrong(void)
+{
+ return test_validate_msg_mac_alg_protection(0, 1);
+}
+
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
static int test_validate_msg_mac_alg_protection_bad(void)
{
}
#endif
-static int test_validate_msg_signature_srvcert_wrong(void)
+static int test_validate_msg_signature_srvcert(int bad_sig, int miss, int wrong)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
- fixture->expected = 0;
+ fixture->cert = srvcert;
+ fixture->expected = !bad_sig && !wrong && !miss;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
- || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) {
+ || !TEST_true(miss ? OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
+ sec_1, sizeof(sec_1))
+ : OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx,
+ wrong? clcert : srvcert))
+ || (bad_sig && !flip_bit(fixture->msg->protection))) {
tear_down(fixture);
fixture = NULL;
}
return result;
}
-static int test_validate_msg_signature_srvcert(int bad_sig)
+static int test_validate_msg_signature_srvcert_missing(void)
{
- SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
- fixture->cert = srvcert;
- fixture->expected = !bad_sig;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
- || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))
- || (bad_sig && !flip_bit(fixture->msg->protection))) {
- tear_down(fixture);
- fixture = NULL;
- }
- EXECUTE_TEST(execute_validate_msg_test, tear_down);
- return result;
+ return test_validate_msg_signature_srvcert(0, 1, 0);
+}
+
+static int test_validate_msg_signature_srvcert_wrong(void)
+{
+ return test_validate_msg_signature_srvcert(0, 0, 1);
}
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
static int test_validate_msg_signature_bad(void)
{
- return test_validate_msg_signature_srvcert(1);
+ return test_validate_msg_signature_srvcert(1, 0, 0);
}
#endif
static int test_validate_msg_signature_sender_cert_srvcert(void)
{
- return test_validate_msg_signature_srvcert(0);
+ return test_validate_msg_signature_srvcert(0, 0, 0);
}
static int test_validate_msg_signature_sender_cert_untrusted(void)
ADD_TEST(test_validate_msg_signature_trusted_ok);
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
ADD_TEST(test_validate_msg_signature_trusted_expired);
+ ADD_TEST(test_validate_msg_signature_srvcert_missing);
#endif
ADD_TEST(test_validate_msg_signature_srvcert_wrong);
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
ADD_TEST(test_validate_msg_unprotected_request);
#endif
- ADD_TEST(test_validate_msg_mac_alg_protection);
+ ADD_TEST(test_validate_msg_mac_alg_protection_ok);
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ ADD_TEST(test_validate_msg_mac_alg_protection_missing);
+ ADD_TEST(test_validate_msg_mac_alg_protection_wrong);
ADD_TEST(test_validate_msg_mac_alg_protection_bad);
#endif