crypto/cmp: fix CertReqId to use in p10cr transactions acc. to RFC 4210

Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20298) (cherry picked from commit 25b18e629d5cab40f88b33fd9ecf0d69e08c7707)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2023-02-15 15:38:35 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2023-04-18 08:12:45 +0200
commit: 2522ab06c8a6dae62b24be486ed61780f9671895 (patch)
tree: 54294c5d4c6cc0914fcca64b9bb382e708601c02 /crypto/cmp/cmp_msg.c
parent: bf64571916ca294a4a52fa8de303c6bea462341d (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index da78435f02..552b033ec5 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -794,15 +794,17 @@ int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
     return 1;
 }
 
-OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
-                                    const char *text)
+OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId,
+                                    int fail_info, const char *text)
 {
     OSSL_CMP_MSG *msg = NULL;
     OSSL_CMP_CERTSTATUS *certStatus = NULL;
     ASN1_OCTET_STRING *certHash = NULL;
     OSSL_CMP_PKISI *sinfo;
 
-    if (!ossl_assert(ctx != NULL && ctx->newCert != NULL))
+    if (!ossl_assert(ctx != NULL && ctx->newCert != NULL
+                     && (certReqId == OSSL_CMP_CERTREQID
+                         || certReqId == OSSL_CMP_CERTREQID_NONE)))
         return NULL;
 
     if ((unsigned)fail_info > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) {
@@ -820,8 +822,9 @@ OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
         OSSL_CMP_CERTSTATUS_free(certStatus);
         goto err;
     }
+
     /* set the ID of the certReq */
-    if (!ASN1_INTEGER_set(certStatus->certReqId, OSSL_CMP_CERTREQID))
+    if (!ASN1_INTEGER_set(certStatus->certReqId, certReqId))
         goto err;
     /*
      * The hash of the certificate, using the same hash algorithm
@@ -967,12 +970,12 @@ static int suitable_rid(const ASN1_INTEGER *certReqId, int rid)
 {
     int trid;
 
-    if (rid == -1)
+    if (rid == OSSL_CMP_CERTREQID_NONE)
         return 1;
 
     trid = ossl_cmp_asn1_get_int(certReqId);
 
-    if (trid == -1) {
+    if (trid == OSSL_CMP_CERTREQID_NONE) {
         ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
         return 0;
     }
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2023-02-15 15:38:35 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2023-04-18 08:12:45 +0200
commit	2522ab06c8a6dae62b24be486ed61780f9671895 (patch)
tree	54294c5d4c6cc0914fcca64b9bb382e708601c02 /crypto/cmp/cmp_msg.c
parent	bf64571916ca294a4a52fa8de303c6bea462341d (diff)