Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c for testing

Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)

3 files changed, 107 insertions, 37 deletions

diff --git a/doc/internal/man3/ossl_cmp_hdr_init.pod b/doc/internal/man3/ossl_cmp_hdr_init.pod
index a7a4d87f09..31468a567b 100644
--- a/doc/internal/man3/ossl_cmp_hdr_init.pod
+++ b/doc/internal/man3/ossl_cmp_hdr_init.pod
@@ -14,7 +14,7 @@ ossl_cmp_hdr_push1_freeText,
 ossl_cmp_hdr_generalinfo_item_push0,
 ossl_cmp_hdr_generalinfo_items_push1,
 ossl_cmp_hdr_set_implicitConfirm,
-ossl_cmp_hdr_check_implicitConfirm,
+ossl_cmp_hdr_has_implicitConfirm,
 ossl_cmp_hdr_init
 - functions manipulating CMP message headers
 
@@ -41,7 +41,7 @@ ossl_cmp_hdr_init
   int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr,
                                   ASN1_UTF8STRING *text);
   int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr);
-  int ossl_cmp_hdr_check_implicitConfirm(OSSL_CMP_PKIHEADER *hdr);
+  int ossl_cmp_hdr_has_implicitConfirm(OSSL_CMP_PKIHEADER *hdr);
   int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr);
 
 =head1 DESCRIPTION
@@ -85,7 +85,7 @@ pointer.
 ossl_cmp_hdr_set_implicitConfirm() sets implicitConfirm in the generalInfo field
 of the PKIMessage header.
 
-ossl_cmp_hdr_check_implicitConfirm() returns 1 if implicitConfirm is
+ossl_cmp_hdr_has_implicitConfirm() returns 1 if implicitConfirm is
 set int generalInfo field of the given PKIMessage header, 0 if not.
 
 ossl_cmp_hdr_init() initializes a PKIHeader structure based on the
diff --git a/doc/internal/man3/ossl_cmp_mock_srv_new.pod b/doc/internal/man3/ossl_cmp_mock_srv_new.pod
new file mode 100644
index 0000000000..da1f44b391
--- /dev/null
+++ b/doc/internal/man3/ossl_cmp_mock_srv_new.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+ossl_cmp_mock_srv_new,
+ossl_cmp_mock_srv_free,
+ossl_cmp_mock_srv_set1_certOut,
+ossl_cmp_mock_srv_set1_chainOut,
+ossl_cmp_mock_srv_set1_caPubsOut,
+ossl_cmp_mock_srv_set_statusInfo,
+ossl_cmp_mock_srv_set_send_error,
+ossl_cmp_mock_srv_set_pollCount,
+ossl_cmp_mock_srv_set_checkAfterTime
+- functions used for testing with CMP mock server
+
+=head1 SYNOPSIS
+
+ #include <openssl/cmp.h>
+
+ OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(void);
+ void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx);
+
+ int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
+ int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
+                                     STACK_OF(X509) *chain);
+ int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
+                                      STACK_OF(X509) *caPubs);
+ int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
+                                      int fail_info, const char *text);
+ int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val);
+ int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
+ int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
+
+=head1 DESCRIPTION
+
+ossl_cmp_mock_srv_new() allocates the contexts for the CMP mock server.
+
+ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server.
+
+OSSL_CMP_SRV_CTX_set1_certOut() sets the certificate to be returned in
+cp/ip/kup.
+
+OSSL_CMP_SRV_CTX_set1_chainOut() sets the certificate chain to be added to
+the extraCerts in a cp/ip/kup.
+It should to useful to validate B<certOut>.
+
+OSSL_CMP_SRV_CTX_set1_caPubsOut() sets the caPubs to be returned in an ip.
+
+OSSL_CMP_SRV_CTX_set_statusInfo() sets the status info to be returned.
+
+OSSL_CMP_SRV_CTX_set_send_error() enables enforcement of error responses.
+
+OSSL_CMP_SRV_CTX_set_pollCount() sets the number of polls before cert response.
+
+OSSL_CMP_SRV_CTX_set_checkAfterTime() sets the number of seconds
+the client should wait for the next poll.
+
+
+=head1 NOTES
+
+CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+
+=head1 RETURN VALUES
+
+ossl_cmp_mock_srv() returns a B<OSSL_CMP_SRV_CTX> structure on success,
+NULL on error.
+
+ossl_cmp_mock_srv_free() does not return a value.
+
+All other functions return 1 on success, 0 on error.
+
+=head1 HISTORY
+
+The OpenSSL CMP support was added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/internal/man3/ossl_cmp_statusinfo_new.pod b/doc/internal/man3/ossl_cmp_pkisi_get_status.pod
index ee7dd35cf5..deca1aa2bb 100644
--- a/doc/internal/man3/ossl_cmp_statusinfo_new.pod
+++ b/doc/internal/man3/ossl_cmp_pkisi_get_status.pod
@@ -2,13 +2,11 @@
 
 =head1 NAME
 
-ossl_cmp_statusinfo_new,
-ossl_cmp_pkisi_pkistatus_get,
-ossl_cmp_pkisi_pkifailureinfo_get,
-ossl_cmp_pkisi_pkifailureinfo_check,
-ossl_cmp_pkisi_failinfo_get0,
-ossl_cmp_pkisi_statusstring_get0,
-ossl_pkisi_snprint
+ossl_cmp_pkisi_get_status,
+ossl_cmp_PKIStatus_to_string,
+ossl_cmp_pkisi_get0_statusString,
+ossl_cmp_pkisi_get_pkifailureinfo,
+ossl_cmp_pkisi_check_pkifailureinfo
 - functions for managing PKI status information
 
 =head1 SYNOPSIS
@@ -44,40 +42,27 @@ ossl_pkisi_snprint
 # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq    26
 # define OSSL_CMP_PKIFAILUREINFO_MAX                 26
 
-  OSSL_CMP_PKISI *ossl_cmp_statusinfo_new(int status, int fail_info,
-                                          const char *text);
-  int ossl_cmp_pkisi_pkistatus_get(OSSL_CMP_PKISI *si);
-  int ossl_cmp_pkisi_pkifailureinfo_get(OSSL_CMP_PKISI *si);
-  int ossl_cmp_pkisi_pkifailureinfo_check(OSSL_CMP_PKISI *si, int bit_index);
-  OSSL_CMP_PKIFAILUREINFO *ossl_cmp_pkisi_failinfo_get0(const OSSL_CMP_PKISI *si);
-  OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_statusstring_get0(const OSSL_CMP_PKISI *si);
-  char *ossl_pkisi_snprint(OSSL_CMP_PKISI *si, char *buf, int bufsize);
+  int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si);
+  const char *ossl_cmp_PKIStatus_to_string(int status);
+  OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si);
+  int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si);
+  int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int index);
 
 =head1 DESCRIPTION
 
-ossl_cmp_statusinfo_new() creates a new PKIStatusInfo structure and fills it
-with the given values. It sets the status field to B<status>.
-If B<text> is not NULL, it is copied to statusString.
-B<fail_info> is is interpreted as bit pattern for the failInfo field.
-Returns a pointer to the structure on success, or NULL on error.
+ossl_cmp_pkisi_get_status() returns the PKIStatus of B<si>, or -1 on error.
 
-ossl_cmp_pkisi_pkistatus_get() returns the PKIStatus of B<si>, or -1 on error.
+ossl_cmp_PKIStatus_to_string() returns a human-readable string representing
+the PKIStatus values as specified in RFC 4210, Appendix F.
 
-ossl_cmp_pkisi_pkifailureinfo_get() returns the PKIFailureInfo bits
-of B<si>, encoded as integer, or -1 on error.
-
-ossl_cmp_pkisi_pkifailureinfo_check() returns the state of the bit (0 or 1)
-with index B<bit_index> in the PKIFailureInfo of the B<si>, or -1 on error.
-
-ossl_cmp_pkisi_failinfo_get0() returns a direct pointer to the failInfo
-field contained in B<si>, or NULL on error.
-
-ossl_cmp_pkisi_statusstring_get0() returns a direct pointer to the statusString
+ossl_cmp_pkisi_get0_statusString() returns a direct pointer to the statusString
 field contained in B<si>.
 
-ossl_pkisi_snprint() places at max B<bufsize> characters of human-readable
-error string of B<si> in pre-allocated B<buf>. Returns pointer to the same
-B<buf> containing the string, or NULL on error.
+ossl_cmp_pkisi_get_pkifailureinfo() returns the PKIFailureInfo bits
+of B<si>, encoded as integer, or -1 on error.
+
+ossl_cmp_pkisi_check_pkifailureinfo() returns the state of the bit (0 or 1)
+with index B<index> in the PKIFailureInfo of the B<si>, or -1 on error.
 
 =head1 NOTES