From 753283cd23c268a6109443cf6f5b73857442b2df Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Fri, 17 Apr 2020 13:34:11 +0200
Subject: [PATCH] Add CMP error reason 'missing reference cert'

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11386)
---
 crypto/cmp/cmp_client.c  | 4 ++++
 crypto/cmp/cmp_err.c     | 2 ++
 crypto/cmp/cmp_msg.c     | 2 +-
 crypto/err/openssl.txt   | 1 +
 include/openssl/cmperr.h | 1 +
 5 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 07535e55bd..b2238fb55d 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -754,6 +754,10 @@ X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
         CMPerr(0, CMP_R_INVALID_ARGS);
         return 0;
     }
+    if (ctx->oldCert == NULL) {
+        CMPerr(0, CMP_R_MISSING_REFERENCE_CERT);
+        return 0;
+    }
     ctx->status = -1;
 
     /* OSSL_CMP_rr_new() also checks if all necessary options are set */
diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c
index 0f06fb3b42..0c3547c013 100644
--- a/crypto/cmp/cmp_err.c
+++ b/crypto/cmp/cmp_err.c
@@ -90,6 +90,8 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY),
     "missing private key"},
     {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"},
+    {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT),
+    "missing reference cert"},
     {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SENDER_IDENTIFICATION),
     "missing sender identification"},
     {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_STORE),
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 73a9d7a267..fbf6c8fd4f 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -226,7 +226,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
 #endif
     }
     if (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL) {
-        CMPerr(0, CMP_R_INVALID_ARGS);
+        CMPerr(0, CMP_R_MISSING_REFERENCE_CERT);
         return NULL;
     }
     if ((crm = OSSL_CRMF_MSG_new()) == NULL)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 793473684c..122542f6b6 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2122,6 +2122,7 @@ CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\
 CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature
 CMP_R_MISSING_PRIVATE_KEY:131:missing private key
 CMP_R_MISSING_PROTECTION:143:missing protection
+CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert
 CMP_R_MISSING_SENDER_IDENTIFICATION:111:missing sender identification
 CMP_R_MISSING_TRUST_STORE:144:missing trust store
 CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED:161:multiple requests not supported
diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h
index 312fa52932..31fa43cd92 100644
--- a/include/openssl/cmperr.h
+++ b/include/openssl/cmperr.h
@@ -76,6 +76,7 @@ int ERR_load_CMP_strings(void);
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
 #  define CMP_R_MISSING_PRIVATE_KEY                        131
 #  define CMP_R_MISSING_PROTECTION                         143
+#  define CMP_R_MISSING_REFERENCE_CERT                     168
 #  define CMP_R_MISSING_SENDER_IDENTIFICATION              111
 #  define CMP_R_MISSING_TRUST_STORE                        144
 #  define CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED            161
-- 
2.25.1