/src/openssl32/crypto/cmp/cmp_status.c

Source (jump to first uncovered line)
/*
 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright Nokia 2007-2019
 * Copyright Siemens AG 2015-2019
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* CMP functions for PKIStatusInfo handling and PKIMessage decomposition */

#include <string.h>

#include "cmp_local.h"

/* explicit #includes not strictly needed since implied by the above: */
#include <time.h>
#include <openssl/cmp.h>
#include <openssl/crmf.h>
#include <openssl/err.h> /* needed in case config no-deprecated */
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/asn1err.h> /* for ASN1_R_TOO_SMALL and ASN1_R_TOO_LARGE */

/* CMP functions related to PKIStatus */

int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)
{
    int res ;

    if (!ossl_assert(si != NULL && si->status != NULL))
        return -1;
    res = ossl_cmp_asn1_get_int(si->status);
    return res == -2 ? -1 : res;
}

const char *ossl_cmp_PKIStatus_to_string(int status)
{
    switch (status) {
    case OSSL_CMP_PKISTATUS_accepted:
        return "PKIStatus: accepted";
    case OSSL_CMP_PKISTATUS_grantedWithMods:
        return "PKIStatus: granted with modifications";
    case OSSL_CMP_PKISTATUS_rejection:
        return "PKIStatus: rejection";
    case OSSL_CMP_PKISTATUS_waiting:
        return "PKIStatus: waiting";
    case OSSL_CMP_PKISTATUS_revocationWarning:
        return "PKIStatus: revocation warning - a revocation of the cert is imminent";
    case OSSL_CMP_PKISTATUS_revocationNotification:
        return "PKIStatus: revocation notification - a revocation of the cert has occurred";
    case OSSL_CMP_PKISTATUS_keyUpdateWarning:
        return "PKIStatus: key update warning - update already done for the cert";
    default:
        ERR_raise_data(ERR_LIB_CMP, CMP_R_ERROR_PARSING_PKISTATUS,
                       "PKIStatus: invalid=%d", status);
        return NULL;
    }
}

OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si)
{
    if (!ossl_assert(si != NULL))
        return NULL;
    return si->statusString;
}

int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si)
{
    int i;
    int res = 0;

    if (!ossl_assert(si != NULL))
        return -1;
    if (si->failInfo != NULL)
        for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++)
            if (ASN1_BIT_STRING_get_bit(si->failInfo, i))
                res |= 1 << i;
    return res;
}

/*-
 * convert PKIFailureInfo number to human-readable string
 * returns pointer to static string, or NULL on error
 */
static const char *CMP_PKIFAILUREINFO_to_string(int number)
{
    switch (number) {
    case OSSL_CMP_PKIFAILUREINFO_badAlg:
        return "badAlg";
    case OSSL_CMP_PKIFAILUREINFO_badMessageCheck:
        return "badMessageCheck";
    case OSSL_CMP_PKIFAILUREINFO_badRequest:
        return "badRequest";
    case OSSL_CMP_PKIFAILUREINFO_badTime:
        return "badTime";
    case OSSL_CMP_PKIFAILUREINFO_badCertId:
        return "badCertId";
    case OSSL_CMP_PKIFAILUREINFO_badDataFormat:
        return "badDataFormat";
    case OSSL_CMP_PKIFAILUREINFO_wrongAuthority:
        return "wrongAuthority";
    case OSSL_CMP_PKIFAILUREINFO_incorrectData:
        return "incorrectData";
    case OSSL_CMP_PKIFAILUREINFO_missingTimeStamp:
        return "missingTimeStamp";
    case OSSL_CMP_PKIFAILUREINFO_badPOP:
        return "badPOP";
    case OSSL_CMP_PKIFAILUREINFO_certRevoked:
        return "certRevoked";
    case OSSL_CMP_PKIFAILUREINFO_certConfirmed:
        return "certConfirmed";
    case OSSL_CMP_PKIFAILUREINFO_wrongIntegrity:
        return "wrongIntegrity";
    case OSSL_CMP_PKIFAILUREINFO_badRecipientNonce:
        return "badRecipientNonce";
    case OSSL_CMP_PKIFAILUREINFO_timeNotAvailable:
        return "timeNotAvailable";
    case OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy:
        return "unacceptedPolicy";
    case OSSL_CMP_PKIFAILUREINFO_unacceptedExtension:
        return "unacceptedExtension";
    case OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable:
        return "addInfoNotAvailable";
    case OSSL_CMP_PKIFAILUREINFO_badSenderNonce:
        return "badSenderNonce";
    case OSSL_CMP_PKIFAILUREINFO_badCertTemplate:
        return "badCertTemplate";
    case OSSL_CMP_PKIFAILUREINFO_signerNotTrusted:
        return "signerNotTrusted";
    case OSSL_CMP_PKIFAILUREINFO_transactionIdInUse:
        return "transactionIdInUse";
    case OSSL_CMP_PKIFAILUREINFO_unsupportedVersion:
        return "unsupportedVersion";
    case OSSL_CMP_PKIFAILUREINFO_notAuthorized:
        return "notAuthorized";
    case OSSL_CMP_PKIFAILUREINFO_systemUnavail:
        return "systemUnavail";
    case OSSL_CMP_PKIFAILUREINFO_systemFailure:
        return "systemFailure";
    case OSSL_CMP_PKIFAILUREINFO_duplicateCertReq:
        return "duplicateCertReq";
    default:
        return NULL; /* illegal failure number */
    }
}

int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int bit_index)
{
    if (!ossl_assert(si != NULL && si->failInfo != NULL))
        return -1;
    if (bit_index < 0 || bit_index > OSSL_CMP_PKIFAILUREINFO_MAX) {
        ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
        return -1;
    }

    return ASN1_BIT_STRING_get_bit(si->failInfo, bit_index);
}

/*-
 * place human-readable error string created from PKIStatusInfo in given buffer
 * returns pointer to the same buffer containing the string, or NULL on error
 */
static
char *snprint_PKIStatusInfo_parts(int status, int fail_info,
                                  const OSSL_CMP_PKIFREETEXT *status_strings,
                                  char *buf, size_t bufsize)
{
    int failure;
    const char *status_string, *failure_string;
    ASN1_UTF8STRING *text;
    int i;
    int printed_chars;
    int failinfo_found = 0;
    int n_status_strings;
    char *write_ptr = buf;

    if (buf == NULL
            || status < 0
            || (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL)
        return NULL;

#define ADVANCE_BUFFER  \
    if (printed_chars < 0 || (size_t)printed_chars >= bufsize)  \
        return NULL; \
    write_ptr += printed_chars; \
    bufsize -= printed_chars;

    printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string);
    ADVANCE_BUFFER;

    /*
     * failInfo is optional and may be empty;
     * if present, print failInfo before statusString because it is more concise
     */
    if (fail_info != -1 && fail_info != 0) {
        printed_chars = BIO_snprintf(write_ptr, bufsize, "; PKIFailureInfo: ");
        ADVANCE_BUFFER;
        for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) {
            if ((fail_info & (1 << failure)) != 0) {
                failure_string = CMP_PKIFAILUREINFO_to_string(failure);
                if (failure_string != NULL) {
                    printed_chars = BIO_snprintf(write_ptr, bufsize, "%s%s",
                                                 failinfo_found ? ", " : "",
                                                 failure_string);
                    ADVANCE_BUFFER;
                    failinfo_found = 1;
                }
            }
        }
    }
    if (!failinfo_found && status != OSSL_CMP_PKISTATUS_accepted
            && status != OSSL_CMP_PKISTATUS_grantedWithMods) {
        printed_chars = BIO_snprintf(write_ptr, bufsize, "; <no failure info>");
        ADVANCE_BUFFER;
    }

    /* statusString sequence is optional and may be empty */
    n_status_strings = sk_ASN1_UTF8STRING_num(status_strings);
    if (n_status_strings > 0) {
        printed_chars = BIO_snprintf(write_ptr, bufsize, "; StatusString%s: ",
                                     n_status_strings > 1 ? "s" : "");
        ADVANCE_BUFFER;
        for (i = 0; i < n_status_strings; i++) {
            text = sk_ASN1_UTF8STRING_value(status_strings, i);
            printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%.*s\"%s",
                                         ASN1_STRING_length(text),
                                         ASN1_STRING_get0_data(text),
                                         i < n_status_strings - 1 ? ", " : "");
            ADVANCE_BUFFER;
        }
    }
#undef ADVANCE_BUFFER
    return buf;
}

char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo,
                                     char *buf, size_t bufsize)
{
    int failure_info;

    if (statusInfo == NULL) {
        ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
        return NULL;
    }

    failure_info = ossl_cmp_pkisi_get_pkifailureinfo(statusInfo);

    return snprint_PKIStatusInfo_parts(ASN1_INTEGER_get(statusInfo->status),
                                       failure_info,
                                       statusInfo->statusString, buf, bufsize);
}

char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf,
                                     size_t bufsize)
{
    if (ctx == NULL) {
        ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
        return NULL;
    }

    return snprint_PKIStatusInfo_parts(OSSL_CMP_CTX_get_status(ctx),
                                       OSSL_CMP_CTX_get_failInfoCode(ctx),
                                       OSSL_CMP_CTX_get0_statusString(ctx),
                                       buf, bufsize);
}

/*-
 * Creates a new PKIStatusInfo structure and fills it in
 * returns a pointer to the structure on success, NULL on error
 * note: strongly overlaps with TS_RESP_CTX_set_status_info()
 * and TS_RESP_CTX_add_failure_info() in ../ts/ts_rsp_sign.c
 */
OSSL_CMP_PKISI *OSSL_CMP_STATUSINFO_new(int status, int fail_info,
                                        const char *text)
{
    OSSL_CMP_PKISI *si = OSSL_CMP_PKISI_new();
    ASN1_UTF8STRING *utf8_text = NULL;
    int failure;

    if (si == NULL)
        goto err;
    if (!ASN1_INTEGER_set(si->status, status))
        goto err;

    if (text != NULL) {
        if ((utf8_text = ASN1_UTF8STRING_new()) == NULL
                || !ASN1_STRING_set(utf8_text, text, -1))
            goto err;
        if ((si->statusString = sk_ASN1_UTF8STRING_new_null()) == NULL)
            goto err;
        if (!sk_ASN1_UTF8STRING_push(si->statusString, utf8_text))
            goto err;
        /* Ownership is lost. */
        utf8_text = NULL;
    }

    for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) {
        if ((fail_info & (1 << failure)) != 0) {
            if (si->failInfo == NULL
                    && (si->failInfo = ASN1_BIT_STRING_new()) == NULL)
                goto err;
            if (!ASN1_BIT_STRING_set_bit(si->failInfo, failure, 1))
                goto err;
        }
    }
    return si;

 err:
    OSSL_CMP_PKISI_free(si);
    ASN1_UTF8STRING_free(utf8_text);
    return NULL;
}

Coverage Report

Created: 2025-06-13 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
3		* Copyright Nokia 2007-2019
4		* Copyright Siemens AG 2015-2019
5		*
6		* Licensed under the Apache License 2.0 (the "License"). You may not use
7		* this file except in compliance with the License. You can obtain a copy
8		* in the file LICENSE in the source distribution or at
9		* https://www.openssl.org/source/license.html
10		*/
11
12		/* CMP functions for PKIStatusInfo handling and PKIMessage decomposition */
13
14		#include <string.h>
15
16		#include "cmp_local.h"
17
18		/* explicit #includes not strictly needed since implied by the above: */
19		#include <time.h>
20		#include <openssl/cmp.h>
21		#include <openssl/crmf.h>
22		#include <openssl/err.h> /* needed in case config no-deprecated */
23		#include <openssl/engine.h>
24		#include <openssl/evp.h>
25		#include <openssl/objects.h>
26		#include <openssl/x509.h>
27		#include <openssl/asn1err.h> /* for ASN1_R_TOO_SMALL and ASN1_R_TOO_LARGE */
28
29		/* CMP functions related to PKIStatus */
30
31		int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)
32	0	{
33	0	int res ;
34
35	0	if (!ossl_assert(si != NULL && si->status != NULL))
36	0	return -1;
37	0	res = ossl_cmp_asn1_get_int(si->status);
38	0	return res == -2 ? -1 : res;
39	0	}
40
41		const char *ossl_cmp_PKIStatus_to_string(int status)
42	0	{
43	0	switch (status) {
44	0	case OSSL_CMP_PKISTATUS_accepted:
45	0	return "PKIStatus: accepted";
46	0	case OSSL_CMP_PKISTATUS_grantedWithMods:
47	0	return "PKIStatus: granted with modifications";
48	0	case OSSL_CMP_PKISTATUS_rejection:
49	0	return "PKIStatus: rejection";
50	0	case OSSL_CMP_PKISTATUS_waiting:
51	0	return "PKIStatus: waiting";
52	0	case OSSL_CMP_PKISTATUS_revocationWarning:
53	0	return "PKIStatus: revocation warning - a revocation of the cert is imminent";
54	0	case OSSL_CMP_PKISTATUS_revocationNotification:
55	0	return "PKIStatus: revocation notification - a revocation of the cert has occurred";
56	0	case OSSL_CMP_PKISTATUS_keyUpdateWarning:
57	0	return "PKIStatus: key update warning - update already done for the cert";
58	0	default:
59	0	ERR_raise_data(ERR_LIB_CMP, CMP_R_ERROR_PARSING_PKISTATUS,
60	0	"PKIStatus: invalid=%d", status);
61	0	return NULL;
62	0	}
63	0	}
64
65		OSSL_CMP_PKIFREETEXT ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI si)
66	0	{
67	0	if (!ossl_assert(si != NULL))
68	0	return NULL;
69	0	return si->statusString;
70	0	}
71
72		int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si)
73	0	{
74	0	int i;
75	0	int res = 0;
76
77	0	if (!ossl_assert(si != NULL))
78	0	return -1;
79	0	if (si->failInfo != NULL)
80	0	for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++)
81	0	if (ASN1_BIT_STRING_get_bit(si->failInfo, i))
82	0	res \|= 1 << i;
83	0	return res;
84	0	}
85
86		/*-
87		* convert PKIFailureInfo number to human-readable string
88		* returns pointer to static string, or NULL on error
89		*/
90		static const char *CMP_PKIFAILUREINFO_to_string(int number)
91	0	{
92	0	switch (number) {
93	0	case OSSL_CMP_PKIFAILUREINFO_badAlg:
94	0	return "badAlg";
95	0	case OSSL_CMP_PKIFAILUREINFO_badMessageCheck:
96	0	return "badMessageCheck";
97	0	case OSSL_CMP_PKIFAILUREINFO_badRequest:
98	0	return "badRequest";
99	0	case OSSL_CMP_PKIFAILUREINFO_badTime:
100	0	return "badTime";
101	0	case OSSL_CMP_PKIFAILUREINFO_badCertId:
102	0	return "badCertId";
103	0	case OSSL_CMP_PKIFAILUREINFO_badDataFormat:
104	0	return "badDataFormat";
105	0	case OSSL_CMP_PKIFAILUREINFO_wrongAuthority:
106	0	return "wrongAuthority";
107	0	case OSSL_CMP_PKIFAILUREINFO_incorrectData:
108	0	return "incorrectData";
109	0	case OSSL_CMP_PKIFAILUREINFO_missingTimeStamp:
110	0	return "missingTimeStamp";
111	0	case OSSL_CMP_PKIFAILUREINFO_badPOP:
112	0	return "badPOP";
113	0	case OSSL_CMP_PKIFAILUREINFO_certRevoked:
114	0	return "certRevoked";
115	0	case OSSL_CMP_PKIFAILUREINFO_certConfirmed:
116	0	return "certConfirmed";
117	0	case OSSL_CMP_PKIFAILUREINFO_wrongIntegrity:
118	0	return "wrongIntegrity";
119	0	case OSSL_CMP_PKIFAILUREINFO_badRecipientNonce:
120	0	return "badRecipientNonce";
121	0	case OSSL_CMP_PKIFAILUREINFO_timeNotAvailable:
122	0	return "timeNotAvailable";
123	0	case OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy:
124	0	return "unacceptedPolicy";
125	0	case OSSL_CMP_PKIFAILUREINFO_unacceptedExtension:
126	0	return "unacceptedExtension";
127	0	case OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable:
128	0	return "addInfoNotAvailable";
129	0	case OSSL_CMP_PKIFAILUREINFO_badSenderNonce:
130	0	return "badSenderNonce";
131	0	case OSSL_CMP_PKIFAILUREINFO_badCertTemplate:
132	0	return "badCertTemplate";
133	0	case OSSL_CMP_PKIFAILUREINFO_signerNotTrusted:
134	0	return "signerNotTrusted";
135	0	case OSSL_CMP_PKIFAILUREINFO_transactionIdInUse:
136	0	return "transactionIdInUse";
137	0	case OSSL_CMP_PKIFAILUREINFO_unsupportedVersion:
138	0	return "unsupportedVersion";
139	0	case OSSL_CMP_PKIFAILUREINFO_notAuthorized:
140	0	return "notAuthorized";
141	0	case OSSL_CMP_PKIFAILUREINFO_systemUnavail:
142	0	return "systemUnavail";
143	0	case OSSL_CMP_PKIFAILUREINFO_systemFailure:
144	0	return "systemFailure";
145	0	case OSSL_CMP_PKIFAILUREINFO_duplicateCertReq:
146	0	return "duplicateCertReq";
147	0	default:
148	0	return NULL; /* illegal failure number */
149	0	}
150	0	}
151
152		int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int bit_index)
153	0	{
154	0	if (!ossl_assert(si != NULL && si->failInfo != NULL))
155	0	return -1;
156	0	if (bit_index < 0 \|\| bit_index > OSSL_CMP_PKIFAILUREINFO_MAX) {
157	0	ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
158	0	return -1;
159	0	}
160
161	0	return ASN1_BIT_STRING_get_bit(si->failInfo, bit_index);
162	0	}
163
164		/*-
165		* place human-readable error string created from PKIStatusInfo in given buffer
166		* returns pointer to the same buffer containing the string, or NULL on error
167		*/
168		static
169		char *snprint_PKIStatusInfo_parts(int status, int fail_info,
170		const OSSL_CMP_PKIFREETEXT *status_strings,
171		char *buf, size_t bufsize)
172	0	{
173	0	int failure;
174	0	const char status_string, failure_string;
175	0	ASN1_UTF8STRING *text;
176	0	int i;
177	0	int printed_chars;
178	0	int failinfo_found = 0;
179	0	int n_status_strings;
180	0	char *write_ptr = buf;
181
182	0	if (buf == NULL
183	0	\|\| status < 0
184	0	\|\| (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL)
185	0	return NULL;
186
187	0	#define ADVANCE_BUFFER \
188	0	if (printed_chars < 0 \|\| (size_t)printed_chars >= bufsize) \
189	0	return NULL; \
190	0	write_ptr += printed_chars; \
191	0	bufsize -= printed_chars;
192
193	0	printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string);
194	0	ADVANCE_BUFFER;
195
196		/*
197		* failInfo is optional and may be empty;
198		* if present, print failInfo before statusString because it is more concise
199		*/
200	0	if (fail_info != -1 && fail_info != 0) {
201	0	printed_chars = BIO_snprintf(write_ptr, bufsize, "; PKIFailureInfo: ");
202	0	ADVANCE_BUFFER;
203	0	for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) {
204	0	if ((fail_info & (1 << failure)) != 0) {
205	0	failure_string = CMP_PKIFAILUREINFO_to_string(failure);
206	0	if (failure_string != NULL) {
207	0	printed_chars = BIO_snprintf(write_ptr, bufsize, "%s%s",
208	0	failinfo_found ? ", " : "",
209	0	failure_string);
210	0	ADVANCE_BUFFER;
211	0	failinfo_found = 1;
212	0	}
213	0	}
214	0	}
215	0	}
216	0	if (!failinfo_found && status != OSSL_CMP_PKISTATUS_accepted
217	0	&& status != OSSL_CMP_PKISTATUS_grantedWithMods) {
218	0	printed_chars = BIO_snprintf(write_ptr, bufsize, "; <no failure info>");
219	0	ADVANCE_BUFFER;
220	0	}
221
222		/* statusString sequence is optional and may be empty */
223	0	n_status_strings = sk_ASN1_UTF8STRING_num(status_strings);
224	0	if (n_status_strings > 0) {
225	0	printed_chars = BIO_snprintf(write_ptr, bufsize, "; StatusString%s: ",
226	0	n_status_strings > 1 ? "s" : "");
227	0	ADVANCE_BUFFER;
228	0	for (i = 0; i < n_status_strings; i++) {
229	0	text = sk_ASN1_UTF8STRING_value(status_strings, i);
230	0	printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%.*s\"%s",
231	0	ASN1_STRING_length(text),
232	0	ASN1_STRING_get0_data(text),
233	0	i < n_status_strings - 1 ? ", " : "");
234	0	ADVANCE_BUFFER;
235	0	}
236	0	}
237	0	#undef ADVANCE_BUFFER
238	0	return buf;
239	0	}
240
241		char OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI statusInfo,
242		char *buf, size_t bufsize)
243	0	{
244	0	int failure_info;
245
246	0	if (statusInfo == NULL) {
247	0	ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
248	0	return NULL;
249	0	}
250
251	0	failure_info = ossl_cmp_pkisi_get_pkifailureinfo(statusInfo);
252
253	0	return snprint_PKIStatusInfo_parts(ASN1_INTEGER_get(statusInfo->status),
254	0	failure_info,
255	0	statusInfo->statusString, buf, bufsize);
256	0	}
257
258		char OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX ctx, char *buf,
259		size_t bufsize)
260	0	{
261	0	if (ctx == NULL) {
262	0	ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
263	0	return NULL;
264	0	}
265
266	0	return snprint_PKIStatusInfo_parts(OSSL_CMP_CTX_get_status(ctx),
267	0	OSSL_CMP_CTX_get_failInfoCode(ctx),
268	0	OSSL_CMP_CTX_get0_statusString(ctx),
269	0	buf, bufsize);
270	0	}
271
272		/*-
273		* Creates a new PKIStatusInfo structure and fills it in
274		* returns a pointer to the structure on success, NULL on error
275		* note: strongly overlaps with TS_RESP_CTX_set_status_info()
276		* and TS_RESP_CTX_add_failure_info() in ../ts/ts_rsp_sign.c
277		*/
278		OSSL_CMP_PKISI *OSSL_CMP_STATUSINFO_new(int status, int fail_info,
279		const char *text)
280	28.3k	{
281	28.3k	OSSL_CMP_PKISI *si = OSSL_CMP_PKISI_new();
282	28.3k	ASN1_UTF8STRING *utf8_text = NULL;
283	28.3k	int failure;
284
285	28.3k	if (si == NULL)
286	0	goto err;
287	28.3k	if (!ASN1_INTEGER_set(si->status, status))
288	0	goto err;
289
290	28.3k	if (text != NULL) {
291	28.0k	if ((utf8_text = ASN1_UTF8STRING_new()) == NULL
292	28.0k	\|\| !ASN1_STRING_set(utf8_text, text, -1))
293	0	goto err;
294	28.0k	if ((si->statusString = sk_ASN1_UTF8STRING_new_null()) == NULL)
295	0	goto err;
296	28.0k	if (!sk_ASN1_UTF8STRING_push(si->statusString, utf8_text))
297	0	goto err;
298		/* Ownership is lost. */
299	28.0k	utf8_text = NULL;
300	28.0k	}
301
302	794k	for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) {
303	766k	if ((fail_info & (1 << failure)) != 0) {
304	28.3k	if (si->failInfo == NULL
305	28.3k	&& (si->failInfo = ASN1_BIT_STRING_new()) == NULL)
306	0	goto err;
307	28.3k	if (!ASN1_BIT_STRING_set_bit(si->failInfo, failure, 1))
308	0	goto err;
309	28.3k	}
310	766k	}
311	28.3k	return si;
312
313	0	err:
314	0	OSSL_CMP_PKISI_free(si);
315	0	ASN1_UTF8STRING_free(utf8_text);
316	0	return NULL;
317	28.3k	}