From fc93335760686ad7cf3633d457caf18b0ac83ea2 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Tue, 22 Nov 2022 08:43:03 +0100
Subject: OSSL_CMP_validate_msg(): make sure to reject protection type mismatch

Do not accept password-based if expected signature-based and no secret is available and
do not accept signature-based if expected password-based and no trust anchors available.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19729)
---
 crypto/err/openssl.txt | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'crypto/err')

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index a205124a38..06e1eb310e 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -242,7 +242,9 @@ CMP_R_MISSING_PBM_SECRET:166:missing pbm secret
 CMP_R_MISSING_PRIVATE_KEY:131:missing private key
 CMP_R_MISSING_PROTECTION:143:missing protection
 CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert
+CMP_R_MISSING_SECRET:178:missing secret
 CMP_R_MISSING_SENDER_IDENTIFICATION:111:missing sender identification
+CMP_R_MISSING_TRUST_ANCHOR:179:missing trust anchor
 CMP_R_MISSING_TRUST_STORE:144:missing trust store
 CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED:161:multiple requests not supported
 CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED:170:multiple responses not supported
-- 
cgit v1.2.3