[openssl] master update
dev at ddvo.net
dev at ddvo.net
Wed Jun 23 15:21:41 UTC 2021
The branch master has been updated
via 83c2744173a48643a4c3a05e379f7616e4f0cc51 (commit)
via 3c28aa85e7a21db044a5e1a094805402e2fd6490 (commit)
via dad79ffa90c05815b21722ead905bcce30148ae5 (commit)
from dd62ec277787d77975fdc7b269a756dc4756c05a (commit)
- Log -----------------------------------------------------------------
commit 83c2744173a48643a4c3a05e379f7616e4f0cc51
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Jun 21 14:47:58 2021 +0200
cmp_server.c: Fix check: certConf not allowed after transaction is closed
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)
commit 3c28aa85e7a21db044a5e1a094805402e2fd6490
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Jun 21 14:15:13 2021 +0200
cmp_client.c: Print checkAfter value from pollRep before it may get modified
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)
commit dad79ffa90c05815b21722ead905bcce30148ae5
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Jun 21 13:54:32 2021 +0200
cmp_mock_srv.c: Fix polling mode such that it can be done multiple times
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/cmp_mock_srv.c | 28 ++++++++++++++++++++++------
crypto/cmp/cmp_client.c | 25 +++++++++++++------------
crypto/cmp/cmp_server.c | 3 ++-
3 files changed, 37 insertions(+), 19 deletions(-)
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index 669e695fdc..cf82000c7f 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -26,6 +26,7 @@ typedef struct
OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */
int certReqId; /* id of last ir/cr/kur, used for polling */
int pollCount; /* number of polls before actual cert response */
+ int curr_pollCount; /* number of polls so far for current request */
int checkAfterTime; /* time the client should wait between polling */
} mock_srv_ctx;
@@ -195,13 +196,22 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
*chainOut = NULL;
*caPubs = NULL;
ctx->certReqId = certReqId;
- if (ctx->pollCount > 0) {
- ctx->pollCount--;
- OSSL_CMP_MSG_free(ctx->certReq);
+
+ if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) {
+ /* start polling */
+ if (ctx->certReq != NULL) {
+ /* already in polling mode */
+ ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY);
+ return NULL;
+ }
if ((ctx->certReq = OSSL_CMP_MSG_dup(cert_req)) == NULL)
return NULL;
return OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_waiting, 0, NULL);
}
+ if (ctx->curr_pollCount >= ctx->pollCount)
+ /* give final response after polling */
+ ctx->curr_pollCount = 0;
+
if (ctx->certOut != NULL
&& (*certOut = X509_dup(ctx->certOut)) == NULL)
goto err;
@@ -369,18 +379,24 @@ static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
- if (ctx->sendError || ctx->certReq == NULL) {
+ if (ctx->sendError) {
*certReq = NULL;
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
+ if (ctx->certReq == NULL) {
+ /* not currently in polling mode */
+ *certReq = NULL;
+ ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY);
+ return 0;
+ }
- if (ctx->pollCount == 0) {
+ if (++ctx->curr_pollCount >= ctx->pollCount) {
+ /* end polling */
*certReq = ctx->certReq;
ctx->certReq = NULL;
*check_after = 0;
} else {
- ctx->pollCount--;
*certReq = NULL;
*check_after = ctx->checkAfterTime;
}
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index e7761ae7d9..ea6ca39fb3 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -295,18 +295,6 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
ERR_add_error_data(1, str);
goto err;
}
- if (ctx->total_timeout > 0) { /* timeout is not infinite */
- const int exp = 5; /* expected max time per msg round trip */
- int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL));
-
- if (time_left <= 0) {
- ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT);
- goto err;
- }
- if (time_left < check_after)
- check_after = time_left;
- /* poll one last time just when timeout was reached */
- }
if (pollRep->reason == NULL
|| (len = BIO_snprintf(str, OSSL_CMP_PKISI_BUFLEN,
@@ -326,6 +314,19 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
"received polling response%s; checkAfter = %ld seconds",
str, check_after);
+ if (ctx->total_timeout > 0) { /* timeout is not infinite */
+ const int exp = 5; /* expected max time per msg round trip */
+ int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL));
+
+ if (time_left <= 0) {
+ ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT);
+ goto err;
+ }
+ if (time_left < check_after)
+ check_after = time_left;
+ /* poll one last time just when timeout was reached */
+ }
+
OSSL_CMP_MSG_free(preq);
preq = NULL;
OSSL_CMP_MSG_free(prep);
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index c4ef5fa203..a7cc38da5a 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -337,7 +337,8 @@ static OSSL_CMP_MSG *process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
ccc = req->body->value.certConf;
num = sk_OSSL_CMP_CERTSTATUS_num(ccc);
- if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1) {
+ if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1
+ || ctx->status != -2 /* transaction not open */) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_UNEXPECTED_CERTCONF);
return NULL;
}
More information about the openssl-commits
mailing list