mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent request of a transaction

Browse Source 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
This commit is contained in:
Dr. David von Oheimb 2023-02-01 15:43:35 +01:00 committed by Tomas Mraz
parent 8c29fa21a7
commit 036a444fdc
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
crypto/cmp/cmp_server.c
View File

@ -447,7 +447,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
ASN1_OCTET_STRING *backup_secret;
OSSL_CMP_PKIHEADER *hdr;
int req_type, rsp_type;
int res;
int req_verified = 0;
OSSL_CMP_MSG *rsp = NULL;
if (srv_ctx == NULL || srv_ctx->ctx == NULL
@ -505,12 +505,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
}
}
res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
srv_ctx->acceptUnprotected);
req_verified = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
srv_ctx->acceptUnprotected);
if (ctx->secretValue != NULL && ctx->pkey != NULL
&& ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC)
ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */
if (!res)
if (!req_verified)
goto err;
switch (req_type) {
@ -569,9 +569,15 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
/* fail_info is not very specific */
OSSL_CMP_PKISI *si = NULL;
if (ctx->transactionID == NULL) {
/* ignore any (extra) error in next two function calls: */
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
if (!req_verified) {
/*
* Above ossl_cmp_msg_check_update() was not successfully executed,
* which normally would set ctx->transactionID and ctx->recipNonce.
* So anyway try to provide the right transactionID and recipNonce,
* while ignoring any (extra) error in next two function calls.
*/
if (ctx->transactionID == NULL)
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
(void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
}