mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent request of a transaction

Browse Source 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
This commit is contained in:
Dr. David von Oheimb 2023-02-01 15:43:35 +01:00 committed by Tomas Mraz
parent 8c29fa21a7
commit 036a444fdc
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
crypto/cmp/cmp_server.c
View File

@ -447,7 +447,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
ASN1_OCTET_STRING *backup_secret; ASN1_OCTET_STRING *backup_secret;
OSSL_CMP_PKIHEADER *hdr; OSSL_CMP_PKIHEADER *hdr;
int req_type, rsp_type; int req_type, rsp_type;
int res; int req_verified = 0;
OSSL_CMP_MSG *rsp = NULL; OSSL_CMP_MSG *rsp = NULL;
if (srv_ctx == NULL || srv_ctx->ctx == NULL if (srv_ctx == NULL || srv_ctx->ctx == NULL
@ -505,12 +505,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
} }
} }
res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception, req_verified = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
srv_ctx->acceptUnprotected); srv_ctx->acceptUnprotected);
if (ctx->secretValue != NULL && ctx->pkey != NULL if (ctx->secretValue != NULL && ctx->pkey != NULL
&& ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC) && ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC)
ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */ ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */
if (!res) if (!req_verified)
goto err; goto err;
switch (req_type) { switch (req_type) {
@ -569,9 +569,15 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
/* fail_info is not very specific */ /* fail_info is not very specific */
OSSL_CMP_PKISI *si = NULL; OSSL_CMP_PKISI *si = NULL;
if (ctx->transactionID == NULL) { if (!req_verified) {
/* ignore any (extra) error in next two function calls: */ /*
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID); * Above ossl_cmp_msg_check_update() was not successfully executed,
* which normally would set ctx->transactionID and ctx->recipNonce.
* So anyway try to provide the right transactionID and recipNonce,
* while ignoring any (extra) error in next two function calls.
*/
if (ctx->transactionID == NULL)
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
(void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce); (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
} }