From 534725fd4389782d693cff061f4d31b786058ab1 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Sat, 20 Mar 2021 22:04:58 +0100 Subject: [PATCH] HTTP: Fix method_POST param by moving it to OSSL_HTTP_REQ_CTX_set_request_line() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14699) --- crypto/http/http_client.c | 20 +++++++++---------- crypto/ocsp/ocsp_http.c | 4 ++-- doc/man3/OSSL_HTTP_REQ_CTX.pod | 35 +++++++++++++++++----------------- include/openssl/http.h | 5 ++--- include/openssl/ocsp.h.in | 5 +++-- 5 files changed, 33 insertions(+), 36 deletions(-) diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 4aba5e7761..8e4f8e8c83 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -73,8 +73,7 @@ struct ossl_http_req_ctx_st { #define OHS_HTTP_HEADER (9 | OHS_NOREAD) /* Headers set, w/o final \r\n */ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, - int method_POST, int maxline, - unsigned long max_resp_len, + int maxline, unsigned long max_resp_len, int timeout, const char *expected_ct, int expect_asn1) { @@ -96,7 +95,6 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, OPENSSL_free(rctx); return NULL; } - rctx->method_POST = method_POST; rctx->expected_ct = expected_ct; rctx->expect_asn1 = expect_asn1; rctx->resp_len = 0; @@ -135,10 +133,10 @@ void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, } /* - * Create request line using |ctx| and |path| (or "/" in case |path| is NULL). + * Create request line using |rctx| and |path| (or "/" in case |path| is NULL). * Server name (and port) must be given if and only if plain HTTP proxy is used. */ -int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, +int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, const char *server, const char *port, const char *path) { @@ -150,6 +148,7 @@ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, if ((rctx->mem = BIO_new(BIO_s_mem())) == NULL) return 0; + rctx->method_POST = method_POST != 0; if (BIO_printf(rctx->mem, "%s ", rctx->method_POST ? "POST" : "GET") <= 0) return 0; @@ -202,7 +201,7 @@ int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx, return 1; } -static int OSSL_HTTP_REQ_CTX_set_content(OSSL_HTTP_REQ_CTX *rctx, +static int ossl_http_req_ctx_set_content(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, BIO *req_mem) { const unsigned char *req; @@ -259,7 +258,7 @@ int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type } res = (mem = ossl_http_asn1_item2bio(it, req)) != NULL - && OSSL_HTTP_REQ_CTX_set_content(rctx, content_type, mem); + && ossl_http_req_ctx_set_content(rctx, content_type, mem); BIO_free(mem); return res; } @@ -308,18 +307,17 @@ OSSL_HTTP_REQ_CTX } /* remaining parameters are checked indirectly by the functions called */ - if ((rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, req_mem != NULL, maxline, - max_resp_len, timeout, + if ((rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, maxline, max_resp_len, timeout, expected_ct, expect_asn1)) == NULL) return NULL; - if (OSSL_HTTP_REQ_CTX_set_request_line(rctx, + if (OSSL_HTTP_REQ_CTX_set_request_line(rctx, req_mem != NULL, use_http_proxy ? server : NULL, port, path) && OSSL_HTTP_REQ_CTX_add1_headers(rctx, headers, server) && (req_mem == NULL - || OSSL_HTTP_REQ_CTX_set_content(rctx, content_type, req_mem))) + || ossl_http_req_ctx_set_content(rctx, content_type, req_mem))) return rctx; OSSL_HTTP_REQ_CTX_free(rctx); diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c index a35201e047..7a3c19c860 100644 --- a/crypto/ocsp/ocsp_http.c +++ b/crypto/ocsp/ocsp_http.c @@ -18,13 +18,13 @@ OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, { OSSL_HTTP_REQ_CTX *rctx = NULL; - if ((rctx = OSSL_HTTP_REQ_CTX_new(io, io, 1 /* POST */, + if ((rctx = OSSL_HTTP_REQ_CTX_new(io, io, maxline, 0 /* default max_resp_len */, 0 /* no timeout, blocking indefinitely */, NULL, 1 /* expect_asn1 */)) == NULL) return NULL; - if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, NULL, NULL, path)) + if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, 1 /* POST */, NULL, NULL, path)) goto err; if (req != NULL diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod index 9cfae4c3cb..8e928f19fa 100644 --- a/doc/man3/OSSL_HTTP_REQ_CTX.pod +++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod @@ -21,14 +21,13 @@ OSSL_HTTP_REQ_CTX_set_max_response_length typedef struct ossl_http_req_ctx_st OSSL_HTTP_REQ_CTX; OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, - int method_POST, int maxline, - unsigned long max_resp_len, + int maxline, unsigned long max_resp_len, int timeout, const char *expected_content_type, int expect_asn1); void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx); - int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, + int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, const char *server, const char *port, const char *path); int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx, @@ -59,8 +58,6 @@ the B to read the response from (I, which may be equal to I), the maximum expected response header line length (I, where a value <= 0 indicates that the B of 4KiB should be used; this length is also used as the number of content bytes read at a time), -the request method (I, which may be 1 to indicate that the C -method is to be used, or 0 to indicate that the C method is to be used), the maximum allowed response content length (I, where 0 means that the B is used, which currently is 100 KiB), a response timeout measure in seconds (I, @@ -78,11 +75,11 @@ The I and I are not free'd and it is up to the application to do so. OSSL_HTTP_REQ_CTX_set_request_line() adds the HTTP request line to the context. -The request method itself becomes C or C depending on the value -of I in the OSSL_HTTP_REQ_CTX_new() call. I and I -may be set to indicate a proxy server and port that the request should go -through, otherwise they should be left NULL. I is the HTTP request path; -if left NULL, C is used. +The HTTP method is determined by I, +which should be 1 to indicate C or 0 to indicate C. +I and I may be set to indicate a proxy server and port +that the request should go through, otherwise they should be left NULL. +I is the HTTP request path; if left NULL, C is used. OSSL_HTTP_REQ_CTX_add1_header() adds header I with value I to the context I. It can be called more than once to add multiple headers. @@ -90,12 +87,14 @@ For example, to add a C header for C you would call: OSSL_HTTP_REQ_CTX_add1_header(ctx, "Host", "example.com"); -OSSL_HTTP_REQ_CTX_set1_req() finalizes the HTTP request context by adding -the DER encoding of I, using the ASN.1 template I to do the encoding. -The HTTP header C is automatically filled out, and if -I isn't NULL, the HTTP header C is also added with -its content as value. All of this ends up in the internal memory B. -This requires that I was 1 in the OSSL_HTTP_REQ_CTX_new() call. +OSSL_HTTP_REQ_CTX_set1_req() is to be used if and only if the I +parameter in the OSSL_HTTP_REQ_CTX_set_request_line() call was 1. +It finalizes the HTTP request context by adding the DER encoding of I, +using the ASN.1 template I to do the encoding. +The HTTP header C is filled out with the length of the request. +If I isn't NULL, +the HTTP header C is also added with its content as value. +All of this ends up in the internal memory B. OSSL_HTTP_REQ_CTX_nbio() attempts to send the request prepared I and gathering the response via HTTP, using the I and I @@ -150,8 +149,8 @@ This is optional and may be done multiple times with different names. =item 3. Add C data with OSSL_HTTP_REQ_CTX_set1_req(). This may only be done if -I was 1 in the OSSL_HTTP_REQ_CTX_new() call, and must be done -exactly once in that case. +I was 1 in the OSSL_HTTP_REQ_CTX_set_request_line() call, +and must be done exactly once in that case. =back diff --git a/include/openssl/http.h b/include/openssl/http.h index 9be738f48c..18d0f13b3e 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -39,12 +39,11 @@ typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail) #define HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, - int method_GET, int maxline, - unsigned long max_resp_len, + int maxline, unsigned long max_resp_len, int timeout, const char *expected_ct, int expect_asn1); void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx); -int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, +int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, const char *server, const char *port, const char *path); int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx, diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in index b84d1d89d5..bf8bd7e676 100644 --- a/include/openssl/ocsp.h.in +++ b/include/openssl/ocsp.h.in @@ -178,11 +178,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx); # ifndef OPENSSL_NO_DEPRECATED_3_0 typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; # define OCSP_REQ_CTX_new(io, maxline) \ - OSSL_HTTP_REQ_CTX_new(io, io, 1, maxline, 0, 0, NULL, 1) + OSSL_HTTP_REQ_CTX_new(io, io, maxline, 0, 0, NULL, 1) # define OCSP_REQ_CTX_free(r) \ OSSL_HTTP_REQ_CTX_free(r) # define OCSP_REQ_CTX_http(rctx, op, path) \ - OSSL_HTTP_REQ_CTX_set_request_line(rctx, NULL, NULL, path) + OSSL_HTTP_REQ_CTX_set_request_line(rctx, strcmp(op, "POST") == 0, \ + NULL, NULL, path) # define OCSP_REQ_CTX_add1_header(r, n, v) \ OSSL_HTTP_REQ_CTX_add1_header(r, n, v) # define OCSP_REQ_CTX_i2d(r, i, req) \