diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-09-13 22:22:48 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-11-24 14:11:58 +0100 |
| commit | f2784497264bcf2c0080adab99a2fee93756199a (patch) | |
| tree | a735d32f67ccfe0ae52799df06d43dfdefd881ae | |
| parent | 69d3c81ca5c6cb03b0d1d1063fe6a2fa731ff461 (diff) | |
CMP: fix handling of unset or missing failInfo PKI status information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
(cherry picked from commit cba0e2afd6a222aa041e05f8455e83c9e959d05b)
| -rw-r--r-- | crypto/cmp/cmp_client.c | 8 | ||||
| -rw-r--r-- | crypto/cmp/cmp_status.c | 9 | ||||
| -rw-r--r-- | doc/man3/OSSL_CMP_CTX_new.pod | 3 |
3 files changed, 8 insertions, 12 deletions
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 607f5dafd6..5e83a111be 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -98,13 +98,7 @@ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si) if (ctx->status < OSSL_CMP_PKISTATUS_accepted) return 0; - ctx->failInfoCode = 0; - if (si->failInfo != NULL) { - for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) { - if (ASN1_BIT_STRING_get_bit(si->failInfo, i)) - ctx->failInfoCode |= (1 << i); - } - } + ctx->failInfoCode = ossl_cmp_pkisi_get_pkifailureinfo(si); if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null()) || (ctx->statusString == NULL)) diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c index ffde72c3f8..bfe6cd9906 100644 --- a/crypto/cmp/cmp_status.c +++ b/crypto/cmp/cmp_status.c @@ -73,9 +73,10 @@ int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si) if (!ossl_assert(si != NULL)) return -1; - for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) - if (ASN1_BIT_STRING_get_bit(si->failInfo, i)) - res |= 1 << i; + if (si->failInfo != NULL) + for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) + if (ASN1_BIT_STRING_get_bit(si->failInfo, i)) + res |= 1 << i; return res; } @@ -193,7 +194,7 @@ char *snprint_PKIStatusInfo_parts(int status, int fail_info, * failInfo is optional and may be empty; * if present, print failInfo before statusString because it is more concise */ - if (fail_info != 0) { + if (fail_info != -1 && fail_info != 0) { printed_chars = BIO_snprintf(write_ptr, bufsize, "; PKIFailureInfo: "); ADVANCE_BUFFER; for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) { diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 7b33dd0e4f..66b79337ce 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -640,7 +640,8 @@ OSSL_CMP_CTX_get0_statusString() returns the statusString from the last received CertRepMessage or Revocation Response or error message, or NULL if unset. OSSL_CMP_CTX_get_failInfoCode() returns the error code from the failInfo field -of the last received CertRepMessage or Revocation Response or error message. +of the last received CertRepMessage or Revocation Response or error message, +or -1 if no such response was received or OSSL_CMP_CTX_reinit() has been called. This is a bit field and the flags for it are specified in the header file F<< <openssl/cmp.h> >>. The flags start with OSSL_CMP_CTX_FAILINFO, for example: |