diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-02-03 10:31:19 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-03-25 10:23:29 +0100 |
commit | 92a8c9d86f9d5bb5587711d8b9239aabbaddf89c (patch) | |
tree | 9034312622cc59dc915d5f48c01ad9a12ed0aee5 /apps | |
parent | bf1f609e5f763ce34e53b0c482322e0bfe38b7a6 (diff) |
CMP add: fix -reqin option, which requires adding OSSL_CMP_MSG_update_recipNonce()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
(cherry picked from commit b75d56dee09ac6f1fdb75169da891668cf181066)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/cmp.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 50f87d97db..c8394cbb6e 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -810,6 +810,13 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, if (opt_reqin_new_tid && !OSSL_CMP_MSG_update_transactionID(ctx, req_new)) goto err; + + /* + * Except for first request, need to satisfy recipNonce check by server. + * Unfortunately requires re-protection if protection is required. + */ + if (!OSSL_CMP_MSG_update_recipNonce(ctx, req_new)) + goto err; } if (opt_rspin != NULL) { @@ -825,7 +832,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, goto err; if (req_new != NULL || prev_opt_rspin != NULL) { - /* need to satisfy nonce and transactionID checks */ + /* need to satisfy nonce and transactionID checks by client */ ASN1_OCTET_STRING *nonce; ASN1_OCTET_STRING *tid; |