diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-02-01 15:43:35 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-02-08 17:05:47 +0100 |
| commit | 036a444fdc77b36e0bfcc8b765acf96036f5a0b3 (patch) | |
| tree | d6ff8f7481f4a4bd61e0785d1aafd31612bece8a /crypto/cmp | |
| parent | 8c29fa21a7983862f0bd4744523ffee61f17ca22 (diff) | |
OSSL_CMP_SRV_process_request(): fix recipNonce on error in subsequent request of a transaction
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
Diffstat (limited to 'crypto/cmp')
| -rw-r--r-- | crypto/cmp/cmp_server.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index a48631d267..05e8cb1955 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -447,7 +447,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, ASN1_OCTET_STRING *backup_secret; OSSL_CMP_PKIHEADER *hdr; int req_type, rsp_type; - int res; + int req_verified = 0; OSSL_CMP_MSG *rsp = NULL; if (srv_ctx == NULL || srv_ctx->ctx == NULL @@ -505,12 +505,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, } } - res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception, - srv_ctx->acceptUnprotected); + req_verified = ossl_cmp_msg_check_update(ctx, req, unprotected_exception, + srv_ctx->acceptUnprotected); if (ctx->secretValue != NULL && ctx->pkey != NULL && ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC) ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */ - if (!res) + if (!req_verified) goto err; switch (req_type) { @@ -569,9 +569,15 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, /* fail_info is not very specific */ OSSL_CMP_PKISI *si = NULL; - if (ctx->transactionID == NULL) { - /* ignore any (extra) error in next two function calls: */ - (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID); + if (!req_verified) { + /* + * Above ossl_cmp_msg_check_update() was not successfully executed, + * which normally would set ctx->transactionID and ctx->recipNonce. + * So anyway try to provide the right transactionID and recipNonce, + * while ignoring any (extra) error in next two function calls. + */ + if (ctx->transactionID == NULL) + (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID); (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce); } |