diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-05-28 17:19:36 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-06-13 15:13:21 +0200 |
commit | 430efff1b9baa36099b5443c924f96b854e00300 (patch) | |
tree | 1df811cb6136cdd94f11851606d0f01bd651047a /crypto/cmp | |
parent | ca6f1ba9037e019d9f45b7751f36c8e72488632d (diff) |
Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update()
Bugfix: allow using extraCerts contained in msg already while checking signature
Improve function name, simplify its return value, and update its documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Diffstat (limited to 'crypto/cmp')
-rw-r--r-- | crypto/cmp/cmp_client.c | 4 | ||||
-rw-r--r-- | crypto/cmp/cmp_local.h | 4 | ||||
-rw-r--r-- | crypto/cmp/cmp_server.c | 4 | ||||
-rw-r--r-- | crypto/cmp/cmp_vfy.c | 53 |
4 files changed, 32 insertions, 33 deletions
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index d309f84a78..f38d8651f4 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -189,8 +189,8 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, */ ossl_cmp_log1(INFO, ctx, "received %s", ossl_cmp_bodytype_to_string(bt)); - if ((bt = ossl_cmp_msg_check_received(ctx, *rep, unprotected_exception, - expected_type)) < 0) + if (!ossl_cmp_msg_check_update(ctx, *rep, unprotected_exception, + expected_type)) return 0; if (bt == expected_type diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 0c0ca3466a..13981ce597 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -908,8 +908,8 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, int invalid_protection, int arg); -int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); +int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified); /* from cmp_client.c */ diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index b805dc8bcb..5cb313a32c 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -508,8 +508,8 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, } } - if (ossl_cmp_msg_check_received(ctx, req, unprotected_exception, - srv_ctx->acceptUnprotected) < 0) + if (!ossl_cmp_msg_check_update(ctx, req, unprotected_exception, + srv_ctx->acceptUnprotected)) goto err; switch (req_type) { diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index d32db60c54..6a25ce0f78 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -702,19 +702,29 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) * learns the senderNonce from the received message, * learns the transaction ID if it is not yet in ctx. * - * returns body type (which is >= 0) of the message on success, -1 on error + * returns 1 on success, 0 on error */ -int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg) +int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg) { - int rcvd_type; - if (!ossl_assert(ctx != NULL && msg != NULL)) - return -1; + return 0; if (sk_X509_num(msg->extraCerts) > 10) ossl_cmp_warn(ctx, "received CMP message contains more than 10 extraCerts"); + /* + * Store any provided extraCerts in ctx for use in OSSL_CMP_validate_msg() + * and for future use, such that they are available to ctx->certConf_cb and + * the peer does not need to send them again in the same transaction. + * Note that it does not help validating the message before storing the + * extraCerts because they do not belong to the protected msg part anyway. + * For efficiency, the extraCerts are prepended so they get used first. + */ + if (!ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, msg->extraCerts, + 0 /* this allows self-issued certs */, + 1 /* no_dups */, 1 /* prepend */)) + return 0; /* validate message protection */ if (msg->header->protectionAlg != 0) { @@ -723,7 +733,7 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, && (cb == NULL || (*cb)(ctx, msg, 1, cb_arg) <= 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_ERROR_VALIDATING_PROTECTION); - return -1; + return 0; #endif } } else { @@ -731,7 +741,7 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, if (cb == NULL || (*cb)(ctx, msg, 0, cb_arg) <= 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_MISSING_PROTECTION); - return -1; + return 0; #endif } } @@ -740,14 +750,14 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, if (ossl_cmp_hdr_get_pvno(OSSL_CMP_MSG_get0_header(msg)) != OSSL_CMP_PVNO) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_UNEXPECTED_PVNO); - return -1; + return 0; #endif } - if ((rcvd_type = ossl_cmp_msg_get_bodytype(msg)) < 0) { + if (ossl_cmp_msg_get_bodytype(msg) < 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_PKIBODY_ERROR); - return -1; + return 0; #endif } @@ -758,7 +768,7 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, msg->header->transactionID) != 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_TRANSACTIONID_UNMATCHED); - return -1; + return 0; #endif } @@ -769,7 +779,7 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, msg->header->recipNonce) != 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_RECIPNONCE_UNMATCHED); - return -1; + return 0; #endif } @@ -779,25 +789,14 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, * --> Store for setting in next message */ if (!ossl_cmp_ctx_set1_recipNonce(ctx, msg->header->senderNonce)) - return -1; + return 0; /* if not yet present, learn transactionID */ if (ctx->transactionID == NULL && !OSSL_CMP_CTX_set1_transactionID(ctx, msg->header->transactionID)) - return -1; - - /* - * Store any provided extraCerts in ctx for future use, - * such that they are available to ctx->certConf_cb and - * the peer does not need to send them again in the same transaction. - * For efficiency, the extraCerts are prepended so they get used first. - */ - if (!ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, msg->extraCerts, - 0 /* this allows self-issued certs */, - 1 /* no_dups */, 1 /* prepend */)) - return -1; + return 0; - return rcvd_type; + return 1; } int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified) |