diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-02-03 10:31:19 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-03-25 09:55:26 +0100 |
commit | 4b0c27d44514abb4ad2bb1153db96f106910fc04 (patch) | |
tree | 8eebde2828f5da89f10ac8d728fae05e926da264 /crypto/cmp | |
parent | f1e144f277fd98a0fde73b884aae541fdc73d063 (diff) |
CMP add: fix -reqin option, which requires adding OSSL_CMP_MSG_update_recipNonce()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
Diffstat (limited to 'crypto/cmp')
-rw-r--r-- | crypto/cmp/cmp_msg.c | 14 | ||||
-rw-r--r-- | crypto/cmp/cmp_protect.c | 2 |
2 files changed, 16 insertions, 0 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 64c83d6e34..f9cffcc3b9 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -1096,6 +1096,20 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) || ossl_cmp_msg_protect(ctx, msg); } +int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) +{ + if (ctx == NULL || msg == NULL || msg->header == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); + return 0; + } + if (ctx->recipNonce == NULL) /* nothing to do for 1st msg in transaction */ + return 1; + if (!ossl_cmp_asn1_octet_string_set1(&msg->header->recipNonce, + ctx->recipNonce)) + return 0; + return msg->header->protectionAlg == NULL || ossl_cmp_msg_protect(ctx, msg); +} + OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, const char *propq) { diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 76b9e55d3d..3d633bef79 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -129,6 +129,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, } } +/* ctx is not const just because ctx->chain may get adapted */ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) { if (!ossl_assert(ctx != NULL && msg != NULL)) @@ -235,6 +236,7 @@ static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg, return id == NULL || ossl_cmp_hdr_set1_senderKID(msg->header, id); } +/* ctx is not const just because ctx->chain may get adapted */ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) { if (!ossl_assert(ctx != NULL && msg != NULL)) |