diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-10-11 16:21:20 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-01-23 10:56:31 +0100 |
| commit | add42e0b3b58ade2162f4d3f3c8c073c97e1db0f (patch) | |
| tree | 205f78f405fb6a78ce4d5c9841aa0fbbf3294c7e /crypto | |
| parent | 538682c62ac5cb58b6464bcd30a3c0fb98bdb302 (diff) | |
cmp_client.c: fix handling of total_timeout for RR and GENM transactions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
(cherry picked from commit d7d1d0928af2f14e7e187fa8c78115d0d1aa28eb)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cmp/cmp_client.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index a008710463..f283534db7 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -123,13 +123,13 @@ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si) static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, OSSL_CMP_MSG **rep, int expected_type) { - int is_enrollment = IS_CREP(expected_type) - || expected_type == OSSL_CMP_PKIBODY_POLLREP - || expected_type == OSSL_CMP_PKIBODY_PKICONF; + int begin_transaction = + expected_type != OSSL_CMP_PKIBODY_POLLREP + && expected_type != OSSL_CMP_PKIBODY_PKICONF; const char *req_type_str = ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req)); const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type); - int msg_timeout; + int bak_msg_timeout = ctx->msg_timeout; int bt; time_t now = time(NULL); int time_left; @@ -137,15 +137,16 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, if (transfer_cb == NULL) transfer_cb = OSSL_CMP_MSG_http_perform; - *rep = NULL; - msg_timeout = ctx->msg_timeout; /* backup original value */ - if (is_enrollment && ctx->total_timeout != 0 /* timeout not infinite */) { + + if (ctx->total_timeout != 0 /* not waiting indefinitely */) { + if (begin_transaction) + ctx->end_time = now + ctx->total_timeout; if (now >= ctx->end_time) { ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT); return 0; } - if (!ossl_assert(ctx->end_time - time(NULL) < INT_MAX)) { + if (!ossl_assert(ctx->end_time - now < INT_MAX)) { /* actually cannot happen due to assignment in initial_certreq() */ ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); return 0; @@ -161,7 +162,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, ossl_cmp_log1(INFO, ctx, "sending %s", req_type_str); *rep = (*transfer_cb)(ctx, req); - ctx->msg_timeout = msg_timeout; /* restore original value */ + ctx->msg_timeout = bak_msg_timeout; if (*rep == NULL) { ERR_raise_data(ERR_LIB_CMP, @@ -646,9 +647,6 @@ static int initial_certreq(OSSL_CMP_CTX *ctx, if (!ossl_cmp_ctx_set0_newCert(ctx, NULL)) return 0; - if (ctx->total_timeout != 0) /* else ctx->end_time is not used */ - ctx->end_time = time(NULL) + ctx->total_timeout; - /* also checks if all necessary options are set */ if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL) return 0; |