From b3d29175f7046b51b20ab4c78d2e5f7611ea6bce Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Wed, 14 Sep 2022 17:37:27 +0200
Subject: OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs

Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)

(cherry picked from commit 1c04866c671db4a6db0a1784399b351ea061bc16)
---
 apps/lib/cmp_mock_srv.c       |  2 +-
 crypto/cmp/cmp_ctx.c          | 10 ++++++++++
 doc/man3/OSSL_CMP_CTX_new.pod |  6 ++++--
 test/cmp_client_test.c        | 16 ++++++++++++++--
 4 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index 1fb5adca1a..b37f3dd3d8 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -301,7 +301,7 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
         ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
         return 0;
     }
-    if (ctx->sendError) {
+    if (sk_OSSL_CMP_ITAV_num(in) > 1 || ctx->sendError) {
         ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
         return 0;
     }
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index ab9fe1fecc..230883e894 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -142,6 +142,13 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
     return NULL;
 }
 
+#define OSSL_CMP_ITAVs_free(itavs) \
+    sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
+#define X509_EXTENSIONS_free(exts) \
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free)
+#define OSSL_CMP_PKIFREETEXT_free(text) \
+    sk_ASN1_UTF8STRING_pop_free(text, ASN1_UTF8STRING_free)
+
 /* Prepare the OSSL_CMP_CTX for next use, partly re-initializing OSSL_CMP_CTX */
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
 {
@@ -158,6 +165,9 @@ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
     ctx->status = OSSL_CMP_PKISTATUS_unspecified;
     ctx->failInfoCode = -1;
 
+    OSSL_CMP_ITAVs_free(ctx->genm_ITAVs);
+    ctx->genm_ITAVs = NULL;
+
     return ossl_cmp_ctx_set0_statusString(ctx, NULL)
         && ossl_cmp_ctx_set0_newCert(ctx, NULL)
         && ossl_cmp_ctx_set1_newChain(ctx, NULL)
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index 66b79337ce..546a51dc3c 100644
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -179,6 +179,7 @@ OSSL_CMP_CTX_reinit() prepares the given I<ctx> for a further transaction by
 clearing the internal CMP transaction (aka session) status, PKIStatusInfo,
 and any previous results (newCert, newChain, caPubs, and extraCertsIn)
 from the last executed transaction.
+It also clears any ITAVs that were added by OSSL_CMP_CTX_push0_genm_ITAV().
 All other field values (i.e., CMP options) are retained for potential re-use.
 
 OSSL_CMP_CTX_set_option() sets the given value for the given option
@@ -702,7 +703,8 @@ OSSL_CMP_certConf_cb() returns I<fail_info> if it is not equal to 0,
 else 0 on successful validation,
 or else a bit field with the B<OSSL_CMP_PKIFAILUREINFO_incorrectData> bit set.
 
-All other functions return 1 on success, 0 on error.
+All other functions, including OSSL_CMP_CTX_reinit(),
+return 1 on success, 0 on error.
 
 =head1 EXAMPLES
 
@@ -758,7 +760,7 @@ the id-it-signKeyPairTypes OID and prints info on the General Response contents:
     OSSL_CMP_CTX_reinit(cmp_ctx);
 
     ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1);
-    OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL);
+    OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL);
     OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav);
 
     STACK_OF(OSSL_CMP_ITAV) *itavs;
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index f470f5e445..7c3b8677a1 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -95,15 +95,27 @@ static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixture)
                        OSSL_CMP_exec_RR_ses(fixture->cmp_ctx) == 1);
 }
 
-static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture)
+static int execute_exec_GENM_ses_test_single(CMP_SES_TEST_FIXTURE *fixture)
 {
-    STACK_OF(OSSL_CMP_ITAV) *itavs = NULL;
+    ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1);
+    OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL);
+    STACK_OF(OSSL_CMP_ITAV) *itavs;
+
+    OSSL_CMP_CTX_push0_genm_ITAV(fixture->cmp_ctx, itav);
+
     if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx)))
         return 0;
     sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
     return 1;
 }
 
+static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture)
+{
+    return execute_exec_GENM_ses_test_single(fixture)
+        && OSSL_CMP_CTX_reinit(fixture->cmp_ctx)
+        && execute_exec_GENM_ses_test_single(fixture);
+}
+
 static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture)
 {
     X509 *res = OSSL_CMP_exec_certreq(fixture->cmp_ctx,
-- 
cgit v1.2.3