From b3d29175f7046b51b20ab4c78d2e5f7611ea6bce Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Wed, 14 Sep 2022 17:37:27 +0200 Subject: OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/19216) (cherry picked from commit 1c04866c671db4a6db0a1784399b351ea061bc16) --- doc/man3/OSSL_CMP_CTX_new.pod | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 66b79337ce..546a51dc3c 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -179,6 +179,7 @@ OSSL_CMP_CTX_reinit() prepares the given I for a further transaction by clearing the internal CMP transaction (aka session) status, PKIStatusInfo, and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. +It also clears any ITAVs that were added by OSSL_CMP_CTX_push0_genm_ITAV(). All other field values (i.e., CMP options) are retained for potential re-use. OSSL_CMP_CTX_set_option() sets the given value for the given option @@ -702,7 +703,8 @@ OSSL_CMP_certConf_cb() returns I if it is not equal to 0, else 0 on successful validation, or else a bit field with the B bit set. -All other functions return 1 on success, 0 on error. +All other functions, including OSSL_CMP_CTX_reinit(), +return 1 on success, 0 on error. =head1 EXAMPLES @@ -758,7 +760,7 @@ the id-it-signKeyPairTypes OID and prints info on the General Response contents: OSSL_CMP_CTX_reinit(cmp_ctx); ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); - OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL); + OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL); OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); STACK_OF(OSSL_CMP_ITAV) *itavs; -- cgit v1.2.3