diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-11-25 10:43:12 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-01-23 10:54:29 +0100 |
| commit | b908ec0f217da0a23f9d81442f81d44c94c98f23 (patch) | |
| tree | f41831e2c1fef85c95e2b629d6b575ba5e044385 | |
| parent | CMP docs: clarify behavior on message/total timeout values given (diff) | |
| download | openssl-b908ec0f217da0a23f9d81442f81d44c94c98f23.tar.xz openssl-b908ec0f217da0a23f9d81442f81d44c94c98f23.zip | |
cmp_client_test.c: add tests for end_time being initialized for RR/GENM
To this end, tweak the internal handling of ctx->total_timeout.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
| -rw-r--r-- | crypto/cmp/cmp_client.c | 10 | ||||
| -rw-r--r-- | crypto/cmp/cmp_ctx.c | 4 | ||||
| -rw-r--r-- | test/cmp_client_test.c | 24 |
3 files changed, 26 insertions, 12 deletions
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 800f22316c..8f89f4a5f8 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -139,7 +139,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, *rep = NULL; msg_timeout = ctx->msg_timeout; /* backup original value */ - if (is_enrollment && ctx->total_timeout > 0 /* timeout is not infinite */) { + if (is_enrollment && ctx->total_timeout != 0 /* timeout not infinite */) { if (now >= ctx->end_time) { ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT); return 0; @@ -164,7 +164,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, if (*rep == NULL) { ERR_raise_data(ERR_LIB_CMP, - ctx->total_timeout > 0 && time(NULL) >= ctx->end_time ? + ctx->total_timeout != 0 && time(NULL) >= ctx->end_time ? CMP_R_TOTAL_TIMEOUT : CMP_R_TRANSFER_ERROR, "request sent: %s, expected response: %s", req_type_str, expected_type_str); @@ -236,7 +236,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, * On receiving a pollRep, which includes a checkAfter value, it return this * value if sleep == 0, else it sleeps as long as indicated and retries. * - * A transaction timeout is enabled if ctx->total_timeout is > 0. + * A transaction timeout is enabled if ctx->total_timeout is != 0. * In this case polling will continue until the timeout is reached and then * polling is done a last time even if this is before the "checkAfter" time. * @@ -308,7 +308,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid, "received polling response%s; checkAfter = %ld seconds", str, check_after); - if (ctx->total_timeout > 0) { /* timeout is not infinite */ + if (ctx->total_timeout != 0) { /* timeout is not infinite */ const int exp = 5; /* expected max time per msg round trip */ int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL)); @@ -646,7 +646,7 @@ static int initial_certreq(OSSL_CMP_CTX *ctx, if (!ossl_cmp_ctx_set0_newCert(ctx, NULL)) return 0; - if (ctx->total_timeout > 0) /* else ctx->end_time is not used */ + if (ctx->total_timeout != 0) /* else ctx->end_time is not used */ ctx->end_time = time(NULL) + ctx->total_timeout; /* also checks if all necessary options are set */ diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index dcad9c8941..d01be8ebc7 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -919,9 +919,13 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) ctx->keep_alive = val; break; case OSSL_CMP_OPT_MSG_TIMEOUT: + if (val < 0) + val = 0; ctx->msg_timeout = val; break; case OSSL_CMP_OPT_TOTAL_TIMEOUT: + if (val < 0) + val = 0; ctx->total_timeout = val; break; case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR: diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index 6a60eab63b..81a7537f03 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -340,25 +340,34 @@ static int test_try_certreq_poll_abort(void) return result; } -static int test_exec_GENM_ses(int transfer_error) +static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); if (transfer_error) OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL); - fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans - : OSSL_CMP_PKISTATUS_accepted; + /* + * cannot use OSSL_CMP_CTX_set_option(... OSSL_CMP_OPT_TOTAL_TIMEOUT) + * here because this will correct total_timeout to be >= 0 + */ + fixture->cmp_ctx->total_timeout = total_timeout; + fixture->expected = expect; EXECUTE_TEST(execute_exec_GENM_ses_test, tear_down); return result; } static int test_exec_GENM_ses_ok(void) { - return test_exec_GENM_ses(0); + return test_exec_GENM_ses(0, 0, OSSL_CMP_PKISTATUS_accepted); +} + +static int test_exec_GENM_ses_transfer_error(void) +{ + return test_exec_GENM_ses(1, 0, OSSL_CMP_PKISTATUS_trans); } -static int test_exec_GENM_ses_error(void) +static int test_exec_GENM_ses_total_timeout(void) { - return test_exec_GENM_ses(1); + return test_exec_GENM_ses(0, -1, OSSL_CMP_PKISTATUS_trans); } static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture) @@ -458,7 +467,8 @@ int setup_tests(void) ADD_TEST(test_try_certreq_poll); ADD_TEST(test_try_certreq_poll_abort); ADD_TEST(test_exec_GENM_ses_ok); - ADD_TEST(test_exec_GENM_ses_error); + ADD_TEST(test_exec_GENM_ses_transfer_error); + ADD_TEST(test_exec_GENM_ses_total_timeout); ADD_TEST(test_exchange_certConf); ADD_TEST(test_exchange_error); return 1; |