diff options
| author | Rajeev Ranjan <ranjan.rajeev@siemens.com> | 2023-03-13 09:16:57 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-12-21 22:53:35 +0100 |
| commit | 192bfec487b27ee9398138ce5f0c5b00f536dc95 (patch) | |
| tree | f8b1dbf16ab04f2542cb372dd0d89361d368ada4 /apps/lib | |
| parent | Detect and prevent recursive config parsing (diff) | |
| download | openssl-192bfec487b27ee9398138ce5f0c5b00f536dc95.tar.xz openssl-192bfec487b27ee9398138ce5f0c5b00f536dc95.zip | |
crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
Diffstat (limited to 'apps/lib')
| -rw-r--r-- | apps/lib/cmp_mock_srv.c | 83 |
1 files changed, 70 insertions, 13 deletions
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c index d58937ea78..edfb1d0c75 100644 --- a/apps/lib/cmp_mock_srv.c +++ b/apps/lib/cmp_mock_srv.c @@ -27,7 +27,7 @@ typedef struct X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */ OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */ int sendError; /* send error response on given request type */ - OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */ + OSSL_CMP_MSG *req; /* original request message during polling */ int pollCount; /* number of polls before actual cert response */ int curr_pollCount; /* number of polls so far for current request */ int checkAfterTime; /* time the client should wait between polling */ @@ -43,7 +43,7 @@ static void mock_srv_ctx_free(mock_srv_ctx *ctx) X509_free(ctx->certOut); OSSL_STACK_OF_X509_free(ctx->chainOut); OSSL_STACK_OF_X509_free(ctx->caPubsOut); - OSSL_CMP_MSG_free(ctx->certReq); + OSSL_CMP_MSG_free(ctx->req); OPENSSL_free(ctx); } @@ -183,6 +183,44 @@ int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec) return 1; } +static int delayed_delivery(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req) +{ + mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); + int req_type = OSSL_CMP_MSG_get_bodytype(req); + + if (ctx == NULL || req == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); + return 0; + } + + /* + * For ir/cr/p10cr/kur delayed delivery is handled separately in + * process_cert_request + */ + if (req_type == OSSL_CMP_IR + || req_type == OSSL_CMP_CR + || req_type == OSSL_CMP_P10CR + || req_type == OSSL_CMP_KUR + /* Client may use error to abort the ongoing polling */ + || req_type == OSSL_CMP_ERROR) + return 0; + + if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) { + /* start polling */ + if (ctx->req != NULL) { /* TODO: move this check to cmp_server.c */ + /* already in polling mode */ + ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); + return 0; + } + if ((ctx->req = OSSL_CMP_MSG_dup(req)) == NULL) + return -1; + + return 1; + } + return 0; +} + /* check for matching reference cert components, as far as given */ static int refcert_cmp(const X509 *refcert, const X509_NAME *issuer, const ASN1_INTEGER *serial) @@ -198,6 +236,23 @@ static int refcert_cmp(const X509 *refcert, && (ref_serial == NULL || ASN1_INTEGER_cmp(serial, ref_serial) == 0); } +/* Reset dynamic variable in case of incomplete tansaction */ +static int reset_transaction(OSSL_CMP_SRV_CTX *srv_ctx) +{ + mock_srv_ctx *ctx = NULL; + + if (srv_ctx == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); + return 0; + } + + ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); + ctx->curr_pollCount = 0; + OSSL_CMP_MSG_free(ctx->req); + ctx->req = NULL; + return 1; +} + static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *cert_req, ossl_unused int certReqId, @@ -228,12 +283,12 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) { /* start polling */ - if (ctx->certReq != NULL) { + if (ctx->req != NULL) { /* already in polling mode */ ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); return NULL; } - if ((ctx->certReq = OSSL_CMP_MSG_dup(cert_req)) == NULL) + if ((ctx->req = OSSL_CMP_MSG_dup(cert_req)) == NULL) return NULL; return OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_waiting, 0, NULL); } @@ -481,35 +536,35 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx, static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *pollReq, ossl_unused int certReqId, - OSSL_CMP_MSG **certReq, int64_t *check_after) + OSSL_CMP_MSG **req, int64_t *check_after) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); if (ctx == NULL || pollReq == NULL - || certReq == NULL || check_after == NULL) { + || req == NULL || check_after == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return 0; } if (ctx->sendError == 1 || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) { - *certReq = NULL; + *req = NULL; ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return 0; } - if (ctx->certReq == NULL) { + if (ctx->req == NULL) { /* TODO: move this check to cmp_server.c */ /* not currently in polling mode */ - *certReq = NULL; + *req = NULL; ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); return 0; } if (++ctx->curr_pollCount >= ctx->pollCount) { /* end polling */ - *certReq = ctx->certReq; - ctx->certReq = NULL; + *req = ctx->req; + ctx->req = NULL; *check_after = 0; } else { - *certReq = NULL; + *req = NULL; *check_after = ctx->checkAfterTime; } return 1; @@ -523,7 +578,9 @@ OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq) if (srv_ctx != NULL && ctx != NULL && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request, process_rr, process_genm, process_error, - process_certConf, process_pollReq)) + process_certConf, process_pollReq) + && OSSL_CMP_SRV_CTX_setup_polling(srv_ctx, reset_transaction, + delayed_delivery)) return srv_ctx; mock_srv_ctx_free(ctx); |