To this end, tweak the internal handling of ctx->total_timeout.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
*rep = NULL;
msg_timeout = ctx->msg_timeout; /* backup original value */
- if (is_enrollment && ctx->total_timeout > 0 /* timeout is not infinite */) {
+ if (is_enrollment && ctx->total_timeout != 0 /* timeout not infinite */) {
if (now >= ctx->end_time) {
ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT);
return 0;
if (*rep == NULL) {
ERR_raise_data(ERR_LIB_CMP,
- ctx->total_timeout > 0 && time(NULL) >= ctx->end_time ?
+ ctx->total_timeout != 0 && time(NULL) >= ctx->end_time ?
CMP_R_TOTAL_TIMEOUT : CMP_R_TRANSFER_ERROR,
"request sent: %s, expected response: %s",
req_type_str, expected_type_str);
* On receiving a pollRep, which includes a checkAfter value, it return this
* value if sleep == 0, else it sleeps as long as indicated and retries.
*
- * A transaction timeout is enabled if ctx->total_timeout is > 0.
+ * A transaction timeout is enabled if ctx->total_timeout is != 0.
* In this case polling will continue until the timeout is reached and then
* polling is done a last time even if this is before the "checkAfter" time.
*
"received polling response%s; checkAfter = %ld seconds",
str, check_after);
- if (ctx->total_timeout > 0) { /* timeout is not infinite */
+ if (ctx->total_timeout != 0) { /* timeout is not infinite */
const int exp = 5; /* expected max time per msg round trip */
int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL));
if (!ossl_cmp_ctx_set0_newCert(ctx, NULL))
return 0;
- if (ctx->total_timeout > 0) /* else ctx->end_time is not used */
+ if (ctx->total_timeout != 0) /* else ctx->end_time is not used */
ctx->end_time = time(NULL) + ctx->total_timeout;
/* also checks if all necessary options are set */
ctx->keep_alive = val;
break;
case OSSL_CMP_OPT_MSG_TIMEOUT:
+ if (val < 0)
+ val = 0;
ctx->msg_timeout = val;
break;
case OSSL_CMP_OPT_TOTAL_TIMEOUT:
+ if (val < 0)
+ val = 0;
ctx->total_timeout = val;
break;
case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR:
return result;
}
-static int test_exec_GENM_ses(int transfer_error)
+static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
if (transfer_error)
OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL);
- fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans
- : OSSL_CMP_PKISTATUS_accepted;
+ /*
+ * cannot use OSSL_CMP_CTX_set_option(... OSSL_CMP_OPT_TOTAL_TIMEOUT)
+ * here because this will correct total_timeout to be >= 0
+ */
+ fixture->cmp_ctx->total_timeout = total_timeout;
+ fixture->expected = expect;
EXECUTE_TEST(execute_exec_GENM_ses_test, tear_down);
return result;
}
static int test_exec_GENM_ses_ok(void)
{
- return test_exec_GENM_ses(0);
+ return test_exec_GENM_ses(0, 0, OSSL_CMP_PKISTATUS_accepted);
+}
+
+static int test_exec_GENM_ses_transfer_error(void)
+{
+ return test_exec_GENM_ses(1, 0, OSSL_CMP_PKISTATUS_trans);
}
-static int test_exec_GENM_ses_error(void)
+static int test_exec_GENM_ses_total_timeout(void)
{
- return test_exec_GENM_ses(1);
+ return test_exec_GENM_ses(0, -1, OSSL_CMP_PKISTATUS_trans);
}
static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture)
ADD_TEST(test_try_certreq_poll);
ADD_TEST(test_try_certreq_poll_abort);
ADD_TEST(test_exec_GENM_ses_ok);
- ADD_TEST(test_exec_GENM_ses_error);
+ ADD_TEST(test_exec_GENM_ses_transfer_error);
+ ADD_TEST(test_exec_GENM_ses_total_timeout);
ADD_TEST(test_exchange_certConf);
ADD_TEST(test_exchange_error);
return 1;
projects / openssl.git / commitdiff