Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
- if (ctx->sendError) {
+ if (sk_OSSL_CMP_ITAV_num(in) > 1 || ctx->sendError) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
return NULL;
}
+#define OSSL_CMP_ITAVs_free(itavs) \
+ sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
+#define X509_EXTENSIONS_free(exts) \
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free)
+#define OSSL_CMP_PKIFREETEXT_free(text) \
+ sk_ASN1_UTF8STRING_pop_free(text, ASN1_UTF8STRING_free)
+
/* Prepare the OSSL_CMP_CTX for next use, partly re-initializing OSSL_CMP_CTX */
int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
{
ctx->status = OSSL_CMP_PKISTATUS_unspecified;
ctx->failInfoCode = -1;
+ OSSL_CMP_ITAVs_free(ctx->genm_ITAVs);
+ ctx->genm_ITAVs = NULL;
+
return ossl_cmp_ctx_set0_statusString(ctx, NULL)
&& ossl_cmp_ctx_set0_newCert(ctx, NULL)
&& ossl_cmp_ctx_set1_newChain(ctx, NULL)
&& ossl_cmp_ctx_set1_recipNonce(ctx, NULL);
}
-#define OSSL_CMP_ITAVs_free(itavs) \
- sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
-#define X509_EXTENSIONS_free(exts) \
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free)
-#define OSSL_CMP_PKIFREETEXT_free(text) \
- sk_ASN1_UTF8STRING_pop_free(text, ASN1_UTF8STRING_free)
-
/* Frees OSSL_CMP_CTX variables allocated in OSSL_CMP_CTX_new() */
void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
{
clearing the internal CMP transaction (aka session) status, PKIStatusInfo,
and any previous results (newCert, newChain, caPubs, and extraCertsIn)
from the last executed transaction.
+It also clears any ITAVs that were added by OSSL_CMP_CTX_push0_genm_ITAV().
All other field values (i.e., CMP options) are retained for potential re-use.
OSSL_CMP_CTX_get0_libctx() returns the I<libctx> argument that was used
else 0 on successful validation,
or else a bit field with the B<OSSL_CMP_PKIFAILUREINFO_incorrectData> bit set.
-All other functions return 1 on success, 0 on error.
+All other functions, including OSSL_CMP_CTX_reinit(),
+return 1 on success, 0 on error.
=head1 EXAMPLES
OSSL_CMP_CTX_reinit(cmp_ctx);
ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1);
- OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL);
+ OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL);
OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav);
STACK_OF(OSSL_CMP_ITAV) *itavs;
OSSL_CMP_exec_RR_ses(fixture->cmp_ctx) == 1);
}
-static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture)
+static int execute_exec_GENM_ses_test_single(CMP_SES_TEST_FIXTURE *fixture)
{
- STACK_OF(OSSL_CMP_ITAV) *itavs = NULL;
+ ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1);
+ OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL);
+ STACK_OF(OSSL_CMP_ITAV) *itavs;
+
+ OSSL_CMP_CTX_push0_genm_ITAV(fixture->cmp_ctx, itav);
if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx)))
return 0;
return 1;
}
+static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture)
+{
+ return execute_exec_GENM_ses_test_single(fixture)
+ && OSSL_CMP_CTX_reinit(fixture->cmp_ctx)
+ && execute_exec_GENM_ses_test_single(fixture);
+}
+
static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture)
{
X509 *res = OSSL_CMP_exec_certreq(fixture->cmp_ctx,