/*
- * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
#include <openssl/cmp.h>
#include <openssl/err.h>
+DEFINE_STACK_OF(OSSL_CRMF_MSG)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
+
/* the context for the generic CMP server */
struct ossl_cmp_srv_ctx_st
{
&certOut, &chainOut, &caPubs);
if (si == NULL)
goto err;
- /* set OSSL_CMP_OPT_IMPLICITCONFIRM if and only if transaction ends */
- if (!OSSL_CMP_CTX_set_option(srv_ctx->ctx, OSSL_CMP_OPT_IMPLICITCONFIRM,
+ /* set OSSL_CMP_OPT_IMPLICIT_CONFIRM if and only if transaction ends */
+ if (!OSSL_CMP_CTX_set_option(srv_ctx->ctx,
+ OSSL_CMP_OPT_IMPLICIT_CONFIRM,
ossl_cmp_hdr_has_implicitConfirm(hdr)
&& srv_ctx->grantImplicitConfirm
/* do not set if polling starts: */
if ((details = sk_OSSL_CMP_REVDETAILS_value(req->body->value.rr,
OSSL_CMP_REVREQSID)) == NULL) {
- CMPerr(0, CMP_R_ERROR_PROCESSING_MSG);
+ CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
return NULL;
}
ccc = req->body->value.certConf;
num = sk_OSSL_CMP_CERTSTATUS_num(ccc);
- if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICITCONFIRM) == 1) {
+ if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1) {
CMPerr(0, CMP_R_ERROR_UNEXPECTED_CERTCONF);
return NULL;
}
}
/*
- * Determines whether missing protection is allowed
+ * Determine whether missing/invalid protection of request message is allowed.
+ * Return 1 on acceptance, 0 on rejection, or -1 on (internal) error.
*/
static int unprotected_exception(const OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req,
int invalid_protection,
int accept_unprotected_requests)
{
+ if (!ossl_assert(ctx != NULL && req != NULL))
+ return -1;
+
if (accept_unprotected_requests) {
ossl_cmp_log1(WARN, ctx, "ignoring %s protection of request message",
invalid_protection ? "invalid" : "missing");
tid);
OPENSSL_free(tid);
}
- /* start of a new transaction, set transactionID and senderNonce */
- if (!OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID)
- || !ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce))
+ /* start of a new transaction, reset transactionID and senderNonce */
+ if (!OSSL_CMP_CTX_set1_transactionID(ctx, NULL)
+ || !OSSL_CMP_CTX_set1_senderNonce(ctx, NULL))
goto err;
break;
default:
/* transactionID should be already initialized */
if (ctx->transactionID == NULL) {
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
CMPerr(0, CMP_R_UNEXPECTED_PKIBODY);
/* ignore any (extra) error in next two function calls: */
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
(void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
goto err;
+#endif
}
}
default:
/* TODO possibly support further request message types */
CMPerr(0, CMP_R_UNEXPECTED_PKIBODY);
+ break;
}
err:
case OSSL_CMP_PKIBODY_CP:
case OSSL_CMP_PKIBODY_KUP:
case OSSL_CMP_PKIBODY_RP:
- if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICITCONFIRM) == 0)
+ if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 0)
break;
/* fall through */
case OSSL_CMP_PKIBODY_GENP:
case OSSL_CMP_PKIBODY_ERROR:
/* TODO possibly support further terminating response message types */
- (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL); /* ignore any error */
+ /* prepare for next transaction, ignoring any errors here: */
+ (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL);
+ (void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL);
default: /* not closing transaction in other cases */
break;
}
if ((srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(client_ctx)) == NULL) {
- CMPerr(0, CMP_R_ERROR_TRANSFERRING_OUT);
+ CMPerr(0, CMP_R_TRANSFER_ERROR);
return 0;
}