mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 21:13:38 +08:00
CMP: fix handling of unset or missing failInfo PKI status information
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19205)
This commit is contained in:
parent
19ddcc4cbb
commit
cba0e2afd6
@ -97,13 +97,7 @@ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si)
|
||||
if (ctx->status < OSSL_CMP_PKISTATUS_accepted)
|
||||
return 0;
|
||||
|
||||
ctx->failInfoCode = 0;
|
||||
if (si->failInfo != NULL) {
|
||||
for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) {
|
||||
if (ASN1_BIT_STRING_get_bit(si->failInfo, i))
|
||||
ctx->failInfoCode |= (1 << i);
|
||||
}
|
||||
}
|
||||
ctx->failInfoCode = ossl_cmp_pkisi_get_pkifailureinfo(si);
|
||||
|
||||
if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null())
|
||||
|| (ctx->statusString == NULL))
|
||||
|
@ -73,6 +73,7 @@ int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si)
|
||||
|
||||
if (!ossl_assert(si != NULL))
|
||||
return -1;
|
||||
if (si->failInfo != NULL)
|
||||
for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++)
|
||||
if (ASN1_BIT_STRING_get_bit(si->failInfo, i))
|
||||
res |= 1 << i;
|
||||
@ -193,7 +194,7 @@ char *snprint_PKIStatusInfo_parts(int status, int fail_info,
|
||||
* failInfo is optional and may be empty;
|
||||
* if present, print failInfo before statusString because it is more concise
|
||||
*/
|
||||
if (fail_info != 0) {
|
||||
if (fail_info != -1 && fail_info != 0) {
|
||||
printed_chars = BIO_snprintf(write_ptr, bufsize, "; PKIFailureInfo: ");
|
||||
ADVANCE_BUFFER;
|
||||
for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) {
|
||||
|
@ -660,7 +660,8 @@ OSSL_CMP_CTX_get0_statusString() returns the statusString from the last received
|
||||
CertRepMessage or Revocation Response or error message, or NULL if unset.
|
||||
|
||||
OSSL_CMP_CTX_get_failInfoCode() returns the error code from the failInfo field
|
||||
of the last received CertRepMessage or Revocation Response or error message.
|
||||
of the last received CertRepMessage or Revocation Response or error message,
|
||||
or -1 if no such response was received or OSSL_CMP_CTX_reinit() has been called.
|
||||
This is a bit field and the flags for it are specified in the header file
|
||||
F<< <openssl/cmp.h> >>.
|
||||
The flags start with OSSL_CMP_CTX_FAILINFO, for example:
|
||||
|
Loading…
Reference in New Issue
Block a user