diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-02-03 10:31:19 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-03-25 09:55:26 +0100 |
| commit | 4b0c27d44514abb4ad2bb1153db96f106910fc04 (patch) | |
| tree | 8eebde2828f5da89f10ac8d728fae05e926da264 /apps | |
| parent | f1e144f277fd98a0fde73b884aae541fdc73d063 (diff) | |
| download | openssl-new-4b0c27d44514abb4ad2bb1153db96f106910fc04.tar.gz | |
CMP add: fix -reqin option, which requires adding OSSL_CMP_MSG_update_recipNonce()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/cmp.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 41d9e79606..8112e6d5b1 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -787,6 +787,13 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, if (opt_reqin_new_tid && !OSSL_CMP_MSG_update_transactionID(ctx, req_new)) goto err; + + /* + * Except for first request, need to satisfy recipNonce check by server. + * Unfortunately requires re-protection if protection is required. + */ + if (!OSSL_CMP_MSG_update_recipNonce(ctx, req_new)) + goto err; } if (opt_rspin != NULL) { @@ -802,7 +809,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, goto err; if (req_new != NULL || prev_opt_rspin != NULL) { - /* need to satisfy nonce and transactionID checks */ + /* need to satisfy nonce and transactionID checks by client */ ASN1_OCTET_STRING *nonce; ASN1_OCTET_STRING *tid; |