diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-06-22 15:40:49 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-06-30 10:38:23 +0200 |
commit | 66be663b64e05fb5524edd051b85fb919f59e054 (patch) | |
tree | 5b115eea6eadbb1a61378bf2d2de8c27e79aff2a /apps | |
parent | 7df56adac7cf58b4ad3e8e34077ccd988263f408 (diff) | |
download | openssl-66be663b64e05fb5524edd051b85fb919f59e054.zip openssl-66be663b64e05fb5524edd051b85fb919f59e054.tar.gz openssl-66be663b64e05fb5524edd051b85fb919f59e054.tar.bz2 |
cmp_mock_srv.c: Add missing OldCertID check for 'kur' cert update requests
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/lib/cmp_mock_srv.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c index cf82000..1fb5adc 100644 --- a/apps/lib/cmp_mock_srv.c +++ b/apps/lib/cmp_mock_srv.c @@ -212,6 +212,29 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, /* give final response after polling */ ctx->curr_pollCount = 0; + if (OSSL_CMP_MSG_get_bodytype(cert_req) == OSSL_CMP_KUR + && crm != NULL && ctx->certOut != NULL) { + const OSSL_CRMF_CERTID *cid = OSSL_CRMF_MSG_get0_regCtrl_oldCertID(crm); + const X509_NAME *issuer = X509_get_issuer_name(ctx->certOut); + const ASN1_INTEGER *serial = X509_get0_serialNumber(ctx->certOut); + + if (cid == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID); + return NULL; + } + if (issuer != NULL + && X509_NAME_cmp(issuer, OSSL_CRMF_CERTID_get0_issuer(cid)) != 0) { + ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID); + return NULL; + } + if (serial != NULL + && ASN1_INTEGER_cmp(serial, + OSSL_CRMF_CERTID_get0_serialNumber(cid)) != 0) { + ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID); + return NULL; + } + } + if (ctx->certOut != NULL && (*certOut = X509_dup(ctx->certOut)) == NULL) goto err; |