sizeof(buf)) != NULL)
ERR_add_error_data(1, buf);
if (emc->errorCode != NULL
- && BIO_snprintf(buf, sizeof(buf), "; errorCode: %ld",
+ && BIO_snprintf(buf, sizeof(buf), "; errorCode: %08lX",
ASN1_INTEGER_get(emc->errorCode)) > 0)
ERR_add_error_data(1, buf);
if (emc->errorDetails != NULL) {
char *text = ossl_sk_ASN1_UTF8STRING2text(emc->errorDetails, ", ",
OSSL_CMP_PKISI_BUFLEN - 1);
- if (text != NULL)
+ if (text != NULL && *text != '\0')
ERR_add_error_data(2, "; errorDetails: ", text);
OPENSSL_free(text);
}
OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx,
const STACK_OF(OSSL_CMP_ITAV) *itavs);
OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
- int errorCode, const char *details,
+ int64_t errorCode, const char *details,
int unprotected);
int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
ASN1_OCTET_STRING *hash);
}
OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
- int errorCode, const char *details,
+ int64_t errorCode, const char *details,
int unprotected)
{
OSSL_CMP_MSG *msg = NULL;
+ const char *lib = NULL, *reason = NULL;
OSSL_CMP_PKIFREETEXT *ft;
if (!ossl_assert(ctx != NULL && si != NULL))
if ((msg->body->value.error->pKIStatusInfo = OSSL_CMP_PKISI_dup(si))
== NULL)
goto err;
- if (errorCode >= 0) {
- if ((msg->body->value.error->errorCode = ASN1_INTEGER_new()) == NULL)
- goto err;
- if (!ASN1_INTEGER_set(msg->body->value.error->errorCode, errorCode))
- goto err;
+ if ((msg->body->value.error->errorCode = ASN1_INTEGER_new()) == NULL)
+ goto err;
+ if (!ASN1_INTEGER_set_int64(msg->body->value.error->errorCode, errorCode))
+ goto err;
+ if (errorCode > 0 && errorCode < (ERR_SYSTEM_FLAG << 1)) {
+ lib = ERR_lib_error_string((unsigned long)errorCode);
+ reason = ERR_reason_error_string((unsigned long)errorCode);
}
- if (details != NULL) {
+ if (lib != NULL || reason != NULL || details != NULL) {
if ((ft = sk_ASN1_UTF8STRING_new_null()) == NULL)
goto err;
msg->body->value.error->errorDetails = ft;
- if (!ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details))
+ if (lib != NULL && *lib != '\0'
+ && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib))
+ goto err;
+ if (reason != NULL && *reason != '\0'
+ && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason))
+ goto err;
+ if (details != NULL
+ && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details))
goto err;
}
err:
if (rsp == NULL) {
/* on error, try to respond with CMP error message to client */
- const char *data = NULL;
+ const char *data = NULL, *reason = NULL;
int flags = 0;
unsigned long err = ERR_peek_error_data(&data, &flags);
int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest;
(void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
}
+ if ((flags & ERR_TXT_STRING) == 0 || *data == '\0')
+ data = NULL;
+ reason = ERR_reason_error_string(err);
if ((si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection,
- fail_info, data)) != NULL) {
- if (err != 0 && (flags & ERR_TXT_STRING) != 0)
- data = ERR_reason_error_string(err);
- rsp = ossl_cmp_error_new(srv_ctx->ctx, si,
- err != 0 ? ERR_GET_REASON(err) : -1,
+ fail_info, reason)) != NULL) {
+ rsp = ossl_cmp_error_new(srv_ctx->ctx, si, err,
data, srv_ctx->sendUnprotectedErrors);
OSSL_CMP_PKISI_free(si);
}
OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx);
OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx);
OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
- int errorCode, const char *details,
+ int64_t errorCode, const char *details,
int unprotected);
=head1 DESCRIPTION
ossl_cmp_genp_new() creates a new General Response with an empty ITAV stack.
ossl_cmp_error_new() creates a new Error Message with the given contents
-with the given I<si>, I<errorCode> (if nonnegative), and optional I<details>.
-It does not protect the message if I<unprotectedErrors> is nonzero.
+I<si>, I<errorCode>, and optional I<details>.
+If I<errorCode> is positive and in the range of an OpenSSL error code,
+the library and reason strings are included in the B<errorDetails> field.
+If given, the I<details> are added to the contents of the B<errorDetails> field.
+The function does not protect the message if I<unprotectedErrors> is nonzero.
=head1 NOTES
OSSL_CMP_PKIBODY_ERROR)
|| !TEST_ptr(errorContent = rsp->body->value.error)
|| !TEST_int_eq(ASN1_INTEGER_get(errorContent->errorCode),
- dummy_errorCode))
+ ERR_PACK(ERR_LIB_CMP, 0, dummy_errorCode)))
goto end;
res = 1;
projects / thirdparty / openssl.git / commitdiff
