1 /* 2 * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 #include <string.h> 13 #include <stdio.h> 14 15 #include <openssl/asn1t.h> 16 #include <openssl/http.h> 17 #include "internal/sockets.h" 18 19 #include <openssl/cmp.h> 20 #include "cmp_local.h" 21 22 /* explicit #includes not strictly needed since implied by the above: */ 23 #include <ctype.h> 24 #include <fcntl.h> 25 #include <stdlib.h> 26 #include <openssl/bio.h> 27 #include <openssl/buffer.h> 28 #include <openssl/cmp.h> 29 #include <openssl/err.h> 30 31 static int keep_alive(int keep_alive, int body_type) 32 { 33 if (keep_alive != 0 34 /* 35 * Ask for persistent connection only if may need more round trips. 36 * Do so even with disableConfirm because polling might be needed. 37 */ 38 && body_type != OSSL_CMP_PKIBODY_IR 39 && body_type != OSSL_CMP_PKIBODY_CR 40 && body_type != OSSL_CMP_PKIBODY_P10CR 41 && body_type != OSSL_CMP_PKIBODY_KUR 42 && body_type != OSSL_CMP_PKIBODY_POLLREQ) 43 keep_alive = 0; 44 return keep_alive; 45 } 46 47 /* 48 * Send the PKIMessage req and on success return the response, else NULL. 49 * Any previous error queue entries will likely be removed by ERR_clear_error(). 50 */ 51 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, 52 const OSSL_CMP_MSG *req) 53 { 54 char server_port[32] = { '\0' }; 55 STACK_OF(CONF_VALUE) *headers = NULL; 56 const char content_type_pkix[] = "application/pkixcmp"; 57 int tls_used; 58 const ASN1_ITEM *it = ASN1_ITEM_rptr(OSSL_CMP_MSG); 59 BIO *req_mem, *rsp; 60 OSSL_CMP_MSG *res = NULL; 61 62 if (ctx == NULL || req == NULL) { 63 ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); 64 return NULL; 65 } 66 67 if (!X509V3_add_value("Pragma", "no-cache", &headers)) 68 return NULL; 69 if ((req_mem = ASN1_item_i2d_mem_bio(it, (const ASN1_VALUE *)req)) == NULL) 70 goto err; 71 72 if (ctx->serverPort != 0) 73 BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort); 74 tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL; 75 if (ctx->http_ctx == NULL) 76 ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s", 77 ctx->server, server_port, tls_used ? " using TLS" : ""); 78 79 rsp = OSSL_HTTP_transfer(&ctx->http_ctx, ctx->server, server_port, 80 ctx->serverPath, tls_used, 81 ctx->proxy, ctx->no_proxy, 82 NULL /* bio */, NULL /* rbio */, 83 ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), 84 0 /* buf_size */, headers, 85 content_type_pkix, req_mem, 86 content_type_pkix, 1 /* expect_asn1 */, 87 OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 88 ctx->msg_timeout, 89 keep_alive(ctx->keep_alive, req->body->type)); 90 BIO_free(req_mem); 91 res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL); 92 BIO_free(rsp); 93 94 if (ctx->http_ctx == NULL) 95 ossl_cmp_debug(ctx, "disconnected from CMP server"); 96 /* 97 * Note that on normal successful end of the transaction the connection 98 * is not closed at this level, but this will be done by the CMP client 99 * application via OSSL_CMP_CTX_free() or OSSL_CMP_CTX_reinit(). 100 */ 101 if (res != NULL) 102 ossl_cmp_debug(ctx, "finished reading response from CMP server"); 103 err: 104 sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); 105 return res; 106 } 107