diff options
| author | tb <> | 2023-06-15 12:44:17 +0000 |
|---|---|---|
| committer | tb <> | 2023-06-15 12:44:17 +0000 |
| commit | 0f244620acaf6129647bce002762533e9e66dd94 (patch) | |
| tree | 0d37eba9713148ef91ed62f47c7ec5890dff1afd | |
| parent | 43590eae3539fd5d49e6658199538406364a5245 (diff) | |
| download | openbsd-0f244620acaf6129647bce002762533e9e66dd94.tar.gz openbsd-0f244620acaf6129647bce002762533e9e66dd94.tar.bz2 openbsd-0f244620acaf6129647bce002762533e9e66dd94.zip | |
Fix a logic error in ASN1_item_sign_ctx()
If the item_sign() ASN.1 method returns 1, it supposedly handles everything
and the goto err prior to r1.5 was actually a success path. Go figure.
This is fortunately inconsequential since there are only two item_sign()
methods, one for RSA and one for Ed25519, neither of which can return 1.
They only return 0, 2, and 3.
Pointed out by and ok jsing
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_item.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_item.c b/src/lib/libcrypto/asn1/asn1_item.c index 1bdb743a95..d87a27b535 100644 --- a/src/lib/libcrypto/asn1/asn1_item.c +++ b/src/lib/libcrypto/asn1/asn1_item.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn1_item.c,v 1.7 2023/06/13 23:31:53 tb Exp $ */ | 1 | /* $OpenBSD: asn1_item.c,v 1.8 2023/06/15 12:44:17 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -251,18 +251,20 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 251 | if (pkey->ameth->item_sign) { | 251 | if (pkey->ameth->item_sign) { |
| 252 | rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, | 252 | rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, |
| 253 | signature); | 253 | signature); |
| 254 | if (rv == 1) | 254 | if (rv == 1) { |
| 255 | out_len = signature->length; | 255 | buf_out_len = signature->length; |
| 256 | goto done; | ||
| 257 | } | ||
| 256 | /* Return value meanings: | 258 | /* Return value meanings: |
| 257 | * <=0: error. | 259 | * <=0: error. |
| 258 | * 1: method does everything. | 260 | * 1: method does everything. |
| 259 | * 2: carry on as normal. | 261 | * 2: carry on as normal. |
| 260 | * 3: ASN1 method sets algorithm identifiers: just sign. | 262 | * 3: ASN1 method sets algorithm identifiers: just sign. |
| 261 | */ | 263 | */ |
| 262 | if (rv <= 0) | 264 | if (rv <= 0) { |
| 263 | ASN1error(ERR_R_EVP_LIB); | 265 | ASN1error(ERR_R_EVP_LIB); |
| 264 | if (rv <= 1) | ||
| 265 | goto err; | 266 | goto err; |
| 267 | } | ||
| 266 | } | 268 | } |
| 267 | 269 | ||
| 268 | if (rv == 2) { | 270 | if (rv == 2) { |
| @@ -322,6 +324,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 322 | goto err; | 324 | goto err; |
| 323 | } | 325 | } |
| 324 | 326 | ||
| 327 | done: | ||
| 325 | ret = (int)buf_out_len; | 328 | ret = (int)buf_out_len; |
| 326 | err: | 329 | err: |
| 327 | EVP_MD_CTX_cleanup(ctx); | 330 | EVP_MD_CTX_cleanup(ctx); |