Remove preservation and use of cached DER/BER encodings in the d2i/i2d paths

A long time ago a workflow was envisioned for X509, X509_CRL, and X509_REQ structures in which only fields modified after deserialization would need to be re-encoded upon serialization. Unfortunately, over the years, authors would sometimes forget to add code in setter functions to trigger invalidation of previously cached DER encodings. The presence of stale versions of structures can lead to very hard-to-debug issues and cause immense sorrow. Fully removing the concept of caching DER encodings ensures stale versions of structures can never rear their ugly heads again. OK tb@ jsing@
author: job <> 2023-04-28 17:59:53 +0000
committer: job <> 2023-04-28 17:59:53 +0000
commit: 24aa308331dbfa98b78086598d448798f4dc2ab7 (patch)
tree: 622fd7644d641978f518ce745f3569afb0dc3cb2
parent: 34e3c561c803320bc7ec429ea359bc540095d11c (diff)
download: openbsd-24aa308331dbfa98b78086598d448798f4dc2ab7.tar.gz
openbsd-24aa308331dbfa98b78086598d448798f4dc2ab7.tar.bz2
openbsd-24aa308331dbfa98b78086598d448798f4dc2ab7.zip
2 files changed, 4 insertions, 17 deletions
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 0c2357c2bb..ac59cc7e21 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.84 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.85 2023/04/28 17:59:53 job Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -736,7 +736,7 @@ static int
 asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
    int tag_number, int tag_class, int optional, int depth)
 {
-        CBS cbs_seq, cbs_seq_content, cbs_object;
+        CBS cbs_seq, cbs_seq_content;
        int constructed, indefinite, optional_field;
        const ASN1_TEMPLATE *errat = NULL;
        const ASN1_TEMPLATE *seqat, *at;
@@ -878,14 +878,9 @@ asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
                ASN1_template_free(pseqval, seqat);
        }
-        if (!CBS_get_bytes(cbs, &cbs_object, CBS_offset(&cbs_seq)))
+        if (!CBS_skip(cbs, CBS_offset(&cbs_seq)))
                goto err;
-        if (!asn1_enc_save(&aseq, &cbs_object, it)) {
-                ASN1error(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
        if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &aseq, it, NULL)) {
                ASN1error(ASN1_R_AUX_ERROR);
                goto err;
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index 6e0524c39f..430e8e1e8e 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_enc.c,v 1.29 2023/03/06 12:00:27 tb Exp $ */
+/* $OpenBSD: tasn_enc.c,v 1.30 2023/04/28 17:59:53 job Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -210,14 +210,6 @@ ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
                /* fall through */
        case ASN1_ITYPE_SEQUENCE:
-                i = asn1_enc_restore(&seqcontlen, out, pval, it);
-                /* An error occurred */
-                if (i < 0)
-                        return 0;
-                /* We have a valid cached encoding... */
-                if (i > 0)
-                        return seqcontlen;
-                /* Otherwise carry on */
                seqcontlen = 0;
                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
                if (tag == -1) {
author	job <>	2023-04-28 17:59:53 +0000
committer	job <>	2023-04-28 17:59:53 +0000
commit	24aa308331dbfa98b78086598d448798f4dc2ab7 (patch)
tree	622fd7644d641978f518ce745f3569afb0dc3cb2
parent	34e3c561c803320bc7ec429ea359bc540095d11c (diff)
download	openbsd-24aa308331dbfa98b78086598d448798f4dc2ab7.tar.gz openbsd-24aa308331dbfa98b78086598d448798f4dc2ab7.tar.bz2 openbsd-24aa308331dbfa98b78086598d448798f4dc2ab7.zip