diff options
| author | job <> | 2023-04-25 10:18:39 +0000 |
|---|---|---|
| committer | job <> | 2023-04-25 10:18:39 +0000 |
| commit | 5b3831598d086f199b8e94176aa11f69bb53d1c3 (patch) | |
| tree | a445ea785167ae55b14b10639b10b1ebbb6348a0 | |
| parent | 9f5c114f2613c79b3a6f5e64b9c599927e5d059b (diff) | |
| download | openbsd-5b3831598d086f199b8e94176aa11f69bb53d1c3.tar.gz openbsd-5b3831598d086f199b8e94176aa11f69bb53d1c3.tar.bz2 openbsd-5b3831598d086f199b8e94176aa11f69bb53d1c3.zip | |
Invalidate the DER cache earlier on in X509 setter functions
Note that it is important to invalidate the cache before returning,
as the return might bubble up an error.
OK tb@ jsing@
| -rw-r--r-- | src/lib/libcrypto/x509/x509_set.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c index 19e0f2b55f..cd12c9ec2f 100644 --- a/src/lib/libcrypto/x509/x509_set.c +++ b/src/lib/libcrypto/x509/x509_set.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_set.c,v 1.24 2023/02/23 18:12:32 job Exp $ */ | 1 | /* $OpenBSD: x509_set.c,v 1.25 2023/04/25 10:18:39 job Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -88,6 +88,7 @@ X509_set_version(X509 *x, long version) | |||
| 88 | if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL) | 88 | if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL) |
| 89 | return (0); | 89 | return (0); |
| 90 | } | 90 | } |
| 91 | x->cert_info->enc.modified = 1; | ||
| 91 | return (ASN1_INTEGER_set(x->cert_info->version, version)); | 92 | return (ASN1_INTEGER_set(x->cert_info->version, version)); |
| 92 | } | 93 | } |
| 93 | LCRYPTO_ALIAS(X509_set_version); | 94 | LCRYPTO_ALIAS(X509_set_version); |
| @@ -110,6 +111,7 @@ X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) | |||
| 110 | if (in != serial) { | 111 | if (in != serial) { |
| 111 | in = ASN1_INTEGER_dup(serial); | 112 | in = ASN1_INTEGER_dup(serial); |
| 112 | if (in != NULL) { | 113 | if (in != NULL) { |
| 114 | x->cert_info->enc.modified = 1; | ||
| 113 | ASN1_INTEGER_free(x->cert_info->serialNumber); | 115 | ASN1_INTEGER_free(x->cert_info->serialNumber); |
| 114 | x->cert_info->serialNumber = in; | 116 | x->cert_info->serialNumber = in; |
| 115 | } | 117 | } |
| @@ -123,6 +125,7 @@ X509_set_issuer_name(X509 *x, X509_NAME *name) | |||
| 123 | { | 125 | { |
| 124 | if ((x == NULL) || (x->cert_info == NULL)) | 126 | if ((x == NULL) || (x->cert_info == NULL)) |
| 125 | return (0); | 127 | return (0); |
| 128 | x->cert_info->enc.modified = 1; | ||
| 126 | return (X509_NAME_set(&x->cert_info->issuer, name)); | 129 | return (X509_NAME_set(&x->cert_info->issuer, name)); |
| 127 | } | 130 | } |
| 128 | LCRYPTO_ALIAS(X509_set_issuer_name); | 131 | LCRYPTO_ALIAS(X509_set_issuer_name); |
| @@ -132,6 +135,7 @@ X509_set_subject_name(X509 *x, X509_NAME *name) | |||
| 132 | { | 135 | { |
| 133 | if (x == NULL || x->cert_info == NULL) | 136 | if (x == NULL || x->cert_info == NULL) |
| 134 | return (0); | 137 | return (0); |
| 138 | x->cert_info->enc.modified = 1; | ||
| 135 | return (X509_NAME_set(&x->cert_info->subject, name)); | 139 | return (X509_NAME_set(&x->cert_info->subject, name)); |
| 136 | } | 140 | } |
| 137 | LCRYPTO_ALIAS(X509_set_subject_name); | 141 | LCRYPTO_ALIAS(X509_set_subject_name); |
| @@ -163,6 +167,7 @@ X509_set_notBefore(X509 *x, const ASN1_TIME *tm) | |||
| 163 | if (in != tm) { | 167 | if (in != tm) { |
| 164 | in = ASN1_STRING_dup(tm); | 168 | in = ASN1_STRING_dup(tm); |
| 165 | if (in != NULL) { | 169 | if (in != NULL) { |
| 170 | x->cert_info->enc.modified = 1; | ||
| 166 | ASN1_TIME_free(x->cert_info->validity->notBefore); | 171 | ASN1_TIME_free(x->cert_info->validity->notBefore); |
| 167 | x->cert_info->validity->notBefore = in; | 172 | x->cert_info->validity->notBefore = in; |
| 168 | } | 173 | } |
| @@ -205,6 +210,7 @@ X509_set_notAfter(X509 *x, const ASN1_TIME *tm) | |||
| 205 | if (in != tm) { | 210 | if (in != tm) { |
| 206 | in = ASN1_STRING_dup(tm); | 211 | in = ASN1_STRING_dup(tm); |
| 207 | if (in != NULL) { | 212 | if (in != NULL) { |
| 213 | x->cert_info->enc.modified = 1; | ||
| 208 | ASN1_TIME_free(x->cert_info->validity->notAfter); | 214 | ASN1_TIME_free(x->cert_info->validity->notAfter); |
| 209 | x->cert_info->validity->notAfter = in; | 215 | x->cert_info->validity->notAfter = in; |
| 210 | } | 216 | } |
| @@ -225,6 +231,7 @@ X509_set_pubkey(X509 *x, EVP_PKEY *pkey) | |||
| 225 | { | 231 | { |
| 226 | if ((x == NULL) || (x->cert_info == NULL)) | 232 | if ((x == NULL) || (x->cert_info == NULL)) |
| 227 | return (0); | 233 | return (0); |
| 234 | x->cert_info->enc.modified = 1; | ||
| 228 | return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); | 235 | return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); |
| 229 | } | 236 | } |
| 230 | LCRYPTO_ALIAS(X509_set_pubkey); | 237 | LCRYPTO_ALIAS(X509_set_pubkey); |