diff options
author | tb <> | 2024-05-28 15:40:38 +0000 |
---|---|---|
committer | tb <> | 2024-05-28 15:40:38 +0000 |
commit | b9c59e2e09e7a6efaa76dde887001001d9f0d3c3 (patch) | |
tree | 58662c1e8cc9049aa5b0bb12bf13fe1494a5c9e5 /src/lib/libcrypto/rsa/rsa_asn1.c | |
parent | 66d8c839721cbc66fda480fd1a4b0da9d7df5f55 (diff) | |
download | openbsd-b9c59e2e09e7a6efaa76dde887001001d9f0d3c3.tar.gz openbsd-b9c59e2e09e7a6efaa76dde887001001d9f0d3c3.tar.bz2 openbsd-b9c59e2e09e7a6efaa76dde887001001d9f0d3c3.zip |
Clean up and fix X509V3_EXT_add1_i2d()
When looking at this code I noticed a few leaks. Fixing those leaks
was straightforward, but following the code was really hard.
This attempts to make the logic a bit clearer. In short, there are
6 mutually exclusive modes for this function (passed in the variable
aptly called flags). The default mode is to append the extension of
type nid and to error if such an extension already exists. Then there
are other modes with varying degree of madness.
The existing code didn't make X509V3_ADD_REPLACE explicit, which is
confusing. Operations 6-15 would all be treated like X509V3_ADD_REPLACE
due to the way the function was written. Handle the supported operations
via a switch and error for operations 6-15. This and the elimination
of leaks are the only changes of behavior, as validated by relatively
extensive test coverage.
ok jsing
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_asn1.c')
0 files changed, 0 insertions, 0 deletions