diff options
| author | tb <> | 2023-10-11 13:20:18 +0000 |
|---|---|---|
| committer | tb <> | 2023-10-11 13:20:18 +0000 |
| commit | cfcc87f837c8ab39b6f7678f8c6e4d028cd3c356 (patch) | |
| tree | dd1a1a2d70bf9140a91777b23c946788b096cdc8 /src/lib | |
| parent | ec5535eb0976699e795a3849807e66a7e64bf29d (diff) | |
| download | openbsd-cfcc87f837c8ab39b6f7678f8c6e4d028cd3c356.tar.gz openbsd-cfcc87f837c8ab39b6f7678f8c6e4d028cd3c356.tar.bz2 openbsd-cfcc87f837c8ab39b6f7678f8c6e4d028cd3c356.zip | |
Rewrite X509_ALGOR_set0()
The current implementation is a complete mess. There are three cases:
1) ptype == V_ASN1_UNDEF: parameter must be freed and set to NULL.
2) ptype == 0: existing non-NULL parameters are left untouched, NULL
parameters are replaced with ASN1_TYPE_new()'s wacky defaults.
3) otherwise allocate new parameters if needed and set them to ptype/pval.
In all three cases free the algorithm and set it to aobj.
The challenge now is to implement this using nine if statements and one
else clause... We can do better. This preserves existing behavior. There
would be cleaner implementations possible, but they would change behavior.
There are many callers in the ecosystem that do not error check
X509_ALGOR_set0() since OpenSSL failed to do so. So this was carefully
rewritten to leave alg in a consisten state so that unchecking callers
don't encounter corrupted algs.
ok jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/asn1/x_algor.c | 30 |
1 files changed, 13 insertions, 17 deletions
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c index 08742c5f1c..74d123535b 100644 --- a/src/lib/libcrypto/asn1/x_algor.c +++ b/src/lib/libcrypto/asn1/x_algor.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x_algor.c,v 1.29 2023/10/11 13:12:46 tb Exp $ */ | 1 | /* $OpenBSD: x_algor.c,v 1.30 2023/10/11 13:20:18 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -150,28 +150,24 @@ X509_ALGOR_dup(X509_ALGOR *x) | |||
| 150 | int | 150 | int |
| 151 | X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) | 151 | X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) |
| 152 | { | 152 | { |
| 153 | if (!alg) | 153 | if (alg == NULL) |
| 154 | return 0; | 154 | return 0; |
| 155 | if (ptype != V_ASN1_UNDEF) { | 155 | |
| 156 | if (ptype == V_ASN1_UNDEF) { | ||
| 157 | ASN1_TYPE_free(alg->parameter); | ||
| 158 | alg->parameter = NULL; | ||
| 159 | } else { | ||
| 156 | if (alg->parameter == NULL) | 160 | if (alg->parameter == NULL) |
| 157 | alg->parameter = ASN1_TYPE_new(); | 161 | alg->parameter = ASN1_TYPE_new(); |
| 158 | if (alg->parameter == NULL) | 162 | if (alg->parameter == NULL) |
| 159 | return 0; | 163 | return 0; |
| 164 | if (ptype != 0) | ||
| 165 | ASN1_TYPE_set(alg->parameter, ptype, pval); | ||
| 160 | } | 166 | } |
| 161 | if (alg) { | 167 | |
| 162 | if (alg->algorithm) | 168 | ASN1_OBJECT_free(alg->algorithm); |
| 163 | ASN1_OBJECT_free(alg->algorithm); | 169 | alg->algorithm = aobj; |
| 164 | alg->algorithm = aobj; | 170 | |
| 165 | } | ||
| 166 | if (ptype == 0) | ||
| 167 | return 1; | ||
| 168 | if (ptype == V_ASN1_UNDEF) { | ||
| 169 | if (alg->parameter) { | ||
| 170 | ASN1_TYPE_free(alg->parameter); | ||
| 171 | alg->parameter = NULL; | ||
| 172 | } | ||
| 173 | } else | ||
| 174 | ASN1_TYPE_set(alg->parameter, ptype, pval); | ||
| 175 | return 1; | 171 | return 1; |
| 176 | } | 172 | } |
| 177 | 173 | ||