Disable EVP_PKEY_meth_* extensibility

This removes the global pkey_app_methods stack that was never cleaned up and makes EVP_PKEY_meth_add0() always fail and push an error on the stack. EVP_PKEY_meth_find() can now walk the list of PKEY_METHODs forward and things become a bit cleaner. It's still all way more complicated than it needs to be... ok jsing
author: tb <> 2024-01-04 20:15:01 +0000
committer: tb <> 2024-01-04 20:15:01 +0000
commit: 502f566fc93b8d6fe73e06627ab3d122dc4e004f (patch)
tree: b0383b73257f49398ca85b5c85a82410abd2b824 /src
parent: 9b0d7f74716797d98c976afcf9e6f70430df0931 (diff)
download: openbsd-502f566fc93b8d6fe73e06627ab3d122dc4e004f.tar.gz
openbsd-502f566fc93b8d6fe73e06627ab3d122dc4e004f.tar.bz2
openbsd-502f566fc93b8d6fe73e06627ab3d122dc4e004f.zip
1 files changed, 7 insertions, 46 deletions
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index cf27862488..604181d311 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.35 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.36 2024/01/04 20:15:01 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -71,9 +71,6 @@
 #include "asn1_local.h"
 #include "evp_local.h"
-DECLARE_STACK_OF(EVP_PKEY_METHOD)
-STACK_OF(EVP_PKEY_METHOD) *pkey_app_methods = NULL;
 extern const EVP_PKEY_METHOD cmac_pkey_meth;
 extern const EVP_PKEY_METHOD dh_pkey_meth;
 extern const EVP_PKEY_METHOD dsa_pkey_meth;
@@ -102,43 +99,15 @@ static const EVP_PKEY_METHOD *pkey_methods[] = {
        &x25519_pkey_meth,
 };
-static const size_t pkey_methods_count =
+#define N_PKEY_METHODS (sizeof(pkey_methods) / sizeof(pkey_methods[0]))
-    sizeof(pkey_methods) / sizeof(pkey_methods[0]);
-int
-evp_pkey_meth_get_count(void)
-{
-        int num = pkey_methods_count;
-        if (pkey_app_methods != NULL)
-                num += sk_EVP_PKEY_METHOD_num(pkey_app_methods);
-        return num;
-}
-const EVP_PKEY_METHOD *
-evp_pkey_meth_get0(int idx)
-{
-        int num = pkey_methods_count;
-        if (idx < 0)
-                return NULL;
-        if (idx < num)
-                return pkey_methods[idx];
-        idx -= num;
-        return sk_EVP_PKEY_METHOD_value(pkey_app_methods, idx);
-}
 const EVP_PKEY_METHOD *
 EVP_PKEY_meth_find(int type)
 {
-        const EVP_PKEY_METHOD *pmeth;
+        size_t i;
-        int i;
-        for (i = evp_pkey_meth_get_count() - 1; i >= 0; i--) {
+        for (i = 0; i < N_PKEY_METHODS; i++) {
-                pmeth = evp_pkey_meth_get0(i);
+                const EVP_PKEY_METHOD *pmeth = pkey_methods[i];
                if (pmeth->pkey_id == type)
                        return pmeth;
        }
@@ -275,16 +244,8 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
 int
 EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
 {
-        if (pkey_app_methods == NULL) {
+        EVPerror(ERR_R_DISABLED);
-                pkey_app_methods = sk_EVP_PKEY_METHOD_new(NULL);
+        return 0;
-                if (pkey_app_methods == NULL)
-                        return 0;
-        }
-        if (!sk_EVP_PKEY_METHOD_push(pkey_app_methods, pmeth))
-                return 0;
-        return 1;
 }
 void
author	tb <>	2024-01-04 20:15:01 +0000
committer	tb <>	2024-01-04 20:15:01 +0000
commit	502f566fc93b8d6fe73e06627ab3d122dc4e004f (patch)
tree	b0383b73257f49398ca85b5c85a82410abd2b824 /src
parent	9b0d7f74716797d98c976afcf9e6f70430df0931 (diff)
download	openbsd-502f566fc93b8d6fe73e06627ab3d122dc4e004f.tar.gz openbsd-502f566fc93b8d6fe73e06627ab3d122dc4e004f.tar.bz2 openbsd-502f566fc93b8d6fe73e06627ab3d122dc4e004f.zip

diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c index cf27862488..604181d311 100644 --- a/src/lib/libcrypto/evp/pmeth_lib.c +++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_lib.c,v 1.35 2023/11/29 21:35:57 tb Exp $ */	1	/* $OpenBSD: pmeth_lib.c,v 1.36 2024/01/04 20:15:01 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -71,9 +71,6 @@
71	#include "asn1_local.h"	71	#include "asn1_local.h"
72	#include "evp_local.h"	72	#include "evp_local.h"
73		73
74	DECLARE_STACK_OF(EVP_PKEY_METHOD)
75	STACK_OF(EVP_PKEY_METHOD) *pkey_app_methods = NULL;
76
77	extern const EVP_PKEY_METHOD cmac_pkey_meth;	74	extern const EVP_PKEY_METHOD cmac_pkey_meth;
78	extern const EVP_PKEY_METHOD dh_pkey_meth;	75	extern const EVP_PKEY_METHOD dh_pkey_meth;
79	extern const EVP_PKEY_METHOD dsa_pkey_meth;	76	extern const EVP_PKEY_METHOD dsa_pkey_meth;
@@ -102,43 +99,15 @@ static const EVP_PKEY_METHOD *pkey_methods[] = {
102	&x25519_pkey_meth,	99	&x25519_pkey_meth,
103	};	100	};
104		101
105	static const size_t pkey_methods_count =	102	#define N_PKEY_METHODS (sizeof(pkey_methods) / sizeof(pkey_methods[0]))
106	sizeof(pkey_methods) / sizeof(pkey_methods[0]);
107
108	int
109	evp_pkey_meth_get_count(void)
110	{
111	int num = pkey_methods_count;
112
113	if (pkey_app_methods != NULL)
114	num += sk_EVP_PKEY_METHOD_num(pkey_app_methods);
115
116	return num;
117	}
118
119	const EVP_PKEY_METHOD *
120	evp_pkey_meth_get0(int idx)
121	{
122	int num = pkey_methods_count;
123
124	if (idx < 0)
125	return NULL;
126	if (idx < num)
127	return pkey_methods[idx];
128
129	idx -= num;
130
131	return sk_EVP_PKEY_METHOD_value(pkey_app_methods, idx);
132	}
133		103
134	const EVP_PKEY_METHOD *	104	const EVP_PKEY_METHOD *
135	EVP_PKEY_meth_find(int type)	105	EVP_PKEY_meth_find(int type)
136	{	106	{
137	const EVP_PKEY_METHOD *pmeth;	107	size_t i;
138	int i;
139		108
140	for (i = evp_pkey_meth_get_count() - 1; i >= 0; i--) {	109	for (i = 0; i < N_PKEY_METHODS; i++) {
141	pmeth = evp_pkey_meth_get0(i);	110	const EVP_PKEY_METHOD *pmeth = pkey_methods[i];
142	if (pmeth->pkey_id == type)	111	if (pmeth->pkey_id == type)
143	return pmeth;	112	return pmeth;
144	}	113	}
@@ -275,16 +244,8 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
275	int	244	int
276	EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)	245	EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
277	{	246	{
278	if (pkey_app_methods == NULL) {	247	EVPerror(ERR_R_DISABLED);
279	pkey_app_methods = sk_EVP_PKEY_METHOD_new(NULL);	248	return 0;
280	if (pkey_app_methods == NULL)
281	return 0;
282	}
283
284	if (!sk_EVP_PKEY_METHOD_push(pkey_app_methods, pmeth))
285	return 0;
286
287	return 1;
288	}	249	}
289		250
290	void	251	void