Neuter the ASN1_STRING_TABLE modification API

This is complete nonsense that nothing's ever used except for a test by schwarze. It will be removed in the next major bump. What remains could be moved to a simple lookup table in security/xca... ok jsing
author: tb <> 2023-12-16 12:40:02 +0000
committer: tb <> 2023-12-16 12:40:02 +0000
commit: f4bbf94c75e0eb6961421e3a15395c0c9c5a701f (patch)
tree: cb39c80d82073b1f072925be64ed4b8afff1f0d2 /src
parent: 79b1a65c524da073f3e5ffa32c873ffc2fa9667c (diff)
download: openbsd-f4bbf94c75e0eb6961421e3a15395c0c9c5a701f.tar.gz
openbsd-f4bbf94c75e0eb6961421e3a15395c0c9c5a701f.tar.bz2
openbsd-f4bbf94c75e0eb6961421e3a15395c0c9c5a701f.zip
1 files changed, 16 insertions, 133 deletions
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index 2542119e76..0ba3c87545 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_strnid.c,v 1.27 2023/07/05 21:23:36 beck Exp $ */
+/* $OpenBSD: a_strnid.c,v 1.28 2023/12/16 12:40:02 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -65,20 +65,13 @@
 #include <openssl/err.h>
 #include <openssl/objects.h>
-static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
-static ASN1_STRING_TABLE *stable_get(int nid);
-static void st_free(ASN1_STRING_TABLE *tbl);
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
-    const ASN1_STRING_TABLE * const *b);
 /*
+ * XXX - unprotected global state
+ *
 * This is the global mask for the mbstring functions: this is used to
 * mask out certain types (such as BMPString and UTF8String) because
 * certain software (e.g. Netscape) has problems with them.
 */
 static unsigned long global_mask = B_ASN1_UTF8STRING;
 void
@@ -171,12 +164,7 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen,
 }
 LCRYPTO_ALIAS(ASN1_STRING_set_by_NID);
-/*
+/* From RFC 5280, Appendix A.1. */
- * Now the tables and helper functions for the string table:
- */
-/* size limits: this stuff is taken straight from RFC3280 */
 #define ub_name                         32768
 #define ub_common_name                  64
 #define ub_locality_name                128
@@ -187,9 +175,6 @@ LCRYPTO_ALIAS(ASN1_STRING_set_by_NID);
 #define ub_email_address                128
 #define ub_serial_number                64
-/* This table must be kept in NID order */
 static const ASN1_STRING_TABLE tbl_standard[] = {
        {
                .nid = NID_commonName,
@@ -326,138 +311,36 @@ static const ASN1_STRING_TABLE tbl_standard[] = {
        },
 };
-static int
+#define N_STRING_TABLE_ENTRIES (sizeof(tbl_standard) / sizeof(tbl_standard[0]))
-sk_table_cmp(const ASN1_STRING_TABLE * const *a,
-    const ASN1_STRING_TABLE * const *b)
-{
-        return (*a)->nid - (*b)->nid;
-}
-static int table_cmp_BSEARCH_CMP_FN(const void *, const void *);
-static int table_cmp(ASN1_STRING_TABLE const *, ASN1_STRING_TABLE const *);
-static ASN1_STRING_TABLE *OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num);
-static int
-table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
-{
-        return a->nid - b->nid;
-}
-static int
-table_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
-{
-        ASN1_STRING_TABLE const *a = a_;
-        ASN1_STRING_TABLE const *b = b_;
-        return table_cmp(a, b);
-}
-static ASN1_STRING_TABLE *
-OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num)
-{
-        return (ASN1_STRING_TABLE *)OBJ_bsearch_(key, base, num, sizeof(ASN1_STRING_TABLE),
-            table_cmp_BSEARCH_CMP_FN);
-}
+/* XXX - const */
 ASN1_STRING_TABLE *
 ASN1_STRING_TABLE_get(int nid)
 {
-        int idx;
+        size_t i;
-        ASN1_STRING_TABLE fnd;
-        fnd.nid = nid;
+        for (i = 0; i < N_STRING_TABLE_ENTRIES; i++) {
-        if (stable != NULL) {
+                const ASN1_STRING_TABLE *entry = &tbl_standard[i];
-                idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+                if (entry->nid == nid)
-                if (idx >= 0)
+                        return (ASN1_STRING_TABLE *)entry;
-                        return sk_ASN1_STRING_TABLE_value(stable, idx);
        }
-        return OBJ_bsearch_table(&fnd, tbl_standard,
-            sizeof(tbl_standard) / sizeof(tbl_standard[0]));
-}
-LCRYPTO_ALIAS(ASN1_STRING_TABLE_get);
-/*
- * Return a string table pointer which can be modified: either directly
- * from table or a copy of an internal value added to the table.
- */
-static ASN1_STRING_TABLE *
-stable_get(int nid)
-{
-        ASN1_STRING_TABLE *tmp, *rv;
-        /* Always need a string table so allocate one if NULL */
-        if (stable == NULL) {
-                stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
-                if (stable == NULL)
-                        return NULL;
-        }
-        tmp = ASN1_STRING_TABLE_get(nid);
-        if (tmp != NULL && (tmp->flags & STABLE_FLAGS_MALLOC) != 0)
-                return tmp;
-        if ((rv = calloc(1, sizeof(*rv))) == NULL) {
+        return NULL;
-                ASN1error(ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
-                free(rv);
-                return NULL;
-        }
-        if (tmp != NULL) {
-                rv->nid = tmp->nid;
-                rv->minsize = tmp->minsize;
-                rv->maxsize = tmp->maxsize;
-                rv->mask = tmp->mask;
-                rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
-        } else {
-                rv->nid = nid;
-                rv->minsize = -1;
-                rv->maxsize = -1;
-                rv->flags = STABLE_FLAGS_MALLOC;
-        }
-        return rv;
 }
+LCRYPTO_ALIAS(ASN1_STRING_TABLE_get);
 int
 ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask,
    unsigned long flags)
 {
-        ASN1_STRING_TABLE *tmp;
+        ASN1error(ERR_R_DISABLED);
+        return 0;
-        if ((tmp = stable_get(nid)) == NULL) {
-                ASN1error(ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        if (minsize >= 0)
-                tmp->minsize = minsize;
-        if (maxsize >= 0)
-                tmp->maxsize = maxsize;
-        if (mask != 0)
-                tmp->mask = mask;
-        if (flags != 0)
-                tmp->flags = flags | STABLE_FLAGS_MALLOC;
-        return 1;
 }
 LCRYPTO_ALIAS(ASN1_STRING_TABLE_add);
 void
 ASN1_STRING_TABLE_cleanup(void)
 {
-        STACK_OF(ASN1_STRING_TABLE) *tmp;
+        ASN1error(ERR_R_DISABLED);
-        tmp = stable;
-        if (tmp == NULL)
-                return;
-        stable = NULL;
-        sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
 }
 LCRYPTO_ALIAS(ASN1_STRING_TABLE_cleanup);
-static void
-st_free(ASN1_STRING_TABLE *tbl)
-{
-        if (tbl->flags & STABLE_FLAGS_MALLOC)
-                free(tbl);
-}
author	tb <>	2023-12-16 12:40:02 +0000
committer	tb <>	2023-12-16 12:40:02 +0000
commit	f4bbf94c75e0eb6961421e3a15395c0c9c5a701f (patch)
tree	cb39c80d82073b1f072925be64ed4b8afff1f0d2 /src
parent	79b1a65c524da073f3e5ffa32c873ffc2fa9667c (diff)
download	openbsd-f4bbf94c75e0eb6961421e3a15395c0c9c5a701f.tar.gz openbsd-f4bbf94c75e0eb6961421e3a15395c0c9c5a701f.tar.bz2 openbsd-f4bbf94c75e0eb6961421e3a15395c0c9c5a701f.zip

diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c index 2542119e76..0ba3c87545 100644 --- a/src/lib/libcrypto/asn1/a_strnid.c +++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_strnid.c,v 1.27 2023/07/05 21:23:36 beck Exp $ */	1	/* $OpenBSD: a_strnid.c,v 1.28 2023/12/16 12:40:02 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -65,20 +65,13 @@
65	#include <openssl/err.h>	65	#include <openssl/err.h>
66	#include <openssl/objects.h>	66	#include <openssl/objects.h>
67		67
68	static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
69
70	static ASN1_STRING_TABLE *stable_get(int nid);
71	static void st_free(ASN1_STRING_TABLE *tbl);
72	static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
73	const ASN1_STRING_TABLE * const *b);
74
75
76	/*	68	/*
		69	* XXX - unprotected global state
		70	*
77	* This is the global mask for the mbstring functions: this is used to	71	* This is the global mask for the mbstring functions: this is used to
78	* mask out certain types (such as BMPString and UTF8String) because	72	* mask out certain types (such as BMPString and UTF8String) because
79	* certain software (e.g. Netscape) has problems with them.	73	* certain software (e.g. Netscape) has problems with them.
80	*/	74	*/
81
82	static unsigned long global_mask = B_ASN1_UTF8STRING;	75	static unsigned long global_mask = B_ASN1_UTF8STRING;
83		76
84	void	77	void
@@ -171,12 +164,7 @@ ASN1_STRING_set_by_NID(ASN1_STRING *out, const unsigned char in, int inlen,
171	}	164	}
172	LCRYPTO_ALIAS(ASN1_STRING_set_by_NID);	165	LCRYPTO_ALIAS(ASN1_STRING_set_by_NID);
173		166
174	/*	167	/* From RFC 5280, Appendix A.1. */
175	* Now the tables and helper functions for the string table:
176	*/
177
178	/* size limits: this stuff is taken straight from RFC3280 */
179
180	#define ub_name 32768	168	#define ub_name 32768
181	#define ub_common_name 64	169	#define ub_common_name 64
182	#define ub_locality_name 128	170	#define ub_locality_name 128
@@ -187,9 +175,6 @@ LCRYPTO_ALIAS(ASN1_STRING_set_by_NID);
187	#define ub_email_address 128	175	#define ub_email_address 128
188	#define ub_serial_number 64	176	#define ub_serial_number 64
189		177
190
191	/* This table must be kept in NID order */
192
193	static const ASN1_STRING_TABLE tbl_standard[] = {	178	static const ASN1_STRING_TABLE tbl_standard[] = {
194	{	179	{
195	.nid = NID_commonName,	180	.nid = NID_commonName,
@@ -326,138 +311,36 @@ static const ASN1_STRING_TABLE tbl_standard[] = {
326	},	311	},
327	};	312	};
328		313
329	static int	314	#define N_STRING_TABLE_ENTRIES (sizeof(tbl_standard) / sizeof(tbl_standard[0]))
330	sk_table_cmp(const ASN1_STRING_TABLE * const *a,
331	const ASN1_STRING_TABLE * const *b)
332	{
333	return (a)->nid - (b)->nid;
334	}
335
336	static int table_cmp_BSEARCH_CMP_FN(const void , const void );
337	static int table_cmp(ASN1_STRING_TABLE const , ASN1_STRING_TABLE const );
338	static ASN1_STRING_TABLE OBJ_bsearch_table(ASN1_STRING_TABLE key, ASN1_STRING_TABLE const *base, int num);
339
340	static int
341	table_cmp(const ASN1_STRING_TABLE a, const ASN1_STRING_TABLE b)
342	{
343	return a->nid - b->nid;
344	}
345
346
347	static int
348	table_cmp_BSEARCH_CMP_FN(const void a_, const void b_)
349	{
350	ASN1_STRING_TABLE const *a = a_;
351	ASN1_STRING_TABLE const *b = b_;
352	return table_cmp(a, b);
353	}
354
355	static ASN1_STRING_TABLE *
356	OBJ_bsearch_table(ASN1_STRING_TABLE key, ASN1_STRING_TABLE const base, int num)
357	{
358	return (ASN1_STRING_TABLE *)OBJ_bsearch_(key, base, num, sizeof(ASN1_STRING_TABLE),
359	table_cmp_BSEARCH_CMP_FN);
360	}
361		315
		316	/* XXX - const */
362	ASN1_STRING_TABLE *	317	ASN1_STRING_TABLE *
363	ASN1_STRING_TABLE_get(int nid)	318	ASN1_STRING_TABLE_get(int nid)
364	{	319	{
365	int idx;	320	size_t i;
366	ASN1_STRING_TABLE fnd;
367		321
368	fnd.nid = nid;	322	for (i = 0; i < N_STRING_TABLE_ENTRIES; i++) {
369	if (stable != NULL) {	323	const ASN1_STRING_TABLE *entry = &tbl_standard[i];
370	idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);	324	if (entry->nid == nid)
371	if (idx >= 0)	325	return (ASN1_STRING_TABLE *)entry;
372	return sk_ASN1_STRING_TABLE_value(stable, idx);
373	}	326	}
374	return OBJ_bsearch_table(&fnd, tbl_standard,
375	sizeof(tbl_standard) / sizeof(tbl_standard[0]));
376	}
377	LCRYPTO_ALIAS(ASN1_STRING_TABLE_get);
378
379	/*
380	* Return a string table pointer which can be modified: either directly
381	* from table or a copy of an internal value added to the table.
382	*/
383
384	static ASN1_STRING_TABLE *
385	stable_get(int nid)
386	{
387	ASN1_STRING_TABLE tmp, rv;
388
389	/* Always need a string table so allocate one if NULL */
390	if (stable == NULL) {
391	stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
392	if (stable == NULL)
393	return NULL;
394	}
395	tmp = ASN1_STRING_TABLE_get(nid);
396	if (tmp != NULL && (tmp->flags & STABLE_FLAGS_MALLOC) != 0)
397	return tmp;
398		327
399	if ((rv = calloc(1, sizeof(*rv))) == NULL) {	328	return NULL;
400	ASN1error(ERR_R_MALLOC_FAILURE);
401	return NULL;
402	}
403	if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
404	free(rv);
405	return NULL;
406	}
407	if (tmp != NULL) {
408	rv->nid = tmp->nid;
409	rv->minsize = tmp->minsize;
410	rv->maxsize = tmp->maxsize;
411	rv->mask = tmp->mask;
412	rv->flags = tmp->flags \| STABLE_FLAGS_MALLOC;
413	} else {
414	rv->nid = nid;
415	rv->minsize = -1;
416	rv->maxsize = -1;
417	rv->flags = STABLE_FLAGS_MALLOC;
418	}
419	return rv;
420	}	329	}
		330	LCRYPTO_ALIAS(ASN1_STRING_TABLE_get);
421		331
422	int	332	int
423	ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask,	333	ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask,
424	unsigned long flags)	334	unsigned long flags)
425	{	335	{
426	ASN1_STRING_TABLE *tmp;	336	ASN1error(ERR_R_DISABLED);
427		337	return 0;
428	if ((tmp = stable_get(nid)) == NULL) {
429	ASN1error(ERR_R_MALLOC_FAILURE);
430	return 0;
431	}
432	if (minsize >= 0)
433	tmp->minsize = minsize;
434	if (maxsize >= 0)
435	tmp->maxsize = maxsize;
436	if (mask != 0)
437	tmp->mask = mask;
438	if (flags != 0)
439	tmp->flags = flags \| STABLE_FLAGS_MALLOC;
440
441	return 1;
442	}	338	}
443	LCRYPTO_ALIAS(ASN1_STRING_TABLE_add);	339	LCRYPTO_ALIAS(ASN1_STRING_TABLE_add);
444		340
445	void	341	void
446	ASN1_STRING_TABLE_cleanup(void)	342	ASN1_STRING_TABLE_cleanup(void)
447	{	343	{
448	STACK_OF(ASN1_STRING_TABLE) *tmp;	344	ASN1error(ERR_R_DISABLED);
449
450	tmp = stable;
451	if (tmp == NULL)
452	return;
453	stable = NULL;
454	sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
455	}	345	}
456	LCRYPTO_ALIAS(ASN1_STRING_TABLE_cleanup);	346	LCRYPTO_ALIAS(ASN1_STRING_TABLE_cleanup);
457
458	static void
459	st_free(ASN1_STRING_TABLE *tbl)
460	{
461	if (tbl->flags & STABLE_FLAGS_MALLOC)
462	free(tbl);
463	}