[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Thu Apr 13 08:27:10 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 3b8422755f268e57da7f3184e9eb965a3d60ee25 (commit)
via b0a05a39bddee66b39928124dff806e2a80d4752 (commit)
via adc0e6f349d44168ef9250c651273651b455c513 (commit)
from e7bed7632c33211d5b7b03ace412bf4ffa3b98aa (commit)
- Log -----------------------------------------------------------------
commit 3b8422755f268e57da7f3184e9eb965a3d60ee25
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 12 11:52:52 2017 +0200
ASN.1: adapt SSL_SESSION_ASN1 by explicitely embedding INTxx et al
Fixes #3191
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3200)
commit b0a05a39bddee66b39928124dff806e2a80d4752
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 12 11:50:48 2017 +0200
ASN.1: change INTxx, UINTxx and Z variants to be embedable
Fixes #3191
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3200)
commit adc0e6f349d44168ef9250c651273651b455c513
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 12 11:48:12 2017 +0200
ASN.1: extend the possibilities to embed data instead of pointers
Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free(). Call prim_clear() instead.
Fixes #3191
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3200)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/tasn_fre.c | 7 ++++++-
crypto/asn1/tasn_new.c | 8 +++++++-
crypto/asn1/x_int64.c | 52 ++++++++++++++++++++++++++++++++++++-------------
include/openssl/asn1t.h | 5 +++++
ssl/ssl_asn1.c | 14 ++++++-------
5 files changed, 63 insertions(+), 23 deletions(-)
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index 3c98efb..ae91461 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -155,7 +155,12 @@ void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
if (it) {
const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
- if (pf && pf->prim_free) {
+ if (embed) {
+ if (pf && pf->prim_clear) {
+ pf->prim_clear(pval, it);
+ return;
+ }
+ } else if (pf && pf->prim_free) {
pf->prim_free(pval, it);
return;
}
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index e9b8377..f695e38 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -266,8 +266,14 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
if (it->funcs) {
const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
- if (pf->prim_new)
+ if (embed) {
+ if (pf->prim_clear) {
+ pf->prim_clear(pval, it);
+ return 1;
+ }
+ } else if (pf->prim_new) {
return pf->prim_new(pval, it);
+ }
}
if (it->itype == ASN1_ITYPE_MSTRING)
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
index eb3bf8f..4433167 100644
--- a/crypto/asn1/x_int64.c
+++ b/crypto/asn1/x_int64.c
@@ -28,13 +28,21 @@
static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
- *(uint64_t *)pval = 0;
+ *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t));
+ if (*pval == NULL)
+ return 0;
return 1;
}
static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
- *(uint64_t *)pval = 0;
+ OPENSSL_free(*pval);
+ *pval = NULL;
+}
+
+static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ **(uint64_t **)pval = 0;
}
static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
@@ -43,7 +51,7 @@ static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
uint64_t utmp;
int neg = 0;
/* this exists to bypass broken gcc optimization */
- char *cp = (char *)pval;
+ char *cp = (char *)*pval;
/* use memcpy, because we may not be uint64_t aligned */
memcpy(&utmp, cp, sizeof(utmp));
@@ -65,9 +73,13 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it)
{
uint64_t utmp = 0;
- char *cp = (char *)pval;
+ char *cp;
int neg = 0;
+ if (*pval == NULL && !uint64_new(pval, it))
+ return 0;
+
+ cp = (char *)*pval;
if (!c2i_uint64_int(&utmp, &neg, &cont, len))
return 0;
if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
@@ -90,21 +102,29 @@ static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
int indent, const ASN1_PCTX *pctx)
{
if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
- return BIO_printf(out, "%"BIO_PRI64"d\n", *(int64_t *)pval);
- return BIO_printf(out, "%"BIO_PRI64"u\n", *(uint64_t *)pval);
+ return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval);
+ return BIO_printf(out, "%"BIO_PRI64"u\n", **(uint64_t **)pval);
}
/* 32-bit variants */
static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
- *(uint32_t *)pval = 0;
+ *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t));
+ if (*pval == NULL)
+ return 0;
return 1;
}
static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
- *(uint32_t *)pval = 0;
+ OPENSSL_free(*pval);
+ *pval = NULL;
+}
+
+static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ **(uint32_t **)pval = 0;
}
static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
@@ -113,7 +133,7 @@ static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
uint32_t utmp;
int neg = 0;
/* this exists to bypass broken gcc optimization */
- char *cp = (char *)pval;
+ char *cp = (char *)*pval;
/* use memcpy, because we may not be uint32_t aligned */
memcpy(&utmp, cp, sizeof(utmp));
@@ -143,9 +163,13 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
{
uint64_t utmp = 0;
uint32_t utmp2 = 0;
- char *cp = (char *)pval;
+ char *cp;
int neg = 0;
+ if (*pval == NULL && !uint64_new(pval, it))
+ return 0;
+
+ cp = (char *)*pval;
if (!c2i_uint64_int(&utmp, &neg, &cont, len))
return 0;
if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
@@ -174,8 +198,8 @@ static int uint32_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
int indent, const ASN1_PCTX *pctx)
{
if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
- return BIO_printf(out, "%d\n", *(int32_t *)pval);
- return BIO_printf(out, "%u\n", *(uint32_t *)pval);
+ return BIO_printf(out, "%d\n", **(int32_t **)pval);
+ return BIO_printf(out, "%u\n", **(uint32_t **)pval);
}
@@ -185,7 +209,7 @@ static ASN1_PRIMITIVE_FUNCS uint32_pf = {
NULL, 0,
uint32_new,
uint32_free,
- uint32_free, /* Clear should set to initial value */
+ uint32_clear,
uint32_c2i,
uint32_i2c,
uint32_print
@@ -195,7 +219,7 @@ static ASN1_PRIMITIVE_FUNCS uint64_pf = {
NULL, 0,
uint64_new,
uint64_free,
- uint64_free, /* Clear should set to initial value */
+ uint64_clear,
uint64_c2i,
uint64_i2c,
uint64_print
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 8eedfb3..a524829 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -346,17 +346,22 @@ extern "C" {
/* OPTIONAL simple type */
# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type)
/* IMPLICIT tagged simple type */
# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
/* IMPLICIT tagged OPTIONAL simple type */
# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
/* Same as above but EXPLICIT */
# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
/* SEQUENCE OF type */
# define ASN1_SEQUENCE_OF(stname, field, type) \
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 39fe4e1..3e9c1c4 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -67,29 +67,29 @@ typedef struct {
} SSL_SESSION_ASN1;
ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
- ASN1_SIMPLE(SSL_SESSION_ASN1, version, UINT32),
- ASN1_SIMPLE(SSL_SESSION_ASN1, ssl_version, INT32),
+ ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
+ ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZINT64, 1),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZINT64, 2),
+ ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
+ ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
+ ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
#ifndef OPENSSL_NO_PSK
ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
#endif
- ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
+ ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
#ifndef OPENSSL_NO_SRP
ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
#endif
- ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZUINT64, 13)
+ ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13)
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
More information about the openssl-commits
mailing list