[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Wed May 18 14:39:01 UTC 2016


The branch master has been updated
       via  52832e470f5fe8c222249ae5b539aeb3c74cdb25 (commit)
      from  9e20068958b8c1772067299dda7df0b8a82283b4 (commit)


- Log -----------------------------------------------------------------
commit 52832e470f5fe8c222249ae5b539aeb3c74cdb25
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed May 18 14:32:16 2016 +0100

    OID code tidy up.
    
    Tidy up and simplify OBJ_dup() and OBJ_create().
    
    Sanity check added OIDs: don't allow duplicates.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/objects/obj_dat.c  | 46 ++++++++++++++++++++----------------
 crypto/objects/obj_err.c  |  1 +
 crypto/objects/obj_lib.c  | 59 +++++++++++++++++------------------------------
 include/openssl/objects.h |  1 +
 4 files changed, 49 insertions(+), 58 deletions(-)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 9b8e93b..820c275 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -679,30 +679,36 @@ int OBJ_create_objects(BIO *in)
 
 int OBJ_create(const char *oid, const char *sn, const char *ln)
 {
-    int ok = 0;
-    ASN1_OBJECT *op = NULL;
-    unsigned char *buf;
-    int i;
-
-    i = a2d_ASN1_OBJECT(NULL, 0, oid, -1);
-    if (i <= 0)
-        return (0);
+    ASN1_OBJECT *tmpoid = NULL;
+    int ok;
 
-    if ((buf = OPENSSL_malloc(i)) == NULL) {
-        OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE);
-        return (0);
+    /* Check to see if short or long name already present */
+    if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
+        return 0;
     }
-    i = a2d_ASN1_OBJECT(buf, i, oid, -1);
-    if (i == 0)
-        goto err;
-    op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
-    if (op == NULL)
+
+    /* Convert numerical OID string to an ASN1_OBJECT structure */
+    tmpoid = OBJ_txt2obj(oid, 1);
+
+    /* If NID is not NID_undef then object already exists */
+    if (OBJ_obj2nid(tmpoid) != NID_undef) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
         goto err;
-    ok = OBJ_add_object(op);
+    }
+
+    tmpoid->nid = OBJ_new_nid(1);
+    tmpoid->sn = (char *)sn;
+    tmpoid->ln = (char *)ln;
+
+    ok = OBJ_add_object(tmpoid);
+
+    tmpoid->sn = NULL;
+    tmpoid->ln = NULL;
+
  err:
-    ASN1_OBJECT_free(op);
-    OPENSSL_free(buf);
-    return (ok);
+    ASN1_OBJECT_free(tmpoid);
+    return ok;
 }
 
 size_t OBJ_length(const ASN1_OBJECT *obj)
diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c
index cadfe81..b8a9057 100644
--- a/crypto/objects/obj_err.c
+++ b/crypto/objects/obj_err.c
@@ -36,6 +36,7 @@ static ERR_STRING_DATA OBJ_str_functs[] = {
 
 static ERR_STRING_DATA OBJ_str_reasons[] = {
     {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"},
+    {ERR_REASON(OBJ_R_OID_EXISTS), "oid exists"},
     {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"},
     {0, NULL}
 };
diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
index da977fe..33075e6 100644
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
@@ -17,59 +17,42 @@
 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
 {
     ASN1_OBJECT *r;
-    int i;
-    char *ln = NULL, *sn = NULL;
-    unsigned char *data = NULL;
 
     if (o == NULL)
-        return (NULL);
+        return NULL;
+    /* If object isn't dynamic it's an internal OID which is never freed */
     if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-        return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication
-                                    * is this??? */
+        return ((ASN1_OBJECT *)o);
 
     r = ASN1_OBJECT_new();
     if (r == NULL) {
         OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
         return (NULL);
     }
-    data = OPENSSL_malloc(o->length);
-    if (data == NULL)
-        goto err;
-    if (o->data != NULL)
-        memcpy(data, o->data, o->length);
-    /* once data attached to object it remains const */
-    r->data = data;
-    r->length = o->length;
-    r->nid = o->nid;
-    r->ln = r->sn = NULL;
-    if (o->ln != NULL) {
-        i = strlen(o->ln) + 1;
-        ln = OPENSSL_malloc(i);
-        if (ln == NULL)
-            goto err;
-        memcpy(ln, o->ln, i);
-        r->ln = ln;
-    }
 
-    if (o->sn != NULL) {
-        i = strlen(o->sn) + 1;
-        sn = OPENSSL_malloc(i);
-        if (sn == NULL)
-            goto err;
-        memcpy(sn, o->sn, i);
-        r->sn = sn;
-    }
+    /* Set dynamic flags so everything gets freed up on error */
+
     r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
                            ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
                            ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-    return (r);
+
+    if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL)
+        goto err;
+
+    r->length = o->length;
+    r->nid = o->nid;
+
+    if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL)
+        goto err;
+
+    if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL)
+        goto err;
+
+    return r;
  err:
+    ASN1_OBJECT_free(r);
     OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
-    OPENSSL_free(ln);
-    OPENSSL_free(sn);
-    OPENSSL_free(data);
-    OPENSSL_free(r);
-    return (NULL);
+    return NULL;
 }
 
 int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
diff --git a/include/openssl/objects.h b/include/openssl/objects.h
index 8b31e3d..647a8ac 100644
--- a/include/openssl/objects.h
+++ b/include/openssl/objects.h
@@ -1088,6 +1088,7 @@ void ERR_load_OBJ_strings(void);
 
 /* Reason codes. */
 # define OBJ_R_MALLOC_FAILURE                             100
+# define OBJ_R_OID_EXISTS                                 102
 # define OBJ_R_UNKNOWN_NID                                101
 
 #ifdef  __cplusplus


More information about the openssl-commits mailing list