[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Tue Jan 23 19:30:44 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  38454902208c358ffaa140aef3077c2316f82b19 (commit)
       via  3833ebea433dbb062fbdb69d300c5528b611a83a (commit)
      from  0a05bbf8f434ba9df8c647e5475ff02997a83e0c (commit)


- Log -----------------------------------------------------------------
commit 38454902208c358ffaa140aef3077c2316f82b19
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Jan 22 19:03:37 2018 +0100

    Have EVP_PKEY_asn1_find_str() work more like EVP_PKEY_asn1_find()
    
    EVP_PKEY_asn1_find_str() would search through standard asn1 methods
    first, then those added by the application, which EVP_PKEY_asn1_find()
    worked the other way around.  Also, EVP_PKEY_asn1_find_str() didn't
    handle aliases.
    
    This change brings EVP_PKEY_asn1_find_str() closer to EVP_PKEY_asn1_find().
    
    Fixes #5086
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/5137)
    
    (cherry picked from commit 3bf0c3fe31d5339524dae671064cc5fe9e4bda38)

commit 3833ebea433dbb062fbdb69d300c5528b611a83a
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Jan 22 18:24:55 2018 +0100

    Revert "EVP_PKEY_asn1_add0(): Check that this method isn't already registered"
    
    This reverts commit d85722d31ac9ff0dc54c06cdc8d125acf56ca27a.
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/5137)
    
    (cherry picked from commit 7203c94e98c9fa76b0859c25b723b2bde4a9059b)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/ameth_lib.c | 24 +++++++++++++++---------
 crypto/evp/evp_err.c    |  4 +++-
 include/openssl/evp.h   |  1 +
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index dca5aff..3ece13b 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -143,7 +143,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
                                                    const char *str, int len)
 {
     int i;
-    const EVP_PKEY_ASN1_METHOD *ameth;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
     if (len == -1)
         len = strlen(str);
     if (pe) {
@@ -163,12 +164,12 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
 #endif
         *pe = NULL;
     }
-    for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+    for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
         ameth = EVP_PKEY_asn1_get0(i);
         if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
             continue;
-        if (((int)strlen(ameth->pem_str) == len)
-            && (strncasecmp(ameth->pem_str, str, len) == 0))
+        if ((int)strlen(ameth->pem_str) == len
+            && strncasecmp(ameth->pem_str, str, len) == 0)
             return ameth;
     }
     return NULL;
@@ -176,16 +177,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
 
 int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
 {
-    if (pkey_asn1_find(ameth->pkey_id) != NULL) {
-        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
-               EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED);
-        return 0;
-    }
+    EVP_PKEY_ASN1_METHOD tmp = { 0, };
+
     if (app_methods == NULL) {
         app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
         if (app_methods == NULL)
             return 0;
     }
+
+    tmp.pkey_id = ameth->pkey_id;
+    if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
+        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
+               EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
+        return 0;
+    }
+
     if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
         return 0;
     sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index f5b8635..c4b163f 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -143,6 +143,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
     {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
      "partially overlapping buffers"},
+    {ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
+     "pkey application asn1 method already registered"},
     {ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED),
      "pkey asn1 method already registered"},
     {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index d2709ea..b7edb52 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1570,6 +1570,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 # define EVP_R_OPERATON_NOT_INITIALIZED                   151
 # define EVP_R_PARTIALLY_OVERLAPPING                      162
+# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175
 # define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED        164
 # define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146


More information about the openssl-commits mailing list