[openssl] master update
Matt Caswell
matt at openssl.org
Mon May 24 08:54:21 UTC 2021
The branch master has been updated
via 669967fdd8e2174ed2b812df8488715c82f21360 (commit)
from 69d8cf70ef6496e0bc8fc5a27b068b4b4488d4a8 (commit)
- Log -----------------------------------------------------------------
commit 669967fdd8e2174ed2b812df8488715c82f21360
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 21 12:21:32 2021 +0100
Don't try the same decoder multiple times
The function collect_decoder decides whether a given decoder should be
tried or not. It loops through all the names for matching keymgmts to
see if any are a match or not. If there is a match then the decoder gets
added. However, each keymgmt may have multiple aliases and a decoder was
being added for each one. For example DHX has 4 alias names, and therefore
4 instances of the DHX decoder were added and being tried.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15404)
-----------------------------------------------------------------------
Summary of changes:
crypto/encode_decode/decoder_pkey.c | 68 +++++++++++++++++++++++--------------
1 file changed, 42 insertions(+), 26 deletions(-)
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index 08deb2d088..fb8f0d219b 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -232,41 +232,57 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg)
if (data->error_occurred)
return;
- data->error_occurred = 1; /* Assume the worst */
- if (data->names == NULL)
+ if (data->names == NULL) {
+ data->error_occurred = 1;
+ return;
+ }
+
+ /*
+ * Either the caller didn't give a selection, or if they did,
+ * the decoder must tell us if it supports that selection to
+ * be accepted. If the decoder doesn't have |does_selection|,
+ * it's seen as taking anything.
+ */
+ if (decoder->does_selection != NULL
+ && !decoder->does_selection(provctx, data->ctx->selection))
return;
end_i = sk_OPENSSL_CSTRING_num(data->names);
for (i = 0; i < end_i; i++) {
const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
- void *decoderctx = NULL;
- OSSL_DECODER_INSTANCE *di = NULL;
- if (OSSL_DECODER_is_a(decoder, name)
- /*
- * Either the caller didn't give a selection, or if they did,
- * the decoder must tell us if it supports that selection to
- * be accepted. If the decoder doesn't have |does_selection|,
- * it's seen as taking anything.
- */
- && (decoder->does_selection == NULL
- || decoder->does_selection(provctx, data->ctx->selection))
- && (decoderctx = decoder->newctx(provctx)) != NULL
- && (di = ossl_decoder_instance_new(decoder, decoderctx)) != NULL) {
- /* If successful so far, don't free these directly */
- decoderctx = NULL;
-
- if (decoder_check_input_structure(data->ctx, di)
- && ossl_decoder_ctx_add_decoder_inst(data->ctx, di))
- di = NULL; /* If successfully added, don't free it */
- }
+ if (OSSL_DECODER_is_a(decoder, name)) {
+ void *decoderctx = NULL;
+ OSSL_DECODER_INSTANCE *di = NULL;
- /* Free what can be freed */
- ossl_decoder_instance_free(di);
- decoder->freectx(decoderctx);
+ if ((decoderctx = decoder->newctx(provctx)) == NULL) {
+ data->error_occurred = 1;
+ return;
+ }
+ if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) {
+ decoder->freectx(decoderctx);
+ data->error_occurred = 1;
+ return;
+ }
+
+ if (!decoder_check_input_structure(data->ctx, di)) {
+ ossl_decoder_instance_free(di);
+ /* Not a fatal error. Just return */
+ return;
+ }
+ if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) {
+ ossl_decoder_instance_free(di);
+ data->error_occurred = 1;
+ return;
+ }
+
+ /* Success */
+ return;
+ }
}
- data->error_occurred = 0; /* All is good now */
+ /* Decoder not suitable - but not a fatal error */
+ data->error_occurred = 0;
}
int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
More information about the openssl-commits
mailing list