[openssl-dev] [openssl.org #3665] Bug report and a patch forOpenSSL 1.0.1l (and 1.0.1k)
Uri Blumenthal via RT
rt at openssl.org
Wed Jan 21 04:18:09 UTC 2015
Steve Henson correctly pointed out that to change ASN1_TYPE_cmp() may not be appropriate, as there could be cases when null pointer (absent list) means something different from list being NULL.
To address that concern, I've made sure the workaround applies only to the case when two algorithms are compared, based on RFC 5754 and 5280 that state that AlgorithmIdentifier parameter list can be absent or represented as ASN.1 NULL - and implementations MUST accept both cases.
This patch also addresses the case when ASN1_TYPE_cmp(a, b) is called with a == b == NULL. Current implementation thinks that 0 != 0, which is not correct.
Please find attached my updated patch "patch-null-absent.diff”:
--- crypto/asn1/a_type.c.~1~ 2015-01-15 09:43:14.000000000 -0500
+++ crypto/asn1/a_type.c 2015-01-20 22:57:48.000000000 -0500
@@ -117,6 +117,8 @@
{
int result = -1;
+ if (!a && !b) return 0; /* both null-pointers => both absent/equal */
+
if (!a || !b || a->type != b->type) return -1;
switch (a->type)
--- crypto/asn1/x_algor.c.~1~ 2015-01-15 09:43:14.000000000 -0500
+++ crypto/asn1/x_algor.c 2015-01-20 23:00:54.000000000 -0500
@@ -151,5 +151,12 @@
return rv;
if (!a->parameter && !b->parameter)
return 0;
+ if ((!a->parameter && b->parameter
+ && b->parameter->type == V_ASN1_NULL)
+ ||
+ (!b->parameter && a->parameter
+ && a->parameter->type == V_ASN1_NULL)
+ )
+ return 0;
return ASN1_TYPE_cmp(a->parameter, b->parameter);
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-null-absent.diff
Type: application/octet-stream
Size: 809 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150121/694f28b1/attachment-0001.obj>
More information about the openssl-dev
mailing list