QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-30 03:34:39 +00:00
Code Issues Projects Releases Wiki Activity

X509_dup: fix copying of libctx and propq using new ASN1_OP_DUP_POST cb operation

Browse Source 
Fixes #12680

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12687)
This commit is contained in:
Dr. David von Oheimb 2020-08-19 20:16:53 +02:00
parent 4f7e08c83e
commit ee46dfbf2c
4 changed files with 40 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
crypto/asn1/a_dup.c
View File

@ -9,7 +9,7 @@
#include <stdio.h> #include <stdio.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1t.h>
#ifndef NO_OLD_ASN1 #ifndef NO_OLD_ASN1
@ -48,14 +48,26 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x)
void *ASN1_item_dup(const ASN1_ITEM *it, const void *x) void *ASN1_item_dup(const ASN1_ITEM *it, const void *x)
{ {
ASN1_aux_cb *asn1_cb = NULL;
unsigned char *b = NULL; unsigned char *b = NULL;
const unsigned char *p; const unsigned char *p;
long i; long i;
void *ret; ASN1_VALUE *ret;
if (x == NULL) if (x == NULL)
return NULL; return NULL;
if (it->itype == ASN1_ITYPE_SEQUENCE || it->itype == ASN1_ITYPE_CHOICE
|| it->itype == ASN1_ITYPE_NDEF_SEQUENCE) {
const ASN1_AUX *aux = it->funcs;
asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
}
if (asn1_cb != NULL
&& !asn1_cb(ASN1_OP_DUP_PRE, (ASN1_VALUE **)&x, it, NULL))
goto auxerr;
i = ASN1_item_i2d(x, &b, it); i = ASN1_item_i2d(x, &b, it);
if (b == NULL) { if (b == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
@ -64,5 +76,14 @@ void *ASN1_item_dup(const ASN1_ITEM *it, const void *x)
p = b; p = b;
ret = ASN1_item_d2i(NULL, &p, i, it); ret = ASN1_item_d2i(NULL, &p, i, it);
OPENSSL_free(b); OPENSSL_free(b);
if (asn1_cb != NULL
&& !asn1_cb(ASN1_OP_DUP_POST, &ret, it, (void *)x))
goto auxerr;
return ret; return ret;
auxerr:
ERR_raise_data(ERR_LIB_ASN1, ASN1_R_AUX_ERROR, "Type=%s", it->sname);
return NULL;
} }

11
crypto/x509/x_x509.c
View File

@ -97,6 +97,17 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ASN1_OCTET_STRING_free(ret->distinguishing_id); ASN1_OCTET_STRING_free(ret->distinguishing_id);
break; break;
case ASN1_OP_DUP_POST:
{
X509 *old = exarg;
ret->libctx = old->libctx;
ret->propq = old->propq;
}
break;
default:
break;
} }
return 1; return 1;

2
include/openssl/asn1t.h.in
View File

@ -746,6 +746,8 @@ typedef struct ASN1_STREAM_ARG_st {
# define ASN1_OP_STREAM_POST 11 # define ASN1_OP_STREAM_POST 11
# define ASN1_OP_DETACHED_PRE 12 # define ASN1_OP_DETACHED_PRE 12
# define ASN1_OP_DETACHED_POST 13 # define ASN1_OP_DETACHED_POST 13
# define ASN1_OP_DUP_PRE 14
# define ASN1_OP_DUP_POST 15
/* Macro to implement a primitive type */ /* Macro to implement a primitive type */
# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) # define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)

18
test/cmp_msg_test.c
View File

@ -33,16 +33,6 @@ typedef struct test_fixture {
static OSSL_LIB_CTX *libctx = NULL; static OSSL_LIB_CTX *libctx = NULL;
static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
/* TODO(3.0) Clean this up - See issue #12680 */
static X509 *X509_dup_ex(const X509 *cert)
{
X509 *dup = X509_dup(cert);
if (dup != NULL)
x509_set0_libctx(dup, libctx, NULL);
return dup;
}
static unsigned char ref[CMP_TEST_REFVALUE_LENGTH]; static unsigned char ref[CMP_TEST_REFVALUE_LENGTH];
static void tear_down(CMP_MSG_TEST_FIXTURE *fixture) static void tear_down(CMP_MSG_TEST_FIXTURE *fixture)
@ -296,7 +286,7 @@ static int test_cmp_create_certconf(void)
fixture->fail_info = 0; fixture->fail_info = 0;
fixture->expected = 1; fixture->expected = 1;
if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
X509_dup_ex(cert)))) { X509_dup(cert)))) {
tear_down(fixture); tear_down(fixture);
fixture = NULL; fixture = NULL;
} }
@ -310,7 +300,7 @@ static int test_cmp_create_certconf_badAlg(void)
fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg; fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg;
fixture->expected = 1; fixture->expected = 1;
if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
X509_dup_ex(cert)))) { X509_dup(cert)))) {
tear_down(fixture); tear_down(fixture);
fixture = NULL; fixture = NULL;
} }
@ -324,7 +314,7 @@ static int test_cmp_create_certconf_fail_info_max(void)
fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX; fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX;
fixture->expected = 1; fixture->expected = 1;
if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
X509_dup_ex(cert)))) { X509_dup(cert)))) {
tear_down(fixture); tear_down(fixture);
fixture = NULL; fixture = NULL;
} }
@ -405,7 +395,7 @@ static int execute_certrep_create(CMP_MSG_TEST_FIXTURE *fixture)
cresp->certifiedKeyPair->certOrEncCert->type = cresp->certifiedKeyPair->certOrEncCert->type =
OSSL_CMP_CERTORENCCERT_CERTIFICATE; OSSL_CMP_CERTORENCCERT_CERTIFICATE;
if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate = if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate =
X509_dup_ex(cert)) == NULL X509_dup(cert)) == NULL
|| !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp)) || !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp))
goto err; goto err;
cresp = NULL; cresp = NULL;