diff options
author | Matt Caswell <matt@openssl.org> | 2021-05-21 17:25:05 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-06-05 17:39:10 +1000 |
commit | c8a9af97c928118ae4626d793d0b73552648b7ea (patch) | |
tree | 504d0665a688d105af2562f1d7e63ca8ccec6ac0 /crypto | |
parent | 62653483464b78ae57bff9b807ee3328e0f078f3 (diff) |
Teach the ASN.1 code how to create embedded objects with libctx/propq
An ASN.1 object such as an X509 may have embedded objects in it such as
an X509_PUBKEY. If there is a libctx/propq in use then we need to make sure
we pass these down to the constructors of these embedded objects.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/tasn_new.c | 40 | ||||
-rw-r--r-- | crypto/x509/x_pubkey.c | 17 | ||||
-rw-r--r-- | crypto/x509/x_x509.c | 2 |
3 files changed, 41 insertions, 18 deletions
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 2ac9ab3e03..f3562251f2 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -16,11 +16,13 @@ #include "asn1_local.h" static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed); + int embed, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + OSSL_LIB_CTX *libctx, const char *propq); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); @@ -32,14 +34,24 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) return NULL; } +ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq) +{ + ASN1_VALUE *ret = NULL; + if (asn1_item_embed_new(&ret, it, 0, libctx, propq) > 0) + return ret; + return NULL; +} + /* Allocate an ASN1 structure */ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - return asn1_item_embed_new(pval, it, 0); + return asn1_item_embed_new(pval, it, 0, NULL, NULL); } -int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) +int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed, + OSSL_LIB_CTX *libctx, const char *propq) { const ASN1_TEMPLATE *tt = NULL; const ASN1_EXTERN_FUNCS *ef; @@ -56,15 +68,20 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) case ASN1_ITYPE_EXTERN: ef = it->funcs; - if (ef && ef->asn1_ex_new) { - if (!ef->asn1_ex_new(pval, it)) - goto memerr; + if (ef != NULL) { + if (ef->asn1_ex_new_ex != NULL) { + if (!ef->asn1_ex_new_ex(pval, it, libctx, propq)) + goto memerr; + } else if (ef->asn1_ex_new != NULL) { + if (!ef->asn1_ex_new(pval, it)) + goto memerr; + } } break; case ASN1_ITYPE_PRIMITIVE: if (it->templates) { - if (!asn1_template_new(pval, it->templates)) + if (!asn1_template_new(pval, it->templates, libctx, propq)) goto memerr; } else if (!asn1_primitive_new(pval, it, embed)) goto memerr; @@ -124,7 +141,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) ossl_asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = ossl_asn1_get_field_ptr(pval, tt); - if (!asn1_template_new(pseqval, tt)) + if (!asn1_template_new(pseqval, tt, libctx, propq)) goto memerr2; } if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) @@ -180,7 +197,8 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) } } -static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + OSSL_LIB_CTX *libctx, const char *propq) { const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); int embed = tt->flags & ASN1_TFLG_EMBED; @@ -214,7 +232,7 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) goto done; } /* Otherwise pass it back to the item routine */ - ret = asn1_item_embed_new(pval, it, embed); + ret = asn1_item_embed_new(pval, it, embed, libctx, propq); done: return ret; } diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 502caaa9a8..d83e5c59e0 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -71,6 +71,7 @@ static void x509_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) X509_ALGOR_free(pubkey->algor); ASN1_BIT_STRING_free(pubkey->public_key); EVP_PKEY_free(pubkey->pkey); + OPENSSL_free(pubkey->propq); OPENSSL_free(pubkey); *pval = NULL; } @@ -85,12 +86,15 @@ static int x509_pubkey_ex_populate(ASN1_VALUE **pval, const ASN1_ITEM *it) || (pubkey->public_key = ASN1_BIT_STRING_new()) != NULL); } -static int x509_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + +static int x509_pubkey_ex_new_ex(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq) { X509_PUBKEY *ret; if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL - || !x509_pubkey_ex_populate((ASN1_VALUE **)&ret, NULL)) { + || !x509_pubkey_ex_populate((ASN1_VALUE **)&ret, NULL) + || !x509_pubkey_set0_libctx(ret, libctx, propq)) { x509_pubkey_ex_free((ASN1_VALUE **)&ret, NULL); ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); } else { @@ -110,7 +114,7 @@ static int x509_pubkey_ex_d2i(ASN1_VALUE **pval, int ret; OSSL_DECODER_CTX *dctx = NULL; - if (*pval == NULL && !x509_pubkey_ex_new(pval, it)) + if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, NULL, NULL)) return 0; if (!x509_pubkey_ex_populate(pval, NULL)) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); @@ -190,12 +194,13 @@ static int x509_pubkey_ex_print(BIO *out, const ASN1_VALUE **pval, int indent, static const ASN1_EXTERN_FUNCS x509_pubkey_ff = { NULL, - x509_pubkey_ex_new, + NULL, x509_pubkey_ex_free, 0, /* Default clear behaviour is OK */ x509_pubkey_ex_d2i, x509_pubkey_ex_i2d, - x509_pubkey_ex_print + x509_pubkey_ex_print, + x509_pubkey_ex_new_ex, }; IMPLEMENT_EXTERN_ASN1(X509_PUBKEY, V_ASN1_SEQUENCE, x509_pubkey_ff) @@ -205,7 +210,7 @@ X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq) { X509_PUBKEY *pubkey = NULL; - pubkey = (X509_PUBKEY *)ASN1_item_new((X509_PUBKEY_it())); + pubkey = (X509_PUBKEY *)ASN1_item_new_ex(X509_PUBKEY_it(), libctx, propq); if (!x509_pubkey_set0_libctx(pubkey, libctx, propq)) { X509_PUBKEY_free(pubkey); pubkey = NULL; diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 7959ee223f..a45b89cbeb 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -169,7 +169,7 @@ X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq) { X509 *cert = NULL; - cert = (X509 *)ASN1_item_new((X509_it())); + cert = (X509 *)ASN1_item_new_ex(X509_it(), libctx, propq); if (!ossl_x509_set0_libctx(cert, libctx, propq)) { X509_free(cert); cert = NULL; |