From 38454902208c358ffaa140aef3077c2316f82b19 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 22 Jan 2018 19:03:37 +0100 Subject: [PATCH] Have EVP_PKEY_asn1_find_str() work more like EVP_PKEY_asn1_find() EVP_PKEY_asn1_find_str() would search through standard asn1 methods first, then those added by the application, which EVP_PKEY_asn1_find() worked the other way around. Also, EVP_PKEY_asn1_find_str() didn't handle aliases. This change brings EVP_PKEY_asn1_find_str() closer to EVP_PKEY_asn1_find(). Fixes #5086 Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/5137) (cherry picked from commit 3bf0c3fe31d5339524dae671064cc5fe9e4bda38) --- crypto/asn1/ameth_lib.c | 19 +++++++++++++++---- crypto/evp/evp_err.c | 4 +++- include/openssl/evp.h | 1 + 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index cfde49ab02..3ece13b485 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -143,7 +143,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) { int i; - const EVP_PKEY_ASN1_METHOD *ameth; + const EVP_PKEY_ASN1_METHOD *ameth = NULL; + if (len == -1) len = strlen(str); if (pe) { @@ -163,12 +164,12 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, #endif *pe = NULL; } - for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) { ameth = EVP_PKEY_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; - if (((int)strlen(ameth->pem_str) == len) - && (strncasecmp(ameth->pem_str, str, len) == 0)) + if ((int)strlen(ameth->pem_str) == len + && strncasecmp(ameth->pem_str, str, len) == 0) return ameth; } return NULL; @@ -176,11 +177,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) { + EVP_PKEY_ASN1_METHOD tmp = { 0, }; + if (app_methods == NULL) { app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); if (app_methods == NULL) return 0; } + + tmp.pkey_id = ameth->pkey_id; + if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) { + EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, + EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED); + return 0; + } + if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) return 0; sk_EVP_PKEY_ASN1_METHOD_sort(app_methods); diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index f5b8635afd..c4b163f0ba 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -143,6 +143,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, + {ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), + "pkey application asn1 method already registered"}, {ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED), "pkey asn1 method already registered"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d2709eaedc..b7edb529e8 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1570,6 +1570,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 # define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 -- 2.25.1