diff options
| author | Richard Levitte <levitte@openssl.org> | 2021-08-30 13:16:42 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-09-05 21:34:50 +0200 |
| commit | 73dd5d67c506cfeb9bf6183f0c19832c7d3f174d (patch) | |
| tree | 8aec41bac8ce11178328510ac84e235ae9aadffd /crypto/encode_decode/decoder_lib.c | |
| parent | Add KEM dupctx test (diff) | |
| download | openssl-73dd5d67c506cfeb9bf6183f0c19832c7d3f174d.tar.xz openssl-73dd5d67c506cfeb9bf6183f0c19832c7d3f174d.zip | |
DECODER: check the first decoded structure name against user given structure
In a chain of decoders, the first that specifies an input structure
gets it compared with the structure specified by the user, if there is
one. If they aren't the same, that decoder is skipped.
Because the first structure can appear anywhere along a chain of
decoders, not just the decoders associated with the resulting OpenSSL
type, the code that checked the structure name when building up the
chain of decoders is removed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16466)
Diffstat (limited to 'crypto/encode_decode/decoder_lib.c')
| -rw-r--r-- | crypto/encode_decode/decoder_lib.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index 938f97c282..10a38b6f82 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -38,6 +38,7 @@ struct decoder_process_data_st { */ unsigned int flag_next_level_called : 1; unsigned int flag_construct_called : 1; + unsigned int flag_input_structure_checked : 1; }; static int decoder_process(const OSSL_PARAM params[], void *arg); @@ -905,6 +906,26 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) } /* + * If the decoder we're currently considering specifies a structure, + * and this check hasn't already been done earlier in this chain of + * decoder_process() calls, check that it matches the user provided + * input structure, if one is given. + */ + if (!data->flag_input_structure_checked + && ctx->input_structure != NULL + && new_input_structure != NULL) { + data->flag_input_structure_checked = 1; + if (strcasecmp(new_input_structure, ctx->input_structure) != 0) { + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i); + } OSSL_TRACE_END(DECODER); + continue; + } + } + + /* * Checking the return value of BIO_reset() or BIO_seek() is unsafe. * Furthermore, BIO_reset() is unsafe to use if the source BIO happens * to be a BIO_s_mem(), because the earlier BIO_tell() gives us zero @@ -933,6 +954,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) ERR_set_mark(); new_data.current_decoder_inst_index = i; + new_data.flag_input_structure_checked + = data->flag_input_structure_checked; ok = new_decoder->decode(new_decoderctx, cbio, new_data.ctx->selection, decoder_process, &new_data, |