Steve Henson correctly pointed out that to change ASN1_TYPE_cmp() may not be appropriate, as there could be cases when null pointer (absent list) means something different from list being NULL.
To address that concern, I've made sure the workaround applies only to the case
when two algorithms are compared, based on RFC 5754 and 5280 that state that
AlgorithmIdentifier parameter list can be absent or represented as ASN.1 NULL -
and implementations MUST accept both cases.
This patch also addresses the case when ASN1_TYPE_cmp(a, b) is called with a ==
b == NULL. Current implementation thinks that 0 != 0, which is not correct.
Please find attached my updated patch "patch-null-absent.diff”:
--- crypto/asn1/a_type.c.~1~ 2015-01-15 09:43:14.000000000 -0500
+++ crypto/asn1/a_type.c 2015-01-20 22:57:48.000000000 -0500
@@ -117,6 +117,8 @@
{
int result = -1;
+ if (!a && !b) return 0; /* both null-pointers => both absent/equal */
+
if (!a || !b || a->type != b->type) return -1;
switch (a->type)
--- crypto/asn1/x_algor.c.~1~ 2015-01-15 09:43:14.000000000 -0500
+++ crypto/asn1/x_algor.c 2015-01-20 23:00:54.000000000 -0500
@@ -151,5 +151,12 @@
return rv;
if (!a->parameter && !b->parameter)
return 0;
+ if ((!a->parameter && b->parameter
+ && b->parameter->type == V_ASN1_NULL)
+ ||
+ (!b->parameter && a->parameter
+ && a->parameter->type == V_ASN1_NULL)
+ )
+ return 0;
return ASN1_TYPE_cmp(a->parameter, b->parameter);
}
patch-null-absent.diff
Description: Binary data
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
