artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0c0ea3d) | patch
Revert disablement of the encoding cache
authorjob <job@openbsd.org>
Sun, 30 Apr 2023 16:46:49 +0000 (16:46 +0000)
committerjob <job@openbsd.org>
Sun, 30 Apr 2023 16:46:49 +0000 (16:46 +0000)
commit5ace30b5c45c8901bf08ce0f5e0e3152b52b0680
treee7f640b6575e12bcc095bf7892adbf970555eff4tree | snapshot
parent0c0ea3df500bed0067be9729f1896f322cda95bfcommit | diff
Revert disablement of the encoding cache

Without the cache, we verify CRL signatures on bytes that have been
pulled through d2i_ -> i2d_, this can cause reordering, which in turn
invalidates the signature. for example if in the original CRL revocation
entries were sorted by date instead of ascending serial number order.

There are probably multiple things we can do here, but they will need
careful consideration and planning.

OK jsing@
lib/libcrypto/asn1/tasn_dec.c diff | blob | history
lib/libcrypto/asn1/tasn_enc.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim