Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().

In asn1_item_ex_d2i_choice(), only call the ASN1_OP_D2I_PRE callback after
allocation has occurred via ASN1_item_ex_new(). This matches the sequence
handling code and the documentation.

Discussed with tb@

diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c
index db4424b..48ac38a 100644 (file)
--- a/lib/libcrypto/asn1/tasn_dec.c
+++ b/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.66 2022/05/12 19:52:31 jsing Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.67 2022/05/12 20:06:46 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -135,6 +135,9 @@ asn1_item_ex_d2i_choice(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
        ASN1_VALUE **pchptr;
        int i, ret;
 
+       if (aux != NULL)
+               asn1_cb = aux->asn1_cb;
+
        if (it->itype != ASN1_ITYPE_CHOICE)
                goto err;
 
@@ -152,21 +155,16 @@ asn1_item_ex_d2i_choice(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
                *pval = NULL;
        }
 
-       if (aux != NULL)
-               asn1_cb = aux->asn1_cb;
+       if (!ASN1_item_ex_new(&achoice, it)) {
+               ASN1error(ERR_R_NESTED_ASN1_ERROR);
+               goto err;
+       }
 
        if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_PRE, &achoice, it, NULL)) {
                ASN1error(ASN1_R_AUX_ERROR);
                goto err;
        }
 
-       if (achoice == NULL) {
-               if (!ASN1_item_ex_new(&achoice, it)) {
-                       ASN1error(ERR_R_NESTED_ASN1_ERROR);
-                       goto err;
-               }
-       }
-
        /* Try each possible CHOICE in turn. */
        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
                pchptr = asn1_get_field_ptr(&achoice, tt);