From 20c8931adecc22652cd956637c221c603d96b10b Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 4 Jan 2024 20:15:01 +0000 Subject: [PATCH] Disable EVP_PKEY_meth_* extensibility This removes the global pkey_app_methods stack that was never cleaned up and makes EVP_PKEY_meth_add0() always fail and push an error on the stack. EVP_PKEY_meth_find() can now walk the list of PKEY_METHODs forward and things become a bit cleaner. It's still all way more complicated than it needs to be... ok jsing --- lib/libcrypto/evp/pmeth_lib.c | 53 +++++------------------------------ 1 file changed, 7 insertions(+), 46 deletions(-) diff --git a/lib/libcrypto/evp/pmeth_lib.c b/lib/libcrypto/evp/pmeth_lib.c index cf27862488e..604181d3119 100644 --- a/lib/libcrypto/evp/pmeth_lib.c +++ b/lib/libcrypto/evp/pmeth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_lib.c,v 1.35 2023/11/29 21:35:57 tb Exp $ */ +/* $OpenBSD: pmeth_lib.c,v 1.36 2024/01/04 20:15:01 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -71,9 +71,6 @@ #include "asn1_local.h" #include "evp_local.h" -DECLARE_STACK_OF(EVP_PKEY_METHOD) -STACK_OF(EVP_PKEY_METHOD) *pkey_app_methods = NULL; - extern const EVP_PKEY_METHOD cmac_pkey_meth; extern const EVP_PKEY_METHOD dh_pkey_meth; extern const EVP_PKEY_METHOD dsa_pkey_meth; @@ -102,43 +99,15 @@ static const EVP_PKEY_METHOD *pkey_methods[] = { &x25519_pkey_meth, }; -static const size_t pkey_methods_count = - sizeof(pkey_methods) / sizeof(pkey_methods[0]); - -int -evp_pkey_meth_get_count(void) -{ - int num = pkey_methods_count; - - if (pkey_app_methods != NULL) - num += sk_EVP_PKEY_METHOD_num(pkey_app_methods); - - return num; -} - -const EVP_PKEY_METHOD * -evp_pkey_meth_get0(int idx) -{ - int num = pkey_methods_count; - - if (idx < 0) - return NULL; - if (idx < num) - return pkey_methods[idx]; - - idx -= num; - - return sk_EVP_PKEY_METHOD_value(pkey_app_methods, idx); -} +#define N_PKEY_METHODS (sizeof(pkey_methods) / sizeof(pkey_methods[0])) const EVP_PKEY_METHOD * EVP_PKEY_meth_find(int type) { - const EVP_PKEY_METHOD *pmeth; - int i; + size_t i; - for (i = evp_pkey_meth_get_count() - 1; i >= 0; i--) { - pmeth = evp_pkey_meth_get0(i); + for (i = 0; i < N_PKEY_METHODS; i++) { + const EVP_PKEY_METHOD *pmeth = pkey_methods[i]; if (pmeth->pkey_id == type) return pmeth; } @@ -275,16 +244,8 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) { - if (pkey_app_methods == NULL) { - pkey_app_methods = sk_EVP_PKEY_METHOD_new(NULL); - if (pkey_app_methods == NULL) - return 0; - } - - if (!sk_EVP_PKEY_METHOD_push(pkey_app_methods, pmeth)) - return 0; - - return 1; + EVPerror(ERR_R_DISABLED); + return 0; } void -- 2.20.1