git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Wed, 20 Dec 2023 15:01:17 +0000 (10:01 -0500)
committer	Neil Horman <nhorman@openssl.org>
	Mon, 1 Jan 2024 17:57:59 +0000 (12:57 -0500)
commit	94be985cbcc1f0a5cf4f172d4a8d06c5c623122b
tree	eb8dfddae26d9a2ad0bad7e66508a4d17b18de14	tree \| snapshot
parent	8a1694f22588c0777d642253ffdc307a61245d51	commit \| diff

gate calling of evp_method_id on having a non-zero name id

If a name is passed to EVP_<OBJ>_fetch of the form:
name1:name2:name3

The names are parsed on the separator ':' and added to the store, but
during the lookup in inner_evp_generic_fetch, the subsequent search of
the store uses the full name1:name2:name3 string, which fails lookup,
and causes subsequent assertion failures in evp_method_id.

instead catch the failure in inner_evp_generic_fetch and return an error
code if the name_id against a colon separated list of names fails. This
provides a graceful error return path without asserts, and leaves room
for a future feature in which such formatted names can be parsed and
searched for iteratively

Add a simple test to verify that providing a colon separated name
results in an error indicating an invalid lookup.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23110)

crypto/evp/evp_fetch.c		diff \| blob \| blame \| history
doc/man7/ossl-guide-libcrypto-introduction.pod		diff \| blob \| blame \| history
test/evp_extra_test2.c		diff \| blob \| blame \| history