diff options
author | David Benjamin <davidben@google.com> | 2021-08-08 15:21:45 -0400 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2021-08-10 19:44:59 +0000 |
commit | f8b3961b0209d85382ea2b19609d787dd7c50c08 (patch) | |
tree | 496df940240cf7310708813d64158ad84dd682b1 /include | |
parent | 6d84569802d8f164b85cc31750b3e379f23d6711 (diff) | |
download | boringssl-f8b3961b0209d85382ea2b19609d787dd7c50c08.zip boringssl-f8b3961b0209d85382ea2b19609d787dd7c50c08.tar.gz boringssl-f8b3961b0209d85382ea2b19609d787dd7c50c08.tar.bz2 |
Always use an ASN1_STRING_TABLE global mask of UTF8String.
ASN1_STRING_set_by_NID is very complex and depends on a "global mask"
for most NIDs. (Some NIDs use a single type and use STABLE_NO_MASK to
disable the global mask.) Historically, it defaulted to allowing all
types, but it switched to UTF8String in OpenSSL 1.0.2.
Updating the global mask is not thread-safe, and it's 2021. Let's just
always use UTF-8. The only callers I found set it to UTF-8 anyway (with
the exception of some test script we don't use, and some code that
wasn't compiled). No-op writes in the C/C++ memory model are still race
conditions, so this CL fixes some bugs in those callers.
Update-Note: The global mask for ASN1_STRING_set_by_NID is now always
UTF-8. Callers that want another type should reconsider and, if UTF-8 is
still unsuitable, just pass the actual desired type into
ASN1_mbstring_copy, X509_NAME_ENTRY_set_data, etc
Change-Id: I679e99c57da9a48c805460abcb3af5b2f938c93f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48766
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/asn1.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 4f5f700..788ef2e 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1155,8 +1155,13 @@ OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct, OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); +// ASN1_STRING_set_default_mask does nothing. OPENSSL_EXPORT void ASN1_STRING_set_default_mask(unsigned long mask); + +// ASN1_STRING_set_default_mask_asc returns one. OPENSSL_EXPORT int ASN1_STRING_set_default_mask_asc(const char *p); + +// ASN1_STRING_get_default_mask returns |B_ASN1_UTF8STRING|. OPENSSL_EXPORT unsigned long ASN1_STRING_get_default_mask(void); OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, |