Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[crypto] Do not return an error when skipping the final ASN.1 object
Successfully reaching the end of a well-formed ASN.1 object list is arguably not an error, but the current code (dating back to the original ASN.1 commit in 2007) will explicitly check for and report this as an error condition. Remove the explicit check for reaching the end of a well-formed ASN.1 object list, and instead return success along with a zero-length (and hence implicitly invalidated) cursor. Almost every existing caller of asn1_skip() or asn1_skip_if_exists() currently ignores the return value anyway. Skipped objects are (by definition) not of interest to the caller, and the invalidation behaviour of asn1_skip() ensures that any errors will be safely caught on a subsequent attempt to actually use the ASN.1 object content. Since these existing callers ignore the return value, they cannot be affected by this change. There is one existing caller of asn1_skip_if_exists() that does check the return value: in asn1_skip() itself, an error returned from asn1_skip_if_exists() will cause the cursor to be invalidated. In the case of an error indicating only that the cursor length is already zero, invalidation is a no-op, and so this change affects only the return value propagated from asn1_skip(). This leaves only a single call site within ocsp_request() where the return value from asn1_skip() is currently checked. The return status here is moot since there is no way for the code in question to fail (absent a bug in the ASN.1 construction or parsing code). There are therefore no callers of asn1_skip() or asn1_skip_if_exists() that rely on an error being returned for successfully reaching the end of a well-formed ASN.1 object list. Simplify the code by redefining this as a successful outcome. Signed-off-by: Michael Brown <mcb30@ipxe.org>
- Loading branch information
