openbsd/src/lib/libcrypto/asn1, branch OPENBSD_7_3

openbsd/src/lib/libcrypto/asn1, branch OPENBSD_7_3_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_3_BASE 2023-03-15T06:30:21+00:00 Add comments that explain why things are done in this strange order. 2023-03-15T06:30:21+00:00 tb 2023-03-15T06:30:21+00:00 urn:sha1:0d6436e7ce4a2c17cfea40b64872c615b4ff93da There's some method to this madness. ok jsing Push calloc() of ndef_aux down as far as possible and 2023-03-15T06:28:55+00:00 tb 2023-03-15T06:28:55+00:00 urn:sha1:fe08170ae5385adab5596b5e0d20cd32170b58ba pull the setting of the ex_arg up, so we can do error checking. ok jsing Error check BIO_asn1_set_{prefix,suffix}() calls 2023-03-15T06:22:42+00:00 tb 2023-03-15T06:22:42+00:00 urn:sha1:2986e4f991df4a0bedeeaec8466f95a24be09909 ok jsing Stop confusing out and asn_bio in BIO_new_NDEF() 2023-03-13T07:31:09+00:00 tb 2023-03-13T07:31:09+00:00 urn:sha1:1a2e5d994000e27e8d3809226045e1ebd95bb0df BIO_new_NDEF() sets up an ASN.1 BIO to the output chain and then adds even more BIOs. Since BIO_push(bio, new_tail) returns bio on success, after the if ((out = BIO_push(asn_bio, out)) != NULL) the 'out' BIO and the 'asn_bio' are the same. The code then goes on and uses one or the other. This is very confusing. Simply stop using out once it's appended to asn_bio. ok jsing Avoid an 1 byte out-of-bounds read in ASN1_PRINTABLE_type() 2023-03-12T11:49:02+00:00 tb 2023-03-12T11:49:02+00:00 urn:sha1:1c853f7dfee3676e9dd94219037089d9f783f6b3 In case the input is not NUL terminated, the reversed check for length and terminating NUL results in a one-byte overread. The documentation says that the input should be a string, but in ASN.1 land you never know... Reported by Guido Vranken a while back ok beck Switch an early return into goto err 2023-03-11T16:29:48+00:00 tb 2023-03-11T16:29:48+00:00 urn:sha1:6ac5e73082febbf715e9d19f2d8af9f59caa6d5b Tiny cleanup for readability 2023-03-11T16:02:06+00:00 tb 2023-03-11T16:02:06+00:00 urn:sha1:93a58d355ac478c35ee8767288a3476f15872d6e Turn a malloc() into calloc() and check two function calls directly forever instead of a combined check afterward. Use "if (ptr == NULL)" instead of "if (!ptr)" 2023-03-11T15:56:03+00:00 tb 2023-03-11T15:56:03+00:00 urn:sha1:dfe1605787756e56449a83c19359d20274053e26 Requested by jsing Fix double free after BIO_new_NDEF() 2023-03-11T15:50:13+00:00 tb 2023-03-11T15:50:13+00:00 urn:sha1:6c4a7458e869837b1b4cddf47a5a61ed22de7c17 Once the asn_bio is prepended to the out chain, and before the asn1_cb() has done its thing, asn_bio needs to be popped off again on error. Failing to do this can cause write after frees or double frees when the out BIO is used after the function returned. Based on a very complicated diff by Matt Caswell and Viktor Dukhovni. This was part of the fixes in OpenSSL 1.1.1t. ok jsing Remove a pesky space. 2023-03-11T14:05:02+00:00 jsing 2023-03-11T14:05:02+00:00 urn:sha1:7cfbad9af6db4ef1d10fba9d2f470cc280d8e37e