Make CBS_get_any_asn1_element() more compliant with DER encoding. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	doug <>	2015-06-15 07:35:49 +0000
committer	doug <>	2015-06-15 07:35:49 +0000
commit	f06caa67ef95efe3935b9b1e51f4e8a10a52d973 (patch)
tree	d870273c7da5901692fed25ce0bccf96a3a77d50 /src/lib/libssl/s3_both.c
parent	d95277cd2ce585f3b393ef8e10e3032d4fc20b26 (diff)
download	openbsd-f06caa67ef95efe3935b9b1e51f4e8a10a52d973.tar.gz openbsd-f06caa67ef95efe3935b9b1e51f4e8a10a52d973.tar.bz2 openbsd-f06caa67ef95efe3935b9b1e51f4e8a10a52d973.zip

Make CBS_get_any_asn1_element() more compliant with DER encoding.

CBS_get_any_asn1_element violates DER encoding by allowing indefinite form. All callers except bs_ber.c expect DER encoding. The callers must check to see if it was indefinite or not. Rather than exposing all callers to this behavior, cbs_get_any_asn1_element_internal() allows specifying whether you want to allow the normally forbidden indefinite form. This is used by CBS_get_any_asn1_element() for strict DER encoding and by a new static function in bs_ber.c for the relaxed version. While I was here, I added comments to differentiate between ASN.1 restrictions and CBS limitations. ok miod@

Diffstat (limited to 'src/lib/libssl/s3_both.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: