summaryrefslogtreecommitdiff
path: root/src/lib/libc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/asn1/a_object.c9
-rw-r--r--src/lib/libcrypto/asn1/asn1_locl.h3
-rw-r--r--src/lib/libcrypto/asn1/tasn_dec.c55
3 files changed, 43 insertions, 24 deletions
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index c6e4c77f92..c695499b31 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_object.c,v 1.46 2022/04/10 12:42:33 inoguchi Exp $ */ 1/* $OpenBSD: a_object.c,v 1.47 2022/04/23 18:47:08 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -529,9 +529,14 @@ c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content)
529 size_t data_len; 529 size_t data_len;
530 CBS cbs; 530 CBS cbs;
531 531
532 if (out_aobj == NULL || *out_aobj != NULL) 532 if (out_aobj == NULL)
533 goto err; 533 goto err;
534 534
535 if (*out_aobj != NULL) {
536 ASN1_OBJECT_free(*out_aobj);
537 *out_aobj = NULL;
538 }
539
535 /* Parse and validate OID encoding per X.690 8.19.2. */ 540 /* Parse and validate OID encoding per X.690 8.19.2. */
536 CBS_dup(content, &cbs); 541 CBS_dup(content, &cbs);
537 if (CBS_len(&cbs) == 0) { 542 if (CBS_len(&cbs) == 0) {
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
index 756e4070ba..d4ea3a9db8 100644
--- a/src/lib/libcrypto/asn1/asn1_locl.h
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1_locl.h,v 1.24 2022/03/26 14:47:58 jsing Exp $ */ 1/* $OpenBSD: asn1_locl.h,v 1.25 2022/04/23 18:47:08 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -203,6 +203,7 @@ int asn1_tag2charwidth(int tag);
203 203
204int i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len, 204int i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len,
205 int no_name); 205 int no_name);
206int c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content);
206ASN1_OBJECT *t2i_ASN1_OBJECT_internal(const char *oid); 207ASN1_OBJECT *t2i_ASN1_OBJECT_internal(const char *oid);
207 208
208__END_HIDDEN_DECLS 209__END_HIDDEN_DECLS
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index d475c99676..76dceaabef 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tasn_dec.c,v 1.49 2022/03/13 14:58:14 jsing Exp $ */ 1/* $OpenBSD: tasn_dec.c,v 1.50 2022/04/23 18:47:08 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -95,8 +95,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in,
95static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, 95static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in,
96 long len, const ASN1_ITEM *it, int tag, int aclass, char opt, 96 long len, const ASN1_ITEM *it, int tag, int aclass, char opt,
97 ASN1_TLC *ctx); 97 ASN1_TLC *ctx);
98static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, 98static int asn1_ex_c2i(ASN1_VALUE **pval, CBS *content, int utype,
99 int utype, const ASN1_ITEM *it); 99 const ASN1_ITEM *it);
100 100
101static void 101static void
102asn1_tlc_invalidate(ASN1_TLC *ctx) 102asn1_tlc_invalidate(ASN1_TLC *ctx)
@@ -669,6 +669,7 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen,
669 const unsigned char *content = NULL; 669 const unsigned char *content = NULL;
670 uint8_t *data = NULL; 670 uint8_t *data = NULL;
671 size_t data_len = 0; 671 size_t data_len = 0;
672 CBS cbs;
672 CBB cbb; 673 CBB cbb;
673 long len; 674 long len;
674 675
@@ -771,7 +772,10 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen,
771 } 772 }
772 773
773 /* We now have content length and type: translate into a structure */ 774 /* We now have content length and type: translate into a structure */
774 if (!asn1_ex_c2i(pval, content, len, utype, it)) 775 if (len < 0)
776 goto err;
777 CBS_init(&cbs, content, len);
778 if (!asn1_ex_c2i(pval, &cbs, utype, it))
775 goto err; 779 goto err;
776 780
777 *in = p; 781 *in = p;
@@ -784,25 +788,31 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen,
784 return ret; 788 return ret;
785} 789}
786 790
787/* Translate ASN1 content octets into a structure */ 791/* Translate ASN.1 content octets into a structure. */
788
789static int 792static int
790asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype, 793asn1_ex_c2i(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it)
791 const ASN1_ITEM *it)
792{ 794{
793 ASN1_VALUE **opval = NULL; 795 ASN1_VALUE **opval = NULL;
794 ASN1_STRING *stmp; 796 ASN1_STRING *stmp;
795 ASN1_TYPE *typ = NULL; 797 ASN1_TYPE *typ = NULL;
796 ASN1_INTEGER **tint; 798 ASN1_INTEGER **tint;
799 ASN1_BOOLEAN *tbool;
800 const uint8_t *p;
801 uint8_t u8val;
797 int ret = 0; 802 int ret = 0;
798 803
804 if (CBS_len(content) > INT_MAX)
805 return 0;
806
799 if (it->funcs != NULL) { 807 if (it->funcs != NULL) {
800 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; 808 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
801 char free_content = 0; 809 char free_content = 0;
802 810
803 if (pf->prim_c2i == NULL) 811 if (pf->prim_c2i == NULL)
804 return 0; 812 return 0;
805 return pf->prim_c2i(pval, content, len, utype, &free_content, it); 813
814 return pf->prim_c2i(pval, CBS_data(content), CBS_len(content),
815 utype, &free_content, it);
806 } 816 }
807 817
808 /* If ANY type clear type and set pointer to internal value */ 818 /* If ANY type clear type and set pointer to internal value */
@@ -822,12 +832,12 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype,
822 } 832 }
823 switch (utype) { 833 switch (utype) {
824 case V_ASN1_OBJECT: 834 case V_ASN1_OBJECT:
825 if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &content, len)) 835 if (!c2i_ASN1_OBJECT_cbs((ASN1_OBJECT **)pval, content))
826 goto err; 836 goto err;
827 break; 837 break;
828 838
829 case V_ASN1_NULL: 839 case V_ASN1_NULL:
830 if (len) { 840 if (CBS_len(content) != 0) {
831 ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH); 841 ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH);
832 goto err; 842 goto err;
833 } 843 }
@@ -835,25 +845,28 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype,
835 break; 845 break;
836 846
837 case V_ASN1_BOOLEAN: 847 case V_ASN1_BOOLEAN:
838 if (len != 1) { 848 tbool = (ASN1_BOOLEAN *)pval;
849 if (CBS_len(content) != 1) {
839 ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH); 850 ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
840 goto err; 851 goto err;
841 } else {
842 ASN1_BOOLEAN *tbool;
843 tbool = (ASN1_BOOLEAN *)pval;
844 *tbool = *content;
845 } 852 }
853 if (!CBS_get_u8(content, &u8val))
854 goto err;
855 *tbool = u8val;
846 break; 856 break;
847 857
848 case V_ASN1_BIT_STRING: 858 case V_ASN1_BIT_STRING:
849 if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &content, len)) 859 p = CBS_data(content);
860 if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &p,
861 CBS_len(content)))
850 goto err; 862 goto err;
851 break; 863 break;
852 864
853 case V_ASN1_INTEGER: 865 case V_ASN1_INTEGER:
854 case V_ASN1_ENUMERATED: 866 case V_ASN1_ENUMERATED:
855 tint = (ASN1_INTEGER **)pval; 867 tint = (ASN1_INTEGER **)pval;
856 if (!c2i_ASN1_INTEGER(tint, &content, len)) 868 p = CBS_data(content);
869 if (!c2i_ASN1_INTEGER(tint, &p, CBS_len(content)))
857 goto err; 870 goto err;
858 /* Fixup type to match the expected form */ 871 /* Fixup type to match the expected form */
859 (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); 872 (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
@@ -877,11 +890,11 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype,
877 case V_ASN1_SET: 890 case V_ASN1_SET:
878 case V_ASN1_SEQUENCE: 891 case V_ASN1_SEQUENCE:
879 default: 892 default:
880 if (utype == V_ASN1_BMPSTRING && (len & 1)) { 893 if (utype == V_ASN1_BMPSTRING && (CBS_len(content) & 1)) {
881 ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH); 894 ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
882 goto err; 895 goto err;
883 } 896 }
884 if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { 897 if (utype == V_ASN1_UNIVERSALSTRING && (CBS_len(content) & 3)) {
885 ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); 898 ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
886 goto err; 899 goto err;
887 } 900 }
@@ -896,7 +909,7 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype,
896 stmp = (ASN1_STRING *)*pval; 909 stmp = (ASN1_STRING *)*pval;
897 stmp->type = utype; 910 stmp->type = utype;
898 } 911 }
899 if (!ASN1_STRING_set(stmp, content, len)) { 912 if (!ASN1_STRING_set(stmp, CBS_data(content), CBS_len(content))) {
900 ASN1_STRING_free(stmp); 913 ASN1_STRING_free(stmp);
901 *pval = NULL; 914 *pval = NULL;
902 goto err; 915 goto err;