diff options
Diffstat (limited to 'src/lib/libcrypto/asn1')
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_err.c | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_par.c | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/asn_mime.c | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_dec.c | 44 |
5 files changed, 40 insertions, 13 deletions
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 424cd348bb..e3385226d4 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h | |||
| @@ -612,6 +612,7 @@ typedef struct BIT_STRING_BITNAME_st { | |||
| 612 | B_ASN1_GENERALIZEDTIME | 612 | B_ASN1_GENERALIZEDTIME |
| 613 | 613 | ||
| 614 | #define B_ASN1_PRINTABLE \ | 614 | #define B_ASN1_PRINTABLE \ |
| 615 | B_ASN1_NUMERICSTRING| \ | ||
| 615 | B_ASN1_PRINTABLESTRING| \ | 616 | B_ASN1_PRINTABLESTRING| \ |
| 616 | B_ASN1_T61STRING| \ | 617 | B_ASN1_T61STRING| \ |
| 617 | B_ASN1_IA5STRING| \ | 618 | B_ASN1_IA5STRING| \ |
| @@ -1217,6 +1218,7 @@ void ERR_load_ASN1_strings(void); | |||
| 1217 | #define ASN1_R_BAD_OBJECT_HEADER 102 | 1218 | #define ASN1_R_BAD_OBJECT_HEADER 102 |
| 1218 | #define ASN1_R_BAD_PASSWORD_READ 103 | 1219 | #define ASN1_R_BAD_PASSWORD_READ 103 |
| 1219 | #define ASN1_R_BAD_TAG 104 | 1220 | #define ASN1_R_BAD_TAG 104 |
| 1221 | #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 | ||
| 1220 | #define ASN1_R_BN_LIB 105 | 1222 | #define ASN1_R_BN_LIB 105 |
| 1221 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 | 1223 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 |
| 1222 | #define ASN1_R_BUFFER_TOO_SMALL 107 | 1224 | #define ASN1_R_BUFFER_TOO_SMALL 107 |
| @@ -1306,6 +1308,7 @@ void ERR_load_ASN1_strings(void); | |||
| 1306 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 | 1308 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 |
| 1307 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 | 1309 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 |
| 1308 | #define ASN1_R_UNEXPECTED_EOC 159 | 1310 | #define ASN1_R_UNEXPECTED_EOC 159 |
| 1311 | #define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 | ||
| 1309 | #define ASN1_R_UNKNOWN_FORMAT 160 | 1312 | #define ASN1_R_UNKNOWN_FORMAT 160 |
| 1310 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 | 1313 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 |
| 1311 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 | 1314 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 |
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c index f8a3e2e6cd..5f5de98eed 100644 --- a/src/lib/libcrypto/asn1/asn1_err.c +++ b/src/lib/libcrypto/asn1/asn1_err.c | |||
| @@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, | 195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, |
| 196 | {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, | 196 | {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, |
| 197 | {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, | 197 | {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, |
| 198 | {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, | ||
| 198 | {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, | 199 | {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, |
| 199 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, | 200 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, |
| 200 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, | 201 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, |
| @@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 284 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, | 285 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, |
| 285 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, | 286 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, |
| 286 | {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, | 287 | {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, |
| 288 | {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, | ||
| 287 | {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, | 289 | {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, |
| 288 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, | 290 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, |
| 289 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, | 291 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, |
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c index 501b62a4b1..8657f73d66 100644 --- a/src/lib/libcrypto/asn1/asn1_par.c +++ b/src/lib/libcrypto/asn1/asn1_par.c | |||
| @@ -213,6 +213,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse | |||
| 213 | (tag == V_ASN1_T61STRING) || | 213 | (tag == V_ASN1_T61STRING) || |
| 214 | (tag == V_ASN1_IA5STRING) || | 214 | (tag == V_ASN1_IA5STRING) || |
| 215 | (tag == V_ASN1_VISIBLESTRING) || | 215 | (tag == V_ASN1_VISIBLESTRING) || |
| 216 | (tag == V_ASN1_NUMERICSTRING) || | ||
| 217 | (tag == V_ASN1_UTF8STRING) || | ||
| 216 | (tag == V_ASN1_UTCTIME) || | 218 | (tag == V_ASN1_UTCTIME) || |
| 217 | (tag == V_ASN1_GENERALIZEDTIME)) | 219 | (tag == V_ASN1_GENERALIZEDTIME)) |
| 218 | { | 220 | { |
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c index bc80b20d63..d8d9e76cc0 100644 --- a/src/lib/libcrypto/asn1/asn_mime.c +++ b/src/lib/libcrypto/asn1/asn_mime.c | |||
| @@ -152,7 +152,6 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) | |||
| 152 | 152 | ||
| 153 | static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) | 153 | static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) |
| 154 | { | 154 | { |
| 155 | const EVP_MD *md; | ||
| 156 | int i, have_unknown = 0, write_comma, md_nid; | 155 | int i, have_unknown = 0, write_comma, md_nid; |
| 157 | have_unknown = 0; | 156 | have_unknown = 0; |
| 158 | write_comma = 0; | 157 | write_comma = 0; |
| @@ -162,7 +161,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) | |||
| 162 | BIO_write(out, ",", 1); | 161 | BIO_write(out, ",", 1); |
| 163 | write_comma = 1; | 162 | write_comma = 1; |
| 164 | md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); | 163 | md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); |
| 165 | md = EVP_get_digestbynid(md_nid); | ||
| 166 | switch(md_nid) | 164 | switch(md_nid) |
| 167 | { | 165 | { |
| 168 | case NID_sha1: | 166 | case NID_sha1: |
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index ced641698e..48bc1c0d4d 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c | |||
| @@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len); | |||
| 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); | 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); |
| 70 | 70 | ||
| 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 72 | char inf, int tag, int aclass); | 72 | char inf, int tag, int aclass, int depth); |
| 73 | 73 | ||
| 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); | 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); |
| 75 | 75 | ||
| @@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, | |||
| 611 | 611 | ||
| 612 | err: | 612 | err: |
| 613 | ASN1_template_free(val, tt); | 613 | ASN1_template_free(val, tt); |
| 614 | *val = NULL; | ||
| 615 | return 0; | 614 | return 0; |
| 616 | } | 615 | } |
| 617 | 616 | ||
| @@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, | |||
| 758 | 757 | ||
| 759 | err: | 758 | err: |
| 760 | ASN1_template_free(val, tt); | 759 | ASN1_template_free(val, tt); |
| 761 | *val = NULL; | ||
| 762 | return 0; | 760 | return 0; |
| 763 | } | 761 | } |
| 764 | 762 | ||
| @@ -878,7 +876,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, | |||
| 878 | * internally irrespective of the type. So instead just check | 876 | * internally irrespective of the type. So instead just check |
| 879 | * for UNIVERSAL class and ignore the tag. | 877 | * for UNIVERSAL class and ignore the tag. |
| 880 | */ | 878 | */ |
| 881 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) | 879 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) |
| 882 | { | 880 | { |
| 883 | free_cont = 1; | 881 | free_cont = 1; |
| 884 | goto err; | 882 | goto err; |
| @@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, | |||
| 1012 | case V_ASN1_SET: | 1010 | case V_ASN1_SET: |
| 1013 | case V_ASN1_SEQUENCE: | 1011 | case V_ASN1_SEQUENCE: |
| 1014 | default: | 1012 | default: |
| 1013 | if (utype == V_ASN1_BMPSTRING && (len & 1)) | ||
| 1014 | { | ||
| 1015 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1016 | ASN1_R_BMPSTRING_IS_WRONG_LENGTH); | ||
| 1017 | goto err; | ||
| 1018 | } | ||
| 1019 | if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) | ||
| 1020 | { | ||
| 1021 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1022 | ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); | ||
| 1023 | goto err; | ||
| 1024 | } | ||
| 1015 | /* All based on ASN1_STRING and handled the same */ | 1025 | /* All based on ASN1_STRING and handled the same */ |
| 1016 | if (!*pval) | 1026 | if (!*pval) |
| 1017 | { | 1027 | { |
| @@ -1128,8 +1138,18 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) | |||
| 1128 | * if it is indefinite length. | 1138 | * if it is indefinite length. |
| 1129 | */ | 1139 | */ |
| 1130 | 1140 | ||
| 1141 | #ifndef ASN1_MAX_STRING_NEST | ||
| 1142 | /* This determines how many levels of recursion are permitted in ASN1 | ||
| 1143 | * string types. If it is not limited stack overflows can occur. If set | ||
| 1144 | * to zero no recursion is allowed at all. Although zero should be adequate | ||
| 1145 | * examples exist that require a value of 1. So 5 should be more than enough. | ||
| 1146 | */ | ||
| 1147 | #define ASN1_MAX_STRING_NEST 5 | ||
| 1148 | #endif | ||
| 1149 | |||
| 1150 | |||
| 1131 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | 1151 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 1132 | char inf, int tag, int aclass) | 1152 | char inf, int tag, int aclass, int depth) |
| 1133 | { | 1153 | { |
| 1134 | const unsigned char *p, *q; | 1154 | const unsigned char *p, *q; |
| 1135 | long plen; | 1155 | long plen; |
| @@ -1171,13 +1191,15 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | |||
| 1171 | /* If indefinite length constructed update max length */ | 1191 | /* If indefinite length constructed update max length */ |
| 1172 | if (cst) | 1192 | if (cst) |
| 1173 | { | 1193 | { |
| 1174 | #ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS | 1194 | if (depth >= ASN1_MAX_STRING_NEST) |
| 1175 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) | 1195 | { |
| 1196 | ASN1err(ASN1_F_ASN1_COLLECT, | ||
| 1197 | ASN1_R_NESTED_ASN1_STRING); | ||
| 1198 | return 0; | ||
| 1199 | } | ||
| 1200 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, | ||
| 1201 | depth + 1)) | ||
| 1176 | return 0; | 1202 | return 0; |
| 1177 | #else | ||
| 1178 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); | ||
| 1179 | return 0; | ||
| 1180 | #endif | ||
| 1181 | } | 1203 | } |
| 1182 | else if (plen && !collect_data(buf, &p, plen)) | 1204 | else if (plen && !collect_data(buf, &p, plen)) |
| 1183 | return 0; | 1205 | return 0; |