3 files changed, 69 insertions, 46 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
index 79239faea1..3a0e5091e3 100644
--- a/src/lib/libcrypto/asn1/asn1_locl.h
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.29 2022/05/05 19:18:56 jsing Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.30 2022/05/12 19:33:19 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -172,8 +172,8 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
 void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it);
 int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
 int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 8732ab53cf..69e27a9f0f 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.64 2022/05/12 19:11:14 jsing Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.65 2022/05/12 19:33:19 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -249,6 +249,7 @@ asn1_item_ex_d2i_sequence(ASN1_VALUE **pval, const unsigned char **in, long len,
        ASN1_aux_cb *asn1_cb = NULL;
        char seq_eoc, seq_nolen, cst, isopt;
        const unsigned char *p = NULL, *q;
+        CBS cbs;
        int i;
        int ret = 0;
@@ -383,9 +384,10 @@ asn1_item_ex_d2i_sequence(ASN1_VALUE **pval, const unsigned char **in, long len,
                }
        }
        /* Save encoding */
-        if (!asn1_enc_save(pval, *in, p - *in, it)) {
+        CBS_init(&cbs, *in, p - *in);
+        if (!asn1_enc_save(pval, &cbs, it)) {
                ASN1error(ERR_R_MALLOC_FAILURE);
-                goto auxerr;
+                goto err;
        }
        *in = p;
        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
index e3b2c9e4dc..1fd061f9f8 100644
--- a/src/lib/libcrypto/asn1/tasn_utl.c
+++ b/src/lib/libcrypto/asn1/tasn_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_utl.c,v 1.15 2022/05/12 19:24:38 jsing Exp $ */
+/* $OpenBSD: tasn_utl.c,v 1.16 2022/05/12 19:33:19 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -56,13 +56,17 @@
 *
 */
+#include <limits.h>
 #include <stddef.h>
 #include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/err.h>
+#include "bytestring.h"
 /* Utility functions for manipulating fields and offsets */
 /* Add 'offset' to 'addr' */
@@ -123,79 +127,96 @@ asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
 static ASN1_ENCODING *
 asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        const ASN1_AUX *aux;
+        const ASN1_AUX *aux = it->funcs;
-        if (!pval || !*pval)
+        if (pval == NULL || *pval == NULL)
                return NULL;
-        aux = it->funcs;
-        if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+        if (aux == NULL || (aux->flags & ASN1_AFLG_ENCODING) == 0)
                return NULL;
        return offset2ptr(*pval, aux->enc_offset);
 }
 void
 asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        ASN1_ENCODING *enc;
+        ASN1_ENCODING *aenc;
-        enc = asn1_get_enc_ptr(pval, it);
+        if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
-        if (enc) {
+                return;
-                enc->enc = NULL;
-                enc->len = 0;
+        aenc->enc = NULL;
-                enc->modified = 1;
+        aenc->len = 0;
-        }
+        aenc->modified = 1;
+}
+static void
+asn1_enc_clear(ASN1_ENCODING *aenc)
+{
+        freezero(aenc->enc, aenc->len);
+        aenc->enc = NULL;
+        aenc->len = 0;
+        aenc->modified = 1;
 }
 void
 asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        ASN1_ENCODING *enc;
+        ASN1_ENCODING *aenc;
-        enc = asn1_get_enc_ptr(pval, it);
+        if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
-        if (enc) {
+                return;
-                freezero(enc->enc, enc->len);
-                enc->enc = NULL;
+        asn1_enc_clear(aenc);
-                enc->len = 0;
-                enc->modified = 1;
-        }
 }
 int
-asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+asn1_enc_save(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it)
-    const ASN1_ITEM *it)
 {
-        ASN1_ENCODING *enc;
+        ASN1_ENCODING *aenc;
+        uint8_t *data = NULL;
+        size_t data_len = 0;
-        enc = asn1_get_enc_ptr(pval, it);
+        if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
-        if (!enc)
                return 1;
-        freezero(enc->enc, enc->len);
+        asn1_enc_clear(aenc);
-        enc->enc = malloc(inlen);
-        if (!enc->enc)
+        if (!CBS_stow(cbs, &data, &data_len))
+                return 0;
+        if (data_len > LONG_MAX) {
+                freezero(data, data_len);
                return 0;
-        memcpy(enc->enc, in, inlen);
+        }
-        enc->len = inlen;
-        enc->modified = 0;
+        aenc->enc = data;
+        aenc->len = (long)data_len;
+        aenc->modified = 0;
        return 1;
 }
 int
-asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+asn1_enc_restore(int *out_len, unsigned char **out, ASN1_VALUE **pval,
    const ASN1_ITEM *it)
 {
-        ASN1_ENCODING *enc;
+        ASN1_ENCODING *aenc;
+        if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
+                return 0;
-        enc = asn1_get_enc_ptr(pval, it);
+        if (aenc->modified)
-        if (!enc || enc->modified)
                return 0;
-        if (out) {
-                memcpy(*out, enc->enc, enc->len);
+        if (out != NULL) {
-                *out += enc->len;
+                memcpy(*out, aenc->enc, aenc->len);
+                *out += aenc->len;
        }
-        if (len)
-                *len = enc->len;
+        if (out_len != NULL)
+                *out_len = aenc->len;
        return 1;
 }

diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h index 79239faea1..3a0e5091e3 100644 --- a/src/lib/libcrypto/asn1/asn1_locl.h +++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: asn1_locl.h,v 1.29 2022/05/05 19:18:56 jsing Exp $ */	1	/* $OpenBSD: asn1_locl.h,v 1.30 2022/05/12 19:33:19 jsing Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -172,8 +172,8 @@ int asn1_do_lock(ASN1_VALUE *pval, int op, const ASN1_ITEM it);
172		172
173	void asn1_enc_init(ASN1_VALUE *pval, const ASN1_ITEM it);	173	void asn1_enc_init(ASN1_VALUE *pval, const ASN1_ITEM it);
174	void asn1_enc_free(ASN1_VALUE *pval, const ASN1_ITEM it);	174	void asn1_enc_free(ASN1_VALUE *pval, const ASN1_ITEM it);
		175	int asn1_enc_save(ASN1_VALUE *pval, CBS cbs, const ASN1_ITEM *it);
175	int asn1_enc_restore(int len, unsigned char out, ASN1_VALUE pval, const ASN1_ITEM it);	176	int asn1_enc_restore(int len, unsigned char out, ASN1_VALUE pval, const ASN1_ITEM it);
176	int asn1_enc_save(ASN1_VALUE *pval, const unsigned char in, int inlen, const ASN1_ITEM *it);
177		177
178	int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);	178	int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
179	int d2i_ASN1_BOOLEAN(int a, const unsigned char *pp, long length);	179	int d2i_ASN1_BOOLEAN(int a, const unsigned char *pp, long length);


diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index 8732ab53cf..69e27a9f0f 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tasn_dec.c,v 1.64 2022/05/12 19:11:14 jsing Exp $ */	1	/* $OpenBSD: tasn_dec.c,v 1.65 2022/05/12 19:33:19 jsing Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -249,6 +249,7 @@ asn1_item_ex_d2i_sequence(ASN1_VALUE pval, const unsigned char in, long len,
249	ASN1_aux_cb *asn1_cb = NULL;	249	ASN1_aux_cb *asn1_cb = NULL;
250	char seq_eoc, seq_nolen, cst, isopt;	250	char seq_eoc, seq_nolen, cst, isopt;
251	const unsigned char p = NULL, q;	251	const unsigned char p = NULL, q;
		252	CBS cbs;
252	int i;	253	int i;
253	int ret = 0;	254	int ret = 0;
254		255
@@ -383,9 +384,10 @@ asn1_item_ex_d2i_sequence(ASN1_VALUE pval, const unsigned char in, long len,
383	}	384	}
384	}	385	}
385	/* Save encoding */	386	/* Save encoding */
386	if (!asn1_enc_save(pval, in, p - in, it)) {	387	CBS_init(&cbs, in, p - in);
		388	if (!asn1_enc_save(pval, &cbs, it)) {
387	ASN1error(ERR_R_MALLOC_FAILURE);	389	ASN1error(ERR_R_MALLOC_FAILURE);
388	goto auxerr;	390	goto err;
389	}	391	}
390	*in = p;	392	*in = p;
391	if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))	393	if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))


diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c index e3b2c9e4dc..1fd061f9f8 100644 --- a/src/lib/libcrypto/asn1/tasn_utl.c +++ b/src/lib/libcrypto/asn1/tasn_utl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tasn_utl.c,v 1.15 2022/05/12 19:24:38 jsing Exp $ */	1	/* $OpenBSD: tasn_utl.c,v 1.16 2022/05/12 19:33:19 jsing Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -56,13 +56,17 @@
56	*	56	*
57	*/	57	*/
58		58
		59	#include <limits.h>
59	#include <stddef.h>	60	#include <stddef.h>
60	#include <string.h>	61	#include <string.h>
		62
61	#include <openssl/asn1.h>	63	#include <openssl/asn1.h>
62	#include <openssl/asn1t.h>	64	#include <openssl/asn1t.h>
63	#include <openssl/objects.h>	65	#include <openssl/objects.h>
64	#include <openssl/err.h>	66	#include <openssl/err.h>
65		67
		68	#include "bytestring.h"
		69
66	/* Utility functions for manipulating fields and offsets */	70	/* Utility functions for manipulating fields and offsets */
67		71
68	/* Add 'offset' to 'addr' */	72	/* Add 'offset' to 'addr' */
@@ -123,79 +127,96 @@ asn1_do_lock(ASN1_VALUE *pval, int op, const ASN1_ITEM it)
123	static ASN1_ENCODING *	127	static ASN1_ENCODING *
124	asn1_get_enc_ptr(ASN1_VALUE *pval, const ASN1_ITEM it)	128	asn1_get_enc_ptr(ASN1_VALUE *pval, const ASN1_ITEM it)
125	{	129	{
126	const ASN1_AUX *aux;	130	const ASN1_AUX *aux = it->funcs;
127		131
128	if (!pval \|\| !*pval)	132	if (pval == NULL \|\| *pval == NULL)
129	return NULL;	133	return NULL;
130	aux = it->funcs;	134
131	if (!aux \|\| !(aux->flags & ASN1_AFLG_ENCODING))	135	if (aux == NULL \|\| (aux->flags & ASN1_AFLG_ENCODING) == 0)
132	return NULL;	136	return NULL;
		137
133	return offset2ptr(*pval, aux->enc_offset);	138	return offset2ptr(*pval, aux->enc_offset);
134	}	139	}
135		140
136	void	141	void
137	asn1_enc_init(ASN1_VALUE *pval, const ASN1_ITEM it)	142	asn1_enc_init(ASN1_VALUE *pval, const ASN1_ITEM it)
138	{	143	{
139	ASN1_ENCODING *enc;	144	ASN1_ENCODING *aenc;
140		145
141	enc = asn1_get_enc_ptr(pval, it);	146	if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
142	if (enc) {	147	return;
143	enc->enc = NULL;	148
144	enc->len = 0;	149	aenc->enc = NULL;
145	enc->modified = 1;	150	aenc->len = 0;
146	}	151	aenc->modified = 1;
		152	}
		153
		154	static void
		155	asn1_enc_clear(ASN1_ENCODING *aenc)
		156	{
		157	freezero(aenc->enc, aenc->len);
		158	aenc->enc = NULL;
		159	aenc->len = 0;
		160	aenc->modified = 1;
147	}	161	}
148		162
149	void	163	void
150	asn1_enc_free(ASN1_VALUE *pval, const ASN1_ITEM it)	164	asn1_enc_free(ASN1_VALUE *pval, const ASN1_ITEM it)
151	{	165	{
152	ASN1_ENCODING *enc;	166	ASN1_ENCODING *aenc;
153		167
154	enc = asn1_get_enc_ptr(pval, it);	168	if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
155	if (enc) {	169	return;
156	freezero(enc->enc, enc->len);	170
157	enc->enc = NULL;	171	asn1_enc_clear(aenc);
158	enc->len = 0;
159	enc->modified = 1;
160	}
161	}	172	}
162		173
163	int	174	int
164	asn1_enc_save(ASN1_VALUE *pval, const unsigned char in, int inlen,	175	asn1_enc_save(ASN1_VALUE *pval, CBS cbs, const ASN1_ITEM *it)
165	const ASN1_ITEM *it)
166	{	176	{
167	ASN1_ENCODING *enc;	177	ASN1_ENCODING *aenc;
		178	uint8_t *data = NULL;
		179	size_t data_len = 0;
168		180
169	enc = asn1_get_enc_ptr(pval, it);	181	if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
170	if (!enc)
171	return 1;	182	return 1;
172		183
173	freezero(enc->enc, enc->len);	184	asn1_enc_clear(aenc);
174	enc->enc = malloc(inlen);	185
175	if (!enc->enc)	186	if (!CBS_stow(cbs, &data, &data_len))
		187	return 0;
		188	if (data_len > LONG_MAX) {
		189	freezero(data, data_len);
176	return 0;	190	return 0;
177	memcpy(enc->enc, in, inlen);	191	}
178	enc->len = inlen;	192
179	enc->modified = 0;	193	aenc->enc = data;
		194	aenc->len = (long)data_len;
		195	aenc->modified = 0;
180		196
181	return 1;	197	return 1;
182	}	198	}
183		199
184	int	200	int
185	asn1_enc_restore(int len, unsigned char out, ASN1_VALUE *pval,	201	asn1_enc_restore(int out_len, unsigned char out, ASN1_VALUE *pval,
186	const ASN1_ITEM *it)	202	const ASN1_ITEM *it)
187	{	203	{
188	ASN1_ENCODING *enc;	204	ASN1_ENCODING *aenc;
		205
		206	if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
		207	return 0;
189		208
190	enc = asn1_get_enc_ptr(pval, it);	209	if (aenc->modified)
191	if (!enc \|\| enc->modified)
192	return 0;	210	return 0;
193	if (out) {	211
194	memcpy(*out, enc->enc, enc->len);	212	if (out != NULL) {
195	*out += enc->len;	213	memcpy(*out, aenc->enc, aenc->len);
		214	*out += aenc->len;
196	}	215	}
197	if (len)	216
198	*len = enc->len;	217	if (out_len != NULL)
		218	*out_len = aenc->len;
		219
199	return 1;	220	return 1;
200	}	221	}
201		222