| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Use more readable variable and arguments names in the process.
ok tb@
|
| |
|
|
|
|
|
|
| |
The asn1_find_end() function handles definite length ASN.1, which means
that there is no point in the only caller having code to explicitly handle
definite length - it can just call the function.
ok tb@
|
| |
|
|
|
|
|
|
| |
The long vs size_t checks can be handled in the asn1_check_tag() wrapper
and this will help to avoid propagating long vs size_t issues into new
code.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than calling asn1_get_object_cbs(), call asn1_get_identifier_cbs(),
then immediately proceed with the tag number and tag class check. Only if
that succeeds (or it is not required) do we call asn1_get_length_cbs().
This avoids incurring the overhead of decoding the length in the case where
the tag number and tag class do not match.
While here rename asn1_check_tlen() to asn1_check_tag() - while we decode
the length, what we are normally checking is the tag number and tag class.
Also rename the arguments for readability. For now the argument types
and encoding remain unchanged.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, every time an ASN.1 identifier and length is decoded it is
stored in a tag/length cache for potential reuse. However, the only time
this is actually of benefit is when decoding CHOICE or SEQUENCE with
OPTIONAL fields (or MSTRING and ANY due to less than ideal
implementation). For CHOICE and SEQUENCE with OPTIONAL fields the
current code attempts to decode the first option and if that fails, it
moves onto the next option and attempts to decode it, repeating until
it succeeds (or runs out of options).
There are a number of problems with the cache. Firstly, it adds complexity
to the ASN.1 decoder since it has to be passed up and down through the
various layers. Secondly, there is nothing that keeps the cached data in
synchronisation with the input stream. This makes it fragile and a
potential security risk. Thirdly, the type is in the public headers and
API, meaning that we cannot readily change the types or fields to improve
the code.
Testing also suggests that in typical decoding cases we actually get a
small performance increase by removing the cache. There are also several
other options that would improve decoding performance, which we can visit
once we have simpler and more robust code.
ok beck@ inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
This allows us to make direct use of c2i_ASN1_OBJECT_cbs().
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
The constructed ASN.1 handling in asn1_d2i_ex_primitive() and asn1_ex_c2i()
currently has code to potentially avoid a malloc/memcpy - this is a less
common code path and it introduces a bunch of complexity for minimal gain.
In particular, we're manually adding a trailing NUL when ASN1_STRING_set()
would already do that for us, plus we currently manually free() the data on
an ASN1_STRING, rather than using freezero().
ok inoguchi@ tb@
|
| | |
|
| |
|
|
| |
Whitespace change only.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There are currently three different tables in three different files that
contain information about ASN.1 universal class tag types. Range checking
is also implemented in three different places (with different
implementations).
Consolidate all of this into a single table, provide a lookup function that
deals with the range checks and wrappers to deal with specific types.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
With this we get simpler code, overflow checking and more sensible
memory ownership. Also switch the free_cont case to freezero() since this
could contain secrets.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
While here stop assigning a size_t to an int without bounds checks.
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
asn1_collect() (and hence collect_data()) is never called without
a BUF_MEM - the only caller that passed NULL was removed in OpenSSL
commit e1cc0671ac5.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Call the replacement asn1_tlc_invalidate() since it does not actually
clear the ASN1_TLC.
While here, name the ASN1_TLC variables consistently as ctx, remove a
pointless comment and simplify ASN1_item_d2i() slightly.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
| |
ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i()
function, so call asn1_item_ex_d2i() directly.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
to a crash. This enables a denial of service attack for an attacker who can
control both sides of the comparison.
Issue reported to OpenSSL on Nov 9 by David Benjamin.
OpenSSL shared the information with us on Dec 1st.
Fix from Matt Caswell (OpenSSL) with a few small tweaks.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require
all functions to be provided (currently excluding prim_clear). This avoids
situations such as having a custom allocator that returns a specific struct
but then is then printed using the default primative print functions, which
interpret the memory as a different struct.
Found by oss-fuzz, fixes issue #13799.
ok beck@, tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
Fixes for CVE-2018-0739.
Copied from commit below, and modified for adaption to our code.
https://github.com/openssl/openssl/commit/9310d45087ae546e27e61ddf8f6367f29848220d
ok bcook@ beck@ jsing@
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
| |
assembly.
|
| |
|
|
| |
CVE-2016-2108 from openssl.
|
| | |
|
| |
|
|
|
|
|
| |
missing padding check in aesni functions
overflow in evp encode functions
use of invalid negative asn.1 types
ok beck
|
| |
|
|
|
|
| |
case is ok.
ok bcook@
|
| |
|
|
| |
ok djm@ jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed.
Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
| |
|
|
|
|
| |
libcrypto/libssl, and nothing seems to use it in the wild, apart from embedded
copies of OpenSSL.
ok jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@
|
| |
|
|
|
| |
initial storage came from, we can't free it. just memset in the sequence
case. probably ok beck
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
http://marc.info/?l=openssl-users&m=138014120223264&w=2
Arguably a doc bug, but we argue not. If you parse a new cert into memory
occupied by a previously verified cert, the new cert will inherit that
state, bypassing future verification checks. To avoid this, we will always
start fresh with a new object.
grudging ok from guenther, after i threatened to make him read the code yet
again. "that ok was way more painful and tiring then it should have been"
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| | |
|
| | |
|
| | |
|
| | |
|
