summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Lay groundwork to support X.509 v3 extensions for IP Addresses and AS ↵job2021-09-021-1/+9
| | | | | | | | | | | Identifiers These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree. OK tb@, discussed with beck@
* Zap blanks before tabs.tb2021-08-281-4/+4
|
* Fix various read buffer overflow when printing ASN.1 strings (which aretb2021-08-241-2/+3
| | | | | | | | not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9. From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l) ok inoguchi
* Add error checks for i2d_X509_NAME()tb2021-07-261-3/+5
| | | | | | | This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print(). ok schwarze
* Fix a read buffer overrun in X509_CERT_AUX_print(3),schwarze2021-07-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | which by implication also affects X509_print(3). The ASN1_STRING_get0_data(3) manual explitely cautions the reader that the data is not necessarily NUL-terminated, and the function X509_alias_set1(3) does not sanitize the data passed into it in any way either, so we must assume the alias->data field is merely a byte array and not necessarily a string in the sense of the C language. I found this bug while writing manual pages for these functions. OK tb@ As an aside, note that the function still produces incomplete and misleading results when the data contains a NUL byte in the middle and that error handling is consistently absent throughout, even though the function provides an "int" return value obviously intended to be 1 for success and 0 for failure, and even though this function is called by another function that also wants to return 1 for success and 0 for failure and even does so in many of its code paths, though not in others. But let's stay focussed. Many things would be nice to have in the wide wild world, but a buffer overflow must not be allowed to remain in our backyard.
* Fix a bug in X509_print_ex(3).schwarze2021-07-061-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed. The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse. Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
* Bugfix: when X509_NAME_dup(3) failed, X509_NAME_set(3) indicated successschwarze2021-07-041-14/+8
| | | | | | | | | | | | | | | | | even though it did not actually set the name. Instead, indicate failure in this case. This commit sneaks in a small, unrelated change in behaviour. If the first argument of X509_NAME_set(3) was NULL, the function used to return failure. Now it crashes the program by accessing the NULL pointer, for compatibility with the same change in OpenSSL. This merges the following two commits from the OpenSSL-1.1.1 branch, which is still available under a free license: 1. 180794c5 Rich Salz Sep 3 11:33:34 2017 -0400 2. c1c1783d Richard Levitte May 17 09:53:14 2018 +0200 OK tb@
* Plug leak in c2i_ASN1_OBJECTtb2021-05-011-3/+8
| | | | | | | | | | When using the object reuse facility of c2i_ASN1_OBJECT, the dynamically allocated strings a may contain are set to NULL, so we must free them beforehand. Also clear the flag, because that's what OpenSSL chose to do. From Richard Levitte OpenSSL 1.1.1 65b88a75921533ada8b465bc8d5c0817ad927947 ok inoguchi
* Remove two reduntat memset calls.tb2020-12-161-2/+1
| | | | pointed out by jsing
* Avoid potential use of uninitialized in ASN1_time_parsetb2020-12-161-4/+3
| | | | | | | | | | | When parsing an UTCTime into a struct tm that wasn't cleared by the caller, the years would be added to the already present value, which could give an incorrect result. This is an issue in ASN1_UTCTIME_cmp_time_t(), which is practically unused. Fix this by always zeroing the passed struct tm. Issue reported by Olivier Taïbi, thanks! ok jsing
* Fix a NULL dereference in GENERAL_NAME_cmp()tb2020-12-085-5/+48
| | | | | | | | | | | | Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing
* Clean up asn1/x_info.ctb2020-09-031-22/+9
| | | | | | | | | | Instead of using malloc(3) and manually setting part of the structure to zero, part to something else and leaving the rest uninitialized, we can benefit from the fact that there's this thing called calloc(3). Moreover, all variants of free(3) in libcrypto are NULL safe. ok beck inoguchi
* Remove unnecessary zeroing after recallocarray(3)tb2020-09-031-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Zap a memset that was redundant since OpenSSL 0.97b was merged by markus in 2003. Nowadays it's otto's recallocarray(3) that does the zeroing. ok beck inoguchi otto PS: ASN1_BIT_STRING_set_bit(3) was committed on Dec 21 1998 by Ralf S. Engelschnall and used this bizarre allocation idiom: if (a->data == NULL) c=(unsigned char *)Malloc(w+1); else c=(unsigned char *)Realloc(a->data,w+1); People complained about Malloc, Realloc and Free being used elsewhere, so on Jun 1 2000, Richarde Levitte swept the OpenSSL tree and it became this. if (a->data == NULL) c=(unsigned char *)OPENSSL_malloc(w+1); else c=(unsigned char *)OPENSSL_realloc(a->data,w+1); Then it was found that existing data should be cleaned, and on Nov 13 2002 Ben Laurie changed the last line to c=(unsigned char *)OPENSSL_realloc_clean(a->data, a->length, w+1);
* When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), returnschwarze2020-06-041-2/+5
| | | | | | | | | | | failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by documented API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This fixes a bug found while working on documentation. OK tb@ and "thanks" bluhm@
* When printing the serialNumber, fall back to the colon separated hextb2020-04-101-2/+4
| | | | | | | | | bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior. Issue in openssl x509 -text output reported by sthen ok jsing sthen
* Fix ASN1 print functionsinoguchi2020-03-241-6/+13
| | | | | | | | | | | | Check and print out boolean type properly. Based on OpenSSL commit ad72d9fdf7709ddb97a58d7d45d755e6e0504b96. Reduced unneeded parentheses from if condition. Check return value from i2s_ASN1_INTEGER. Based on OpenSSL commit 5e3553c2de9a365479324b8ba8b998f0cce3e527. Added if condition expression and return 0 if NULL is returned. ok tb@
* Avoid leak in error path of asn1_parse2inoguchi2020-01-091-17/+21
| | | | ok tb@
* Sort standard_methods by pkey_id.inoguchi2019-11-021-4/+4
| | | | ok jsing@
* Wire up ASN.1 methods for RSA-PSS.jsing2019-11-011-1/+5
| | | | ok tb@
* Provide ASN1_TYPE_{,un}pack_sequence().jsing2019-10-242-2/+36
| | | | | | | | These are internal only for now. Based on OpenSSL 1.1.1d. ok inoguchi@
* Add static_ASN1_* macroinoguchi2019-08-201-1/+72
| | | | - Add static_ASN1_* macro. Patch was provided by steils AT gentoo.org
* Fix signed overflow in X509_CRL_print().tb2019-05-121-1/+4
| | | | | | fixes oss-fuzz #14558 ok beck jsing
* Avoid an undefined shift in ASN1_ENUMERATED_get().tb2019-04-281-4/+9
| | | | | | | | (same fix as in a_int.c rev 1.34) Fixes oss-fuzz issue #13809 ok beck, jsing
* Avoid an undefined shift in ASN1_INTEGER_get().tb2019-04-281-4/+8
| | | | | | Fixes oss-fuzz issue #13804 ok beck, jsing
* Avoid undefined behaviour that results from negating a signed long withjsing2019-04-201-2/+2
| | | | | | | | minimum value. Fixes oss-fuzz #14354. ok beck@ bcook@ tb@
* Avoid signed integer overflow.jsing2019-04-151-2/+2
| | | | | | Fixes oss-fuzz issue #13843. ok tb@
* Avoid an overread caused by d2i_PrivateKey().jsing2019-04-101-1/+3
| | | | | | | | | | | There are cases where the old_priv_decode() function can fail but consume bytes. This will result in the pp pointer being advanced, which causes d2i_PKCS8_PRIV_KEY_INFO() to be called with an advanced pointer and incorrect length. Fixes oss-fuzz #13803 and #14142. ok deraadt@ tb@
* Revert tasn_prn.c r1.18.jsing2019-04-071-6/+2
| | | | | | | | | | | In this code, just because something is cast to a type doesn't mean it is necessarily that type - in this case we cannot check the length of the ASN1_STRING here, since it might be another data type and later handled as an int (for example, in the V_ASN1_BOOLEAN case). We will revisit this post release. ok tb@
* Implement a print function for BIGNUM_it.jsing2019-04-011-2/+18
| | | | ok beck@, tb@
* Correct the return values from long_print.jsing2019-04-011-2/+5
| | | | | | | BIO_print() returns -1 on failure, whereas the ASN print functions need to return 0. ok beck@, tb@
* Require all ASN1_PRIMITIVE_FUNCS functions to be provided.jsing2019-04-015-26/+42
| | | | | | | | | | | | If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require all functions to be provided (currently excluding prim_clear). This avoids situations such as having a custom allocator that returns a specific struct but then is then printed using the default primative print functions, which interpret the memory as a different struct. Found by oss-fuzz, fixes issue #13799. ok beck@, tb@
* Wrap long lines and apply some style(9).jsing2019-03-311-7/+10
|
* Use named field initialisers.jsing2019-03-312-16/+18
|
* Use limits.h instead of sys/limits.h for portability.jsing2019-03-261-3/+2
| | | | From phrocker via github.
* Don't allow asn1_parse2 to recurse arbitrarily deep. Constrain to a maxbeck2019-03-241-1/+5
| | | | | depth of 128 - For oss-fuzz issue 13802 ok jsing@
* Add range checks to varios ASN1_INTEGER functions to ensure thebeck2019-03-232-5/+59
| | | | | | sizes used remain a positive integer. Should address issue 13799 from oss-fuzz ok tb@ jsing@
* Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from thetb2019-03-131-4/+2
| | | | | | | | | | | mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing
* Restore function prototype for ASN1_dup, fixing usage on I32LP64 platforms.jeremy2018-11-301-1/+7
| | | | | | This prototype was removed inadvertantly in r1.50. OK jsing@
* Fix whitespace around assignment operators.tb2018-11-171-7/+7
|
* Avoid leaking memory that was already allocated in ASN1_item_new().tb2018-11-091-5/+1
| | | | From Ben L <bobsayshilol () live ! co ! uk>
* Fix a buffer overrun in asn1_parse2().tb2018-11-091-4/+7
| | | | | From Ben L bobsayshilol () live ! co ! uk Similar fixes in BoringSSL and OpensSSL.
* Add const to the data argument of ASN1_set{,_int}_octetstring().tb2018-11-092-6/+6
| | | | | | From Ben L bobsayshilol () live ! co ! uk ok jsing
* Remove some function prototypes that should have been removed in thejsing2018-11-081-10/+2
| | | | | | previous clean up. Spotted by bcook@
* whitespacetb2018-11-021-2/+2
|
* Remove a bunch of ancient and highly crufty ASN.1 related code fromjsing2018-10-246-1352/+19
| | | | | | libcrypto (the "new" stuff replaced this back around 2000 or so...). ok tb@
* Avoid calling memcpy with a length <= 0. Reported due to a GCC 7.3.0tb2018-10-201-5/+6
| | | | | | | compiler warning by Pavel Kraynyukhov. A similar fix was made in OpenSSL commit 369e93398b68b8a328e6c1d766222b. ok inoguchi
* Simplify initialization of asn1_cb; use correct spelling of NULL.tb2018-09-171-4/+2
|
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-242-4/+4
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-241-3/+3
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()tb2018-08-241-45/+30
| | | | | | | | | | | Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-08 05:42:13 +0000