| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
The current code simply shoves the unvalidated ASN.1 bytes into a BIGNUM on
the hope that other things will detect issues (such as negative values
being flipped to positive). Instead of doing this, decode and validate the
ASN.1 data using ASN1_INTEGER, then convert it to a BIGNUM. Similarly, for
encoding convert from BIGNUM to ASN1_INTEGER and use ASN1_INTEGER encoding.
ok tb@
|
| |
|
|
|
|
| |
Also tidy up bn_new() while here.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Avoid undefined behaviour/integer overflow by casting an int64_t to
uint64_t before negating.
Fixes oss-fuzz #49043
ok tb@
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
|
|
|
|
| |
This is the documented behavior which got lost in the recent rewrite.
Mismatch of documentation and reality pointed out by schwarze
ok jsing
|
| |
|
|
|
|
|
| |
These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
Rather than having yet another (broken) ASN.1 INTEGER content builder and
parser, use {c2i,i2c}_ASN1_INTEGER().
ok beck@
|
| | |
|
| |
|
|
|
|
|
|
| |
While we're here enforce valid days for months and leap years.
Inspired by same in boringssl.
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
Avoid undefined behaviour by negating the unsigned value, before casting
to int64_t, rather than casting to int64_t then negating.
Fixes oss-fuzz #48499
ok tb@
|
| |
|
|
|
|
|
|
| |
the world seems to be using.
Symbols.list changes and exposure to wait for minor bump
ok jsing@ jca@
|
| |
|
|
|
|
|
| |
This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().
ok beck jsing
|
| |
|
|
|
|
|
|
|
| |
Apparently at some point a LONG_it was misaligned - provide and use
long_{get,set}() so that we always memcpy() rather than doing it some times
but not others. While here provide long_clear() rather than abusing and
reusing long_free().
ok tb@
|
| |
|
|
|
|
|
| |
Switch to using ints for boolean values and use 0 or 1 for constructed,
rather than using 0 the ASN.1 tag encoded value (1 << 5).
ok tb@
|
| |
|
|
|
|
|
| |
Instead of having a separate get/set implementation, reuse the ASN1_INTEGER
code. Also prepare to provide ASN1_ENUMERATED_{get,set}_int64().
ok beck@ tb@
|
| |
|
|
|
|
| |
In the process, prepare to provide ASN1_INTEGER_{get,set}_{u,}int64().
ok beck@ tb@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of inl, outl, and outll, use in_len, out_len, and buf_out_len.
Use the appropriate types for them. Check return values properly, check
for overflow. Remove some unnecessary casts and add some for readability.
Use asn1_abs_set_unused_bits() instead of inlining it.
This removes the last direct consumer of ASN1_STRING_FLAG_BITS_LEFT
outside of asn1/a_bitstr.c. The flag is still mentioned in x509/x509_addr.c
but that will hopefully go away soon.
tweaks/ok jsing
|
| |
|
|
|
|
|
| |
This streamlines the logic and uses ASN1_STRING_set0() and
asn1_abs_set_unused_bits() instead of inlining them.
ok jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
Factor out the ef->asn1_ex_d2i() callback handling - this allows us to pull
out all of the related variables into a self-contained function.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Also use array indexes for it->templates, rather than trying to be extra
clever in for loops (suggested by tb@ during a review).
No functional change.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
It no longer makes sense to have "extended" versions of functions
internally.
No functional change.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Unfortunately, several things in the ecosystem depend on the existing
API behavior of being able to pass in an uninitialized pointer on the
stack: haproxy, grpc, mongo-tools and others show up on the first two
pages of Debian codesearch.
ok jsing
|
| |
|
|
|
|
|
|
| |
Order functions by use, moving public API to the bottom and utility
functions to the top. This makes the code more logical/readable, plus we
can remove all except one of the static function prototypes.
No functional change.
|
| |
|
|
|
|
|
|
|
|
| |
Rewrite the asn1_template_*() functions with CBS, readable variable names
and free then alloc.
This was the last caller of asn1_check_eoc() and asn1_check_tag(), hence
remove them and rename the _cbs suffixed versions in their place.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Split the object content handling off into asn1_d2i_ex_primitive_content(),
move the handling ov V_ASN1_ANY into asn1_d2i_ex_any() and move the MSTRING
handling into asn1_d2i_ex_mstring(). This way we parse the header once
(rather than twice for ANY and MSTRING), then process the content, while
also avoiding complex special cases in a single code path.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Change asn1_template_ex_d2i() so that we short circuit in the no explicit
tagging case.
Split out the SET OF/SEQUENCE OF handling from asn1_template_noexp_d2i()
into a asn1_template_stack_of_d2i() function and simplify the remaining
code.
ok tb@
|
| |
|
|
|
|
| |
Should have been part of a previous commit.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Instead of using a temporary variable on the stack, we can use the usual
Henson mechanism for allocating the struct. Make the function single exit
and throw an error instead of crashing or leaking if out is NULL or *out
is non-NULL.
tweaks/ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A long standing failure to initialize a struct on the stack fully was
exposed by a recent refactoring. Fortunately, the uninitialized 'flag'
member is only used to decide whether or not to call freezero(NULL, 0),
so it is completely harmless. This is a first trivial fix, a better
version will be landed separately with regress.
Reported by Steffen Jaeckel, GH #760
ok beck
|
| |
|
|
|
|
| |
Now that combine no longer exists, we can also free and reallocate.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Due to a confusion of two CBS, the API would incorrectly advance the
*der_in pointer, resulting in a DER parse failure.
Issue reported by Aram Sargsyan
ok jsing
|
| |
|
|
|
|
|
|
| |
In asn1_item_ex_d2i_choice(), only call the ASN1_OP_D2I_PRE callback after
allocation has occurred via ASN1_item_ex_new(). This matches the sequence
handling code and the documentation.
Discussed with tb@
|
| |
|
|
|
|
|
| |
This function does not actually free an ASN1_ENCODING, which are embedded
in a struct.
Name suggested by tb@
|
| |
|
|
|
|
| |
Now that combine no longer exists, we can also free and reallocate.
ok tb@
|
| |
|
|
|
|
| |
Rework and clean up other asn1_enc_* related functions while here.
ok tb@
|
| |
|
|
|
|
|
|
| |
While ASN1_ENCODING is currently only used with types that should only
contain public information, we assume that ASN.1 may contain sensitive
information, hence use freezero() here instead of free().
ok deraadt@ tb@
|
| |
|
|
|
|
|
|
| |
This workaround was used by ASN1_BROKEN_SEQUENCE, which existed for
NETSCAPE_ENCRYPTED_PKEY. Remove the workaround since the only consumer
has already been removed.
ok tb@
|
| |
|
|
|
|
|
|
| |
This requires a few wrappers to call into some non-CBS functions, however
we can now remove the asn1_d2i_ex_primitive() wrapper as there are no
longer any non-CBS callers.
ok tb@
|
| |
|
|
|
|
|
|
| |
This was an option used to combine ASN.1 into a single structure, which was
only ever used by DSAPublicKey and X509_ATTRIBUTE. Since they no longer use
it we can mop this up and simplify all of the related code.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.
This removes the last use of COMBINE in the ASN.1 decoder.
ok tb@
|
| |
|
|
|
|
|
|
| |
Factor out the handling of CHOICE and SEQUENCE into their own functions.
This reduces complexity, reduces indentation and will allow for further
clean up.
ok beck@ tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The asn1_ex_c2i() function currently handles the V_ASN1_ANY case inline,
which means there multiple special cases, with pointer fudging and
restoring. Instead, split asn1_ex_c2i() into three functions - one that
only handles storage into a primitive type (asn1_ex_c2i_primitive()), one
that handles the V_ASN1_ANY case (asn1_ex_c2i_any()) and calls
asn1_ex_c2i_primitive() with the correct pointer and an asn1_ex_c2i()
that handles the custom functions case, before dispatching to
asn1_ex_c2i_any() or asn1_ex_c2i_primitive(), as appropriate.
This results in cleaner and simpler code.
With input from and ok tb@
|
| |
|
|
|
|
|
|
| |
Change asn1_get_length_cbs() and asn1_get_object_cbs() to handle and return
a length as a size_t rather than a uint32_t. This makes it simpler and less
error prone in the callers.
Suggested by and ok tb@
|
| |
|
|
|
|
| |
Use more readable variable and arguments names in the process.
ok tb@
|
