summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Use "if (ptr == NULL)" instead of "if (!ptr)"tb2023-03-111-3/+3
| | | | Requested by jsing
* Fix double free after BIO_new_NDEF()tb2023-03-111-6/+7
| | | | | | | | | | | | Once the asn_bio is prepended to the out chain, and before the asn1_cb() has done its thing, asn_bio needs to be popped off again on error. Failing to do this can cause write after frees or double frees when the out BIO is used after the function returned. Based on a very complicated diff by Matt Caswell and Viktor Dukhovni. This was part of the fixes in OpenSSL 1.1.1t. ok jsing
* Remove a pesky space.jsing2023-03-111-2/+2
|
* ASN.1 BIO: properly wire up prefix_free and suffix_freetb2023-03-101-1/+7
| | | | | | | | | | | | | | If something goes wrong before the ASN.1 BIO state machine has passed both flushing states, asn1_bio_free() forgets to free the ndef_aux and the ex_arg since the prefix_free() and suffix_free callbacks are not called. This can lead to leaks, notably in streaming bios. Part of https://github.com/openssl/openssl/pull/15999 I have a regress covering this but it is not yet ready to land. ok beck jsing
* Return the correct type for ASN.1 BOOLEANstb2023-03-101-5/+9
| | | | | | | | | | | | | ASN.1 BOOLEANs and ASN.1 NULL are handled specially in the ASN.1 sausage factory and they are special in that they don't have a->value.ptr set. Both need to be special cased here since they fail the a->type.ptr != NULL check. Apart from fixing an obvious bug in ASN1_TYPE_get(), this fixes another crash in openssl(1) asn1parse. There is more to do in the vicinity, but that is more complex and will have to wait for OpenBSD 7.3-current. with/ok jsing
* Clean up ndef_{prefix,suffix}_free()tb2023-03-061-8/+13
| | | | | | | | These functions are rather similar, so there's no need for the code to be wildly different. Add a missing NULL check to ndef_prefix_free() since that will be needed in a subsequent commit. ok jsing
* Rework asn1_item_flags_i2d()tb2023-03-061-19/+20
| | | | | | | | Flip the logic of NULL checks on out and *out to unindent, use calloc() instead of malloc() and check on assign. Also drop the newly added len2 again, it isn't needed. ok jsing
* ASN.1 enc: check ASN1_item_ex_i2d() consistencytb2023-03-061-3/+8
| | | | | | | | | | | | | The i2d API design is: call a function first with a pointer to NULL, get the length, allocate a buffer, call the function passing the buffer in. Both calls should be checked since ther are still internal allocations. At the heart of ASN.1 encoding, this idiom is used and the second call is assumed to succeed after the length was determined. This is far from guaranteed. Check that the second call returns the same length and error otherwise. ok jsing
* Avoid infinite loop in bio_asn1 state machinetb2023-03-041-2/+2
| | | | | | | | | | | | If the BIO_write() in the ASN1_STATE_DATA_COPY state fails, incorrect error handling will break out of the switch without changing the state, and the infinite for loop will immediately try the same write again, which is unlikely to succeed... Clearly this code intended to break out of the loop instead. Via OpenSSL 1.1 commit 723f616df81ea05f31407f7417f49eea89bb459a ok millert
* Prevent 1-byte out-of-bounds read in i2c_ASN1_BIT_STRINGtb2023-01-131-2/+4
| | | | | | | | | | If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data, this old code would end up reading from a->data[-1]. This may or may not crash. Luckily, anton observed two openssl-ruby regress test failures in the last few days, which could eventually be traced back to this (after a lot of painful digging due to coredumps not working properly). ok jsing
* Add explicit LL suffixes to large constants to appease some compilers onmiod2023-01-011-2/+3
| | | | | | 32-bit platforms; NFCI ok tb@
* Prepare to provide X509_CRL_get0_sigalg()tb2022-12-261-1/+7
| | | | | | | | | This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which does not provide a way to access the tbs sigalg of a CRL. This is needed in security/pivy. From Alex Wilson ok jsing
* spelling fixes; from paul tagliamontejmc2022-12-262-4/+4
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Garbage collect the unused asn1_add_error()tb2022-11-281-7/+1
| | | | ok jsing
* Make internal header file names consistenttb2022-11-2642-92/+92
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Rename last OPENSSL_gmtime() to asn1_time_time_t_to_tm()tb2022-11-221-2/+2
| | | | | | | This rename was done before commit, but one instance was missed since it was hidden behind #ifdef SMALL_TIME_T. Spotted by Android CI.
* Expose ASN1_buf_print() in asn1.htb2022-11-131-3/+1
| | | | | This is needed to print the 32-byte Ed25519 keys which aren't handled as BNs.
* Implement EVP interfaces for Ed25519 and X25519.jsing2022-11-101-1/+5
| | | | ok beck@ tb@
* Port EVP raw key API from OpenSSL.jsing2022-11-101-1/+10
| | | | | | This will be needed to deal with Curve25519 based keys. ok beck@ tb@
* Port ASN1_buf_print() from OpenSSL 1.1.jsing2022-11-102-2/+34
| | | | | | This is needed to print byte array based keys, such as Ed25519 and X25519. ok beck@ tb@
* Clean up EVP_PKEY_ASN1_METHOD related tables and code.jsing2022-11-091-87/+52
| | | | | | | | | | | Rather than messing around with an OBJ_bsearch() for a table that contains 16 entries (and a stack find for any application added methods), simply do a reverse linear scan. This maintains the application method first behaviour, while removing a chunk of code. While here rename some variables and do some style clean up. ok tb@
* Sort EVP_PKEY_ASN1_METHOD externs.jsing2022-11-091-6/+6
|
* Avoid signed integer overflow in i2c_ASN1_BIT_STRING()tb2022-11-081-5/+9
| | | | | | | | | If the length of the bitstring is INT_MAX, adding 1 to it is undefined behavior, so error out before doing so. Based on BoringSSL eeb3333f by davidben ok beck joshua
* Add missing $OpenBSD$beck2022-11-081-0/+1
|
* Replace the old OpenSSL julian date stuff with BoringSSL'sbeck2022-11-084-10/+286
| | | | | | | | | | | | OpenSSL dealt with time conversion using a classical julian day scheme. BoringSSL got rid of it and uses only a julian style calculation for seconds since the POSIX time epoch. This changes libressl to use the seconds calculation exculusively instead of a mix of the julian day based conversions and the system time conversions to and from time_t to tm. ok tb@ jsing@
* Unbreak ASN.1 indefinite length encoding.jsing2022-10-171-4/+4
| | | | | | | | | | | In r1.25 of tasn_enc.c a check was added to ensure that asn1_ex_i2c() returned the same value on both calls, however in the ndef case the len variable gets changed between calls. Keep a copy of the original value to test against. Issue reported by niklas, who encountered a test failure in rust-openssl. ok miod@ tb@
* Remove c2i_* and i2c_* from public visibilitytb2022-09-112-10/+11
| | | | | | | | This removes c2i_ASN1_OBJECT(), {c2i,i2c}_ASN1_BIT_STRING() and {c2i,i2c}_ASN1_INTEGER(). These are not part of the OpenSSL 1.1 API and should never have been exposed in the first place. ok jsing
* Rewrap some lines, no functional change.jsing2022-09-031-4/+6
|
* Tidy up asn1_c2i_primitive() slightly.jsing2022-09-031-8/+8
| | | | | | Rename some variables and consistently goto error. ok tb@
* Avoid recycling ASN1_STRINGs when decoding ASN.1.jsing2022-09-031-14/+12
| | | | | | | | Rather than recycling an existing ASN1_STRING and changing its type, free it and allocate a replacement. This simplifies the code and potentially avoids bugs resulting from reuse. ok tb@
* Remove duplicate prototype that just snuck in.jsing2022-09-031-3/+1
|
* Ensure ASN.1 types are appropriately encoded.jsing2022-09-033-7/+52
| | | | | | | | Per X.690, some ASN.1 types must be primitive encoded, some must be constructed and some may be either. Add this data to our types table and check the encoding against this information when decoding. ok tb@
* Provide c2i_ASN1_ENUMERATED_cbs() and call it from asn1_c2i_primitive().jsing2022-09-033-9/+33
| | | | | | | This avoids asn1_c2i_primitive() from needing knowledge about the internals of ASN1_INTEGER and ASN1_ENUMERATED. ok tb@
* Stop using CBIGNUM_it internal to libcrypto.jsing2022-09-031-2/+5
| | | | | | | | | CBIGNUM_it is supposed to be the "clear bignum" or "secure" bignum - that is one which zeros its memory after use and ensures that the constant time flags are set... in LibreSSL we always do both of these things for BIGNUMs, so just use BIGNUM_it instead. ok tb@
* Plug memory leak in X509_REQ_print_ex()tb2022-08-301-2/+4
| | | | | | CID 356353 ok jsing
* Provide ASN1_R_TYPE_NOT_PRIMITIVE.jsing2022-08-292-2/+4
| | | | | | Needed for an upcoming change. ok tb@
* Encode an ASN.1 INTEGER with NULL data to value of zero.jsing2022-08-281-2/+4
| | | | | | | | | | | When an ASN1_INTEGER is created it has NULL data until a value is set - previously, an ASN1_INTEGER in this state encoded to an ASN.1 INTEGER with a value of 0, rather than being treated as an error. While code should really set values, the historical behaviour has not required this. Found the hard way by sthen@ with acme-client. ok tb@
* Rewrite i2c_ASN1_INTEGER() using CBB/CBS.jsing2022-08-201-97/+100
| | | | | | | | | | This gives us cleaner and safer code, although it is worth noting that we now generate the encoding even when called with NULL as the output pointer (and then discard it, returning just the length). Resolves oss-fuzz #49963. ok tb@
* Make it possible to signal an error from an i2c_* function.jsing2022-08-201-2/+7
| | | | | | | | | | | | | | | | In asn1_i2d_ex_primitive(), asn1_ex_i2c() returning -1 is used to indicate that the object is optional and should be skipped, while -2 is used to indicate that indefinite length encoding should be used. Any other negative value was treated as success, resulting in the out pointer being walked backwards. Avoid this by treating any negative value (aside from -1 and -2) as a failure, propagating it up the stack. Additionally, check the return value of the second asn1_ex_i2c() call to ensure that it matches the value returned by the first call. This makes sure that the length of the encoded object is correct, plus it detects the case where a failure occurs during the second call. Discussed with tb@ (who also flagged the negative value issue).
* Remove unused variabletb2022-08-111-6/+3
| | | | | | | | | | | X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it. ok jsing
* Avoid signed integer overflow due to unary negationtb2022-08-101-12/+8
| | | | | | | | | | | | The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes oss-fuzz #49944 with/ok jsing
* Cast int64_t to uint64_t for negatingtb2022-08-101-3/+7
| | | | | | | | Avoid signed integer overflow by casting an int64_t to uint64_t before negating. Same fix was applied in a_int.c -r1.44, but was forgotten to be applied to a_enum.c. ok jsing
* Only print versions we know abouttb2022-08-101-4/+10
| | | | | | | | | | | | The version field of an X.509 Certificate is an enum Version ::= INTEGER { v1(0), v2(1), v3(2) } Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version. ok jsing
* Use ASN1_INTEGER to encode/decode BIGNUM_it.jsing2022-07-301-34/+48
| | | | | | | | | | The current code simply shoves the unvalidated ASN.1 bytes into a BIGNUM on the hope that other things will detect issues (such as negative values being flipped to positive). Instead of doing this, decode and validate the ASN.1 data using ASN1_INTEGER, then convert it to a BIGNUM. Similarly, for encoding convert from BIGNUM to ASN1_INTEGER and use ASN1_INTEGER encoding. ok tb@
* Provide and use a primitive clear function for BIGNUM_it.jsing2022-07-301-8/+15
| | | | | | Also tidy up bn_new() while here. ok tb@
* Cast int64_t to uint64_t before negating.jsing2022-07-131-3/+7
| | | | | | | | | Avoid undefined behaviour/integer overflow by casting an int64_t to uint64_t before negating. Fixes oss-fuzz #49043 ok tb@
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Make ASN1_{INTEGER,ENUMERATED}_get() return 0 on NULL againtb2022-07-092-2/+6
| | | | | | | | This is the documented behavior which got lost in the recent rewrite. Mismatch of documentation and reality pointed out by schwarze ok jsing
* Expose new API in headers.tb2022-07-071-7/+1
| | | | | | | These are mostly security-level related, but there are also ASN1_TIME and ASN_INTEGER functions here, as well as some missing accessors. ok jsing
* The OpenSSL API is called ASN1_TIME_set_string_X509() (uppercase x)tb2022-07-042-4/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:37:15 +0000