| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A nasty quirk in the bit string handling is that the serialization
produced by i2d_ASN1_BIT_STRING() depends on whether the the magic
ASN1_STRING_FLAG_BITS_LEFT is set.
If ASN1_STRING_FLAG_BITS_LEFT is set, the number of unused bits is
carried in a->flags & 0x07 and the remainder of the bit string is
in a->data. This is terrible and undocumented but handled correctly.
If ASN1_STRING_FLAG_BITS_LEFT is not set, all trailing zero bits are
(intended to be) chopped off with all sorts of hilarious side effects.
I broke this quite thoroughly when I incorrectly ported an overflow
check from BoringSSL in:
https://github.com/openbsd/src/commit/f81cc285d2aed8b36615119a306533696f3eb66c
The result is that we currently return ret = a->length + 1 for both NULL
and non-NULL pp. The calls to asn1_ex_i2c() in asn1_i2d_ex_primitive()
thus report consistent lengths back, making it succeed.
asn1_i2d_ex_primitive() therefore skips a->length + 1 bytes, while
i2c_ASN1_BIT_STRING() only overwrites len + 1 bytes, which are possibly
fewer. So a caller passing in an output buffer containing garbage
(malloc) will get some of that garbage back in the encoding. Further,
i2c_ASN1_BIT_STRING() also advances that pointer by the possibly reduced
len + 1, but that fortunately doesn't matter since that's an effect
local to asn1_ex_i2c(), the only caller of i2c_ASN1_BIT_STRING().
The last bit is that the current behavior may set bogus unused bits
coming from the scanning backward madness. I added such an example in
the parent commit.
The fix is simple: use len after the truncation effect was established,
not the original a->length, turning this commit into what my backport
should have been.
This fixes the two currently failing regress tests, so remove expected
failure marker again.
ok jsing kenjiro
|
| |
|
|
| |
This test fails, so mark the asn1basic test as an expected failure
|
| |
|
|
| |
X509_ALGOR_set0_evp_md()
|
| |
|
|
|
| |
This exercises the new API, in particular with respect to overflow behavior
around the years 0/9999, which are special for GeneralizedTime/X.509.
|
| |
|
|
|
|
|
|
| |
If it wasn't for security/xca, all of the ASN1_STRING_TABLE API would
hit the attic before long. API design by a trained professional...
The table can at least be made immutable, which in turn makes this test
entirely pointless.
|
| |
|
|
|
|
|
|
|
| |
This covers the setters and getters. Serialization and deserialization as
well as comparison is already well covered by the pieces of regress using
certs.
There is currently one printf indicating failure. This will be fixed
shortly.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
so that it works and compiles during the tb@ pre-bump shuffle(tm).
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
after the bump
|
| | |
|
| |
|
|
|
| |
It will need this for testing {d2i,i2d}_ASN1_BOOLEAN which will be
moved to internal-only in the upcoming bump.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
from the OpenSSL 1.1.1 branch, which is still under a free license,
mostly this commit:
commit d35c0ff30b31be9fd5dcf3d552a16feb8de464bc
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Fri Oct 19 15:06:31 2012 +0000
fix ASN1_STRING_TABLE_add so it can override existing string table values
This fixes a segfault in ASN1_STRING_TABLE_add(3), which tried to change a
static const entry when called with an nid already in the default table,
and it switches the precedence of the two tables in ASN1_STRING_TABLE_get(3).
In addition, it changes behaviour in the following minor ways:
* Ignore negative minsize and maxsize arguments, not just -1.
* Ignore a zero mask and zero flags.
It's unclear whether these additional changes make the API absolutely
better, but we want compatibility with OpenSSL in these functions.
Tweaks & OK tb@.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
As a side effect, this also tests various aspects of ASN1_STRING_new(3),
ASN1_STRING_set(3), ASN1_STRING_length_set(3), ASN1_STRING_get0_data(3),
ASN1_STRING_length(3), and ASN1_STRING_type(3).
|
| |
|
|
| |
Suggested by jsing
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Note some of these will yet fail with the current libcrypto as the current
X509_cmp_time is not RFC5280 compliant
ok jsing@
|
| |
|
