| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A nasty quirk in the bit string handling is that the serialization
produced by i2d_ASN1_BIT_STRING() depends on whether the the magic
ASN1_STRING_FLAG_BITS_LEFT is set.
If ASN1_STRING_FLAG_BITS_LEFT is set, the number of unused bits is
carried in a->flags & 0x07 and the remainder of the bit string is
in a->data. This is terrible and undocumented but handled correctly.
If ASN1_STRING_FLAG_BITS_LEFT is not set, all trailing zero bits are
(intended to be) chopped off with all sorts of hilarious side effects.
I broke this quite thoroughly when I incorrectly ported an overflow
check from BoringSSL in:
https://github.com/openbsd/src/commit/f81cc285d2aed8b36615119a306533696f3eb66c
The result is that we currently return ret = a->length + 1 for both NULL
and non-NULL pp. The calls to asn1_ex_i2c() in asn1_i2d_ex_primitive()
thus report consistent lengths back, making it succeed.
asn1_i2d_ex_primitive() therefore skips a->length + 1 bytes, while
i2c_ASN1_BIT_STRING() only overwrites len + 1 bytes, which are possibly
fewer. So a caller passing in an output buffer containing garbage
(malloc) will get some of that garbage back in the encoding. Further,
i2c_ASN1_BIT_STRING() also advances that pointer by the possibly reduced
len + 1, but that fortunately doesn't matter since that's an effect
local to asn1_ex_i2c(), the only caller of i2c_ASN1_BIT_STRING().
The last bit is that the current behavior may set bogus unused bits
coming from the scanning backward madness. I added such an example in
the parent commit.
The fix is simple: use len after the truncation effect was established,
not the original a->length, turning this commit into what my backport
should have been.
This fixes the two currently failing regress tests, so remove expected
failure marker again.
ok jsing kenjiro
|
| |
|
|
| |
This is another test that fails due to the bug in i2c_ASN1_BIT_STRING().
|
| |
|
|
| |
This test fails, so mark the asn1basic test as an expected failure
|
| |
|
|
|
|
| |
There is a bug in i2c_ASN1_BIT_STRING() resulting in nonsense encoding of
some BIT STRINGs with trailing zeroes if ASN1_STRING_FLAG_BITS_LEFT is not
set (a rare corner case). This test currently passes when it shouldn't.
|
| |
|
|
|
|
|
| |
Exercises the batshit crazy truncation behavior of ASN1_BIT_STRING_set_bit()
Based on https://boringssl-review.googlesource.com/c/boringssl/+/48225
(still under ISC).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously, invalid generalized time tests were split into a separate
set of test vectors and a flag was used when calling the test function to
indicate they should be tested as generalized only.
This simplifies the code a bit, and makes converting to the new test
framework easier.
ok jsing
|
| |
|
|
| |
From Kenjiro Nakayama
|
| |
|
|
| |
extracted from a diff by Kenjiro Nakayama
|
| | |
|
| |
|
|
|
|
| |
failed was set to 0 at the top of the function, so failure and success
were indistinguishable. Move failed = 0 to the end so it can actually
fail.
|
| | |
|
| | |
|
| |
|
|
|
| |
Also add a test case with a generalized time representing the moment
one second past the 32-bit epoch wrap.
|
| |
|
|
| |
It wasn't quite right, but I also think the test is bogus.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes it where people can't put dumb values in certs without
trying harder, and changes the regress to test this.
GENERALIZED times outside of the RFC5280 spec are required for OCSP
but these should be constructed with the GENERALIZED time string
setters.
ok tb@
|
| |
|
|
| |
X509_ALGOR_set0_evp_md()
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This exercises the new API, in particular with respect to overflow behavior
around the years 0/9999, which are special for GeneralizedTime/X.509.
|
| |
|
|
|
|
|
| |
The failed variable was erroneously initialized to 0, making this test
always pass.
From Christian Andersen, thanks!
|
| |
|
|
|
|
|
|
| |
If it wasn't for security/xca, all of the ASN1_STRING_TABLE API would
hit the attic before long. API design by a trained professional...
The table can at least be made immutable, which in turn makes this test
entirely pointless.
|
| |
|
|
|
|
| |
Once we remove X509_ALGOR_set_md() we can link this test statically and use
X509_ALGOR_set_evp_md() but for now make sure the documented workaround for
this garbage API works.
|
| | |
|
| | |
|
| |
|
|
| |
fixed.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This covers the setters and getters. Serialization and deserialization as
well as comparison is already well covered by the pieces of regress using
certs.
There is currently one printf indicating failure. This will be fixed
shortly.
|
| | |
|
| |
|
|
|
| |
ASN1_UTCTIME_cmp_tim_t() could be done similarly, but then I have to mess
with LIBRESSL_INTERNAL. Let's do this after unlock.
|
| | |
|
| |
|
|
| |
Sprinkle some (static) const and garbage collect an unused struct.
|
| |
|
|
| |
OK tb@
|
| | |
|
| |
|
|
| |
quirks and invariants.
|
| | |
|
| |
|
|
| |
Should make coverity happier
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
|
|
|
|
| |
Check for ASN_STRING_to_UTF8() failure before checking it matches our
expectations. This should convey clearly that test->want_len is never
negative.
CID 377011
Diagnosed by jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
