aboutsummaryrefslogtreecommitdiff
path: root/crypto/asn1
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2016-05-03 18:00:27 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2016-05-03 18:00:27 +0000
commit57f1256b1a087adbdf8e5c080dd9ed7975de939a (patch)
tree2dd85c58056a364765d9ae59d6a1774d41f88523 /crypto/asn1
parent9aeed18ad799c20d3accf6e1535817538dc983f6 (diff)
downloadsrc-57f1256b1a087adbdf8e5c080dd9ed7975de939a.tar.gz
src-57f1256b1a087adbdf8e5c080dd9ed7975de939a.zip
Import OpenSSL 1.0.2h.vendor/openssl/1.0.2h
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=298991 svn path=/vendor-crypto/openssl/1.0.2h/; revision=298992; tag=vendor/openssl/1.0.2h
Diffstat (limited to 'crypto/asn1')
-rw-r--r--crypto/asn1/a_bytes.c4
-rw-r--r--crypto/asn1/a_d2i_fp.c36
-rw-r--r--crypto/asn1/a_type.c2
-rw-r--r--crypto/asn1/asn1_lib.c18
-rw-r--r--crypto/asn1/asn1_par.c17
-rw-r--r--crypto/asn1/t_x509.c3
-rw-r--r--crypto/asn1/tasn_dec.c2
-rw-r--r--crypto/asn1/tasn_enc.c2
-rw-r--r--crypto/asn1/x_name.c11
-rw-r--r--crypto/asn1/x_x509.c16
10 files changed, 74 insertions, 37 deletions
diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
index 12715a72809d..385b53986a29 100644
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
} else {
if (len != 0) {
if ((ret->length < len) || (ret->data == NULL)) {
- if (ret->data != NULL)
- OPENSSL_free(ret->data);
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
}
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
} else
s = ret->data;
memcpy(s, p, (int)len);
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index a1864b42c977..51b6f245ab10 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
#endif
#define HEADER_SIZE 8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
@@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
/* suck in c.slen bytes of data */
want = c.slen;
if (want > (len - off)) {
+ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
want -= (len - off);
if (want > INT_MAX /* BIO_read takes an int length */ ||
len + want < len) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
- if (!BUF_MEM_grow_clean(b, len + want)) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
- goto err;
- }
while (want > 0) {
- i = BIO_read(in, &(b->data[len]), want);
- if (i <= 0) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
- ASN1_R_NOT_ENOUGH_DATA);
+ /*
+ * Read content in chunks of increasing size
+ * so we can return an error for EOF without
+ * having to allocate the entire content length
+ * in one go.
+ */
+ size_t chunk = want > chunk_max ? chunk_max : want;
+
+ if (!BUF_MEM_grow_clean(b, len + chunk)) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
+ want -= chunk;
+ while (chunk > 0) {
+ i = BIO_read(in, &(b->data[len]), chunk);
+ if (i <= 0) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+ ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
/*
* This can't overflow because |len+want| didn't
* overflow.
*/
- len += i;
- want -= i;
+ len += i;
+ chunk -= i;
+ }
+ if (chunk_max < INT_MAX/2)
+ chunk_max *= 2;
}
}
if (off + c.slen < off) {
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index af795306b5bf..bb166e8568b5 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -126,9 +126,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
result = 0; /* They do not have content. */
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
case V_ASN1_BIT_STRING:
case V_ASN1_OCTET_STRING:
case V_ASN1_SEQUENCE:
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 0b61fc930967..874b1af8b09a 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -63,7 +63,7 @@
#include <openssl/asn1_mac.h>
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
- int max);
+ long max);
static void asn1_put_length(unsigned char **pp, int length);
const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
@@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
}
*ptag = tag;
*pclass = xclass;
- if (!asn1_get_length(&p, &inf, plength, (int)max))
+ if (!asn1_get_length(&p, &inf, plength, max))
goto err;
if (inf && !(ret & V_ASN1_CONSTRUCTED))
@@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
}
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
- int max)
+ long max)
{
const unsigned char *p = *pp;
unsigned long ret = 0;
- unsigned int i;
+ unsigned long i;
if (max-- < 1)
- return (0);
+ return 0;
if (*p == 0x80) {
*inf = 1;
ret = 0;
@@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
*inf = 0;
i = *p & 0x7f;
if (*(p++) & 0x80) {
- if (i > sizeof(long))
+ if (i > sizeof(ret) || max < (long)i)
return 0;
- if (max-- == 0)
- return (0);
while (i-- > 0) {
ret <<= 8L;
ret |= *(p++);
- if (max-- == 0)
- return (0);
}
} else
ret = i;
@@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
return 0;
*pp = p;
*rl = (long)ret;
- return (1);
+ return 1;
}
/*
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 0ca985a2be1e..e85e3398b6bb 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
goto end;
if (j & V_ASN1_CONSTRUCTED) {
+ const unsigned char *sp;
+
ep = p + len;
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
@@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
goto end;
}
if ((j == 0x21) && (len == 0)) {
+ sp = p;
for (;;) {
r = asn1_parse2(bp, &p, (long)(tot - p),
offset + (p - *pp), depth + 1,
@@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
ret = 0;
goto end;
}
- if ((r == 2) || (p >= tot))
+ if ((r == 2) || (p >= tot)) {
+ len = p - sp;
break;
+ }
}
- } else
+ } else {
+ long tmp = len;
+
while (p < ep) {
- r = asn1_parse2(bp, &p, (long)len,
- offset + (p - *pp), depth + 1,
+ sp = p;
+ r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
indent, dump);
if (r == 0) {
ret = 0;
goto end;
}
+ tmp -= p - sp;
}
+ }
} else if (xclass != 0) {
p += len;
if (BIO_write(bp, "\n", 1) <= 0)
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 8aab55130c95..8888396f8434 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -140,7 +140,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
goto err;
bs = X509_get_serialNumber(x);
- if (bs->length <= (int)sizeof(long)) {
+ if (bs->length < (int)sizeof(long)
+ || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
l = ASN1_INTEGER_get(bs);
if (bs->type == V_ASN1_NEG_INTEGER) {
l = -l;
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 5a507967c894..6bdcd5c542ca 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -901,9 +901,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
tint = (ASN1_INTEGER **)pval;
if (!c2i_ASN1_INTEGER(tint, &cont, len))
goto err;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index f04a6892a8d9..f7f83e56a981 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -611,9 +611,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
/*
* These are all have the same content format as ASN1_INTEGER
*/
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index 737c426f2dea..a858c2993b90 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -66,6 +66,13 @@
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
+ if (len > X509_NAME_MAX) {
+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+ return 0;
+ }
q = p;
/* Get internal representation of Name */
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e2cac836943d..e31e1e750d9d 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -201,10 +201,20 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
int i2d_X509_AUX(X509 *a, unsigned char **pp)
{
- int length;
+ int length, tmplen;
+ unsigned char *start = pp != NULL ? *pp : NULL;
length = i2d_X509(a, pp);
- if (a)
- length += i2d_X509_CERT_AUX(a->aux, pp);
+ if (length < 0 || a == NULL)
+ return length;
+
+ tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+ if (tmplen < 0) {
+ if (start != NULL)
+ *pp = start;
+ return tmplen;
+ }
+ length += tmplen;
+
return length;
}