[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Tue Apr 4 09:32:08 UTC 2017
The branch master has been updated
via 79b3452faf04f2572f57eb37b618cc603d9983da (commit)
via 8ac6a53100bd6730a8824968ec25dccc727c29c9 (commit)
via 37332ecc010276b899810aa3ac26885bd9dcb57c (commit)
via 66ecfb5437b22664a4358e8de6da942727f5fb11 (commit)
via 5c7e65486c15f6b93ee413515612e6031dc2e416 (commit)
via 93f7d6fc10b75814d90d804edb56947cacf8964e (commit)
from 8edb4ee1a237b43d9520eaa658a4ad2671e8dd0c (commit)
- Log -----------------------------------------------------------------
commit 79b3452faf04f2572f57eb37b618cc603d9983da
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Mar 31 21:31:43 2017 +0200
Fix faulty check of padding in x_long.c
Bug uncovered by test
[extended tests]
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
commit 8ac6a53100bd6730a8824968ec25dccc727c29c9
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 27 16:11:11 2017 +0100
Fix a possible integer overflow in long_c2i
Credit to OSS-Fuzz for finding this.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
commit 37332ecc010276b899810aa3ac26885bd9dcb57c
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Mar 31 21:28:20 2017 +0200
Add a test of encoding and decoding LONG, INT32, UINT32, INT64 and UINT64
Also Z varieties.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
commit 66ecfb5437b22664a4358e8de6da942727f5fb11
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Mar 30 13:33:33 2017 +0200
Convert SSL_SESSION_ASN1 to use size specific integers
This increases portability of SSL_SESSION files between architectures
where the size of |long| may vary. Before this, SSL_SESSION files
produced on a 64-bit long architecture may break on a 32-bit long
architecture.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
commit 5c7e65486c15f6b93ee413515612e6031dc2e416
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Mar 30 13:33:20 2017 +0200
make update
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
commit 93f7d6fc10b75814d90d804edb56947cacf8964e
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Mar 30 13:31:16 2017 +0200
Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
Also Z varieties.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_int.c | 31 +-
crypto/asn1/asn1_err.c | 5 +-
crypto/asn1/asn1_locl.h | 6 +-
crypto/asn1/build.info | 2 +-
crypto/asn1/x_int64.c | 213 ++++++
crypto/asn1/x_long.c | 11 +-
.../siphash_local.h => include/internal/asn1t.h | 22 +-
include/openssl/asn1.h | 3 +
ssl/ssl_asn1.c | 38 +-
test/asn1_encode_test.c | 717 +++++++++++++++++++++
test/build.info | 7 +-
.../{60-test_x509_time.t => 04-test_asn1_encode.t} | 2 +-
util/libcrypto.num | 16 +
util/mkdef.pl | 1 +
14 files changed, 1034 insertions(+), 40 deletions(-)
create mode 100644 crypto/asn1/x_int64.c
copy crypto/siphash/siphash_local.h => include/internal/asn1t.h (51%)
create mode 100644 test/asn1_encode_test.c
copy test/recipes/{60-test_x509_time.t => 04-test_asn1_encode.t} (87%)
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index c40c7fa..4981ddb 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -622,3 +622,32 @@ BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
{
return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
}
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
+{
+ unsigned char buf[sizeof(uint64_t)];
+ size_t buflen;
+
+ buflen = c2i_ibuf(NULL, NULL, *pp, len);
+ if (buflen == 0)
+ return 0;
+ if (buflen > sizeof(uint64_t)) {
+ ASN1err(ASN1_F_C2I_UINT64_INT, ASN1_R_TOO_LARGE);
+ return 0;
+ }
+ (void)c2i_ibuf(buf, neg, *pp, len);
+ return asn1_get_uint64(ret, buf, buflen);
+}
+
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
+{
+ unsigned char buf[sizeof(uint64_t)];
+ size_t buflen;
+
+ buflen = asn1_put_uint64(buf, r);
+ if (p == NULL)
+ return i2c_ibuf(buf, buflen, neg, NULL);
+ return i2c_ibuf(buf, buflen, neg, &p);
+}
+
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 97c3dec..dd0e99e 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -85,6 +85,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"},
+ {ERR_FUNC(ASN1_F_C2I_UINT64_INT), "c2i_uint64_int"},
{ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"},
{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
@@ -110,6 +111,8 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
{ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"},
+ {ERR_FUNC(ASN1_F_UINT32_C2I), "uint32_c2i"},
+ {ERR_FUNC(ASN1_F_UINT64_C2I), "uint64_c2i"},
{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"},
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
index 5f597bd..9470c7d 100644
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,3 +76,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long length);
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len);
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
diff --git a/crypto/asn1/build.info b/crypto/asn1/build.info
index 242dbb7..d3e92c8 100644
--- a/crypto/asn1/build.info
+++ b/crypto/asn1/build.info
@@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\
a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_sig.c x_bignum.c \
- x_long.c x_info.c x_spki.c nsseq.c \
+ x_long.c x_int64.c x_info.c x_spki.c nsseq.c \
d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
t_pkey.c t_spki.c t_bitst.c \
tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
new file mode 100644
index 0000000..d180a3b
--- /dev/null
+++ b/crypto/asn1/x_int64.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/asn1t.h"
+#include "internal/numbers.h"
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+
+/*
+ * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
+ * This converts between an ASN1_INTEGER and those types directly.
+ * This is preferred to using the LONG / ZLONG primitives.
+ */
+
+/*
+ * We abuse the ASN1_ITEM fields |size| as a flags field
+ */
+#define INTxx_FLAG_ZERO_DEFAULT (1<<0)
+#define INTxx_FLAG_SIGNED (1<<1)
+
+static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(uint64_t *)pval = 0;
+ return 1;
+}
+
+static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(uint64_t *)pval = 0;
+}
+
+static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it)
+{
+ uint64_t utmp;
+ int neg = 0;
+ /* this exists to bypass broken gcc optimization */
+ char *cp = (char *)pval;
+
+ /* use memcpy, because we may not be uint64_t aligned */
+ memcpy(&utmp, cp, sizeof(utmp));
+
+ if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+ && utmp == 0)
+ return -1;
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && (int64_t)utmp < 0)
+ neg = 1;
+
+ return i2c_uint64_int(cont, utmp, neg);
+}
+
+static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ uint64_t utmp = 0;
+ char *cp = (char *)pval;
+ int neg = 0;
+
+ if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+ return 0;
+ if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+ ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+ return 0;
+ }
+ memcpy(cp, &utmp, sizeof(utmp));
+ return 1;
+}
+
+static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int indent, const ASN1_PCTX *pctx)
+{
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+ return BIO_printf(out, "%jd\n", *(int64_t *)pval);
+ return BIO_printf(out, "%ju\n", *(uint64_t *)pval);
+}
+
+/* 32-bit variants */
+
+static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(uint32_t *)pval = 0;
+ return 1;
+}
+
+static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(uint32_t *)pval = 0;
+}
+
+static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it)
+{
+ uint32_t utmp;
+ int neg = 0;
+ /* this exists to bypass broken gcc optimization */
+ char *cp = (char *)pval;
+
+ /* use memcpy, because we may not be uint32_t aligned */
+ memcpy(&utmp, cp, sizeof(utmp));
+
+ if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+ && utmp == 0)
+ return -1;
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && (int32_t)utmp < 0)
+ neg = 1;
+
+ return i2c_uint64_int(cont, (uint64_t)utmp, neg);
+}
+
+static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ uint64_t utmp = 0;
+ uint32_t utmp2 = 0;
+ char *cp = (char *)pval;
+ int neg = 0;
+
+ if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+ return 0;
+ if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+ ASN1err(ASN1_F_UINT32_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+ return 0;
+ }
+ utmp2 = (uint32_t)utmp;
+ if (utmp != utmp2
+ || ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && !neg && utmp2 > INT32_MAX)) {
+ ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_LARGE);
+ return 0;
+ }
+ memcpy(cp, &utmp2, sizeof(utmp2));
+ return 1;
+}
+
+static int uint32_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int indent, const ASN1_PCTX *pctx)
+{
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+ return BIO_printf(out, "%d\n", *(int32_t *)pval);
+ return BIO_printf(out, "%u\n", *(uint32_t *)pval);
+}
+
+
+/* Define the primitives themselves */
+
+static ASN1_PRIMITIVE_FUNCS uint32_pf = {
+ NULL, 0,
+ uint32_new,
+ uint32_free,
+ uint32_free, /* Clear should set to initial value */
+ uint32_c2i,
+ uint32_i2c,
+ uint32_print
+};
+
+static ASN1_PRIMITIVE_FUNCS uint64_pf = {
+ NULL, 0,
+ uint64_new,
+ uint64_free,
+ uint64_free, /* Clear should set to initial value */
+ uint64_c2i,
+ uint64_i2c,
+ uint64_print
+};
+
+ASN1_ITEM_start(INT32)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+ INTxx_FLAG_SIGNED, "INT32"
+ASN1_ITEM_end(INT32)
+
+ASN1_ITEM_start(UINT32)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32"
+ASN1_ITEM_end(UINT32)
+
+ASN1_ITEM_start(INT64)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+ INTxx_FLAG_SIGNED, "INT64"
+ASN1_ITEM_end(INT64)
+
+ASN1_ITEM_start(UINT64)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64"
+ASN1_ITEM_end(UINT64)
+
+ASN1_ITEM_start(ZINT32)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+ INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32"
+ASN1_ITEM_end(ZINT32)
+
+ASN1_ITEM_start(ZUINT32)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+ INTxx_FLAG_ZERO_DEFAULT, "ZUINT32"
+ASN1_ITEM_end(ZUINT32)
+
+ASN1_ITEM_start(ZINT64)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+ INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64"
+ASN1_ITEM_end(ZINT64)
+
+ASN1_ITEM_start(ZUINT64)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+ INTxx_FLAG_ZERO_DEFAULT, "ZUINT64"
+ASN1_ITEM_end(ZUINT64)
+
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index 233725f..a7b9023 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -110,7 +110,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
unsigned long utmp = 0;
char *cp = (char *)pval;
- if (len) {
+ if (len > 1) {
/*
* Check possible pad byte. Worst case, we're skipping past actual
* content, but since that's only with 0x00 and 0xff and we set neg
@@ -120,7 +120,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
case 0xff:
cont++;
len--;
- neg = 1;
+ neg = 0x80;
break;
case 0:
cont++;
@@ -139,6 +139,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
neg = 1;
else
neg = 0;
+ } else if (neg == (cont[0] & 0x80)) {
+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
+ return 0;
}
utmp = 0;
for (i = 0; i < len; i++) {
@@ -149,6 +152,10 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
utmp |= cont[i];
}
ltmp = (long)utmp;
+ if (ltmp < 0) {
+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+ return 0;
+ }
if (neg) {
ltmp = -ltmp;
ltmp--;
diff --git a/crypto/siphash/siphash_local.h b/include/internal/asn1t.h
similarity index 51%
copy from crypto/siphash/siphash_local.h
copy to include/internal/asn1t.h
index 5ad3476..32d637d 100644
--- a/crypto/siphash/siphash_local.h
+++ b/include/internal/asn1t.h
@@ -7,17 +7,13 @@
* https://www.openssl.org/source/license.html
*/
-/* Based on https://131002.net/siphash C reference implementation */
+#include <openssl/asn1t.h>
-struct siphash_st {
- uint64_t total_inlen;
- uint64_t v0;
- uint64_t v1;
- uint64_t v2;
- uint64_t v3;
- unsigned int len;
- int hash_size;
- int crounds;
- int drounds;
- unsigned char leavings[SIPHASH_BLOCK_SIZE];
-};
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 665b952..0bbdaba 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -949,6 +949,7 @@ int ERR_load_ASN1_strings(void);
# define ASN1_F_C2I_ASN1_INTEGER 194
# define ASN1_F_C2I_ASN1_OBJECT 196
# define ASN1_F_C2I_IBUF 226
+# define ASN1_F_C2I_UINT64_INT 101
# define ASN1_F_COLLECT_DATA 140
# define ASN1_F_D2I_ASN1_OBJECT 147
# define ASN1_F_D2I_ASN1_UINTEGER 150
@@ -974,6 +975,8 @@ int ERR_load_ASN1_strings(void);
# define ASN1_F_SMIME_READ_ASN1 212
# define ASN1_F_SMIME_TEXT 213
# define ASN1_F_STBL_MODULE_INIT 223
+# define ASN1_F_UINT32_C2I 105
+# define ASN1_F_UINT64_C2I 112
# define ASN1_F_X509_CRL_ADD0_REVOKED 169
# define ASN1_F_X509_INFO_NEW 170
# define ASN1_F_X509_NAME_ENCODE 203
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 856db20..0802dd4 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,25 +37,25 @@
#include <stdio.h>
#include <stdlib.h>
#include "ssl_locl.h"
-#include <openssl/asn1t.h>
+#include "internal/asn1t.h"
#include <openssl/x509.h>
typedef struct {
- long version;
- long ssl_version;
+ uint32_t version;
+ int32_t ssl_version;
ASN1_OCTET_STRING *cipher;
ASN1_OCTET_STRING *comp_id;
ASN1_OCTET_STRING *master_key;
ASN1_OCTET_STRING *session_id;
ASN1_OCTET_STRING *key_arg;
- long time;
- long timeout;
+ int64_t time;
+ int64_t timeout;
X509 *peer;
ASN1_OCTET_STRING *session_id_context;
- long verify_result;
+ int32_t verify_result;
ASN1_OCTET_STRING *tlsext_hostname;
- long tlsext_tick_lifetime_hint;
- long tlsext_tick_age_add;
+ uint64_t tlsext_tick_lifetime_hint;
+ uint32_t tlsext_tick_age_add;
ASN1_OCTET_STRING *tlsext_tick;
#ifndef OPENSSL_NO_PSK
ASN1_OCTET_STRING *psk_identity_hint;
@@ -64,37 +64,37 @@ typedef struct {
#ifndef OPENSSL_NO_SRP
ASN1_OCTET_STRING *srp_username;
#endif
- long flags;
+ uint64_t flags;
uint32_t max_early_data;
ASN1_OCTET_STRING *alpn_selected;
} SSL_SESSION_ASN1;
ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
- ASN1_SIMPLE(SSL_SESSION_ASN1, version, LONG),
- ASN1_SIMPLE(SSL_SESSION_ASN1, ssl_version, LONG),
+ ASN1_SIMPLE(SSL_SESSION_ASN1, version, UINT32),
+ ASN1_SIMPLE(SSL_SESSION_ASN1, ssl_version, INT32),
ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZLONG, 1),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZLONG, 2),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZINT64, 1),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZINT64, 2),
ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZLONG, 5),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
#ifndef OPENSSL_NO_PSK
ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
#endif
- ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZLONG, 9),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
#ifndef OPENSSL_NO_SRP
ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
#endif
- ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZLONG, 14),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZLONG, 15),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZUINT64, 13),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16)
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
new file mode 100644
index 0000000..dabb82c
--- /dev/null
+++ b/test/asn1_encode_test.c
@@ -0,0 +1,717 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "internal/asn1t.h"
+#include "internal/numbers.h"
+#include "test_main.h"
+#include "testutil.h"
+
+#ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wunused-function"
+# pragma GCC diagnostic ignored "-Wformat"
+#endif
+#ifdef __clang__
+# pragma clang diagnostic ignored "-Wunused-function"
+# pragma clang diagnostic ignored "-Wformat"
+#endif
+
+/***** Custom test data ******************************************************/
+
+/*
+ * We conduct tests with these arrays for every type we try out.
+ * You will find the expected results together with the test structures
+ * for each type, further down.
+ */
+
+static unsigned char t_zero[] = {
+ 0x00
+};
+static unsigned char t_one[] = {
+ 0x01
+};
+static unsigned char t_longundef[] = {
+ 0x7f, 0xff, 0xff, 0xff
+};
+static unsigned char t_9bytes_1[] = {
+ 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+static unsigned char t_8bytes_1[] = {
+ 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+static unsigned char t_8bytes_2[] = {
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+static unsigned char t_8bytes_3_pad[] = {
+ 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+static unsigned char t_8bytes_4_neg[] = {
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+static unsigned char t_8bytes_5_negpad[] = {
+ 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/* 32-bit long */
+static unsigned char t_5bytes_1[] = {
+ 0x01, 0xff, 0xff, 0xff, 0xff
+};
+static unsigned char t_4bytes_1[] = {
+ 0x00, 0x80, 0x00, 0x00, 0x00
+};
+/* We make the last byte 0xfe to avoid a clash with ASN1_LONG_UNDEF */
+static unsigned char t_4bytes_2[] = {
+ 0x7f, 0xff, 0xff, 0xfe
+};
+static unsigned char t_4bytes_3_pad[] = {
+ 0x00, 0x7f, 0xff, 0xff, 0xfe
+};
+static unsigned char t_4bytes_4_neg[] = {
+ 0x80, 0x00, 0x00, 0x00
+};
+static unsigned char t_4bytes_5_negpad[] = {
+ 0xff, 0x80, 0x00, 0x00, 0x00
+};
+
+typedef struct {
+ unsigned char *bytes1;
+ size_t nbytes1;
+ unsigned char *bytes2;
+ size_t nbytes2;
+} TEST_CUSTOM_DATA;
+#define CUSTOM_DATA(v) \
+ { v, sizeof(v), t_one, sizeof(t_one) }, \
+ { t_one, sizeof(t_one), v, sizeof(v) }
+
+static TEST_CUSTOM_DATA test_custom_data[] = {
+ CUSTOM_DATA(t_zero),
+ CUSTOM_DATA(t_longundef),
+ CUSTOM_DATA(t_one),
+ CUSTOM_DATA(t_9bytes_1),
+ CUSTOM_DATA(t_8bytes_1),
+ CUSTOM_DATA(t_8bytes_2),
+ CUSTOM_DATA(t_8bytes_3_pad),
+ CUSTOM_DATA(t_8bytes_4_neg),
+ CUSTOM_DATA(t_8bytes_5_negpad),
+ CUSTOM_DATA(t_5bytes_1),
+ CUSTOM_DATA(t_4bytes_1),
+ CUSTOM_DATA(t_4bytes_2),
+ CUSTOM_DATA(t_4bytes_3_pad),
+ CUSTOM_DATA(t_4bytes_4_neg),
+ CUSTOM_DATA(t_4bytes_5_negpad),
+};
+
+
+/***** Type specific test data ***********************************************/
+
+/*
+ * First, a few utility things that all type specific data can use, or in some
+ * cases, MUST use.
+ */
+
+/*
+ * For easy creation of arrays of expected data. These macros correspond to
+ * the uses of CUSTOM_DATA above.
+ */
+#define CUSTOM_EXPECTED_SUCCESS(num, znum) \
+ { 0xff, num, 1 }, \
+ { 0xff, 1, znum }
+#define CUSTOM_EXPECTED_FAILURE \
+ { 0, 0, 0 }, \
+ { 0, 0, 0 }
+
+/*
+ * A structure to collect all test information in. There MUST be one instance
+ * of this for each test
+ */
+typedef int i2d_fn(void **a, unsigned char **pp);
+typedef void *d2i_fn(void **a, unsigned char **pp, long length);
+typedef void ifree_fn(void *a);
+typedef struct {
+ char *name;
+ int skip; /* 1 if this package should be skipped */
+
+ /* An array of structures to compare decoded custom data with */
+ void *encode_expectations;
+ size_t encode_expectations_size;
+ size_t encode_expectations_elem_size;
+
+ /*
+ * An array of structures that are encoded into a DER blob, which is
+ * then decoded, and result gets compared with the original.
+ */
+ void *encdec_data;
+ size_t encdec_data_size;
+ size_t encdec_data_elem_size;
+
+ /* The i2d function to use with this type */
+ i2d_fn *i2d;
+ /* The d2i function to use with this type */
+ d2i_fn *d2i;
+ /* Function to free a decoded structure */
+ ifree_fn *ifree;
+} TEST_PACKAGE;
+
+/* To facilitate the creation of an encdec_data array */
+#define ENCDEC_DATA(num, znum) \
+ { 0xff, num, 1 }, { 0xff, 1, znum }
+#define ENCDEC_ARRAY(max, zmax, min, zmin) \
+ ENCDEC_DATA(max,zmax), \
+ ENCDEC_DATA(min,zmin), \
+ ENCDEC_DATA(1, 1), \
+ ENCDEC_DATA(-1, -1), \
+ ENCDEC_DATA(0, ASN1_LONG_UNDEF)
+
+/***** LONG ******************************************************************/
+
+typedef struct {
+ /* If decoding is expected to succeed, set this to 1, otherwise 0 */
+ ASN1_BOOLEAN success;
+ long test_long;
+ long test_zlong;
+} ASN1_LONG_DATA;
+
+ASN1_SEQUENCE(ASN1_LONG_DATA) = {
+ ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_LONG_DATA, test_long, LONG),
+ ASN1_EXP_OPT(ASN1_LONG_DATA, test_zlong, ZLONG, 0)
+} static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
+
+static ASN1_LONG_DATA long_expected_32bit[] = {
+ /* The following should fail on the second because it's the default */
+ { 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
+ { 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
+ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */
+ CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_1 (too large positive) */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
+};
+static ASN1_LONG_DATA long_encdec_data_32bit[] = {
+ ENCDEC_ARRAY(LONG_MAX - 1, LONG_MAX, LONG_MIN, LONG_MIN),
+ /* Check that default numbers fail */
+ { 0, ASN1_LONG_UNDEF, 1 }, { 0, 1, 0 }
+};
+
+static TEST_PACKAGE long_test_package_32bit = {
+ "LONG", sizeof(long) != 4,
+ long_expected_32bit,
+ sizeof(long_expected_32bit), sizeof(long_expected_32bit[0]),
+ long_encdec_data_32bit,
+ sizeof(long_encdec_data_32bit), sizeof(long_encdec_data_32bit[0]),
+ (i2d_fn *)i2d_ASN1_LONG_DATA, (d2i_fn *)d2i_ASN1_LONG_DATA,
+ (ifree_fn *)ASN1_LONG_DATA_free
+};
+
+static ASN1_LONG_DATA long_expected_64bit[] = {
+ /* The following should fail on the second because it's the default */
+ { 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
+ { 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
+ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(LONG_MAX, LONG_MAX), /* t_8bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */
+ CUSTOM_EXPECTED_SUCCESS(LONG_MIN, LONG_MIN), /* t_8bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad (illegal padding) */
+ CUSTOM_EXPECTED_SUCCESS((long)0x1ffffffff, (long)0x1ffffffff), /* t_5bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS((long)0x80000000, (long)0x80000000), /* t_4bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
+};
+static ASN1_LONG_DATA long_encdec_data_64bit[] = {
+ ENCDEC_ARRAY(LONG_MAX, LONG_MAX, LONG_MIN, LONG_MIN),
+ /* Check that default numbers fail */
+ { 0, ASN1_LONG_UNDEF, 1 }, { 0, 1, 0 }
+};
+
+static TEST_PACKAGE long_test_package_64bit = {
+ "LONG", sizeof(long) != 8,
+ long_expected_64bit,
+ sizeof(long_expected_64bit), sizeof(long_expected_64bit[0]),
+ long_encdec_data_64bit,
+ sizeof(long_encdec_data_64bit), sizeof(long_encdec_data_64bit[0]),
+ (i2d_fn *)i2d_ASN1_LONG_DATA, (d2i_fn *)d2i_ASN1_LONG_DATA,
+ (ifree_fn *)ASN1_LONG_DATA_free
+};
+
+/***** INT32 *****************************************************************/
+
+typedef struct {
+ ASN1_BOOLEAN success;
+ int32_t test_int32;
+ int32_t test_zint32;
+} ASN1_INT32_DATA;
+
+ASN1_SEQUENCE(ASN1_INT32_DATA) = {
+ ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_INT32_DATA, test_int32, INT32),
+ ASN1_EXP_OPT(ASN1_INT32_DATA, test_zint32, ZINT32, 0)
+} static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
+
+static ASN1_INT32_DATA int32_expected[] = {
+ CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
+ CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
+ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */
+ CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_1 (too large positive) */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
+};
+static ASN1_INT32_DATA int32_encdec_data[] = {
+ ENCDEC_ARRAY(INT32_MAX, INT32_MAX, INT32_MIN, INT32_MIN),
+};
+
+static TEST_PACKAGE int32_test_package = {
+ "INT32", 0,
+ int32_expected, sizeof(int32_expected), sizeof(int32_expected[0]),
+ int32_encdec_data, sizeof(int32_encdec_data), sizeof(int32_encdec_data[0]),
+ (i2d_fn *)i2d_ASN1_INT32_DATA, (d2i_fn *)d2i_ASN1_INT32_DATA,
+ (ifree_fn *)ASN1_INT32_DATA_free
+};
+
+/***** UINT32 ****************************************************************/
+
+typedef struct {
+ ASN1_BOOLEAN success;
+ uint32_t test_uint32;
+ uint32_t test_zuint32;
+} ASN1_UINT32_DATA;
+
+ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
+ ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_UINT32_DATA, test_uint32, UINT32),
+ ASN1_EXP_OPT(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0)
+} static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
+
+static ASN1_UINT32_DATA uint32_expected[] = {
+ CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
+ CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
+ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */
+ CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_4_neg (illegal negative value) */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
+};
+static ASN1_UINT32_DATA uint32_encdec_data[] = {
+ ENCDEC_ARRAY(UINT32_MAX, UINT32_MAX, 0, 0),
+};
+
+static TEST_PACKAGE uint32_test_package = {
+ "UINT32", 0,
+ uint32_expected, sizeof(uint32_expected), sizeof(uint32_expected[0]),
+ uint32_encdec_data, sizeof(uint32_encdec_data), sizeof(uint32_encdec_data[0]),
+ (i2d_fn *)i2d_ASN1_UINT32_DATA, (d2i_fn *)d2i_ASN1_UINT32_DATA,
+ (ifree_fn *)ASN1_UINT32_DATA_free
+};
+
+/***** INT64 *****************************************************************/
+
+typedef struct {
+ ASN1_BOOLEAN success;
+ int64_t test_int64;
+ int64_t test_zint64;
+} ASN1_INT64_DATA;
+
+ASN1_SEQUENCE(ASN1_INT64_DATA) = {
+ ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_INT64_DATA, test_int64, INT64),
+ ASN1_EXP_OPT(ASN1_INT64_DATA, test_zint64, ZINT64, 0)
+} static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
+
+static ASN1_INT64_DATA int64_expected[] = {
+ CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
+ CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
+ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */
+ CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad (illegal padding) */
+ CUSTOM_EXPECTED_SUCCESS(0x1ffffffff, 0x1ffffffff), /* t_5bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
+ CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
+};
+static ASN1_INT64_DATA int64_encdec_data[] = {
+ ENCDEC_ARRAY(INT64_MAX, INT64_MAX, INT64_MIN, INT64_MIN),
+ ENCDEC_ARRAY(INT32_MAX, INT32_MAX, INT32_MIN, INT32_MIN),
+};
+
+static TEST_PACKAGE int64_test_package = {
+ "INT64", 0,
+ int64_expected, sizeof(int64_expected), sizeof(int64_expected[0]),
+ int64_encdec_data, sizeof(int64_encdec_data), sizeof(int64_encdec_data[0]),
+ (i2d_fn *)i2d_ASN1_INT64_DATA, (d2i_fn *)d2i_ASN1_INT64_DATA,
+ (ifree_fn *)ASN1_INT64_DATA_free
+};
+
+/***** UINT64 ****************************************************************/
+
+typedef struct {
+ ASN1_BOOLEAN success;
+ uint64_t test_uint64;
+ uint64_t test_zuint64;
+} ASN1_UINT64_DATA;
+
+ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
+ ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_UINT64_DATA, test_uint64, UINT64),
+ ASN1_EXP_OPT(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0)
+} static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
+
+static ASN1_UINT64_DATA uint64_expected[] = {
+ CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
+ CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
+ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */
+ CUSTOM_EXPECTED_SUCCESS(0x1ffffffff, 0x1ffffffff), /* t_5bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_4_neg (illegal negative value) */
+ CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
+};
+static ASN1_UINT64_DATA uint64_encdec_data[] = {
+ ENCDEC_ARRAY(UINT64_MAX, UINT64_MAX, 0, 0),
+};
+
+static TEST_PACKAGE uint64_test_package = {
+ "UINT64", 0,
+ uint64_expected, sizeof(uint64_expected), sizeof(uint64_expected[0]),
+ uint64_encdec_data, sizeof(uint64_encdec_data), sizeof(uint64_encdec_data[0]),
+ (i2d_fn *)i2d_ASN1_UINT64_DATA, (d2i_fn *)d2i_ASN1_UINT64_DATA,
+ (ifree_fn *)ASN1_UINT64_DATA_free
+};
+
+/***** General testing functions *********************************************/
+
+
+/* Template structure to map onto any test data structure */
+typedef struct {
+ ASN1_BOOLEAN success;
+ unsigned char bytes[1]; /* In reality, there's more */
+} EXPECTED;
+
+/*
+ * do_decode returns a tristate:
+ *
+ * -1 Couldn't decode
+ * 0 decoded structure wasn't what was expected (failure)
+ * 1 decoded structure was what was expected (success)
+ */
+static int do_decode(unsigned char *bytes, long nbytes,
+ const EXPECTED *expected, size_t expected_size,
+ const TEST_PACKAGE *package)
+{
+ EXPECTED *enctst = NULL;
+ const unsigned char *start;
+ int ret = 0;
+
+ start = bytes;
+ enctst = package->d2i(NULL, &bytes, nbytes);
+ if (enctst == NULL) {
+ if (expected->success == 0) {
+ ret = 1;
+ ERR_clear_error();
+ } else {
+ ret = -1;
+ }
+ } else {
+ if (start + nbytes == bytes
+ && memcmp(enctst, expected, expected_size) == 0)
+ ret = 1;
+ else
+ ret = 0;
+ }
+
+ package->ifree(enctst);
+ return ret;
+}
+
+/* Do an encode/decode round trip */
+static int do_enc_dec(EXPECTED *bytes, long nbytes,
+ const TEST_PACKAGE *package)
+{
+ unsigned char *data = NULL;
+ int len;
+ int ret = 0;
+ void *p = bytes;
+
+ len = package->i2d(p, &data);
+ if (len < 0)
+ return -1;
+
+ ret = do_decode(data, len, bytes, nbytes, package);
+ OPENSSL_free(data);
+ return ret;
+}
+
+static size_t der_encode_length(size_t len, unsigned char **pp)
+{
+ size_t lenbytes;
+
+ OPENSSL_assert(len < 0x8000);
+ if (len > 255)
+ lenbytes = 3;
+ else if (len > 127)
+ lenbytes = 2;
+ else
+ lenbytes = 1;
+
+ if (pp != NULL) {
+ if (lenbytes == 1) {
+ *(*pp)++ = len;
+ } else {
+ *(*pp)++ = lenbytes - 1;
+ if (lenbytes == 2) {
+ *(*pp)++ = 0x80 | len;
+ } else {
+ *(*pp)++ = 0x80 | (len >> 8);
+ *(*pp)++ = len & 0xff;
+ }
+ }
+ }
+ return lenbytes;
+}
+
+/* Attempt to decode a custom encoding of the test structure */
+static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
+ const EXPECTED *expected, size_t expected_size,
+ const TEST_PACKAGE *package)
+{
+ size_t firstbytes, secondbytes, secondbytesinner, seqbytes;
+ const unsigned char t_true[] = { V_ASN1_BOOLEAN, 0x01, 0xff };
+ unsigned char *encoding, *p = NULL;
+ int ret;
+
+ /*
+ * The first item is just an INTEGER tag, INTEGER length and INTEGER content
+ */
+ firstbytes =
+ 1 + der_encode_length(custom_data->nbytes1, NULL)
+ + custom_data->nbytes1;
+
+ /*
+ * The second item is an explicit tag, content length, INTEGER tag,
+ * INTEGER length, INTEGER bytes
+ */
+ secondbytesinner =
+ 1 + der_encode_length(custom_data->nbytes2, NULL)
+ + custom_data->nbytes2;
+ secondbytes =
+ 1 + der_encode_length(secondbytesinner, NULL) + secondbytesinner;
+
+ /*
+ * The whole sequence is the sequence tag, content length, BOOLEAN true
+ * (copied from t_true), the first (firstbytes) and second (secondbytes)
+ * items
+ */
+ seqbytes =
+ 1 + der_encode_length(sizeof(t_true) + firstbytes + secondbytes, NULL)
+ + sizeof(t_true) + firstbytes + secondbytes;
+
+ encoding = p = OPENSSL_malloc(seqbytes);
+ if (encoding == NULL)
+ return -1;
+
+ /* Sequence tag */
+ *p++ = 0x30;
+ der_encode_length(sizeof(t_true) + firstbytes + secondbytes, &p);
+
+ /* ASN1_BOOLEAN TRUE */
+ memcpy(p, t_true, sizeof(t_true)); /* Marks decoding success */
+ p += sizeof(t_true);
+
+ /* First INTEGER item (non-optional) */
+ *p++ = V_ASN1_INTEGER;
+ der_encode_length(custom_data->nbytes1, &p);
+ memcpy(p, custom_data->bytes1, custom_data->nbytes1);
+ p += custom_data->nbytes1;
+
+ /* Second INTEGER item (optional) */
+ /* Start with the explicit optional tag */
+ *p++ = 0xa0;
+ der_encode_length(secondbytesinner, &p);
+ *p++ = V_ASN1_INTEGER;
+ der_encode_length(custom_data->nbytes2, &p);
+ memcpy(p, custom_data->bytes2, custom_data->nbytes2);
+ p += custom_data->nbytes2;
+
+ OPENSSL_assert(seqbytes == (size_t)(p - encoding));
+
+ ret = do_decode(encoding, seqbytes, expected, expected_size, package);
+ OPENSSL_free(encoding);
+
+ return ret;
+}
+
+
+static int test_intern(const TEST_PACKAGE *package)
+{
+ unsigned int i;
+ size_t nelems;
+ int fail = 0;
+
+ if (package->skip)
+ return 1;
+
+ /* Do decode_custom checks */
+ nelems = package->encode_expectations_size
+ / package->encode_expectations_elem_size;
+ OPENSSL_assert(nelems ==
+ sizeof(test_custom_data) / sizeof(test_custom_data[0]));
+ for (i = 0; i < nelems; i++) {
+ size_t pos = i * package->encode_expectations_elem_size;
+ switch (do_decode_custom(&test_custom_data[i],
+ (EXPECTED *)&((unsigned char *)package
+ ->encode_expectations)[pos],
+ package->encode_expectations_elem_size,
+ package)) {
+ case -1:
+ fprintf(stderr, "Failed custom decode round trip %u of %s\n",
+ i, package->name);
+ ERR_print_errors_fp(stderr);
+ fail++;
+ ERR_clear_error();
+ break;
+ case 0:
+ fprintf(stderr, "Custom decode round trip %u of %s mismatch\n",
+ i, package->name);
+ fail++;
+ break;
+ case 1:
+ break;
+ default:
+ OPENSSL_die("do_enc_dec() return unknown value",
+ __FILE__, __LINE__);
+ }
+ }
+
+ /* Do enc_dec checks */
+ nelems = package->encdec_data_size / package->encdec_data_elem_size;
+ for (i = 0; i < nelems; i++) {
+ size_t pos = i * package->encdec_data_elem_size;
+ switch (do_enc_dec((EXPECTED *)&((unsigned char *)package
+ ->encdec_data)[pos],
+ package->encdec_data_elem_size,
+ package)) {
+ case -1:
+ fprintf(stderr, "Failed encode/decode round trip %u of %s\n",
+ i, package->name);
+ ERR_print_errors_fp(stderr);
+ ERR_clear_error();
+ fail++;
+ break;
+ case 0:
+ fprintf(stderr, "Encode/decode round trip %u of %s mismatch\n",
+ i, package->name);
+ fail++;
+ break;
+ case 1:
+ break;
+ default:
+ OPENSSL_die("do_enc_dec() return unknown value",
+ __FILE__, __LINE__);
+ }
+ }
+
+ return fail == 0;
+}
+
+static int test_long_32bit(void)
+{
+ return test_intern(&long_test_package_32bit);
+}
+
+static int test_long_64bit(void)
+{
+ return test_intern(&long_test_package_64bit);
+}
+
+static int test_int32(void)
+{
+ return test_intern(&int32_test_package);
+}
+
+static int test_uint32(void)
+{
+ return test_intern(&uint32_test_package);
+}
+
+static int test_int64(void)
+{
+ return test_intern(&int64_test_package);
+}
+
+static int test_uint64(void)
+{
+ return test_intern(&uint64_test_package);
+}
+
+void register_tests(void)
+{
+ ADD_TEST(test_long_32bit);
+ ADD_TEST(test_long_64bit);
+ ADD_TEST(test_int32);
+ ADD_TEST(test_uint32);
+ ADD_TEST(test_int64);
+ ADD_TEST(test_uint64);
+}
diff --git a/test/build.info b/test/build.info
index 952eed5..3104b0e 100644
--- a/test/build.info
+++ b/test/build.info
@@ -28,7 +28,8 @@ IF[{- !$disabled{tests} -}]
dtlsv1listentest ct_test threadstest afalgtest d2i_test \
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
- pkey_meth_test uitest cipherbytes_test x509_time_test recordlentest
+ pkey_meth_test uitest cipherbytes_test asn1_encode_test \
+ x509_time_test recordlentest
SOURCE[aborttest]=aborttest.c
INCLUDE[aborttest]=../include
@@ -328,6 +329,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[cipherbytes_test]=.. ../include
DEPEND[cipherbytes_test]=../libcrypto ../libssl
+ SOURCE[asn1_encode_test]=asn1_encode_test.c testutil.c test_main.c
+ INCLUDE[asn1_encode_test]=../include
+ DEPEND[asn1_encode_test]=../libcrypto
+
# Internal test programs. These are essentially a collection of internal
# test routines. Some of them need to reach internal symbols that aren't
# available through the shared library (at least on Linux, Solaris, Windows
diff --git a/test/recipes/60-test_x509_time.t b/test/recipes/04-test_asn1_encode.t
similarity index 87%
copy from test/recipes/60-test_x509_time.t
copy to test/recipes/04-test_asn1_encode.t
index 8b311ad..dd8121d 100644
--- a/test/recipes/60-test_x509_time.t
+++ b/test/recipes/04-test_asn1_encode.t
@@ -9,4 +9,4 @@
use OpenSSL::Test::Simple;
-simple_test("test_x509_time", "x509_time_test");
+simple_test("test_asn1_encode", "asn1_encode_test");
diff --git a/util/libcrypto.num b/util/libcrypto.num
index a43ee3a..4df5422 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4254,3 +4254,19 @@ EVP_aria_128_ctr 4204 1_1_1 EXIST::FUNCTION:ARIA
EVP_aria_192_ctr 4205 1_1_1 EXIST::FUNCTION:ARIA
UI_null 4206 1_1_1 EXIST::FUNCTION:UI
EC_KEY_get0_engine 4207 1_1_1 EXIST::FUNCTION:EC
+INT32_it 4208 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+INT32_it 4208 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UINT64_it 4209 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+UINT64_it 4209 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZINT32_it 4210 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZINT32_it 4210 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZUINT64_it 4211 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZUINT64_it 4211 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+INT64_it 4212 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+INT64_it 4212 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZUINT32_it 4213 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZUINT32_it 4213 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UINT32_it 4214 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+UINT32_it 4214 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 6bc23b1..36b4efe 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -239,6 +239,7 @@ my $crypto ="include/openssl/crypto.h";
$crypto.=" include/internal/o_dir.h";
$crypto.=" include/internal/o_str.h";
$crypto.=" include/internal/err.h";
+$crypto.=" include/internal/asn1t.h";
$crypto.=" include/openssl/des.h" ; # unless $no_des;
$crypto.=" include/openssl/idea.h" ; # unless $no_idea;
$crypto.=" include/openssl/rc4.h" ; # unless $no_rc4;
More information about the openssl-commits
mailing list