[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Sun Apr 30 13:18:58 UTC 2017
The branch master has been updated
via 1ff86c5efa946427e20b3504c460e83edbe53905 (commit)
via 1e93d619b78832834ae32f5c0c1b0e466267f72d (commit)
from 595b2a42375427a254ad5a8c85870efea839a9b9 (commit)
- Log -----------------------------------------------------------------
commit 1ff86c5efa946427e20b3504c460e83edbe53905
Author: Andy Polyakov <appro at openssl.org>
Date: Fri Apr 28 21:14:36 2017 +0200
test/asn1_encode_test.c: test "next negative minimum" corner case.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 1e93d619b78832834ae32f5c0c1b0e466267f72d
Author: Andy Polyakov <appro at openssl.org>
Date: Fri Apr 28 10:06:35 2017 +0200
asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.
"Next" refers to negative minimum "next" to one presentable by given
number of bytes. For example, -128 is negative minimum presentable by
one byte, and -256 is "next" one.
Thanks to Kazuki Yamaguchi for report, GH#3339
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_int.c | 17 ++++++++++++++---
test/asn1_encode_test.c | 10 ++++++++++
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index e154343..217650a 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -167,10 +167,21 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg,
}
return 1;
}
- if (p[0] == 0 || p[0] == 0xFF)
+
+ pad = 0;
+ if (p[0] == 0) {
pad = 1;
- else
- pad = 0;
+ } else if (p[0] == 0xFF) {
+ size_t i;
+
+ /*
+ * Special case [of "one less minimal negative" for given length]:
+ * if any other bytes non zero it was padded, otherwise not.
+ */
+ for (pad = 0, i = 1; i < plen; i++)
+ pad |= p[i];
+ pad = pad != 0 ? 1 : 0;
+ }
/* reject illegal padding: first two octets MSB can't match */
if (pad && (neg == (p[1] & 0x80))) {
ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index 7d762ae..0c3a196 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -41,6 +41,9 @@ static unsigned char t_one[] = {
static unsigned char t_one_neg[] = {
0xff
};
+static unsigned char t_minus_256[] = {
+ 0xff, 0x00
+};
static unsigned char t_longundef[] = {
0x7f, 0xff, 0xff, 0xff
};
@@ -99,6 +102,7 @@ static TEST_CUSTOM_DATA test_custom_data[] = {
CUSTOM_DATA(t_longundef),
CUSTOM_DATA(t_one),
CUSTOM_DATA(t_one_neg),
+ CUSTOM_DATA(t_minus_256),
CUSTOM_DATA(t_9bytes_1),
CUSTOM_DATA(t_8bytes_1),
CUSTOM_DATA(t_8bytes_2),
@@ -200,6 +204,7 @@ static ASN1_LONG_DATA long_expected_32bit[] = {
{ 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
+ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
@@ -235,6 +240,7 @@ static ASN1_LONG_DATA long_expected_64bit[] = {
{ 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
+ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_SUCCESS(LONG_MAX, LONG_MAX), /* t_8bytes_2 */
@@ -287,6 +293,7 @@ static ASN1_INT32_DATA int32_expected[] = {
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
+ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
@@ -334,6 +341,7 @@ static ASN1_UINT32_DATA uint32_expected[] = {
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */
+ CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
@@ -381,6 +389,7 @@ static ASN1_INT64_DATA int64_expected[] = {
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
+ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 (too large positive) */
CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
@@ -429,6 +438,7 @@ static ASN1_UINT64_DATA uint64_expected[] = {
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */
+ CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_SUCCESS((uint64_t)INT64_MAX+1, (uint64_t)INT64_MAX+1),
/* t_8bytes_1 */
More information about the openssl-commits
mailing list