[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Sat Nov 25 15:43:48 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  6ac9fda415c822cc5dd8c845893c6048c34492e0 (commit)
      from  5d612d3715cc5065988b49d688f425eef63a3d01 (commit)


- Log -----------------------------------------------------------------
commit 6ac9fda415c822cc5dd8c845893c6048c34492e0
Author: David Benjamin <davidben at google.com>
Date:   Fri Nov 24 12:56:32 2017 -0500

    Pretty-print large INTEGERs and ENUMERATEDs in hex.
    
    This avoids taking quadratic time to pretty-print certificates with
    excessively large integer fields. Very large integers aren't any more
    readable in decimal than hexadecimal anyway, and the i2s_* functions
    will parse either form.
    
    Found by libFuzzer.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4790)
    
    (cherry picked from commit 10a3195fcf7d04ba519651cf12e945a8fe470a3c)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509v3/v3_utl.c   | 42 ++++++++++++++++++++++++++++++++++++++++--
 crypto/x509v3/v3err.c    |  3 ++-
 include/openssl/x509v3.h |  1 +
 3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index d9cc7c7..418ef06 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -13,6 +13,7 @@
 #include <ctype.h>
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
+#include <openssl/crypto.h>
 #include <openssl/x509v3.h>
 #include "internal/x509_int.h"
 #include <openssl/bn.h>
@@ -99,6 +100,43 @@ int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
     return 1;
 }
 
+static char *bignum_to_string(const BIGNUM *bn)
+{
+    char *tmp, *ret;
+    size_t len;
+
+    /*
+     * Display large numbers in hex and small numbers in decimal. Converting to
+     * decimal takes quadratic time and is no more useful than hex for large
+     * numbers.
+     */
+    if (BN_num_bits(bn) < 128)
+        return BN_bn2dec(bn);
+
+    tmp = BN_bn2hex(bn);
+    if (tmp == NULL)
+        return NULL;
+
+    len = strlen(tmp) + 3;
+    ret = OPENSSL_malloc(len);
+    if (ret == NULL) {
+        X509V3err(X509V3_F_BIGNUM_TO_STRING, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(tmp);
+        return NULL;
+    }
+
+    /* Prepend "0x", but place it after the "-" if negative. */
+    if (tmp[0] == '-') {
+        OPENSSL_strlcpy(ret, "-0x", len);
+        OPENSSL_strlcat(ret, tmp + 1, len);
+    } else {
+        OPENSSL_strlcpy(ret, "0x", len);
+        OPENSSL_strlcat(ret, tmp, len);
+    }
+    OPENSSL_free(tmp);
+    return ret;
+}
+
 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a)
 {
     BIGNUM *bntmp = NULL;
@@ -107,7 +145,7 @@ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a)
     if (!a)
         return NULL;
     if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL
-        || (strtmp = BN_bn2dec(bntmp)) == NULL)
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
         X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
     BN_free(bntmp);
     return strtmp;
@@ -121,7 +159,7 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
     if (!a)
         return NULL;
     if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL
-        || (strtmp = BN_bn2dec(bntmp)) == NULL)
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
         X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
     BN_free(bntmp);
     return strtmp;
diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
index 5d79c8c..d598791 100644
--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,6 +26,7 @@ static ERR_STRING_DATA X509V3_str_functs[] = {
      "ASIdentifierChoice_canonize"},
     {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),
      "ASIdentifierChoice_is_canonical"},
+    {ERR_FUNC(X509V3_F_BIGNUM_TO_STRING), "bignum_to_string"},
     {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"},
     {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"},
     {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"},
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 1d8ef87..533a38d 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -876,6 +876,7 @@ int ERR_load_X509V3_strings(void);
 # define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL             166
 # define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
 # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
+# define X509V3_F_BIGNUM_TO_STRING                        167
 # define X509V3_F_COPY_EMAIL                              122
 # define X509V3_F_COPY_ISSUER                             123
 # define X509V3_F_DO_DIRNAME                              144

More information about the openssl-commits mailing list