[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Tue Dec 8 14:42:13 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  cf3685393faa33496e447326069e83bd6bac6522 (commit)
       via  90cebd1b216e0a160fcfd8e0eddca47dad47c183 (commit)
       via  f6e921b416758598774b0a6c06d3f3bc9c5fbaf7 (commit)
       via  a672794c04ec3ad0cf0796cf025edf6786de98b9 (commit)
       via  433974af7b188d55b1da049b84f3fdeca320cb6a (commit)
       via  94ece6af0c89d596f9c5221b7df7d6582168c8ba (commit)
       via  41d62636fd996c031c0c7cef746476278583dc9e (commit)
       via  1ecc76f6746cefd502c7e9000bdfa4e5d7911386 (commit)
       via  f960d81215ebf3f65e03d4d5d857fb9b666d6920 (commit)
       via  aa0ad2011d3e7ad8a611da274ef7d9c7706e289b (commit)
      from  6ad93e8014533f78aa5b0f3385954e164e72d8fa (commit)


- Log -----------------------------------------------------------------
commit cf3685393faa33496e447326069e83bd6bac6522
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Dec 8 13:21:09 2020 +0000

    Prepare for 1.1.1j-dev
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit 90cebd1b216e0a160fcfd8e0eddca47dad47c183
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Dec 8 13:20:59 2020 +0000

    Prepare for 1.1.1i release
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit f6e921b416758598774b0a6c06d3f3bc9c5fbaf7
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Dec 8 13:09:25 2020 +0000

    Update copyright year
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit a672794c04ec3ad0cf0796cf025edf6786de98b9
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Dec 8 11:19:41 2020 +0000

    Update CHANGES and NEWS for new release
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit 433974af7b188d55b1da049b84f3fdeca320cb6a
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Nov 30 14:46:47 2020 +0000

    Add a test for encoding/decoding using an invalid ASN.1 Template
    
    If you have a CHOICE type that it must use explicit tagging - otherwise
    the template is invalid. We add tests for this.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>

commit 94ece6af0c89d596f9c5221b7df7d6582168c8ba
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Nov 30 13:50:52 2020 +0000

    Add a test for GENERAL_NAME_cmp
    
    Based on a boringssl test contributed by David Benjamin
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>

commit 41d62636fd996c031c0c7cef746476278583dc9e
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Nov 12 14:55:31 2020 +0000

    Complain if we are attempting to encode with an invalid ASN.1 template
    
    It never makes sense for multi-string or CHOICE types to have implicit
    tagging. If we have a template that uses the in this way then we
    should immediately fail.
    
    Thanks to David Benjamin from Google for reporting this issue.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>

commit 1ecc76f6746cefd502c7e9000bdfa4e5d7911386
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Nov 12 11:58:12 2020 +0000

    Check that multi-strings/CHOICE types don't use implicit tagging
    
    It never makes sense for multi-string or CHOICE types to use implicit
    tagging since the content would be ambiguous. It is an error in the
    template if this ever happens. If we detect it we should stop parsing.
    
    Thanks to David Benjamin from Google for reporting this issue.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>

commit f960d81215ebf3f65e03d4d5d857fb9b666d6920
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 11 16:12:58 2020 +0000

    Correctly compare EdiPartyName in GENERAL_NAME_cmp()
    
    If a GENERAL_NAME field contained EdiPartyName data then it was
    incorrectly being handled as type "other". This could lead to a
    segmentation fault.
    
    Many thanks to David Benjamin from Google for reporting this issue.
    
    CVE-2020-1971
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>

commit aa0ad2011d3e7ad8a611da274ef7d9c7706e289b
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 11 15:19:34 2020 +0000

    DirectoryString is a CHOICE type and therefore uses explicit tagging
    
    EDIPartyName has 2 fields that use a DirectoryString. However they were
    marked as implicit tagging - which is not correct for a CHOICE type.
    
    Additionally the partyName field was marked as Optional when, according to
    RFC5280 it is not.
    
    Many thanks to github user @filipnavara for reporting this issue. Also to
    David Benjamin from Google who independently identified and reported it.
    
    Fixes #6859
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                    |  19 ++-
 NEWS                       |   6 +-
 README                     |   2 +-
 apps/ca.c                  |   2 +-
 apps/cms.c                 |   2 +-
 crypto/asn1/asn1_err.c     |   4 +-
 crypto/asn1/tasn_dec.c     |  21 ++-
 crypto/asn1/tasn_enc.c     |  18 ++-
 crypto/bio/b_addr.c        |   2 +-
 crypto/cms/cms_smime.c     |   2 +-
 crypto/err/openssl.txt     |   2 +
 crypto/evp/bio_ok.c        |   2 +-
 crypto/pkcs7/pk7_smime.c   |   2 +-
 crypto/x509/x509_att.c     |   2 +-
 crypto/x509v3/v3_genn.c    |  52 ++++++-
 include/openssl/asn1err.h  |   8 +-
 include/openssl/opensslv.h |   4 +-
 ssl/record/rec_layer_d1.c  |   2 +-
 ssl/ssl_sess.c             |   2 +-
 ssl/statem/statem_clnt.c   |   2 +-
 test/asn1_decode_test.c    |  38 ++++-
 test/asn1_encode_test.c    |  35 ++++-
 test/rsa_test.c            |   2 +-
 test/v3nametest.c          | 346 ++++++++++++++++++++++++++++++++++++++++++++-
 24 files changed, 545 insertions(+), 32 deletions(-)

diff --git a/CHANGES b/CHANGES
index ff01d65b7e..75b9cec4b1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,7 +7,24 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
- Changes between 1.1.1h and 1.1.1i [xx XXX xxxx]
+ Changes between 1.1.1i and 1.1.1j [xx XXX xxxx]
+
+  *)
+
+ Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
+
+  *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
+     This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME.
+     If an attacker can control both items being compared  then this could lead
+     to a possible denial of service attack. OpenSSL itself uses the
+     GENERAL_NAME_cmp function for two purposes:
+     1) Comparing CRL distribution point names between an available CRL and a
+        CRL distribution point embedded in an X509 certificate
+     2) When verifying that a timestamp response token signer matches the
+        timestamp authority name (exposed via the API functions
+        TS_RESP_verify_response and TS_RESP_verify_token)
+     (CVE-2020-1971)
+     [Matt Caswell]
 
   *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target.
      [Stuart Carnie]
diff --git a/NEWS b/NEWS
index 0a9adf3e3d..55ffce8ea3 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [under development]
+  Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [under development]
 
       o
 
+  Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
+
+      o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
+
   Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
 
       o Disallow explicit curve parameters in verifications chains when
diff --git a/README b/README
index 8a44e9dbe5..d52dcf1bc5 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1i-dev
+ OpenSSL 1.1.1j-dev
 
  Copyright (c) 1998-2020 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/apps/ca.c b/apps/ca.c
index 1b38de37ac..6c9b1e57bc 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/cms.c b/apps/cms.c
index 60691f1468..71554037d0 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 613f9ae713..cc0a59ca4c 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -49,6 +49,7 @@ static const ERR_STRING_DATA ASN1_str_functs[] = {
      "asn1_item_embed_d2i"},
     {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0),
      "asn1_item_embed_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"},
     {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0),
      "asn1_item_flags_i2d"},
     {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"},
@@ -160,6 +161,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = {
     "asn1 sig parse error"},
     {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"},
     {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"},
     {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
     "bmpstring is wrong length"},
     {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"},
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 2332b204ed..82577b1ede 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -182,6 +182,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
                                      tag, aclass, opt, ctx);
 
     case ASN1_ITYPE_MSTRING:
+        /*
+         * It never makes sense for multi-strings to have implicit tagging, so
+         * if tag != -1, then this looks like an error in the template.
+         */
+        if (tag != -1) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE);
+            goto err;
+        }
+
         p = *in;
         /* Just read in tag and class */
         ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
@@ -199,6 +208,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
             ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
             goto err;
         }
+
         /* Check tag matches bit map */
         if (!(ASN1_tag2bit(otag) & it->utype)) {
             /* If OPTIONAL, assume this is OK */
@@ -215,6 +225,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
         return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
 
     case ASN1_ITYPE_CHOICE:
+        /*
+         * It never makes sense for CHOICE types to have implicit tagging, so
+         * if tag != -1, then this looks like an error in the template.
+         */
+        if (tag != -1) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE);
+            goto err;
+        }
+
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
             goto auxerr;
         if (*pval) {
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index d600c7a538..bcc96337bc 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -103,9 +103,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
         return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
 
     case ASN1_ITYPE_MSTRING:
+        /*
+         * It never makes sense for multi-strings to have implicit tagging, so
+         * if tag != -1, then this looks like an error in the template.
+         */
+        if (tag != -1) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
+            return -1;
+        }
         return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
 
     case ASN1_ITYPE_CHOICE:
+        /*
+         * It never makes sense for CHOICE types to have implicit tagging, so
+         * if tag != -1, then this looks like an error in the template.
+         */
+        if (tag != -1) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
+            return -1;
+        }
         if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
             return 0;
         i = asn1_get_choice_selector(pval, it);
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index c3f669329b..b023bbda40 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 2c475ea68c..6e7dbc4da1 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 0b5873ebbc..815460b24f 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -36,6 +36,7 @@ ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp
 ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup
 ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i
 ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new
+ASN1_F_ASN1_ITEM_EX_I2D:144:ASN1_item_ex_i2d
 ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d
 ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio
 ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp
@@ -1771,6 +1772,7 @@ ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error
 ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error
 ASN1_R_AUX_ERROR:100:aux error
 ASN1_R_BAD_OBJECT_HEADER:102:bad object header
+ASN1_R_BAD_TEMPLATE:230:bad template
 ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length
 ASN1_R_BN_LIB:105:bn lib
 ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index aba305537a..9610f3c1ef 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 4ce44d8d93..a95db62178 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 256c4fb8ef..cc9f9d1909 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index 23e3bc4565..87a5eff47c 100644
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -22,8 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
 IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
 
 ASN1_SEQUENCE(EDIPARTYNAME) = {
-        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
-        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+        /* DirectoryString is a CHOICE type so use explicit tagging */
+        ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
 } ASN1_SEQUENCE_END(EDIPARTYNAME)
 
 IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
@@ -57,6 +58,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
                                     (char *)a);
 }
 
+static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
+{
+    int res;
+
+    if (a == NULL || b == NULL) {
+        /*
+         * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
+         * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
+         */
+        return -1;
+    }
+    if (a->nameAssigner == NULL && b->nameAssigner != NULL)
+        return -1;
+    if (a->nameAssigner != NULL && b->nameAssigner == NULL)
+        return 1;
+    /* If we get here then both have nameAssigner set, or both unset */
+    if (a->nameAssigner != NULL) {
+        res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
+        if (res != 0)
+            return res;
+    }
+    /*
+     * partyName is required, so these should never be NULL. We treat it in
+     * the same way as the a == NULL || b == NULL case above
+     */
+    if (a->partyName == NULL || b->partyName == NULL)
+        return -1;
+
+    return ASN1_STRING_cmp(a->partyName, b->partyName);
+}
+
 /* Returns 0 if they are equal, != 0 otherwise. */
 int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
 {
@@ -66,8 +98,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
         return -1;
     switch (a->type) {
     case GEN_X400:
+        result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+        break;
+
     case GEN_EDIPARTY:
-        result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+        result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
         break;
 
     case GEN_OTHERNAME:
@@ -114,8 +149,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
 {
     switch (type) {
     case GEN_X400:
+        a->d.x400Address = value;
+        break;
+
     case GEN_EDIPARTY:
-        a->d.other = value;
+        a->d.ediPartyName = value;
         break;
 
     case GEN_OTHERNAME:
@@ -149,8 +187,10 @@ void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype)
         *ptype = a->type;
     switch (a->type) {
     case GEN_X400:
+        return a->d.x400Address;
+
     case GEN_EDIPARTY:
-        return a->d.other;
+        return a->d.ediPartyName;
 
     case GEN_OTHERNAME:
         return a->d.otherName;
diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h
index faed5a5518..e1ad1fefec 100644
--- a/include/openssl/asn1err.h
+++ b/include/openssl/asn1err.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,9 +11,7 @@
 #ifndef HEADER_ASN1ERR_H
 # define HEADER_ASN1ERR_H
 
-# ifndef HEADER_SYMHACKS_H
-#  include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
 
 # ifdef  __cplusplus
 extern "C"
@@ -53,6 +51,7 @@ int ERR_load_ASN1_strings(void);
 # define ASN1_F_ASN1_ITEM_DUP                             191
 # define ASN1_F_ASN1_ITEM_EMBED_D2I                       120
 # define ASN1_F_ASN1_ITEM_EMBED_NEW                       121
+# define ASN1_F_ASN1_ITEM_EX_I2D                          144
 # define ASN1_F_ASN1_ITEM_FLAGS_I2D                       118
 # define ASN1_F_ASN1_ITEM_I2D_BIO                         192
 # define ASN1_F_ASN1_ITEM_I2D_FP                          193
@@ -145,6 +144,7 @@ int ERR_load_ASN1_strings(void);
 # define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
 # define ASN1_R_AUX_ERROR                                 100
 # define ASN1_R_BAD_OBJECT_HEADER                         102
+# define ASN1_R_BAD_TEMPLATE                              230
 # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
 # define ASN1_R_BN_LIB                                    105
 # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index 840450e67c..e91b43bffe 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x10101090L
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1i-dev  xx XXX xxxx"
+# define OPENSSL_VERSION_NUMBER  0x101010a0L
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1j-dev  xx XXX xxxx"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 7e22270485..e56c6b9595 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 423bb4d38a..cda6b7cc5b 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index fd3b79c4ef..3420ce65c7 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c
index 369023d5f1..18f0ca12e9 100644
--- a/test/asn1_decode_test.c
+++ b/test/asn1_decode_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -160,6 +160,41 @@ static int test_uint64(void)
     return 1;
 }
 
+typedef struct {
+    ASN1_STRING *invalidDirString;
+} INVALIDTEMPLATE;
+
+ASN1_SEQUENCE(INVALIDTEMPLATE) = {
+    /*
+     * DirectoryString is a CHOICE type so it must use explicit tagging -
+     * but we deliberately use implicit here, which makes this template invalid.
+     */
+    ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
+} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
+
+/* Empty sequence for invalid template test */
+static unsigned char t_invalid_template[] = {
+    0x30, 0x03,                  /* SEQUENCE tag + length */
+    0x0c, 0x01, 0x41             /* UTF8String, length 1, "A" */
+};
+
+static int test_invalid_template(void)
+{
+    const unsigned char *p = t_invalid_template;
+    INVALIDTEMPLATE *tmp = d2i_INVALIDTEMPLATE(NULL, &p,
+                                               sizeof(t_invalid_template));
+
+    /* We expect a NULL pointer return */
+    if (TEST_ptr_null(tmp))
+        return 1;
+
+    INVALIDTEMPLATE_free(tmp);
+    return 0;
+}
+
 int setup_tests(void)
 {
 #if OPENSSL_API_COMPAT < 0x10200000L
@@ -169,5 +204,6 @@ int setup_tests(void)
     ADD_TEST(test_uint32);
     ADD_TEST(test_int64);
     ADD_TEST(test_uint64);
+    ADD_TEST(test_invalid_template);
     return 1;
 }
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index ed920a4d66..51c3802942 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -856,6 +856,38 @@ static int test_uint64(void)
     return test_intern(&uint64_test_package);
 }
 
+typedef struct {
+    ASN1_STRING *invalidDirString;
+} INVALIDTEMPLATE;
+
+ASN1_SEQUENCE(INVALIDTEMPLATE) = {
+    /*
+     * DirectoryString is a CHOICE type so it must use explicit tagging -
+     * but we deliberately use implicit here, which makes this template invalid.
+     */
+    ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
+} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
+
+static int test_invalid_template(void)
+{
+    INVALIDTEMPLATE *temp = INVALIDTEMPLATE_new();
+    int ret;
+
+    if (!TEST_ptr(temp))
+        return 0;
+
+    ret = i2d_INVALIDTEMPLATE(temp, NULL);
+
+    INVALIDTEMPLATE_free(temp);
+
+    /* We expect the i2d operation to fail */
+    return ret < 0;
+}
+
+
 int setup_tests(void)
 {
 #if OPENSSL_API_COMPAT < 0x10200000L
@@ -866,5 +898,6 @@ int setup_tests(void)
     ADD_TEST(test_uint32);
     ADD_TEST(test_int64);
     ADD_TEST(test_uint64);
+    ADD_TEST(test_invalid_template);
     return 1;
 }
diff --git a/test/rsa_test.c b/test/rsa_test.c
index 98d5db8bee..84d62f00d5 100644
--- a/test/rsa_test.c
+++ b/test/rsa_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/v3nametest.c b/test/v3nametest.c
index 86f3829aed..b6832a00fc 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -359,8 +359,352 @@ static int call_run_cert(int i)
     return failed == 0;
 }
 
+struct gennamedata {
+    const unsigned char der[22];
+    size_t derlen;
+} gennames[] = {
+    {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     SEQUENCE {}
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
+        },
+        21
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     [APPLICATION 0] {}
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
+        },
+        21
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
+        },
+        22
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
+        *   [0] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
+        },
+        22
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     UTF8String { "b" }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
+        },
+        22
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     BOOLEAN { TRUE }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
+        },
+        22
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     BOOLEAN { FALSE }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
+        },
+        22
+    }, {
+        /* [1 PRIMITIVE] { "a" } */
+        {
+            0x81, 0x01, 0x61
+        },
+        3
+    }, {
+        /* [1 PRIMITIVE] { "b" } */
+        {
+            0x81, 0x01, 0x62
+        },
+        3
+    }, {
+        /* [2 PRIMITIVE] { "a" } */
+        {
+            0x82, 0x01, 0x61
+        },
+        3
+    }, {
+        /* [2 PRIMITIVE] { "b" } */
+        {
+            0x82, 0x01, 0x62
+        },
+        3
+    }, {
+        /*
+        * [4] {
+        *   SEQUENCE {
+        *     SET {
+        *       SEQUENCE {
+        *         # commonName
+        *         OBJECT_IDENTIFIER { 2.5.4.3 }
+        *         UTF8String { "a" }
+        *       }
+        *     }
+        *   }
+        * }
+        */
+        {
+            0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
+            0x04, 0x03, 0x0c, 0x01, 0x61
+        },
+        16
+    }, {
+        /*
+        * [4] {
+        *   SEQUENCE {
+        *     SET {
+        *       SEQUENCE {
+        *         # commonName
+        *         OBJECT_IDENTIFIER { 2.5.4.3 }
+        *         UTF8String { "b" }
+        *       }
+        *     }
+        *   }
+        * }
+        */
+        {
+            0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
+            0x04, 0x03, 0x0c, 0x01, 0x62
+        },
+        16
+    }, {
+        /*
+        * [5] {
+        *   [1] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
+        },
+        7
+    }, {
+        /*
+        * [5] {
+        *   [1] {
+        *     UTF8String { "b" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
+        },
+        7
+    }, {
+        /*
+        * [5] {
+        *   [0] {
+        *     UTF8String {}
+        *   }
+        *   [1] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
+        },
+        11
+    }, {
+        /*
+        * [5] {
+        *   [0] {
+        *     UTF8String { "a" }
+        *   }
+        *   [1] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
+            0x61
+        },
+        12
+    }, {
+        /*
+        * [5] {
+        *   [0] {
+        *     UTF8String { "b" }
+        *   }
+        *   [1] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
+            0x61
+        },
+        12
+    }, {
+        /* [6 PRIMITIVE] { "a" } */
+        {
+            0x86, 0x01, 0x61
+        },
+        3
+    }, {
+        /* [6 PRIMITIVE] { "b" } */
+        {
+            0x86, 0x01, 0x62
+        },
+        3
+    }, {
+        /* [7 PRIMITIVE] { `11111111` } */
+        {
+            0x87, 0x04, 0x11, 0x11, 0x11, 0x11
+        },
+        6
+    }, {
+        /* [7 PRIMITIVE] { `22222222`} */
+        {
+            0x87, 0x04, 0x22, 0x22, 0x22, 0x22
+        },
+        6
+    }, {
+        /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
+        {
+            0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+            0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
+        },
+        18
+    }, {
+        /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
+        {
+            0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+            0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
+        },
+        18
+    }, {
+        /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
+        {
+            0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
+            0xb7, 0x09, 0x02, 0x01
+        },
+        15
+    }, {
+        /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
+        {
+            0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
+            0xb7, 0x09, 0x02, 0x02
+        },
+        15
+    }
+};
+
+static int test_GENERAL_NAME_cmp(void)
+{
+    size_t i, j;
+    GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
+                                           * OSSL_NELEM(gennames));
+    GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
+                                           * OSSL_NELEM(gennames));
+    int testresult = 0;
+
+    if (!TEST_ptr(namesa) || !TEST_ptr(namesb))
+        goto end;
+
+    for (i = 0; i < OSSL_NELEM(gennames); i++) {
+        const unsigned char *derp = gennames[i].der;
+
+        /*
+         * We create two versions of each GENERAL_NAME so that we ensure when
+         * we compare them they are always different pointers.
+         */
+        namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
+        derp = gennames[i].der;
+        namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
+        if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i]))
+            goto end;
+    }
+
+    /* Every name should be equal to itself and not equal to any others. */
+    for (i = 0; i < OSSL_NELEM(gennames); i++) {
+        for (j = 0; j < OSSL_NELEM(gennames); j++) {
+            if (i == j) {
+                if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
+                    goto end;
+            } else {
+                if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
+                    goto end;
+            }
+        }
+    }
+    testresult = 1;
+
+ end:
+    for (i = 0; i < OSSL_NELEM(gennames); i++) {
+        if (namesa != NULL)
+            GENERAL_NAME_free(namesa[i]);
+        if (namesb != NULL)
+            GENERAL_NAME_free(namesb[i]);
+    }
+    OPENSSL_free(namesa);
+    OPENSSL_free(namesb);
+
+    return testresult;
+}
+
 int setup_tests(void)
 {
     ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns));
+    ADD_TEST(test_GENERAL_NAME_cmp);
     return 1;
 }


More information about the openssl-commits mailing list