[openssl] OpenSSL_1_1_1-stable update
Richard Levitte
levitte at openssl.org
Sat Jul 10 10:07:59 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via ea26844c4f624ef515d9228d3b623761a369b049 (commit)
via f1d97905bbd8679b7647c992b97f526791069040 (commit)
via 5434acb6c4d56507d761b28f7e142ccab808a8fa (commit)
via 006906cddda37e24a66443199444ef4476697477 (commit)
via 12e9b74c513a8ed3c1c260cf25221a465ae14b84 (commit)
from 6eba6a9b35e97f8fc9fee33a7bdfff0bed04a6dc (commit)
- Log -----------------------------------------------------------------
commit ea26844c4f624ef515d9228d3b623761a369b049
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Jul 9 09:14:11 2021 +0200
make update (adds a new function code)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
commit f1d97905bbd8679b7647c992b97f526791069040
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Jul 9 08:51:55 2021 +0200
Fix test/asn1_encode_test.c to handle encoding/decoding failure
Make it only report (and fail on) encoding/decoding failures when success
is expected.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
commit 5434acb6c4d56507d761b28f7e142ccab808a8fa
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Jul 9 08:31:24 2021 +0200
Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN
ASN1_FBOOLEAN is designed to use as a default for optional ASN1 items.
This test program used it for non-optional items, which doesn't encode
well.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
commit 006906cddda37e24a66443199444ef4476697477
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Jul 8 13:38:45 2021 +0200
ASN.1: Refuse to encode to DER if non-optional items are missing
Fixes #16026
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
commit 12e9b74c513a8ed3c1c260cf25221a465ae14b84
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Jul 8 13:33:28 2021 +0200
TEST: Check that i2d refuses to encode non-optional items with no content
The test case creates an RSA public key and tries to pass it through
i2d_PrivateKey(). This SHOULD fail, since the private bits are missing.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn1_err.c | 4 +++-
crypto/asn1/tasn_enc.c | 30 ++++++++++++++++--------
crypto/err/openssl.txt | 1 +
include/openssl/asn1err.h | 3 ++-
test/asn1_encode_test.c | 59 +++++++++++++++++++++++++----------------------
test/asn1_internal_test.c | 38 ++++++++++++++++++++++++++++++
6 files changed, 97 insertions(+), 38 deletions(-)
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index cc0a59ca4c..50003a8531 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -82,6 +82,8 @@ static const ERR_STRING_DATA ASN1_str_functs[] = {
"ASN1_STRING_type_new"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0),
"asn1_template_ex_d2i"},
+ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_I2D, 0),
+ "asn1_template_ex_i2d"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0),
"asn1_template_noexp_d2i"},
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index bcc96337bc..6eb300a21e 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -213,7 +213,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
const ASN1_TEMPLATE *tt, int tag, int iclass)
{
- int i, ret, flags, ttag, tclass, ndef;
+ int i, ret, flags, ttag, tclass, ndef, len;
ASN1_VALUE *tval;
flags = tt->flags;
@@ -300,13 +300,17 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
/* Determine total length of items */
skcontlen = 0;
for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
- int tmplen;
skitem = sk_ASN1_VALUE_value(sk, i);
- tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
- -1, iclass);
- if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+ len = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
+ -1, iclass);
+ if (len == -1 || (skcontlen > INT_MAX - len))
+ return -1;
+ if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D,
+ ASN1_R_ILLEGAL_ZERO_CONTENT);
return -1;
- skcontlen += tmplen;
+ }
+ skcontlen += len;
}
sklen = ASN1_object_size(ndef, skcontlen, sktag);
if (sklen == -1)
@@ -344,6 +348,10 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
if (!i)
return 0;
+ if (i == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D, ASN1_R_ILLEGAL_ZERO_CONTENT);
+ return -1;
+ }
/* Find length of EXPLICIT tag */
ret = ASN1_object_size(ndef, i, ttag);
if (out && ret != -1) {
@@ -357,9 +365,13 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
}
/* Either normal or IMPLICIT tagging: combine class and flags */
- return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
- ttag, tclass | iclass);
-
+ len = ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+ ttag, tclass | iclass);
+ if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D, ASN1_R_ILLEGAL_ZERO_CONTENT);
+ return -1;
+ }
+ return len;
}
/* Temporary structure used to hold DER encoding of items for SET OF */
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 017a9a6652..34b1bb8b84 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -60,6 +60,7 @@ ASN1_F_ASN1_STRING_TABLE_ADD:129:ASN1_STRING_TABLE_add
ASN1_F_ASN1_STRING_TO_BN:228:asn1_string_to_bn
ASN1_F_ASN1_STRING_TYPE_NEW:130:ASN1_STRING_type_new
ASN1_F_ASN1_TEMPLATE_EX_D2I:132:asn1_template_ex_d2i
+ASN1_F_ASN1_TEMPLATE_EX_I2D:145:asn1_template_ex_i2d
ASN1_F_ASN1_TEMPLATE_NEW:133:asn1_template_new
ASN1_F_ASN1_TEMPLATE_NOEXP_D2I:131:asn1_template_noexp_d2i
ASN1_F_ASN1_TIME_ADJ:217:ASN1_TIME_adj
diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h
index e1ad1fefec..fc72bb70f4 100644
--- a/include/openssl/asn1err.h
+++ b/include/openssl/asn1err.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -75,6 +75,7 @@ int ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_STRING_TO_BN 228
# define ASN1_F_ASN1_STRING_TYPE_NEW 130
# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
+# define ASN1_F_ASN1_TEMPLATE_EX_I2D 145
# define ASN1_F_ASN1_TEMPLATE_NEW 133
# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
# define ASN1_F_ASN1_TIME_ADJ 217
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index 51c3802942..dc0dfaf7b5 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -190,7 +190,7 @@ typedef struct {
} ASN1_LONG_DATA;
ASN1_SEQUENCE(ASN1_LONG_DATA) = {
- ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_BOOLEAN),
ASN1_SIMPLE(ASN1_LONG_DATA, test_long, LONG),
ASN1_EXP_OPT(ASN1_LONG_DATA, test_zlong, ZLONG, 0)
} static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
@@ -280,7 +280,7 @@ typedef struct {
} ASN1_INT32_DATA;
ASN1_SEQUENCE(ASN1_INT32_DATA) = {
- ASN1_SIMPLE(ASN1_INT32_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_INT32_DATA, success, ASN1_BOOLEAN),
ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32),
ASN1_EXP_OPT_EMBED(ASN1_INT32_DATA, test_zint32, ZINT32, 0)
} static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
@@ -328,7 +328,7 @@ typedef struct {
} ASN1_UINT32_DATA;
ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
- ASN1_SIMPLE(ASN1_UINT32_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_UINT32_DATA, success, ASN1_BOOLEAN),
ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32),
ASN1_EXP_OPT_EMBED(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0)
} static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
@@ -376,7 +376,7 @@ typedef struct {
} ASN1_INT64_DATA;
ASN1_SEQUENCE(ASN1_INT64_DATA) = {
- ASN1_SIMPLE(ASN1_INT64_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_INT64_DATA, success, ASN1_BOOLEAN),
ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64),
ASN1_EXP_OPT_EMBED(ASN1_INT64_DATA, test_zint64, ZINT64, 0)
} static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
@@ -425,7 +425,7 @@ typedef struct {
} ASN1_UINT64_DATA;
ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
- ASN1_SIMPLE(ASN1_UINT64_DATA, success, ASN1_FBOOLEAN),
+ ASN1_SIMPLE(ASN1_UINT64_DATA, success, ASN1_BOOLEAN),
ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64),
ASN1_EXP_OPT_EMBED(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0)
} static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
@@ -742,14 +742,17 @@ static int test_intern(const TEST_PACKAGE *package)
sizeof(test_custom_data) / sizeof(test_custom_data[0]));
for (i = 0; i < nelems; i++) {
size_t pos = i * package->encode_expectations_elem_size;
- switch (do_encode_custom((EXPECTED *)&((unsigned char *)package
- ->encode_expectations)[pos],
- &test_custom_data[i], package)) {
+ EXPECTED *expected
+ = (EXPECTED *)&((unsigned char *)package->encode_expectations)[pos];
+
+ switch (do_encode_custom(expected, &test_custom_data[i], package)) {
case -1:
- TEST_error("Failed custom encode round trip %u of %s",
- i, package->name);
- TEST_openssl_errors();
- fail++;
+ if (expected->success) {
+ TEST_error("Failed custom encode round trip %u of %s",
+ i, package->name);
+ TEST_openssl_errors();
+ fail++;
+ }
break;
case 0:
TEST_error("Custom encode round trip %u of %s mismatch",
@@ -763,16 +766,16 @@ static int test_intern(const TEST_PACKAGE *package)
OPENSSL_die("do_encode_custom() return unknown value",
__FILE__, __LINE__);
}
- switch (do_decode_custom(&test_custom_data[i],
- (EXPECTED *)&((unsigned char *)package
- ->encode_expectations)[pos],
+ switch (do_decode_custom(&test_custom_data[i], expected,
package->encode_expectations_elem_size,
package)) {
case -1:
- TEST_error("Failed custom decode round trip %u of %s",
- i, package->name);
- TEST_openssl_errors();
- fail++;
+ if (expected->success) {
+ TEST_error("Failed custom decode round trip %u of %s",
+ i, package->name);
+ TEST_openssl_errors();
+ fail++;
+ }
break;
case 0:
TEST_error("Custom decode round trip %u of %s mismatch",
@@ -792,15 +795,17 @@ static int test_intern(const TEST_PACKAGE *package)
nelems = package->encdec_data_size / package->encdec_data_elem_size;
for (i = 0; i < nelems; i++) {
size_t pos = i * package->encdec_data_elem_size;
- switch (do_enc_dec((EXPECTED *)&((unsigned char *)package
- ->encdec_data)[pos],
- package->encdec_data_elem_size,
- package)) {
+ EXPECTED *expected
+ = (EXPECTED *)&((unsigned char *)package->encdec_data)[pos];
+
+ switch (do_enc_dec(expected, package->encdec_data_elem_size, package)) {
case -1:
- TEST_error("Failed encode/decode round trip %u of %s",
- i, package->name);
- TEST_openssl_errors();
- fail++;
+ if (expected->success) {
+ TEST_error("Failed encode/decode round trip %u of %s",
+ i, package->name);
+ TEST_openssl_errors();
+ fail++;
+ }
break;
case 0:
TEST_error("Encode/decode round trip %u of %s mismatch",
diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
index 865e058421..146d8a8994 100644
--- a/test/asn1_internal_test.c
+++ b/test/asn1_internal_test.c
@@ -107,9 +107,47 @@ static int test_standard_methods(void)
return 0;
}
+/**********************************************************************
+ *
+ * Test of that i2d fail on non-existing non-optional items
+ *
+ ***/
+
+#include <openssl/rsa.h>
+
+static int test_empty_nonoptional_content(void)
+{
+ RSA *rsa = NULL;
+ BIGNUM *n = NULL;
+ BIGNUM *e = NULL;
+ int ok = 0;
+
+ if (!TEST_ptr(rsa = RSA_new())
+ || !TEST_ptr(n = BN_new())
+ || !TEST_ptr(e = BN_new())
+ || !TEST_true(RSA_set0_key(rsa, n, e, NULL)))
+ goto end;
+
+ n = e = NULL; /* They are now "owned" by |rsa| */
+
+ /*
+ * This SHOULD fail, as we're trying to encode a public key as a private
+ * key. The private key bits MUST be present for a proper RSAPrivateKey.
+ */
+ if (TEST_int_le(i2d_RSAPrivateKey(rsa, NULL), 0))
+ ok = 1;
+
+ end:
+ RSA_free(rsa);
+ BN_free(n);
+ BN_free(e);
+ return ok;
+}
+
int setup_tests(void)
{
ADD_TEST(test_tbl_standard);
ADD_TEST(test_standard_methods);
+ ADD_TEST(test_empty_nonoptional_content);
return 1;
}
More information about the openssl-commits
mailing list