Commit 0f1c30b0 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Reject invalid constructed encodings. 



According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>

(cherry picked from commit f5e4b6b5)

Conflicts:
	crypto/asn1/asn1_err.c
parent c4b96963

crypto/asn1/asn1.h

+1 −0
Original line number Diff line number Diff line
@@ -1377,6 +1377,7 @@ void ERR_load_ASN1_strings(void); 
#define ASN1_R_TIME_NOT_ASCII_FORMAT			 193

#define ASN1_R_TOO_LONG					 155

#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156

#define ASN1_R_TYPE_NOT_PRIMITIVE			 218

#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157

#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158

#define ASN1_R_UNEXPECTED_EOC				 159

crypto/asn1/asn1_err.c

+2 −1
Original line number Diff line number Diff line 
/* crypto/asn1/asn1_err.c */

/* ====================================================================

 * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions
@@ -293,6 +293,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= 
{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},

{ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},

{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},

{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE)   ,"type not primitive"},

{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},

{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},

{ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},

crypto/asn1/tasn_dec.c

+8 −0
Original line number Diff line number Diff line
@@ -870,6 +870,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, 
		}

	else if (cst)

		{

		if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN

			|| utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER

			|| utype == V_ASN1_ENUMERATED)

			{

			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,

				ASN1_R_TYPE_NOT_PRIMITIVE);

			return 0;

			}

		buf.length = 0;

		buf.max = 0;

		buf.data = NULL;