Merge pull request #373 from libtom/fix/der-recursion-limit
implement DER recursion limit (cherry picked from commit af67321bf3cde1a470c679e459ebb8189e38c9bd)
This commit is contained in:
parent
3249dcb963
commit
719d297e9f
@ -472,6 +472,13 @@
|
|||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(LTC_DER)
|
||||||
|
#ifndef LTC_DER_MAX_RECURSION
|
||||||
|
/* Maximum recursion limit when processing nested ASN.1 types. */
|
||||||
|
#define LTC_DER_MAX_RECURSION 30
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT)
|
#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT)
|
||||||
/* Include the MPI functionality? (required by the PK algorithms) */
|
/* Include the MPI functionality? (required by the PK algorithms) */
|
||||||
#define LTC_MPI
|
#define LTC_MPI
|
||||||
|
@ -398,6 +398,7 @@ const char *crypt_build_settings =
|
|||||||
#endif
|
#endif
|
||||||
#if defined(LTC_DER)
|
#if defined(LTC_DER)
|
||||||
" DER "
|
" DER "
|
||||||
|
" " NAME_VALUE(LTC_DER_MAX_RECURSION) " "
|
||||||
#endif
|
#endif
|
||||||
#if defined(LTC_PKCS_1)
|
#if defined(LTC_PKCS_1)
|
||||||
" PKCS#1 "
|
" PKCS#1 "
|
||||||
|
@ -111,6 +111,7 @@ static const crypt_constant _crypt_constants[] = {
|
|||||||
|
|
||||||
#ifdef LTC_DER
|
#ifdef LTC_DER
|
||||||
/* DER handling */
|
/* DER handling */
|
||||||
|
{"LTC_DER", 1},
|
||||||
_C_STRINGIFY(LTC_ASN1_EOL),
|
_C_STRINGIFY(LTC_ASN1_EOL),
|
||||||
_C_STRINGIFY(LTC_ASN1_BOOLEAN),
|
_C_STRINGIFY(LTC_ASN1_BOOLEAN),
|
||||||
_C_STRINGIFY(LTC_ASN1_INTEGER),
|
_C_STRINGIFY(LTC_ASN1_INTEGER),
|
||||||
@ -132,6 +133,9 @@ static const crypt_constant _crypt_constants[] = {
|
|||||||
_C_STRINGIFY(LTC_ASN1_CONSTRUCTED),
|
_C_STRINGIFY(LTC_ASN1_CONSTRUCTED),
|
||||||
_C_STRINGIFY(LTC_ASN1_CONTEXT_SPECIFIC),
|
_C_STRINGIFY(LTC_ASN1_CONTEXT_SPECIFIC),
|
||||||
_C_STRINGIFY(LTC_ASN1_GENERALIZEDTIME),
|
_C_STRINGIFY(LTC_ASN1_GENERALIZEDTIME),
|
||||||
|
_C_STRINGIFY(LTC_DER_MAX_RECURSION),
|
||||||
|
#else
|
||||||
|
{"LTC_DER", 0},
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef LTC_CTR_MODE
|
#ifdef LTC_CTR_MODE
|
||||||
|
@ -79,7 +79,7 @@ static int _new_element(ltc_asn1_list **l)
|
|||||||
*/
|
*/
|
||||||
int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out)
|
int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out)
|
||||||
{
|
{
|
||||||
ltc_asn1_list *l;
|
ltc_asn1_list *l, *t;
|
||||||
unsigned long err, type, len, totlen, data_offset;
|
unsigned long err, type, len, totlen, data_offset;
|
||||||
void *realloc_tmp;
|
void *realloc_tmp;
|
||||||
|
|
||||||
@ -407,6 +407,17 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
|
|||||||
l->child->parent = l;
|
l->child->parent = l;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
t = l;
|
||||||
|
len_len = 0;
|
||||||
|
while((t != NULL) && (t->child != NULL)) {
|
||||||
|
len_len++;
|
||||||
|
t = t->child;
|
||||||
|
}
|
||||||
|
if (len_len > LTC_DER_MAX_RECURSION) {
|
||||||
|
err = CRYPT_PK_ASN1_ERROR;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 0x80: /* Context-specific */
|
case 0x80: /* Context-specific */
|
||||||
|
@ -16,9 +16,11 @@ extern prng_state yarrow_prng;
|
|||||||
#ifdef LTC_VERBOSE
|
#ifdef LTC_VERBOSE
|
||||||
#define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
|
#define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
|
||||||
#define DOX(x, str) do { fprintf(stderr, "%s - %s:\n", #x, (str)); run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
|
#define DOX(x, str) do { fprintf(stderr, "%s - %s:\n", #x, (str)); run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
|
||||||
|
#define SHOULD_FAIL(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
|
||||||
#else
|
#else
|
||||||
#define DO(x) do { run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
|
#define DO(x) do { run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
|
||||||
#define DOX(x, str) do { run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
|
#define DOX(x, str) do { run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
|
||||||
|
#define SHOULD_FAIL(x) do { run_cmd((x) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void run_cmd(int res, int line, const char *file, const char *cmd, const char *algorithm);
|
void run_cmd(int res, int line, const char *file, const char *cmd, const char *algorithm);
|
||||||
|
@ -1094,6 +1094,25 @@ static int der_choice_test(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void _der_recursion_limit(void)
|
||||||
|
{
|
||||||
|
int failed = 0;
|
||||||
|
unsigned int n;
|
||||||
|
unsigned long integer = 123, s;
|
||||||
|
ltc_asn1_list seqs[LTC_DER_MAX_RECURSION + 2], dummy[1], *flexi;
|
||||||
|
unsigned char buf[2048];
|
||||||
|
LTC_SET_ASN1(dummy, 0, LTC_ASN1_SHORT_INTEGER, &integer, 1);
|
||||||
|
LTC_SET_ASN1(seqs, LTC_DER_MAX_RECURSION + 1, LTC_ASN1_SEQUENCE, dummy, 1);
|
||||||
|
for (n = 0; n < LTC_DER_MAX_RECURSION + 1; ++n) {
|
||||||
|
LTC_SET_ASN1(seqs, LTC_DER_MAX_RECURSION - n, LTC_ASN1_SEQUENCE, &seqs[LTC_DER_MAX_RECURSION - n + 1], 1);
|
||||||
|
}
|
||||||
|
s = sizeof(buf);
|
||||||
|
DO(der_encode_sequence(seqs, 1, buf, &s));
|
||||||
|
DO(der_decode_sequence(buf, s, seqs, 1));
|
||||||
|
SHOULD_FAIL(der_decode_sequence_flexi(buf, &s, &flexi));
|
||||||
|
if (failed) exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
int der_test(void)
|
int der_test(void)
|
||||||
{
|
{
|
||||||
unsigned long x, y, z, zz, oid[2][32];
|
unsigned long x, y, z, zz, oid[2][32];
|
||||||
@ -1126,6 +1145,8 @@ int der_test(void)
|
|||||||
unsigned char utf8_buf[32];
|
unsigned char utf8_buf[32];
|
||||||
wchar_t utf8_out[32];
|
wchar_t utf8_out[32];
|
||||||
|
|
||||||
|
|
||||||
|
_der_recursion_limit();
|
||||||
der_cacert_test();
|
der_cacert_test();
|
||||||
|
|
||||||
DO(mp_init_multi(&a, &b, &c, &d, &e, &f, &g, NULL));
|
DO(mp_init_multi(&a, &b, &c, &d, &e, &f, &g, NULL));
|
||||||
|
Loading…
x
Reference in New Issue
Block a user