|
|
|
|
/* Copyright (c) 2016, Google Inc.
|
|
|
|
|
*
|
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
|
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
|
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
|
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
|
|
|
|
|
|
#include <limits.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
|
|
#include <gtest/gtest.h>
|
|
|
|
|
|
|
|
|
|
#include <openssl/asn1.h>
|
|
|
|
|
#include <openssl/asn1t.h>
|
|
|
|
|
#include <openssl/bytestring.h>
|
|
|
|
|
#include <openssl/err.h>
|
|
|
|
|
#include <openssl/mem.h>
|
|
|
|
|
#include <openssl/obj.h>
|
|
|
|
|
#include <openssl/span.h>
|
|
|
|
|
#include <openssl/x509v3.h>
|
|
|
|
|
|
|
|
|
|
#include "../test/test_util.h"
|
|
|
|
|
#include "internal.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// kTag128 is an ASN.1 structure with a universal tag with number 128.
|
|
|
|
|
static const uint8_t kTag128[] = {
|
|
|
|
|
0x1f, 0x81, 0x00, 0x01, 0x00,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// kTag258 is an ASN.1 structure with a universal tag with number 258.
|
|
|
|
|
static const uint8_t kTag258[] = {
|
|
|
|
|
0x1f, 0x82, 0x02, 0x01, 0x00,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static_assert(V_ASN1_NEG_INTEGER == 258,
|
|
|
|
|
"V_ASN1_NEG_INTEGER changed. Update kTag258 to collide with it.");
|
|
|
|
|
|
|
|
|
|
// kTagOverflow is an ASN.1 structure with a universal tag with number 2^35-1,
|
|
|
|
|
// which will not fit in an int.
|
|
|
|
|
static const uint8_t kTagOverflow[] = {
|
|
|
|
|
0x1f, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x01, 0x00,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, LargeTags) {
|
|
|
|
|
const uint8_t *p = kTag258;
|
|
|
|
|
bssl::UniquePtr<ASN1_TYPE> obj(d2i_ASN1_TYPE(NULL, &p, sizeof(kTag258)));
|
|
|
|
|
EXPECT_FALSE(obj) << "Parsed value with illegal tag" << obj->type;
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
|
|
|
|
|
p = kTagOverflow;
|
|
|
|
|
obj.reset(d2i_ASN1_TYPE(NULL, &p, sizeof(kTagOverflow)));
|
|
|
|
|
EXPECT_FALSE(obj) << "Parsed value with tag overflow" << obj->type;
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
|
|
|
|
|
p = kTag128;
|
|
|
|
|
obj.reset(d2i_ASN1_TYPE(NULL, &p, sizeof(kTag128)));
|
|
|
|
|
ASSERT_TRUE(obj);
|
|
|
|
|
EXPECT_EQ(128, obj->type);
|
|
|
|
|
const uint8_t kZero = 0;
|
|
|
|
|
EXPECT_EQ(Bytes(&kZero, 1), Bytes(obj->value.asn1_string->data,
|
|
|
|
|
obj->value.asn1_string->length));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, IntegerSetting) {
|
Unwind M_ASN1_* macros for primitive types.
At one point in the SSLeay days, all the ASN1_STRING typedefs were
separate structs (but only in debug builds) and the M_ASN1_* macros
included type casts to handle this.
This is long gone, but we still have the M_ASN1_* macros. Remove the
casts and switch code within the library to call the macros. Some
subtleties:
- The "MSTRING" types (what OpenSSL calls its built-in CHOICEs
containing some set of string types) are weird because the M_FOO_new()
macro and the tasn_new.c FOO_new() function behave differently. I've
split those into a separate CL.
- ASN1_STRING_type, etc., call into the macro, which accesses the field
directly. This CL inverts the dependency.
- ASN1_INTEGER_new and ASN1_INTEGER_free, etc., are generated via
IMPLEMENT_ASN1_STRING_FUNCTIONS in tasn_typ.c. I've pointed
M_ASN1_INTEGER_new and M_ASN1_INTEGER_free to these fields. (The free
function is a no-op, but consistent.)
- The other macros like M_ASN1_BIT_STRING_dup largely do not have
corresponding functions. I've aligned with OpenSSL in just using the
generic ASN1_STRING_dup function. But some others, like
M_ASN1_OCTET_STRING_dup have a corresponding ASN1_OCTET_STRING_dup
function. OpenSSL retained these, so I have too.
Update-Note: Some external code uses the M_ASN1_* macros. This should
remain compatible, but some type errors may have gotten through
unnoticed. This CL restores type-checking.
Change-Id: I8656abc7d0f179192e05a852c97483c021ad9b20
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44045
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
bssl::UniquePtr<ASN1_INTEGER> by_bn(ASN1_INTEGER_new());
|
|
|
|
|
bssl::UniquePtr<ASN1_INTEGER> by_long(ASN1_INTEGER_new());
|
|
|
|
|
bssl::UniquePtr<ASN1_INTEGER> by_uint64(ASN1_INTEGER_new());
|
|
|
|
|
bssl::UniquePtr<BIGNUM> bn(BN_new());
|
|
|
|
|
|
|
|
|
|
const std::vector<int64_t> kValues = {
|
|
|
|
|
LONG_MIN, -2, -1, 0, 1, 2, 0xff, 0x100, 0xffff, 0x10000, LONG_MAX,
|
|
|
|
|
};
|
|
|
|
|
for (const auto &i : kValues) {
|
|
|
|
|
SCOPED_TRACE(i);
|
|
|
|
|
|
|
|
|
|
ASSERT_EQ(1, ASN1_INTEGER_set(by_long.get(), i));
|
|
|
|
|
const uint64_t abs = i < 0 ? (0 - (uint64_t) i) : i;
|
|
|
|
|
ASSERT_TRUE(BN_set_u64(bn.get(), abs));
|
|
|
|
|
BN_set_negative(bn.get(), i < 0);
|
|
|
|
|
ASSERT_TRUE(BN_to_ASN1_INTEGER(bn.get(), by_bn.get()));
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(0, ASN1_INTEGER_cmp(by_bn.get(), by_long.get()));
|
|
|
|
|
|
|
|
|
|
if (i >= 0) {
|
|
|
|
|
ASSERT_EQ(1, ASN1_INTEGER_set_uint64(by_uint64.get(), i));
|
|
|
|
|
EXPECT_EQ(0, ASN1_INTEGER_cmp(by_bn.get(), by_uint64.get()));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template <typename T>
|
|
|
|
|
void TestSerialize(T obj, int (*i2d_func)(T a, uint8_t **pp),
|
|
|
|
|
bssl::Span<const uint8_t> expected) {
|
Compute ASN.1 BIT STRING sizes more consistently.
OpenSSL's BIT STRING representation has two modes, one where it
implicitly trims trailing zeros and the other where the number of unused
bits is explicitly set. This means logic in ASN1_item_verify, or
elsewhere in callers, that checks flags and ASN1_STRING_length is
inconsistent with i2c_ASN1_BIT_STRING.
Add ASN1_BIT_STRING_num_bytes for code that needs to deal with X.509
using BIT STRING for some fields instead of OCTET STRING. Switch
ASN1_item_verify to it. Some external code does this too, so export it
as public API.
This is mostly a theoretical issue. All parsed BIT STRINGS use explicit
byte strings, and there are no APIs (apart from not-yet-opaquified
structs) to specify the ASN1_STRING in X509, etc., structures. We
intentionally made X509_set1_signature_value, etc., internally construct
the ASN1_STRING. Still having an API is more consistent and helps nudge
callers towards rejecting excess bits when they want bytes.
It may also be worth a public API for consistently accessing the bit
count. I've left it alone for now because I've not seen callers that
need it, and it saves worrying about bytes-to-bits overflows.
This also fixes a bug in the original version of the truncating logic
when the entire string was all zeros, and const-corrects a few
parameters.
Change-Id: I9d29842a3d3264b0cde61ca8cfea07d02177dbc2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48225
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
// Test the allocating version first. It is easiest to debug.
|
|
|
|
|
uint8_t *ptr = nullptr;
|
|
|
|
|
int len = i2d_func(obj, &ptr);
|
|
|
|
|
ASSERT_GT(len, 0);
|
|
|
|
|
EXPECT_EQ(Bytes(expected), Bytes(ptr, len));
|
|
|
|
|
OPENSSL_free(ptr);
|
|
|
|
|
|
|
|
|
|
len = i2d_func(obj, nullptr);
|
|
|
|
|
ASSERT_GT(len, 0);
|
|
|
|
|
EXPECT_EQ(len, static_cast<int>(expected.size()));
|
|
|
|
|
|
Compute ASN.1 BIT STRING sizes more consistently.
OpenSSL's BIT STRING representation has two modes, one where it
implicitly trims trailing zeros and the other where the number of unused
bits is explicitly set. This means logic in ASN1_item_verify, or
elsewhere in callers, that checks flags and ASN1_STRING_length is
inconsistent with i2c_ASN1_BIT_STRING.
Add ASN1_BIT_STRING_num_bytes for code that needs to deal with X.509
using BIT STRING for some fields instead of OCTET STRING. Switch
ASN1_item_verify to it. Some external code does this too, so export it
as public API.
This is mostly a theoretical issue. All parsed BIT STRINGS use explicit
byte strings, and there are no APIs (apart from not-yet-opaquified
structs) to specify the ASN1_STRING in X509, etc., structures. We
intentionally made X509_set1_signature_value, etc., internally construct
the ASN1_STRING. Still having an API is more consistent and helps nudge
callers towards rejecting excess bits when they want bytes.
It may also be worth a public API for consistently accessing the bit
count. I've left it alone for now because I've not seen callers that
need it, and it saves worrying about bytes-to-bits overflows.
This also fixes a bug in the original version of the truncating logic
when the entire string was all zeros, and const-corrects a few
parameters.
Change-Id: I9d29842a3d3264b0cde61ca8cfea07d02177dbc2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48225
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
std::vector<uint8_t> buf(len);
|
|
|
|
|
ptr = buf.data();
|
|
|
|
|
len = i2d_func(obj, &ptr);
|
|
|
|
|
ASSERT_EQ(len, static_cast<int>(expected.size()));
|
|
|
|
|
EXPECT_EQ(ptr, buf.data() + buf.size());
|
|
|
|
|
EXPECT_EQ(Bytes(expected), Bytes(buf));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, SerializeObject) {
|
|
|
|
|
static const uint8_t kDER[] = {0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
|
|
|
|
0xf7, 0x0d, 0x01, 0x01, 0x01};
|
|
|
|
|
const ASN1_OBJECT *obj = OBJ_nid2obj(NID_rsaEncryption);
|
|
|
|
|
TestSerialize(obj, i2d_ASN1_OBJECT, kDER);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, SerializeBoolean) {
|
|
|
|
|
static const uint8_t kTrue[] = {0x01, 0x01, 0xff};
|
|
|
|
|
TestSerialize(0xff, i2d_ASN1_BOOLEAN, kTrue);
|
|
|
|
|
// Other constants are also correctly encoded as TRUE.
|
|
|
|
|
TestSerialize(1, i2d_ASN1_BOOLEAN, kTrue);
|
|
|
|
|
TestSerialize(0x100, i2d_ASN1_BOOLEAN, kTrue);
|
|
|
|
|
|
|
|
|
|
static const uint8_t kFalse[] = {0x01, 0x01, 0x00};
|
|
|
|
|
TestSerialize(0x00, i2d_ASN1_BOOLEAN, kFalse);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The templates go through a different codepath, so test them separately.
|
|
|
|
|
TEST(ASN1Test, SerializeEmbeddedBoolean) {
|
|
|
|
|
bssl::UniquePtr<BASIC_CONSTRAINTS> val(BASIC_CONSTRAINTS_new());
|
|
|
|
|
ASSERT_TRUE(val);
|
|
|
|
|
|
|
|
|
|
// BasicConstraints defaults to FALSE, so the encoding should be empty.
|
|
|
|
|
static const uint8_t kLeaf[] = {0x30, 0x00};
|
|
|
|
|
val->ca = 0;
|
|
|
|
|
TestSerialize(val.get(), i2d_BASIC_CONSTRAINTS, kLeaf);
|
|
|
|
|
|
|
|
|
|
// TRUE should always be encoded as 0xff, independent of what value the caller
|
|
|
|
|
// placed in the |ASN1_BOOLEAN|.
|
|
|
|
|
static const uint8_t kCA[] = {0x30, 0x03, 0x01, 0x01, 0xff};
|
|
|
|
|
val->ca = 0xff;
|
|
|
|
|
TestSerialize(val.get(), i2d_BASIC_CONSTRAINTS, kCA);
|
|
|
|
|
val->ca = 1;
|
|
|
|
|
TestSerialize(val.get(), i2d_BASIC_CONSTRAINTS, kCA);
|
|
|
|
|
val->ca = 0x100;
|
|
|
|
|
TestSerialize(val.get(), i2d_BASIC_CONSTRAINTS, kCA);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, ASN1Type) {
|
|
|
|
|
const struct {
|
|
|
|
|
int type;
|
|
|
|
|
std::vector<uint8_t> der;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
// BOOLEAN { TRUE }
|
|
|
|
|
{V_ASN1_BOOLEAN, {0x01, 0x01, 0xff}},
|
|
|
|
|
// BOOLEAN { FALSE }
|
|
|
|
|
{V_ASN1_BOOLEAN, {0x01, 0x01, 0x00}},
|
|
|
|
|
// OCTET_STRING { "a" }
|
|
|
|
|
{V_ASN1_OCTET_STRING, {0x04, 0x01, 0x61}},
|
Correctly handle invalid ASN1_OBJECTs when encoding.
asn1_ex_i2c actually does have an error condition, it just wasn't being
handled.
628b3c7f2fdf68519c27dc087c400ca616616f4e, imported from upstream's
f3f8e72f494b36d05e0d04fe418f92b692fbb261, tried to check for OID-less
ASN1_OBJECTs and return an error. But it and the upstream change didn't
actually work. -1 in this function means to omit the object, so OpenSSL
was silently misinterpreting the input structure.
This changes the calling convention for asn1_ex_i2c to support this. It
is, unfortunately, a little messy because:
1. One cannot check for object presense without walking the
ASN1_ITEM/ASN1_TEMPLATE structures. You can *almost* check if *pval
is NULL, but ASN1_BOOLEAN is an int with -1 to indicate an omitted
optional. There are also FBOOLEAN/TBOOLEAN types that omit FALSE/TRUE
for DEFAULT. Thus, without more invasive changes, asn1_ex_i2c must be
able to report an omitted element.
2. While the i2d functions report an omitted element by successfully
writing zero bytes, i2c only writes the contents. It thus must
distinguish between an omitted element and an element with
zero-length contents.
3. i2c_ASN1_INTEGER and i2c_ASN1_BIT_STRING return zero on error rather
than -1. Those error paths are not actually reachable because they
only check for NULL. In fact, OpenSSL has even unexported them. But I
found a few callers. Rather than unwind all this and change the
calling convention, I've just made it handle 0 and map to -1 for now.
It's all a no-op anyway, and hopefully we can redo all this with CBB
later.
I've just added an output parameter for now.
In writing tests, I also noticed that the hand-written i2d_ASN1_OBJECT
and i2d_ASN1_BOOLEAN return the wrong value for errors, so I've fixed
that.
Update-Note: A default-constructed object with a required ASN1_OBJECT
field can no longer be encoded without initializing the ASN1_OBJECT.
Note this affects X509: the signature algorithm is an ASN1_OBJECT. Tests
that try to serialize an X509_new() must fill in all required fields.
(Production code is unlikely to be affected because the output was
unparsable anyway, while tests sometimes wouldn't notice.)
Bug: 429
Change-Id: I04417f5ad6b994cc5ccca540c8a7714b9b3af33d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49348
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
// OCTET_STRING { }
|
|
|
|
|
{V_ASN1_OCTET_STRING, {0x04, 0x00}},
|
|
|
|
|
// BIT_STRING { `01` `00` }
|
|
|
|
|
{V_ASN1_BIT_STRING, {0x03, 0x02, 0x01, 0x00}},
|
|
|
|
|
// INTEGER { -1 }
|
|
|
|
|
{V_ASN1_INTEGER, {0x02, 0x01, 0xff}},
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
|
|
|
|
|
{V_ASN1_OBJECT,
|
|
|
|
|
{0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
|
|
|
|
|
0x09, 0x02}},
|
|
|
|
|
// NULL {}
|
|
|
|
|
{V_ASN1_NULL, {0x05, 0x00}},
|
|
|
|
|
// SEQUENCE {}
|
|
|
|
|
{V_ASN1_SEQUENCE, {0x30, 0x00}},
|
|
|
|
|
// SET {}
|
|
|
|
|
{V_ASN1_SET, {0x31, 0x00}},
|
|
|
|
|
// [0] { UTF8String { "a" } }
|
|
|
|
|
{V_ASN1_OTHER, {0xa0, 0x03, 0x0c, 0x01, 0x61}},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kTests) {
|
|
|
|
|
SCOPED_TRACE(Bytes(t.der));
|
|
|
|
|
|
|
|
|
|
// The input should successfully parse.
|
|
|
|
|
const uint8_t *ptr = t.der.data();
|
|
|
|
|
bssl::UniquePtr<ASN1_TYPE> val(d2i_ASN1_TYPE(nullptr, &ptr, t.der.size()));
|
|
|
|
|
ASSERT_TRUE(val);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(ASN1_TYPE_get(val.get()), t.type);
|
|
|
|
|
EXPECT_EQ(val->type, t.type);
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_TYPE, t.der);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test that reading |value.ptr| from a FALSE |ASN1_TYPE| behaves correctly. The
|
|
|
|
|
// type historically supported this, so maintain the invariant in case external
|
|
|
|
|
// code relies on it.
|
|
|
|
|
TEST(ASN1Test, UnusedBooleanBits) {
|
|
|
|
|
// OCTET_STRING { "a" }
|
|
|
|
|
static const uint8_t kDER[] = {0x04, 0x01, 0x61};
|
|
|
|
|
const uint8_t *ptr = kDER;
|
|
|
|
|
bssl::UniquePtr<ASN1_TYPE> val(d2i_ASN1_TYPE(nullptr, &ptr, sizeof(kDER)));
|
|
|
|
|
ASSERT_TRUE(val);
|
|
|
|
|
EXPECT_EQ(V_ASN1_OCTET_STRING, val->type);
|
|
|
|
|
EXPECT_TRUE(val->value.ptr);
|
|
|
|
|
|
|
|
|
|
// Set |val| to a BOOLEAN containing FALSE.
|
|
|
|
|
ASN1_TYPE_set(val.get(), V_ASN1_BOOLEAN, NULL);
|
|
|
|
|
EXPECT_EQ(V_ASN1_BOOLEAN, val->type);
|
|
|
|
|
EXPECT_FALSE(val->value.ptr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, ASN1ObjectReuse) {
|
|
|
|
|
// 1.2.840.113554.4.1.72585.2, an arbitrary unknown OID.
|
|
|
|
|
static const uint8_t kOID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
|
|
|
|
|
0x04, 0x01, 0x84, 0xb7, 0x09, 0x02};
|
|
|
|
|
ASN1_OBJECT *obj = ASN1_OBJECT_create(NID_undef, kOID, sizeof(kOID),
|
|
|
|
|
"short name", "long name");
|
|
|
|
|
ASSERT_TRUE(obj);
|
|
|
|
|
|
|
|
|
|
// OBJECT_IDENTIFIER { 1.3.101.112 }
|
|
|
|
|
static const uint8_t kDER[] = {0x06, 0x03, 0x2b, 0x65, 0x70};
|
|
|
|
|
const uint8_t *ptr = kDER;
|
|
|
|
|
EXPECT_TRUE(d2i_ASN1_OBJECT(&obj, &ptr, sizeof(kDER)));
|
|
|
|
|
EXPECT_EQ(NID_ED25519, OBJ_obj2nid(obj));
|
|
|
|
|
ASN1_OBJECT_free(obj);
|
|
|
|
|
|
|
|
|
|
// Repeat the test, this time overriding a static |ASN1_OBJECT|.
|
|
|
|
|
obj = OBJ_nid2obj(NID_rsaEncryption);
|
|
|
|
|
ptr = kDER;
|
|
|
|
|
EXPECT_TRUE(d2i_ASN1_OBJECT(&obj, &ptr, sizeof(kDER)));
|
|
|
|
|
EXPECT_EQ(NID_ED25519, OBJ_obj2nid(obj));
|
|
|
|
|
ASN1_OBJECT_free(obj);
|
|
|
|
|
}
|
|
|
|
|
|
Compute ASN.1 BIT STRING sizes more consistently.
OpenSSL's BIT STRING representation has two modes, one where it
implicitly trims trailing zeros and the other where the number of unused
bits is explicitly set. This means logic in ASN1_item_verify, or
elsewhere in callers, that checks flags and ASN1_STRING_length is
inconsistent with i2c_ASN1_BIT_STRING.
Add ASN1_BIT_STRING_num_bytes for code that needs to deal with X.509
using BIT STRING for some fields instead of OCTET STRING. Switch
ASN1_item_verify to it. Some external code does this too, so export it
as public API.
This is mostly a theoretical issue. All parsed BIT STRINGS use explicit
byte strings, and there are no APIs (apart from not-yet-opaquified
structs) to specify the ASN1_STRING in X509, etc., structures. We
intentionally made X509_set1_signature_value, etc., internally construct
the ASN1_STRING. Still having an API is more consistent and helps nudge
callers towards rejecting excess bits when they want bytes.
It may also be worth a public API for consistently accessing the bit
count. I've left it alone for now because I've not seen callers that
need it, and it saves worrying about bytes-to-bits overflows.
This also fixes a bug in the original version of the truncating logic
when the entire string was all zeros, and const-corrects a few
parameters.
Change-Id: I9d29842a3d3264b0cde61ca8cfea07d02177dbc2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48225
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
TEST(ASN1Test, BitString) {
|
|
|
|
|
const size_t kNotWholeBytes = static_cast<size_t>(-1);
|
|
|
|
|
const struct {
|
|
|
|
|
std::vector<uint8_t> in;
|
|
|
|
|
size_t num_bytes;
|
|
|
|
|
} kValidInputs[] = {
|
|
|
|
|
// Empty bit string
|
|
|
|
|
{{0x03, 0x01, 0x00}, 0},
|
|
|
|
|
// 0b1
|
|
|
|
|
{{0x03, 0x02, 0x07, 0x80}, kNotWholeBytes},
|
|
|
|
|
// 0b1010
|
|
|
|
|
{{0x03, 0x02, 0x04, 0xa0}, kNotWholeBytes},
|
|
|
|
|
// 0b1010101
|
|
|
|
|
{{0x03, 0x02, 0x01, 0xaa}, kNotWholeBytes},
|
|
|
|
|
// 0b10101010
|
|
|
|
|
{{0x03, 0x02, 0x00, 0xaa}, 1},
|
|
|
|
|
// Bits 0 and 63 are set
|
|
|
|
|
{{0x03, 0x09, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 8},
|
|
|
|
|
// 64 zero bits
|
|
|
|
|
{{0x03, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 8},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &test : kValidInputs) {
|
|
|
|
|
SCOPED_TRACE(Bytes(test.in));
|
|
|
|
|
// The input should parse and round-trip correctly.
|
|
|
|
|
const uint8_t *ptr = test.in.data();
|
|
|
|
|
bssl::UniquePtr<ASN1_BIT_STRING> val(
|
|
|
|
|
d2i_ASN1_BIT_STRING(nullptr, &ptr, test.in.size()));
|
|
|
|
|
ASSERT_TRUE(val);
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, test.in);
|
|
|
|
|
|
|
|
|
|
// Check the byte count.
|
|
|
|
|
size_t num_bytes;
|
|
|
|
|
if (test.num_bytes == kNotWholeBytes) {
|
|
|
|
|
EXPECT_FALSE(ASN1_BIT_STRING_num_bytes(val.get(), &num_bytes));
|
|
|
|
|
} else {
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_num_bytes(val.get(), &num_bytes));
|
|
|
|
|
EXPECT_EQ(num_bytes, test.num_bytes);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const std::vector<uint8_t> kInvalidInputs[] = {
|
|
|
|
|
// Wrong tag
|
|
|
|
|
{0x04, 0x01, 0x00},
|
|
|
|
|
// Missing leading byte
|
|
|
|
|
{0x03, 0x00},
|
|
|
|
|
// Leading byte too high
|
|
|
|
|
{0x03, 0x02, 0x08, 0x00},
|
|
|
|
|
{0x03, 0x02, 0xff, 0x00},
|
|
|
|
|
// TODO(https://crbug.com/boringssl/354): Reject these inputs.
|
|
|
|
|
// Empty bit strings must have a zero leading byte.
|
|
|
|
|
// {0x03, 0x01, 0x01},
|
|
|
|
|
// Unused bits must all be zero.
|
|
|
|
|
// {0x03, 0x02, 0x06, 0xc1 /* 0b11000001 */},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &test : kInvalidInputs) {
|
|
|
|
|
SCOPED_TRACE(Bytes(test));
|
|
|
|
|
const uint8_t *ptr = test.data();
|
|
|
|
|
bssl::UniquePtr<ASN1_BIT_STRING> val(
|
|
|
|
|
d2i_ASN1_BIT_STRING(nullptr, &ptr, test.size()));
|
|
|
|
|
EXPECT_FALSE(val);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, SetBit) {
|
|
|
|
|
bssl::UniquePtr<ASN1_BIT_STRING> val(ASN1_BIT_STRING_new());
|
|
|
|
|
ASSERT_TRUE(val);
|
|
|
|
|
static const uint8_t kBitStringEmpty[] = {0x03, 0x01, 0x00};
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitStringEmpty);
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 0));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 100));
|
|
|
|
|
|
|
|
|
|
// Set a few bits via |ASN1_BIT_STRING_set_bit|.
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 0, 1));
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 1, 1));
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 2, 0));
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 3, 1));
|
|
|
|
|
static const uint8_t kBitString1101[] = {0x03, 0x02, 0x04, 0xd0};
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1101);
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0));
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 1));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 2));
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 3));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 4));
|
|
|
|
|
|
|
|
|
|
// Bits that were set may be cleared.
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 1, 0));
|
|
|
|
|
static const uint8_t kBitString1001[] = {0x03, 0x02, 0x04, 0x90};
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1001);
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 1));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 2));
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 3));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 4));
|
|
|
|
|
|
|
|
|
|
// Clearing trailing bits truncates the string.
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 3, 0));
|
|
|
|
|
static const uint8_t kBitString1[] = {0x03, 0x02, 0x07, 0x80};
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1);
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 1));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 2));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 3));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 4));
|
|
|
|
|
|
|
|
|
|
// Bits may be set beyond the end of the string.
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 63, 1));
|
|
|
|
|
static const uint8_t kBitStringLong[] = {0x03, 0x09, 0x00, 0x80, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x01};
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitStringLong);
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 62));
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 63));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 64));
|
|
|
|
|
|
|
|
|
|
// The string can be truncated back down again.
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 63, 0));
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1);
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 62));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 63));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 64));
|
|
|
|
|
|
|
|
|
|
// |ASN1_BIT_STRING_set_bit| also truncates when starting from a parsed
|
|
|
|
|
// string.
|
|
|
|
|
const uint8_t *ptr = kBitStringLong;
|
|
|
|
|
val.reset(d2i_ASN1_BIT_STRING(nullptr, &ptr, sizeof(kBitStringLong)));
|
|
|
|
|
ASSERT_TRUE(val);
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitStringLong);
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 63, 0));
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1);
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 62));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 63));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 64));
|
|
|
|
|
|
|
|
|
|
// A parsed bit string preserves trailing zero bits.
|
|
|
|
|
static const uint8_t kBitString10010[] = {0x03, 0x02, 0x03, 0x90};
|
|
|
|
|
ptr = kBitString10010;
|
|
|
|
|
val.reset(d2i_ASN1_BIT_STRING(nullptr, &ptr, sizeof(kBitString10010)));
|
|
|
|
|
ASSERT_TRUE(val);
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString10010);
|
|
|
|
|
// But |ASN1_BIT_STRING_set_bit| will truncate it even if otherwise a no-op.
|
|
|
|
|
ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 0, 1));
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1001);
|
|
|
|
|
EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 62));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 63));
|
|
|
|
|
EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 64));
|
|
|
|
|
|
|
|
|
|
// By default, a BIT STRING implicitly truncates trailing zeros.
|
|
|
|
|
val.reset(ASN1_BIT_STRING_new());
|
|
|
|
|
ASSERT_TRUE(val);
|
|
|
|
|
static const uint8_t kZeros[64] = {0};
|
|
|
|
|
ASSERT_TRUE(ASN1_STRING_set(val.get(), kZeros, sizeof(kZeros)));
|
|
|
|
|
TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitStringEmpty);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, StringToUTF8) {
|
|
|
|
|
static const struct {
|
|
|
|
|
std::vector<uint8_t> in;
|
|
|
|
|
int type;
|
|
|
|
|
const char *expected;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
// Non-minimal, two-byte UTF-8.
|
|
|
|
|
{{0xc0, 0x81}, V_ASN1_UTF8STRING, nullptr},
|
|
|
|
|
// Non-minimal, three-byte UTF-8.
|
|
|
|
|
{{0xe0, 0x80, 0x81}, V_ASN1_UTF8STRING, nullptr},
|
|
|
|
|
// Non-minimal, four-byte UTF-8.
|
|
|
|
|
{{0xf0, 0x80, 0x80, 0x81}, V_ASN1_UTF8STRING, nullptr},
|
|
|
|
|
// Truncated, four-byte UTF-8.
|
|
|
|
|
{{0xf0, 0x80, 0x80}, V_ASN1_UTF8STRING, nullptr},
|
|
|
|
|
// Low-surrogate value.
|
|
|
|
|
{{0xed, 0xa0, 0x80}, V_ASN1_UTF8STRING, nullptr},
|
|
|
|
|
// High-surrogate value.
|
|
|
|
|
{{0xed, 0xb0, 0x81}, V_ASN1_UTF8STRING, nullptr},
|
|
|
|
|
// Initial BOMs should be rejected from UCS-2 and UCS-4.
|
|
|
|
|
{{0xfe, 0xff, 0, 88}, V_ASN1_BMPSTRING, nullptr},
|
|
|
|
|
{{0, 0, 0xfe, 0xff, 0, 0, 0, 88}, V_ASN1_UNIVERSALSTRING, nullptr},
|
|
|
|
|
// Otherwise, BOMs should pass through.
|
|
|
|
|
{{0, 88, 0xfe, 0xff}, V_ASN1_BMPSTRING, "X\xef\xbb\xbf"},
|
|
|
|
|
{{0, 0, 0, 88, 0, 0, 0xfe, 0xff}, V_ASN1_UNIVERSALSTRING,
|
|
|
|
|
"X\xef\xbb\xbf"},
|
|
|
|
|
// The maximum code-point should pass though.
|
|
|
|
|
{{0, 16, 0xff, 0xfd}, V_ASN1_UNIVERSALSTRING, "\xf4\x8f\xbf\xbd"},
|
|
|
|
|
// Values outside the Unicode space should not.
|
|
|
|
|
{{0, 17, 0, 0}, V_ASN1_UNIVERSALSTRING, nullptr},
|
|
|
|
|
// Non-characters should be rejected.
|
|
|
|
|
{{0, 1, 0xff, 0xff}, V_ASN1_UNIVERSALSTRING, nullptr},
|
|
|
|
|
{{0, 1, 0xff, 0xfe}, V_ASN1_UNIVERSALSTRING, nullptr},
|
|
|
|
|
{{0, 0, 0xfd, 0xd5}, V_ASN1_UNIVERSALSTRING, nullptr},
|
|
|
|
|
// BMPString is UCS-2, not UTF-16, so surrogate pairs are invalid.
|
|
|
|
|
{{0xd8, 0, 0xdc, 1}, V_ASN1_BMPSTRING, nullptr},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
for (const auto &test : kTests) {
|
|
|
|
|
SCOPED_TRACE(Bytes(test.in));
|
|
|
|
|
SCOPED_TRACE(test.type);
|
|
|
|
|
bssl::UniquePtr<ASN1_STRING> s(ASN1_STRING_type_new(test.type));
|
|
|
|
|
ASSERT_TRUE(s);
|
|
|
|
|
ASSERT_TRUE(ASN1_STRING_set(s.get(), test.in.data(), test.in.size()));
|
|
|
|
|
|
|
|
|
|
uint8_t *utf8;
|
|
|
|
|
const int utf8_len = ASN1_STRING_to_UTF8(&utf8, s.get());
|
|
|
|
|
EXPECT_EQ(utf8_len < 0, test.expected == nullptr);
|
|
|
|
|
if (utf8_len >= 0) {
|
|
|
|
|
if (test.expected != nullptr) {
|
|
|
|
|
EXPECT_EQ(Bytes(test.expected), Bytes(utf8, utf8_len));
|
|
|
|
|
}
|
|
|
|
|
OPENSSL_free(utf8);
|
|
|
|
|
} else {
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static std::string ASN1StringToStdString(const ASN1_STRING *str) {
|
|
|
|
|
return std::string(ASN1_STRING_get0_data(str),
|
|
|
|
|
ASN1_STRING_get0_data(str) + ASN1_STRING_length(str));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, SetTime) {
|
|
|
|
|
static const struct {
|
|
|
|
|
time_t time;
|
|
|
|
|
const char *generalized;
|
|
|
|
|
const char *utc;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
{-631152001, "19491231235959Z", nullptr},
|
|
|
|
|
{-631152000, "19500101000000Z", "500101000000Z"},
|
|
|
|
|
{0, "19700101000000Z", "700101000000Z"},
|
|
|
|
|
{981173106, "20010203040506Z", "010203040506Z"},
|
|
|
|
|
#if defined(OPENSSL_64_BIT)
|
|
|
|
|
// TODO(https://crbug.com/boringssl/416): These cases overflow 32-bit
|
|
|
|
|
// |time_t| and do not consistently work on 32-bit platforms. For now,
|
|
|
|
|
// disable the tests on 32-bit. Re-enable them once the bug is fixed.
|
|
|
|
|
{2524607999, "20491231235959Z", "491231235959Z"},
|
|
|
|
|
{2524608000, "20500101000000Z", nullptr},
|
|
|
|
|
// Test boundary conditions.
|
|
|
|
|
{-62167219200, "00000101000000Z", nullptr},
|
|
|
|
|
{-62167219201, nullptr, nullptr},
|
|
|
|
|
{253402300799, "99991231235959Z", nullptr},
|
|
|
|
|
{253402300800, nullptr, nullptr},
|
|
|
|
|
#endif
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kTests) {
|
|
|
|
|
SCOPED_TRACE(t.time);
|
|
|
|
|
#if defined(OPENSSL_WINDOWS)
|
|
|
|
|
// Windows |time_t| functions can only handle 1970 through 3000. See
|
|
|
|
|
// https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/gmtime-s-gmtime32-s-gmtime64-s?view=msvc-160
|
|
|
|
|
if (t.time < 0 || int64_t{t.time} > 32535215999) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<ASN1_UTCTIME> utc(ASN1_UTCTIME_set(nullptr, t.time));
|
|
|
|
|
if (t.utc) {
|
|
|
|
|
ASSERT_TRUE(utc);
|
|
|
|
|
EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(utc.get()));
|
|
|
|
|
EXPECT_EQ(t.utc, ASN1StringToStdString(utc.get()));
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_FALSE(utc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<ASN1_GENERALIZEDTIME> generalized(
|
|
|
|
|
ASN1_GENERALIZEDTIME_set(nullptr, t.time));
|
|
|
|
|
if (t.generalized) {
|
|
|
|
|
ASSERT_TRUE(generalized);
|
|
|
|
|
EXPECT_EQ(V_ASN1_GENERALIZEDTIME, ASN1_STRING_type(generalized.get()));
|
|
|
|
|
EXPECT_EQ(t.generalized, ASN1StringToStdString(generalized.get()));
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_FALSE(generalized);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<ASN1_TIME> choice(ASN1_TIME_set(nullptr, t.time));
|
|
|
|
|
if (t.generalized) {
|
|
|
|
|
ASSERT_TRUE(choice);
|
|
|
|
|
if (t.utc) {
|
|
|
|
|
EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(choice.get()));
|
|
|
|
|
EXPECT_EQ(t.utc, ASN1StringToStdString(choice.get()));
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_EQ(V_ASN1_GENERALIZEDTIME, ASN1_STRING_type(choice.get()));
|
|
|
|
|
EXPECT_EQ(t.generalized, ASN1StringToStdString(choice.get()));
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
EXPECT_FALSE(choice);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static std::vector<uint8_t> StringToVector(const std::string &str) {
|
|
|
|
|
return std::vector<uint8_t>(str.begin(), str.end());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, StringPrintEx) {
|
|
|
|
|
const struct {
|
|
|
|
|
int type;
|
|
|
|
|
std::vector<uint8_t> data;
|
|
|
|
|
int str_flags;
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
std::string expected;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
// A string like "hello" is never escaped or quoted.
|
|
|
|
|
// |ASN1_STRFLGS_ESC_QUOTE| only introduces quotes when needed. Note
|
|
|
|
|
// OpenSSL interprets T61String as Latin-1.
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector("hello"), 0, 0, "hello"},
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector("hello"), 0,
|
|
|
|
|
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB,
|
|
|
|
|
"hello"},
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector("hello"), 0,
|
|
|
|
|
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
|
|
|
|
|
ASN1_STRFLGS_ESC_QUOTE,
|
|
|
|
|
"hello"},
|
|
|
|
|
|
|
|
|
|
// By default, 8-bit characters are printed without escaping.
|
|
|
|
|
{V_ASN1_T61STRING,
|
|
|
|
|
{0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'},
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
std::string(1, '\0') + "\n\x80\xff,+\"\\<>;"},
|
|
|
|
|
|
|
|
|
|
// Flags control different escapes. Note that any escape flag will cause
|
|
|
|
|
// blackslashes to be escaped.
|
|
|
|
|
{V_ASN1_T61STRING,
|
|
|
|
|
{0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_2253,
|
|
|
|
|
std::string(1, '\0') + "\n\x80\xff\\,\\+\\\"\\\\\\<\\>\\;"},
|
|
|
|
|
{V_ASN1_T61STRING,
|
|
|
|
|
{0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_CTRL,
|
|
|
|
|
"\\00\\0A\x80\xff,+\"\\\\<>;"},
|
|
|
|
|
{V_ASN1_T61STRING,
|
|
|
|
|
{0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_MSB,
|
|
|
|
|
std::string(1, '\0') + "\n\\80\\FF,+\"\\\\<>;"},
|
|
|
|
|
{V_ASN1_T61STRING,
|
|
|
|
|
{0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB,
|
|
|
|
|
"\\00\\0A\\80\\FF\\,\\+\\\"\\\\\\<\\>\\;"},
|
|
|
|
|
|
|
|
|
|
// When quoted, fewer characters need to be escaped in RFC 2253.
|
|
|
|
|
{V_ASN1_T61STRING,
|
|
|
|
|
{0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
|
|
|
|
|
ASN1_STRFLGS_ESC_QUOTE,
|
|
|
|
|
"\"\\00\\0A\\80\\FF,+\\\"\\\\<>;\""},
|
|
|
|
|
|
|
|
|
|
// If no characters benefit from quotes, no quotes are added.
|
|
|
|
|
{V_ASN1_T61STRING,
|
|
|
|
|
{0, '\n', 0x80, 0xff, '"', '\\'},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
|
|
|
|
|
ASN1_STRFLGS_ESC_QUOTE,
|
|
|
|
|
"\\00\\0A\\80\\FF\\\"\\\\"},
|
|
|
|
|
|
|
|
|
|
// RFC 2253 only escapes spaces at the start and end of a string.
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector(" "), 0, ASN1_STRFLGS_ESC_2253,
|
|
|
|
|
"\\ \\ "},
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector(" "), 0,
|
|
|
|
|
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_QUOTE, "\" \""},
|
|
|
|
|
|
|
|
|
|
// RFC 2253 only escapes # at the start of a string.
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector("###"), 0, ASN1_STRFLGS_ESC_2253,
|
|
|
|
|
"\\###"},
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector("###"), 0,
|
|
|
|
|
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_QUOTE, "\"###\""},
|
|
|
|
|
|
|
|
|
|
// By default, strings are decoded and Unicode code points are
|
|
|
|
|
// individually escaped.
|
|
|
|
|
{V_ASN1_UTF8STRING, StringToVector("a\xc2\x80\xc4\x80\xf0\x90\x80\x80"),
|
|
|
|
|
0, ASN1_STRFLGS_ESC_MSB, "a\\80\\U0100\\W00010000"},
|
|
|
|
|
{V_ASN1_BMPSTRING,
|
|
|
|
|
{0x00, 'a', 0x00, 0x80, 0x01, 0x00},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_MSB,
|
|
|
|
|
"a\\80\\U0100"},
|
|
|
|
|
{V_ASN1_UNIVERSALSTRING,
|
|
|
|
|
{0x00, 0x00, 0x00, 'a', //
|
|
|
|
|
0x00, 0x00, 0x00, 0x80, //
|
|
|
|
|
0x00, 0x00, 0x01, 0x00, //
|
|
|
|
|
0x00, 0x01, 0x00, 0x00},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_MSB,
|
|
|
|
|
"a\\80\\U0100\\W00010000"},
|
|
|
|
|
|
|
|
|
|
// |ASN1_STRFLGS_UTF8_CONVERT| normalizes everything to UTF-8 and then
|
|
|
|
|
// escapes individual bytes.
|
|
|
|
|
{V_ASN1_IA5STRING, StringToVector("a\x80"), 0,
|
|
|
|
|
ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT, "a\\C2\\80"},
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector("a\x80"), 0,
|
|
|
|
|
ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT, "a\\C2\\80"},
|
|
|
|
|
{V_ASN1_UTF8STRING, StringToVector("a\xc2\x80\xc4\x80\xf0\x90\x80\x80"),
|
|
|
|
|
0, ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT,
|
|
|
|
|
"a\\C2\\80\\C4\\80\\F0\\90\\80\\80"},
|
|
|
|
|
{V_ASN1_BMPSTRING,
|
|
|
|
|
{0x00, 'a', 0x00, 0x80, 0x01, 0x00},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT,
|
|
|
|
|
"a\\C2\\80\\C4\\80"},
|
|
|
|
|
{V_ASN1_UNIVERSALSTRING,
|
|
|
|
|
{0x00, 0x00, 0x00, 'a', //
|
|
|
|
|
0x00, 0x00, 0x00, 0x80, //
|
|
|
|
|
0x00, 0x00, 0x01, 0x00, //
|
|
|
|
|
0x00, 0x01, 0x00, 0x00},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT,
|
|
|
|
|
"a\\C2\\80\\C4\\80\\F0\\90\\80\\80"},
|
|
|
|
|
|
|
|
|
|
// The same as above, but without escaping the UTF-8 encoding.
|
|
|
|
|
{V_ASN1_IA5STRING, StringToVector("a\x80"), 0, ASN1_STRFLGS_UTF8_CONVERT,
|
|
|
|
|
"a\xc2\x80"},
|
|
|
|
|
{V_ASN1_T61STRING, StringToVector("a\x80"), 0, ASN1_STRFLGS_UTF8_CONVERT,
|
|
|
|
|
"a\xc2\x80"},
|
|
|
|
|
{V_ASN1_UTF8STRING, StringToVector("a\xc2\x80\xc4\x80\xf0\x90\x80\x80"),
|
|
|
|
|
0, ASN1_STRFLGS_UTF8_CONVERT, "a\xc2\x80\xc4\x80\xf0\x90\x80\x80"},
|
|
|
|
|
{V_ASN1_BMPSTRING,
|
|
|
|
|
{0x00, 'a', 0x00, 0x80, 0x01, 0x00},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_UTF8_CONVERT,
|
|
|
|
|
"a\xc2\x80\xc4\x80"},
|
|
|
|
|
{V_ASN1_UNIVERSALSTRING,
|
|
|
|
|
{0x00, 0x00, 0x00, 'a', //
|
|
|
|
|
0x00, 0x00, 0x00, 0x80, //
|
|
|
|
|
0x00, 0x00, 0x01, 0x00, //
|
|
|
|
|
0x00, 0x01, 0x00, 0x00},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_UTF8_CONVERT,
|
|
|
|
|
"a\xc2\x80\xc4\x80\xf0\x90\x80\x80"},
|
|
|
|
|
|
|
|
|
|
// Types that cannot be decoded are, by default, treated as a byte string.
|
|
|
|
|
{V_ASN1_OCTET_STRING, {0xff}, 0, 0, "\xff"},
|
|
|
|
|
{-1, {0xff}, 0, 0, "\xff"},
|
|
|
|
|
{100, {0xff}, 0, 0, "\xff"},
|
|
|
|
|
|
|
|
|
|
// |ASN1_STRFLGS_UTF8_CONVERT| still converts these bytes to UTF-8.
|
|
|
|
|
//
|
|
|
|
|
// TODO(davidben): This seems like a bug. Although it's unclear because
|
|
|
|
|
// the non-RFC-2253 options aren't especially sound. Can we just remove
|
|
|
|
|
// them?
|
|
|
|
|
{V_ASN1_OCTET_STRING, {0xff}, 0, ASN1_STRFLGS_UTF8_CONVERT, "\xc3\xbf"},
|
|
|
|
|
{-1, {0xff}, 0, ASN1_STRFLGS_UTF8_CONVERT, "\xc3\xbf"},
|
|
|
|
|
{100, {0xff}, 0, ASN1_STRFLGS_UTF8_CONVERT, "\xc3\xbf"},
|
|
|
|
|
|
|
|
|
|
// |ASN1_STRFLGS_IGNORE_TYPE| causes the string type to be ignored, so it
|
|
|
|
|
// is always treated as a byte string, even if it is not a valid encoding.
|
|
|
|
|
{V_ASN1_UTF8STRING, {0xff}, 0, ASN1_STRFLGS_IGNORE_TYPE, "\xff"},
|
|
|
|
|
{V_ASN1_BMPSTRING, {0xff}, 0, ASN1_STRFLGS_IGNORE_TYPE, "\xff"},
|
|
|
|
|
{V_ASN1_UNIVERSALSTRING, {0xff}, 0, ASN1_STRFLGS_IGNORE_TYPE, "\xff"},
|
|
|
|
|
|
|
|
|
|
// |ASN1_STRFLGS_SHOW_TYPE| prepends the type name.
|
|
|
|
|
{V_ASN1_UTF8STRING, {'a'}, 0, ASN1_STRFLGS_SHOW_TYPE, "UTF8STRING:a"},
|
|
|
|
|
{-1, {'a'}, 0, ASN1_STRFLGS_SHOW_TYPE, "(unknown):a"},
|
|
|
|
|
{100, {'a'}, 0, ASN1_STRFLGS_SHOW_TYPE, "(unknown):a"},
|
|
|
|
|
|
|
|
|
|
// |ASN1_STRFLGS_DUMP_ALL| and |ASN1_STRFLGS_DUMP_UNKNOWN| cause
|
|
|
|
|
// non-string types to be printed in hex, though without the DER wrapper
|
|
|
|
|
// by default.
|
|
|
|
|
{V_ASN1_UTF8STRING, StringToVector("\xe2\x98\x83"), 0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_UNKNOWN, "\\U2603"},
|
|
|
|
|
{V_ASN1_UTF8STRING, StringToVector("\xe2\x98\x83"), 0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL, "#E29883"},
|
|
|
|
|
{V_ASN1_OCTET_STRING, StringToVector("\xe2\x98\x83"), 0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_UNKNOWN, "#E29883"},
|
|
|
|
|
{V_ASN1_OCTET_STRING, StringToVector("\xe2\x98\x83"), 0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL, "#E29883"},
|
|
|
|
|
|
|
|
|
|
// |ASN1_STRFLGS_DUMP_DER| includes the entire element.
|
|
|
|
|
{V_ASN1_UTF8STRING, StringToVector("\xe2\x98\x83"), 0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, "#0C03E29883"},
|
|
|
|
|
{V_ASN1_OCTET_STRING, StringToVector("\xe2\x98\x83"), 0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, "#0403E29883"},
|
|
|
|
|
{V_ASN1_BIT_STRING,
|
|
|
|
|
{0x80},
|
|
|
|
|
ASN1_STRING_FLAG_BITS_LEFT | 4,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER,
|
|
|
|
|
"#03020480"},
|
|
|
|
|
// INTEGER { 1 }
|
|
|
|
|
{V_ASN1_INTEGER,
|
|
|
|
|
{0x01},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER,
|
|
|
|
|
"#020101"},
|
|
|
|
|
// INTEGER { -1 }
|
|
|
|
|
{V_ASN1_NEG_INTEGER,
|
|
|
|
|
{0x01},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER,
|
|
|
|
|
"#0201FF"},
|
|
|
|
|
// ENUMERATED { 1 }
|
|
|
|
|
{V_ASN1_ENUMERATED,
|
|
|
|
|
{0x01},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER,
|
|
|
|
|
"#0A0101"},
|
|
|
|
|
// ENUMERATED { -1 }
|
|
|
|
|
{V_ASN1_NEG_ENUMERATED,
|
|
|
|
|
{0x01},
|
|
|
|
|
0,
|
|
|
|
|
ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER,
|
|
|
|
|
"#0A01FF"},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kTests) {
|
|
|
|
|
SCOPED_TRACE(t.type);
|
|
|
|
|
SCOPED_TRACE(Bytes(t.data));
|
|
|
|
|
SCOPED_TRACE(t.str_flags);
|
|
|
|
|
SCOPED_TRACE(t.flags);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(t.type));
|
|
|
|
|
ASSERT_TRUE(ASN1_STRING_set(str.get(), t.data.data(), t.data.size()));
|
|
|
|
|
str->flags = t.str_flags;
|
|
|
|
|
|
|
|
|
|
// If the |BIO| is null, it should measure the size.
|
|
|
|
|
int len = ASN1_STRING_print_ex(nullptr, str.get(), t.flags);
|
|
|
|
|
EXPECT_EQ(len, static_cast<int>(t.expected.size()));
|
|
|
|
|
|
|
|
|
|
// Measuring the size should also work for the |FILE| version
|
|
|
|
|
len = ASN1_STRING_print_ex_fp(nullptr, str.get(), t.flags);
|
|
|
|
|
EXPECT_EQ(len, static_cast<int>(t.expected.size()));
|
|
|
|
|
|
|
|
|
|
// Actually print the string.
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
len = ASN1_STRING_print_ex(bio.get(), str.get(), t.flags);
|
|
|
|
|
EXPECT_EQ(len, static_cast<int>(t.expected.size()));
|
|
|
|
|
|
|
|
|
|
const uint8_t *bio_contents;
|
|
|
|
|
size_t bio_len;
|
|
|
|
|
ASSERT_TRUE(BIO_mem_contents(bio.get(), &bio_contents, &bio_len));
|
|
|
|
|
EXPECT_EQ(t.expected, std::string(bio_contents, bio_contents + bio_len));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const struct {
|
|
|
|
|
int type;
|
|
|
|
|
std::vector<uint8_t> data;
|
|
|
|
|
int str_flags;
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
} kUnprintableTests[] = {
|
|
|
|
|
// When decoding strings, invalid codepoints are errors.
|
|
|
|
|
{V_ASN1_UTF8STRING, {0xff}, 0, ASN1_STRFLGS_ESC_MSB},
|
|
|
|
|
{V_ASN1_BMPSTRING, {0xff}, 0, ASN1_STRFLGS_ESC_MSB},
|
|
|
|
|
{V_ASN1_BMPSTRING, {0xff}, 0, ASN1_STRFLGS_ESC_MSB},
|
|
|
|
|
{V_ASN1_UNIVERSALSTRING, {0xff}, 0, ASN1_STRFLGS_ESC_MSB},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kUnprintableTests) {
|
|
|
|
|
SCOPED_TRACE(t.type);
|
|
|
|
|
SCOPED_TRACE(Bytes(t.data));
|
|
|
|
|
SCOPED_TRACE(t.str_flags);
|
|
|
|
|
SCOPED_TRACE(t.flags);
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(t.type));
|
|
|
|
|
ASSERT_TRUE(ASN1_STRING_set(str.get(), t.data.data(), t.data.size()));
|
|
|
|
|
str->flags = t.str_flags;
|
|
|
|
|
|
|
|
|
|
// If the |BIO| is null, it should measure the size.
|
|
|
|
|
int len = ASN1_STRING_print_ex(nullptr, str.get(), t.flags);
|
|
|
|
|
EXPECT_EQ(len, -1);
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
|
|
|
|
|
// Measuring the size should also work for the |FILE| version
|
|
|
|
|
len = ASN1_STRING_print_ex_fp(nullptr, str.get(), t.flags);
|
|
|
|
|
EXPECT_EQ(len, -1);
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
|
|
|
|
|
// Actually print the string.
|
|
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
|
|
|
|
|
ASSERT_TRUE(bio);
|
|
|
|
|
len = ASN1_STRING_print_ex(bio.get(), str.get(), t.flags);
|
|
|
|
|
EXPECT_EQ(len, -1);
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, MBString) {
|
|
|
|
|
const unsigned long kAll = B_ASN1_PRINTABLESTRING | B_ASN1_IA5STRING |
|
|
|
|
|
B_ASN1_T61STRING | B_ASN1_BMPSTRING |
|
|
|
|
|
B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING;
|
|
|
|
|
|
|
|
|
|
const struct {
|
|
|
|
|
int format;
|
|
|
|
|
std::vector<uint8_t> in;
|
|
|
|
|
unsigned long mask;
|
|
|
|
|
int expected_type;
|
|
|
|
|
std::vector<uint8_t> expected_data;
|
|
|
|
|
int num_codepoints;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
// Given a choice of formats, we pick the smallest that fits.
|
|
|
|
|
{MBSTRING_UTF8, {}, kAll, V_ASN1_PRINTABLESTRING, {}, 0},
|
|
|
|
|
{MBSTRING_UTF8, {'a'}, kAll, V_ASN1_PRINTABLESTRING, {'a'}, 1},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{'a', 'A', '0', '\'', '(', ')', '+', ',', '-', '.', '/', ':', '=', '?'},
|
|
|
|
|
kAll,
|
|
|
|
|
V_ASN1_PRINTABLESTRING,
|
|
|
|
|
{'a', 'A', '0', '\'', '(', ')', '+', ',', '-', '.', '/', ':', '=', '?'},
|
|
|
|
|
14},
|
|
|
|
|
{MBSTRING_UTF8, {'*'}, kAll, V_ASN1_IA5STRING, {'*'}, 1},
|
|
|
|
|
{MBSTRING_UTF8, {'\n'}, kAll, V_ASN1_IA5STRING, {'\n'}, 1},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{0xc2, 0x80 /* U+0080 */},
|
|
|
|
|
kAll,
|
|
|
|
|
V_ASN1_T61STRING,
|
|
|
|
|
{0x80},
|
|
|
|
|
1},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{0xc4, 0x80 /* U+0100 */},
|
|
|
|
|
kAll,
|
|
|
|
|
V_ASN1_BMPSTRING,
|
|
|
|
|
{0x01, 0x00},
|
|
|
|
|
1},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{0xf0, 0x90, 0x80, 0x80 /* U+10000 */},
|
|
|
|
|
kAll,
|
|
|
|
|
V_ASN1_UNIVERSALSTRING,
|
|
|
|
|
{0x00, 0x01, 0x00, 0x00},
|
|
|
|
|
1},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{0xf0, 0x90, 0x80, 0x80 /* U+10000 */},
|
|
|
|
|
kAll & ~B_ASN1_UNIVERSALSTRING,
|
|
|
|
|
V_ASN1_UTF8STRING,
|
|
|
|
|
{0xf0, 0x90, 0x80, 0x80},
|
|
|
|
|
1},
|
|
|
|
|
|
|
|
|
|
// NUL is not printable. It should also not terminate iteration.
|
|
|
|
|
{MBSTRING_UTF8, {0}, kAll, V_ASN1_IA5STRING, {0}, 1},
|
|
|
|
|
{MBSTRING_UTF8, {0, 'a'}, kAll, V_ASN1_IA5STRING, {0, 'a'}, 2},
|
|
|
|
|
|
|
|
|
|
// When a particular format is specified, we use it.
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{'a'},
|
|
|
|
|
B_ASN1_PRINTABLESTRING,
|
|
|
|
|
V_ASN1_PRINTABLESTRING,
|
|
|
|
|
{'a'},
|
|
|
|
|
1},
|
|
|
|
|
{MBSTRING_UTF8, {'a'}, B_ASN1_IA5STRING, V_ASN1_IA5STRING, {'a'}, 1},
|
|
|
|
|
{MBSTRING_UTF8, {'a'}, B_ASN1_T61STRING, V_ASN1_T61STRING, {'a'}, 1},
|
|
|
|
|
{MBSTRING_UTF8, {'a'}, B_ASN1_UTF8STRING, V_ASN1_UTF8STRING, {'a'}, 1},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{'a'},
|
|
|
|
|
B_ASN1_BMPSTRING,
|
|
|
|
|
V_ASN1_BMPSTRING,
|
|
|
|
|
{0x00, 'a'},
|
|
|
|
|
1},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{'a'},
|
|
|
|
|
B_ASN1_UNIVERSALSTRING,
|
|
|
|
|
V_ASN1_UNIVERSALSTRING,
|
|
|
|
|
{0x00, 0x00, 0x00, 'a'},
|
|
|
|
|
1},
|
|
|
|
|
|
|
|
|
|
// A long string with characters of many widths, to test sizes are
|
|
|
|
|
// measured in code points.
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{
|
|
|
|
|
'a', //
|
|
|
|
|
0xc2, 0x80, // U+0080
|
|
|
|
|
0xc4, 0x80, // U+0100
|
|
|
|
|
0xf0, 0x90, 0x80, 0x80, // U+10000
|
|
|
|
|
},
|
|
|
|
|
B_ASN1_UNIVERSALSTRING,
|
|
|
|
|
V_ASN1_UNIVERSALSTRING,
|
|
|
|
|
{
|
|
|
|
|
0x00, 0x00, 0x00, 'a', //
|
|
|
|
|
0x00, 0x00, 0x00, 0x80, //
|
|
|
|
|
0x00, 0x00, 0x01, 0x00, //
|
|
|
|
|
0x00, 0x01, 0x00, 0x00, //
|
|
|
|
|
},
|
|
|
|
|
4},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kTests) {
|
|
|
|
|
SCOPED_TRACE(t.format);
|
|
|
|
|
SCOPED_TRACE(Bytes(t.in));
|
|
|
|
|
SCOPED_TRACE(t.mask);
|
|
|
|
|
|
|
|
|
|
// Passing in nullptr should do a dry run.
|
|
|
|
|
EXPECT_EQ(t.expected_type,
|
|
|
|
|
ASN1_mbstring_copy(nullptr, t.in.data(), t.in.size(), t.format,
|
|
|
|
|
t.mask));
|
|
|
|
|
|
|
|
|
|
// Test allocating a new object.
|
|
|
|
|
ASN1_STRING *str = nullptr;
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
t.expected_type,
|
|
|
|
|
ASN1_mbstring_copy(&str, t.in.data(), t.in.size(), t.format, t.mask));
|
|
|
|
|
ASSERT_TRUE(str);
|
|
|
|
|
EXPECT_EQ(t.expected_type, ASN1_STRING_type(str));
|
|
|
|
|
EXPECT_EQ(Bytes(t.expected_data),
|
|
|
|
|
Bytes(ASN1_STRING_get0_data(str), ASN1_STRING_length(str)));
|
|
|
|
|
|
|
|
|
|
// Test writing into an existing object.
|
|
|
|
|
ASN1_STRING_free(str);
|
|
|
|
|
str = ASN1_STRING_new();
|
|
|
|
|
ASSERT_TRUE(str);
|
|
|
|
|
ASN1_STRING *old_str = str;
|
|
|
|
|
EXPECT_EQ(
|
|
|
|
|
t.expected_type,
|
|
|
|
|
ASN1_mbstring_copy(&str, t.in.data(), t.in.size(), t.format, t.mask));
|
|
|
|
|
ASSERT_EQ(old_str, str);
|
|
|
|
|
EXPECT_EQ(t.expected_type, ASN1_STRING_type(str));
|
|
|
|
|
EXPECT_EQ(Bytes(t.expected_data),
|
|
|
|
|
Bytes(ASN1_STRING_get0_data(str), ASN1_STRING_length(str)));
|
|
|
|
|
ASN1_STRING_free(str);
|
|
|
|
|
str = nullptr;
|
|
|
|
|
|
|
|
|
|
// minsize and maxsize should be enforced, even in a dry run.
|
|
|
|
|
EXPECT_EQ(t.expected_type,
|
|
|
|
|
ASN1_mbstring_ncopy(nullptr, t.in.data(), t.in.size(), t.format,
|
|
|
|
|
t.mask, /*minsize=*/t.num_codepoints,
|
|
|
|
|
/*maxsize=*/t.num_codepoints));
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(t.expected_type,
|
|
|
|
|
ASN1_mbstring_ncopy(&str, t.in.data(), t.in.size(), t.format,
|
|
|
|
|
t.mask, /*minsize=*/t.num_codepoints,
|
|
|
|
|
/*maxsize=*/t.num_codepoints));
|
|
|
|
|
ASSERT_TRUE(str);
|
|
|
|
|
EXPECT_EQ(t.expected_type, ASN1_STRING_type(str));
|
|
|
|
|
EXPECT_EQ(Bytes(t.expected_data),
|
|
|
|
|
Bytes(ASN1_STRING_get0_data(str), ASN1_STRING_length(str)));
|
|
|
|
|
ASN1_STRING_free(str);
|
|
|
|
|
str = nullptr;
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(-1, ASN1_mbstring_ncopy(
|
|
|
|
|
nullptr, t.in.data(), t.in.size(), t.format, t.mask,
|
|
|
|
|
/*minsize=*/t.num_codepoints + 1, /*maxsize=*/0));
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
EXPECT_EQ(-1, ASN1_mbstring_ncopy(
|
|
|
|
|
&str, t.in.data(), t.in.size(), t.format, t.mask,
|
|
|
|
|
/*minsize=*/t.num_codepoints + 1, /*maxsize=*/0));
|
|
|
|
|
EXPECT_FALSE(str);
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
if (t.num_codepoints > 1) {
|
|
|
|
|
EXPECT_EQ(-1, ASN1_mbstring_ncopy(
|
|
|
|
|
nullptr, t.in.data(), t.in.size(), t.format, t.mask,
|
|
|
|
|
/*minsize=*/0, /*maxsize=*/t.num_codepoints - 1));
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
EXPECT_EQ(-1, ASN1_mbstring_ncopy(
|
|
|
|
|
&str, t.in.data(), t.in.size(), t.format, t.mask,
|
|
|
|
|
/*minsize=*/0, /*maxsize=*/t.num_codepoints - 1));
|
|
|
|
|
EXPECT_FALSE(str);
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const struct {
|
|
|
|
|
int format;
|
|
|
|
|
std::vector<uint8_t> in;
|
|
|
|
|
unsigned long mask;
|
|
|
|
|
} kInvalidTests[] = {
|
|
|
|
|
// Invalid encodings are rejected.
|
|
|
|
|
{MBSTRING_UTF8, {0xff}, B_ASN1_UTF8STRING},
|
|
|
|
|
{MBSTRING_BMP, {0xff}, B_ASN1_UTF8STRING},
|
|
|
|
|
{MBSTRING_UNIV, {0xff}, B_ASN1_UTF8STRING},
|
|
|
|
|
|
|
|
|
|
// Lone surrogates are not code points.
|
|
|
|
|
{MBSTRING_UTF8, {0xed, 0xa0, 0x80}, B_ASN1_UTF8STRING},
|
|
|
|
|
{MBSTRING_BMP, {0xd8, 0x00}, B_ASN1_UTF8STRING},
|
|
|
|
|
{MBSTRING_UNIV, {0x00, 0x00, 0xd8, 0x00}, B_ASN1_UTF8STRING},
|
|
|
|
|
|
|
|
|
|
// The input does not fit in the allowed output types.
|
|
|
|
|
{MBSTRING_UTF8, {'\n'}, B_ASN1_PRINTABLESTRING},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{0xc2, 0x80 /* U+0080 */},
|
|
|
|
|
B_ASN1_PRINTABLESTRING | B_ASN1_IA5STRING},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{0xc4, 0x80 /* U+0100 */},
|
|
|
|
|
B_ASN1_PRINTABLESTRING | B_ASN1_IA5STRING | B_ASN1_T61STRING},
|
|
|
|
|
{MBSTRING_UTF8,
|
|
|
|
|
{0xf0, 0x90, 0x80, 0x80 /* U+10000 */},
|
|
|
|
|
B_ASN1_PRINTABLESTRING | B_ASN1_IA5STRING | B_ASN1_T61STRING |
|
|
|
|
|
B_ASN1_BMPSTRING},
|
|
|
|
|
|
|
|
|
|
// Unrecognized bits are ignored.
|
|
|
|
|
{MBSTRING_UTF8, {'\n'}, B_ASN1_PRINTABLESTRING | B_ASN1_SEQUENCE},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kInvalidTests) {
|
|
|
|
|
SCOPED_TRACE(t.format);
|
|
|
|
|
SCOPED_TRACE(Bytes(t.in));
|
|
|
|
|
SCOPED_TRACE(t.mask);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(-1, ASN1_mbstring_copy(nullptr, t.in.data(), t.in.size(),
|
|
|
|
|
t.format, t.mask));
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
|
|
|
|
|
ASN1_STRING *str = nullptr;
|
|
|
|
|
EXPECT_EQ(-1, ASN1_mbstring_copy(&str, t.in.data(), t.in.size(),
|
|
|
|
|
t.format, t.mask));
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
EXPECT_EQ(nullptr, str);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test that multi-string types correctly encode negative ENUMERATED.
|
|
|
|
|
// Multi-string types cannot contain INTEGER, so we only test ENUMERATED.
|
|
|
|
|
TEST(ASN1Test, NegativeEnumeratedMultistring) {
|
|
|
|
|
static const uint8_t kMinusOne[] = {0x0a, 0x01, 0xff}; // ENUMERATED { -1 }
|
|
|
|
|
// |ASN1_PRINTABLE| is a multi-string type that allows ENUMERATED.
|
|
|
|
|
const uint8_t *p = kMinusOne;
|
|
|
|
|
bssl::UniquePtr<ASN1_STRING> str(
|
|
|
|
|
d2i_ASN1_PRINTABLE(nullptr, &p, sizeof(kMinusOne)));
|
|
|
|
|
ASSERT_TRUE(str);
|
|
|
|
|
TestSerialize(str.get(), i2d_ASN1_PRINTABLE, kMinusOne);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, PrintableType) {
|
|
|
|
|
const struct {
|
|
|
|
|
std::vector<uint8_t> in;
|
|
|
|
|
int result;
|
|
|
|
|
} kTests[] = {
|
|
|
|
|
{{}, V_ASN1_PRINTABLESTRING},
|
|
|
|
|
{{'a', 'A', '0', '\'', '(', ')', '+', ',', '-', '.', '/', ':', '=', '?'},
|
|
|
|
|
V_ASN1_PRINTABLESTRING},
|
|
|
|
|
{{'*'}, V_ASN1_IA5STRING},
|
|
|
|
|
{{'\0'}, V_ASN1_IA5STRING},
|
|
|
|
|
{{'\0', 'a'}, V_ASN1_IA5STRING},
|
|
|
|
|
{{0, 1, 2, 3, 125, 126, 127}, V_ASN1_IA5STRING},
|
|
|
|
|
{{0, 1, 2, 3, 125, 126, 127, 128}, V_ASN1_T61STRING},
|
|
|
|
|
{{128, 0, 1, 2, 3, 125, 126, 127}, V_ASN1_T61STRING},
|
|
|
|
|
};
|
|
|
|
|
for (const auto &t : kTests) {
|
|
|
|
|
SCOPED_TRACE(Bytes(t.in));
|
|
|
|
|
EXPECT_EQ(t.result, ASN1_PRINTABLE_type(t.in.data(), t.in.size()));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Encoding a CHOICE type with an invalid selector should fail.
|
|
|
|
|
TEST(ASN1Test, InvalidChoice) {
|
|
|
|
|
bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
|
|
|
|
|
ASSERT_TRUE(name);
|
|
|
|
|
// CHOICE types are initialized with an invalid selector.
|
|
|
|
|
EXPECT_EQ(-1, name->type);
|
|
|
|
|
// |name| should fail to encode.
|
|
|
|
|
EXPECT_EQ(-1, i2d_GENERAL_NAME(name.get(), nullptr));
|
|
|
|
|
|
|
|
|
|
// The error should be propagated through types containing |name|.
|
|
|
|
|
bssl::UniquePtr<GENERAL_NAMES> names(GENERAL_NAMES_new());
|
|
|
|
|
ASSERT_TRUE(names);
|
|
|
|
|
EXPECT_TRUE(bssl::PushToStack(names.get(), std::move(name)));
|
|
|
|
|
EXPECT_EQ(-1, i2d_GENERAL_NAMES(names.get(), nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
Correctly handle invalid ASN1_OBJECTs when encoding.
asn1_ex_i2c actually does have an error condition, it just wasn't being
handled.
628b3c7f2fdf68519c27dc087c400ca616616f4e, imported from upstream's
f3f8e72f494b36d05e0d04fe418f92b692fbb261, tried to check for OID-less
ASN1_OBJECTs and return an error. But it and the upstream change didn't
actually work. -1 in this function means to omit the object, so OpenSSL
was silently misinterpreting the input structure.
This changes the calling convention for asn1_ex_i2c to support this. It
is, unfortunately, a little messy because:
1. One cannot check for object presense without walking the
ASN1_ITEM/ASN1_TEMPLATE structures. You can *almost* check if *pval
is NULL, but ASN1_BOOLEAN is an int with -1 to indicate an omitted
optional. There are also FBOOLEAN/TBOOLEAN types that omit FALSE/TRUE
for DEFAULT. Thus, without more invasive changes, asn1_ex_i2c must be
able to report an omitted element.
2. While the i2d functions report an omitted element by successfully
writing zero bytes, i2c only writes the contents. It thus must
distinguish between an omitted element and an element with
zero-length contents.
3. i2c_ASN1_INTEGER and i2c_ASN1_BIT_STRING return zero on error rather
than -1. Those error paths are not actually reachable because they
only check for NULL. In fact, OpenSSL has even unexported them. But I
found a few callers. Rather than unwind all this and change the
calling convention, I've just made it handle 0 and map to -1 for now.
It's all a no-op anyway, and hopefully we can redo all this with CBB
later.
I've just added an output parameter for now.
In writing tests, I also noticed that the hand-written i2d_ASN1_OBJECT
and i2d_ASN1_BOOLEAN return the wrong value for errors, so I've fixed
that.
Update-Note: A default-constructed object with a required ASN1_OBJECT
field can no longer be encoded without initializing the ASN1_OBJECT.
Note this affects X509: the signature algorithm is an ASN1_OBJECT. Tests
that try to serialize an X509_new() must fill in all required fields.
(Production code is unlikely to be affected because the output was
unparsable anyway, while tests sometimes wouldn't notice.)
Bug: 429
Change-Id: I04417f5ad6b994cc5ccca540c8a7714b9b3af33d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49348
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
// Encoding NID-only |ASN1_OBJECT|s should fail.
|
|
|
|
|
TEST(ASN1Test, InvalidObject) {
|
|
|
|
|
EXPECT_EQ(-1, i2d_ASN1_OBJECT(OBJ_nid2obj(NID_kx_ecdhe), nullptr));
|
|
|
|
|
|
|
|
|
|
bssl::UniquePtr<X509_ALGOR> alg(X509_ALGOR_new());
|
|
|
|
|
ASSERT_TRUE(alg);
|
|
|
|
|
ASSERT_TRUE(X509_ALGOR_set0(alg.get(), OBJ_nid2obj(NID_kx_ecdhe),
|
|
|
|
|
V_ASN1_UNDEF, nullptr));
|
|
|
|
|
EXPECT_EQ(-1, i2d_X509_ALGOR(alg.get(), nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Encoding invalid |ASN1_TYPE|s should fail. |ASN1_TYPE|s are
|
|
|
|
|
// default-initialized to an invalid type.
|
|
|
|
|
TEST(ASN1Test, InvalidASN1Type) {
|
|
|
|
|
bssl::UniquePtr<ASN1_TYPE> obj(ASN1_TYPE_new());
|
|
|
|
|
ASSERT_TRUE(obj);
|
|
|
|
|
EXPECT_EQ(-1, obj->type);
|
|
|
|
|
EXPECT_EQ(-1, i2d_ASN1_TYPE(obj.get(), nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Encoding invalid MSTRING types should fail. An MSTRING is a CHOICE of
|
|
|
|
|
// string-like types. They are initialized to an invalid type.
|
|
|
|
|
TEST(ASN1Test, InvalidMSTRING) {
|
|
|
|
|
bssl::UniquePtr<ASN1_STRING> obj(ASN1_TIME_new());
|
|
|
|
|
ASSERT_TRUE(obj);
|
|
|
|
|
EXPECT_EQ(-1, obj->type);
|
|
|
|
|
EXPECT_EQ(-1, i2d_ASN1_TIME(obj.get(), nullptr));
|
|
|
|
|
|
|
|
|
|
obj.reset(DIRECTORYSTRING_new());
|
|
|
|
|
ASSERT_TRUE(obj);
|
|
|
|
|
EXPECT_EQ(-1, obj->type);
|
|
|
|
|
EXPECT_EQ(-1, i2d_DIRECTORYSTRING(obj.get(), nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, StringTableSorted) {
|
|
|
|
|
const ASN1_STRING_TABLE *table;
|
|
|
|
|
size_t table_len;
|
|
|
|
|
asn1_get_string_table_for_testing(&table, &table_len);
|
|
|
|
|
for (size_t i = 1; i < table_len; i++) {
|
|
|
|
|
EXPECT_LT(table[i-1].nid, table[i].nid);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The ASN.1 macros do not work on Windows shared library builds, where usage of
|
|
|
|
|
// |OPENSSL_EXPORT| is a bit stricter.
|
|
|
|
|
#if !defined(OPENSSL_WINDOWS) || !defined(BORINGSSL_SHARED_LIBRARY)
|
|
|
|
|
|
|
|
|
|
typedef struct asn1_linked_list_st {
|
|
|
|
|
struct asn1_linked_list_st *next;
|
|
|
|
|
} ASN1_LINKED_LIST;
|
|
|
|
|
|
|
|
|
|
DECLARE_ASN1_ITEM(ASN1_LINKED_LIST)
|
|
|
|
|
DECLARE_ASN1_FUNCTIONS(ASN1_LINKED_LIST)
|
|
|
|
|
|
|
|
|
|
ASN1_SEQUENCE(ASN1_LINKED_LIST) = {
|
Reject missing required fields in i2d functions.
See also 006906cddda37e24a66443199444ef4476697477 from OpenSSL, though
this CL uses a different strategy from upstream. Upstream makes
ASN1_item_ex_i2d continue to allow optionals and checks afterwards at
every non-optional call site. This CL pushes down an optional parameter
and says functions cannot omit items unless explicitly allowed.
I think this is a better default, though it is a larger change. Fields
are only optional when they come from an ASN1_TEMPLATE with the OPTIONAL
flag. Upstream's strategy misses top-level calls.
This CL additionally adds checks for optional ASN1_TEMPLATEs in contexts
where it doesn't make sense. Only fields of SEQUENCEs and SETs may be
OPTIONAL, but the ASN1_ITEM/ASN1_TEMPLATE split doesn't quite match
ASN.1 itself. ASN1_TEMPLATE is additionally responsible for
explicit/implicit tagging, and SEQUENCE/SET OF. That means CHOICE arms
and the occasional top-level type (ASN1_ITEM_TEMPLATE) use ASN1_TEMPLATE
but will get confused if marked optional.
As part of this, i2d_FOO(NULL) now returns -1 rather than "successfully"
writing 0 bytes. If we want to allow NULL at the top-level, that's not
too hard to arrange, but our CBB-based i2d functions do not.
Update-Note: Structures with missing mandatory fields can no longer be
encoded. Note that, apart from the cases already handled by preceding
CLs, tasn_new.c will fill in non-NULL empty objects everywhere. The main
downstream impact I've seen of this particular change is in combination
with other bugs. Consider a caller that does:
GENERAL_NAME *name = GENERAL_NAME_new();
name->type = GEN_DNS;
name->d.dNSName = DoSomethingComplicated(...);
Suppose DoSomethingComplicated() was actually fallible and returned
NULL, but the caller forgot to check. They'd now construct a
GENERAL_NAME with a missing field. Previously, this would silently
serialize some garbage (omitted field) or empty string. Now we fail to
encode, but the true error was the uncaught DoSomethingComplicated()
failure. (Which likely was itself a bug.)
Bug: 429
Change-Id: I37fe618761be64a619be9fdc8d416f24ecbb8c46
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49350
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
ASN1_OPT(ASN1_LINKED_LIST, next, ASN1_LINKED_LIST),
|
|
|
|
|
} ASN1_SEQUENCE_END(ASN1_LINKED_LIST)
|
|
|
|
|
|
|
|
|
|
IMPLEMENT_ASN1_FUNCTIONS(ASN1_LINKED_LIST)
|
|
|
|
|
|
|
|
|
|
static bool MakeLinkedList(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
|
|
|
|
|
size_t count) {
|
|
|
|
|
bssl::ScopedCBB cbb;
|
|
|
|
|
std::vector<CBB> cbbs(count);
|
|
|
|
|
if (!CBB_init(cbb.get(), 2 * count) ||
|
|
|
|
|
!CBB_add_asn1(cbb.get(), &cbbs[0], CBS_ASN1_SEQUENCE)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
for (size_t i = 1; i < count; i++) {
|
|
|
|
|
if (!CBB_add_asn1(&cbbs[i - 1], &cbbs[i], CBS_ASN1_SEQUENCE)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
uint8_t *ptr;
|
|
|
|
|
if (!CBB_finish(cbb.get(), &ptr, out_len)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
out->reset(ptr);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST(ASN1Test, Recursive) {
|
|
|
|
|
bssl::UniquePtr<uint8_t> data;
|
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
|
|
// Sanity-check that MakeLinkedList can be parsed.
|
|
|
|
|
ASSERT_TRUE(MakeLinkedList(&data, &len, 5));
|
|
|
|
|
const uint8_t *ptr = data.get();
|
|
|
|
|
ASN1_LINKED_LIST *list = d2i_ASN1_LINKED_LIST(nullptr, &ptr, len);
|
|
|
|
|
EXPECT_TRUE(list);
|
|
|
|
|
ASN1_LINKED_LIST_free(list);
|
|
|
|
|
|
|
|
|
|
// Excessively deep structures are rejected.
|
|
|
|
|
ASSERT_TRUE(MakeLinkedList(&data, &len, 100));
|
|
|
|
|
ptr = data.get();
|
|
|
|
|
list = d2i_ASN1_LINKED_LIST(nullptr, &ptr, len);
|
|
|
|
|
EXPECT_FALSE(list);
|
|
|
|
|
// Note checking the error queue here does not work. The error "stack trace"
|
|
|
|
|
// is too deep, so the |ASN1_R_NESTED_TOO_DEEP| entry drops off the queue.
|
|
|
|
|
ASN1_LINKED_LIST_free(list);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct IMPLICIT_CHOICE {
|
|
|
|
|
ASN1_STRING *string;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
DECLARE_ASN1_FUNCTIONS(IMPLICIT_CHOICE)
|
|
|
|
|
|
|
|
|
|
ASN1_SEQUENCE(IMPLICIT_CHOICE) = {
|
Reject missing required fields in i2d functions.
See also 006906cddda37e24a66443199444ef4476697477 from OpenSSL, though
this CL uses a different strategy from upstream. Upstream makes
ASN1_item_ex_i2d continue to allow optionals and checks afterwards at
every non-optional call site. This CL pushes down an optional parameter
and says functions cannot omit items unless explicitly allowed.
I think this is a better default, though it is a larger change. Fields
are only optional when they come from an ASN1_TEMPLATE with the OPTIONAL
flag. Upstream's strategy misses top-level calls.
This CL additionally adds checks for optional ASN1_TEMPLATEs in contexts
where it doesn't make sense. Only fields of SEQUENCEs and SETs may be
OPTIONAL, but the ASN1_ITEM/ASN1_TEMPLATE split doesn't quite match
ASN.1 itself. ASN1_TEMPLATE is additionally responsible for
explicit/implicit tagging, and SEQUENCE/SET OF. That means CHOICE arms
and the occasional top-level type (ASN1_ITEM_TEMPLATE) use ASN1_TEMPLATE
but will get confused if marked optional.
As part of this, i2d_FOO(NULL) now returns -1 rather than "successfully"
writing 0 bytes. If we want to allow NULL at the top-level, that's not
too hard to arrange, but our CBB-based i2d functions do not.
Update-Note: Structures with missing mandatory fields can no longer be
encoded. Note that, apart from the cases already handled by preceding
CLs, tasn_new.c will fill in non-NULL empty objects everywhere. The main
downstream impact I've seen of this particular change is in combination
with other bugs. Consider a caller that does:
GENERAL_NAME *name = GENERAL_NAME_new();
name->type = GEN_DNS;
name->d.dNSName = DoSomethingComplicated(...);
Suppose DoSomethingComplicated() was actually fallible and returned
NULL, but the caller forgot to check. They'd now construct a
GENERAL_NAME with a missing field. Previously, this would silently
serialize some garbage (omitted field) or empty string. Now we fail to
encode, but the true error was the uncaught DoSomethingComplicated()
failure. (Which likely was itself a bug.)
Bug: 429
Change-Id: I37fe618761be64a619be9fdc8d416f24ecbb8c46
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49350
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
ASN1_IMP(IMPLICIT_CHOICE, string, DIRECTORYSTRING, 0),
|
|
|
|
|
} ASN1_SEQUENCE_END(IMPLICIT_CHOICE)
|
|
|
|
|
|
|
|
|
|
IMPLEMENT_ASN1_FUNCTIONS(IMPLICIT_CHOICE)
|
|
|
|
|
|
|
|
|
|
// Test that the ASN.1 templates reject types with implicitly-tagged CHOICE
|
|
|
|
|
// types.
|
|
|
|
|
TEST(ASN1Test, ImplicitChoice) {
|
|
|
|
|
// Serializing a type with an implicitly tagged CHOICE should fail.
|
|
|
|
|
std::unique_ptr<IMPLICIT_CHOICE, decltype(&IMPLICIT_CHOICE_free)> obj(
|
|
|
|
|
IMPLICIT_CHOICE_new(), IMPLICIT_CHOICE_free);
|
|
|
|
|
EXPECT_EQ(-1, i2d_IMPLICIT_CHOICE(obj.get(), nullptr));
|
|
|
|
|
|
|
|
|
|
// An implicitly-tagged CHOICE is an error. Depending on the implementation,
|
|
|
|
|
// it may be misinterpreted as without the tag, or as clobbering the CHOICE
|
|
|
|
|
// tag. Test both inputs and ensure they fail.
|
|
|
|
|
|
|
|
|
|
// SEQUENCE { UTF8String {} }
|
|
|
|
|
static const uint8_t kInput1[] = {0x30, 0x02, 0x0c, 0x00};
|
|
|
|
|
const uint8_t *ptr = kInput1;
|
|
|
|
|
EXPECT_EQ(nullptr, d2i_IMPLICIT_CHOICE(nullptr, &ptr, sizeof(kInput1)));
|
|
|
|
|
|
|
|
|
|
// SEQUENCE { [0 PRIMITIVE] {} }
|
|
|
|
|
static const uint8_t kInput2[] = {0x30, 0x02, 0x80, 0x00};
|
|
|
|
|
ptr = kInput2;
|
|
|
|
|
EXPECT_EQ(nullptr, d2i_IMPLICIT_CHOICE(nullptr, &ptr, sizeof(kInput2)));
|
|
|
|
|
}
|
|
|
|
|
|
Reject missing required fields in i2d functions.
See also 006906cddda37e24a66443199444ef4476697477 from OpenSSL, though
this CL uses a different strategy from upstream. Upstream makes
ASN1_item_ex_i2d continue to allow optionals and checks afterwards at
every non-optional call site. This CL pushes down an optional parameter
and says functions cannot omit items unless explicitly allowed.
I think this is a better default, though it is a larger change. Fields
are only optional when they come from an ASN1_TEMPLATE with the OPTIONAL
flag. Upstream's strategy misses top-level calls.
This CL additionally adds checks for optional ASN1_TEMPLATEs in contexts
where it doesn't make sense. Only fields of SEQUENCEs and SETs may be
OPTIONAL, but the ASN1_ITEM/ASN1_TEMPLATE split doesn't quite match
ASN.1 itself. ASN1_TEMPLATE is additionally responsible for
explicit/implicit tagging, and SEQUENCE/SET OF. That means CHOICE arms
and the occasional top-level type (ASN1_ITEM_TEMPLATE) use ASN1_TEMPLATE
but will get confused if marked optional.
As part of this, i2d_FOO(NULL) now returns -1 rather than "successfully"
writing 0 bytes. If we want to allow NULL at the top-level, that's not
too hard to arrange, but our CBB-based i2d functions do not.
Update-Note: Structures with missing mandatory fields can no longer be
encoded. Note that, apart from the cases already handled by preceding
CLs, tasn_new.c will fill in non-NULL empty objects everywhere. The main
downstream impact I've seen of this particular change is in combination
with other bugs. Consider a caller that does:
GENERAL_NAME *name = GENERAL_NAME_new();
name->type = GEN_DNS;
name->d.dNSName = DoSomethingComplicated(...);
Suppose DoSomethingComplicated() was actually fallible and returned
NULL, but the caller forgot to check. They'd now construct a
GENERAL_NAME with a missing field. Previously, this would silently
serialize some garbage (omitted field) or empty string. Now we fail to
encode, but the true error was the uncaught DoSomethingComplicated()
failure. (Which likely was itself a bug.)
Bug: 429
Change-Id: I37fe618761be64a619be9fdc8d416f24ecbb8c46
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49350
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
4 years ago
|
|
|
struct REQUIRED_FIELD {
|
|
|
|
|
ASN1_INTEGER *value;
|
|
|
|
|
ASN1_INTEGER *value_imp;
|
|
|
|
|
ASN1_INTEGER *value_exp;
|
|
|
|
|
STACK_OF(ASN1_INTEGER) *seq;
|
|
|
|
|
STACK_OF(ASN1_INTEGER) *seq_imp;
|
|
|
|
|
STACK_OF(ASN1_INTEGER) *seq_exp;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
DECLARE_ASN1_FUNCTIONS(REQUIRED_FIELD)
|
|
|
|
|
ASN1_SEQUENCE(REQUIRED_FIELD) = {
|
|
|
|
|
ASN1_SIMPLE(REQUIRED_FIELD, value, ASN1_INTEGER),
|
|
|
|
|
ASN1_IMP(REQUIRED_FIELD, value_imp, ASN1_INTEGER, 0),
|
|
|
|
|
ASN1_EXP(REQUIRED_FIELD, value_exp, ASN1_INTEGER, 1),
|
|
|
|
|
ASN1_SEQUENCE_OF(REQUIRED_FIELD, seq, ASN1_INTEGER),
|
|
|
|
|
ASN1_IMP_SEQUENCE_OF(REQUIRED_FIELD, seq_imp, ASN1_INTEGER, 2),
|
|
|
|
|
ASN1_EXP_SEQUENCE_OF(REQUIRED_FIELD, seq_exp, ASN1_INTEGER, 3),
|
|
|
|
|
} ASN1_SEQUENCE_END(REQUIRED_FIELD)
|
|
|
|
|
IMPLEMENT_ASN1_FUNCTIONS(REQUIRED_FIELD)
|
|
|
|
|
|
|
|
|
|
// Test that structures with missing required fields cannot be serialized. Test
|
|
|
|
|
// the full combination of tagging and SEQUENCE OF.
|
|
|
|
|
TEST(ASN1Test, MissingRequiredField) {
|
|
|
|
|
EXPECT_EQ(-1, i2d_REQUIRED_FIELD(nullptr, nullptr));
|
|
|
|
|
|
|
|
|
|
std::unique_ptr<REQUIRED_FIELD, decltype(&REQUIRED_FIELD_free)> obj(
|
|
|
|
|
nullptr, REQUIRED_FIELD_free);
|
|
|
|
|
for (auto field : {&REQUIRED_FIELD::value, &REQUIRED_FIELD::value_imp,
|
|
|
|
|
&REQUIRED_FIELD::value_exp}) {
|
|
|
|
|
obj.reset(REQUIRED_FIELD_new());
|
|
|
|
|
ASSERT_TRUE(obj);
|
|
|
|
|
ASN1_INTEGER_free((*obj).*field);
|
|
|
|
|
(*obj).*field = nullptr;
|
|
|
|
|
EXPECT_EQ(-1, i2d_REQUIRED_FIELD(obj.get(), nullptr));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (auto field : {&REQUIRED_FIELD::seq, &REQUIRED_FIELD::seq_imp,
|
|
|
|
|
&REQUIRED_FIELD::seq_exp}) {
|
|
|
|
|
obj.reset(REQUIRED_FIELD_new());
|
|
|
|
|
ASSERT_TRUE(obj);
|
|
|
|
|
sk_ASN1_INTEGER_pop_free((*obj).*field, ASN1_INTEGER_free);
|
|
|
|
|
(*obj).*field = nullptr;
|
|
|
|
|
EXPECT_EQ(-1, i2d_REQUIRED_FIELD(obj.get(), nullptr));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif // !WINDOWS || !SHARED_LIBRARY
|
