artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 135e376) | patch
Make CBS_get_any_asn1_element() more compliant with DER encoding.
authordoug <doug@openbsd.org>
Mon, 15 Jun 2015 07:35:49 +0000 (07:35 +0000)
committerdoug <doug@openbsd.org>
Mon, 15 Jun 2015 07:35:49 +0000 (07:35 +0000)
commit0870ee343aa39b66a4b36e75c03c2379b807e74d
tree7bbaa6609ad459ad7c3619435f3259785f24eee4tree | snapshot
parent135e37648301bb8538d59cc3b23694e16cbeecbdcommit | diff
Make CBS_get_any_asn1_element() more compliant with DER encoding.

CBS_get_any_asn1_element violates DER encoding by allowing indefinite
form.  All callers except bs_ber.c expect DER encoding.  The callers
must check to see if it was indefinite or not.

Rather than exposing all callers to this behavior,
cbs_get_any_asn1_element_internal() allows specifying whether you want to
allow the normally forbidden indefinite form.  This is used by
CBS_get_any_asn1_element() for strict DER encoding and by a new static
function in bs_ber.c for the relaxed version.

While I was here, I added comments to differentiate between ASN.1
restrictions and CBS limitations.

ok miod@
lib/libssl/bs_ber.c diff | blob | history
lib/libssl/bs_cbs.c diff | blob | history
lib/libssl/bytestring.h diff | blob | history
lib/libssl/src/ssl/bs_ber.c diff | blob | history
lib/libssl/src/ssl/bs_cbs.c diff | blob | history
lib/libssl/src/ssl/bytestring.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim