Hide global _it variables in asn1.h

ok tb@

Avoid out-of-bounds accesses in ASN1_BIT_STRING_{get,set}()

If a negative n is passed, these functions would underrun the bitstring's
data array. So add checks for that and drop spades of unnecessar

Avoid out-of-bounds accesses in ASN1_BIT_STRING_{get,set}()

If a negative n is passed, these functions would underrun the bitstring's
data array. So add checks for that and drop spades of unnecessary parens.

These functions are quite broken anyway. The setter attempts to zap the
unnecessary trailing zero octets, but fails to do so if the bit being
cleared isn't already set. Worse is the getter where you can't tell an
error (like attempting an out-of-bounds read) from the bit being unset.

ok joshua

show more ...

Remove more ASN1_BIT_STRING API

This removes ASN1_BIT_STRING_name_print(), ASN1_BIT_STRING_{num,set}_asc().
Before trust was properly handled using OIDs, there was a period where it
used bit strings

Remove more ASN1_BIT_STRING API

This removes ASN1_BIT_STRING_name_print(), ASN1_BIT_STRING_{num,set}_asc().
Before trust was properly handled using OIDs, there was a period where it
used bit strings. The actual interfaces used in openssl x509 were removed,
but the functions they wrapped remained unused for the next 24 years.

ok jsing

show more ...

Remove ASN1_BIT_STRING_check

This was added with the TS code for no discernible reason. I could not
find a single consumer. In the unlikely event that you need this, it is
easy enough to write a bet

Remove ASN1_BIT_STRING_check

This was added with the TS code for no discernible reason. I could not
find a single consumer. In the unlikely event that you need this, it is
easy enough to write a better version of it yourself.

ok jsing

show more ...

Hide symbols in asn1 and bio

ok jsing@

Prevent 1-byte out-of-bounds read in i2c_ASN1_BIT_STRING

If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data,
this old code would end up reading from a->data[-1]. This may or

Prevent 1-byte out-of-bounds read in i2c_ASN1_BIT_STRING

If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data,
this old code would end up reading from a->data[-1]. This may or may not
crash. Luckily, anton observed two openssl-ruby regress test failures in
the last few days, which could eventually be traced back to this (after a
lot of painful digging due to coredumps not working properly).

ok jsing

show more ...

Avoid signed integer overflow in i2c_ASN1_BIT_STRING()

If the length of the bitstring is INT_MAX, adding 1 to it is undefined
behavior, so error out before doing so.

Based on BoringSSL eeb3333f by

Avoid signed integer overflow in i2c_ASN1_BIT_STRING()

If the length of the bitstring is INT_MAX, adding 1 to it is undefined
behavior, so error out before doing so.

Based on BoringSSL eeb3333f by davidben

ok beck joshua

show more ...

Expose asn1_abs_set_unused_bits() in asn1_locl.h

Should have been part of a previous commit.

ok jsing

Decode via c2i_ASN1_BIT_STRING_cbs() from asn1_ex_c2i().

ok inoguchi@ tb@

Rewrite c2i_ASN1_BIT_STRING() using CBS.

Also switch to freeing and allocating, rather than attempting to recycle.
While here, factor out the flags ASN1_STRING_FLAG_BITS_LEFT bit bashing
and use the

Rewrite c2i_ASN1_BIT_STRING() using CBS.

Also switch to freeing and allocating, rather than attempting to recycle.
While here, factor out the flags ASN1_STRING_FLAG_BITS_LEFT bit bashing
and use the name "unused bits" rather than "bits left", to be more inline
with X.690 wording.

ok inoguchi@ tb@

show more ...

Consolidate code/templates for ASN.1 types.

Where an ASN.1 type has its own file, move the ASN.1 item template and
template related functions into the file.

Discussed with tb@

Move ASN1_<type>_* functions to the top, encoding/decoding to the bottom.

No functional change.

Consolidate various ASN.1 code.

Rather than having multiple files per type (with minimal code per file),
use one file per type (a_<type>.c).

No functional change.

Discussed with tb@

Remove unnecessary zeroing after recallocarray(3)

Zap a memset that was redundant since OpenSSL 0.97b was merged by
markus in 2003. Nowadays it's otto's recallocarray(3) that does the
zeroing.

ok b

Remove unnecessary zeroing after recallocarray(3)

Zap a memset that was redundant since OpenSSL 0.97b was merged by
markus in 2003. Nowadays it's otto's recallocarray(3) that does the
zeroing.

ok beck inoguchi otto

PS: ASN1_BIT_STRING_set_bit(3) was committed on Dec 21 1998 by Ralf S.
Engelschnall and used this bizarre allocation idiom:

if (a->data == NULL)
c=(unsigned char *)Malloc(w+1);
else
c=(unsigned char *)Realloc(a->data,w+1);

People complained about Malloc, Realloc and Free being used elsewhere, so
on Jun 1 2000, Richarde Levitte swept the OpenSSL tree and it became this.

if (a->data == NULL)
c=(unsigned char *)OPENSSL_malloc(w+1);
else
c=(unsigned char *)OPENSSL_realloc(a->data,w+1);

Then it was found that existing data should be cleaned, and on Nov 13 2002
Ben Laurie changed the last line to
c=(unsigned char *)OPENSSL_realloc_clean(a->data,
a->length,
w+1);

show more ...

Avoid calling memcpy with a length <= 0. Reported due to a GCC 7.3.0
compiler warning by Pavel Kraynyukhov. A similar fix was made in
OpenSSL commit 369e93398b68b8a328e6c1d766222b.

ok inoguchi

Use recallocarray() instead of OPENSSL_realloc_clean().

Also place all of the OPENSSL_* memory related prototypes under #ifndef
LIBRESSL_INTERNAL.

ok beck@ tb@

Cleanup c2i_ASN1_BIT_STRING() code.

Avoid overloading a variable to store both a value and an error code - we
can simply inline the error calls (as done everywhere else). Remove a bunch
of unnecessa

Cleanup c2i_ASN1_BIT_STRING() code.

Avoid overloading a variable to store both a value and an error code - we
can simply inline the error calls (as done everywhere else). Remove a bunch
of unnecessary parentheses and tidy a few other things.

With input from tb@.

ok inoguchi@ tb@

show more ...

Add a missing bounds check in c2i_ASN1_BIT_STRING().

This could potentially result in a left shift that exceeded the size of the
storage type.

Issue found by Simon Friedberger, Robert Merget and Ju

Add a missing bounds check in c2i_ASN1_BIT_STRING().

This could potentially result in a left shift that exceeded the size of the
storage type.

Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky.

ok inoguchi@ tb@

show more ...

Add const to functions in asn1/asn1.h as they did in OpenSSL.
BIO_f_asn1() will be taken care of later.

Tested in a bulk by sthen
ok bcook jca jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace remaining M_ASN1_BIT_STRING_(new|free) macros with calls to
ASN1_BIT_STRING_(new|free).

ok beck@ doug@

Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generated
assembly.

ok bcook@

Drop stupid (int) casts for the arguments of malloc() and friends. This is
not 16-bit MS-DOS anymore.
ok bcook@ tedu@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

show more ...

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@