ASN1_get_object should not accept large universal tags.

The high bits of the type get used for the V_ASN1_NEG bit, so when used with ASN1_ANY/ASN1_TYPE, universal tags become ambiguous. This allows one to create a negative zero, which should be impossible. Impose an upper bound on universal tags accepted by crypto/asn1 and add a test. BUG=590615 Change-Id: I363e01ebfde621c8865101f5bcbd5f323fb59e79 Reviewed-on: https://boringssl-review.googlesource.com/7238 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@google.com> 2016-02-29 23:42:59 +0300
committer: Adam Langley <agl@google.com> 2016-03-01 00:17:19 +0300
commit: fb2c6f8c8565e1e2d85c24408050c96521acbcdc (patch)
tree: affbfa57e4f6bc8524ab01e1608f0d00a6e4937f /crypto/test
parent: 7e8ed440135c166d0a29e28548b485b66d1645b8 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/test/scoped_types.h b/crypto/test/scoped_types.h
index d666c710..b5ae324d 100644
--- a/crypto/test/scoped_types.h
+++ b/crypto/test/scoped_types.h
@@ -21,6 +21,7 @@
 #include <memory>
 
 #include <openssl/aead.h>
+#include <openssl/asn1.h>
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/cmac.h>
@@ -95,6 +96,7 @@ class ScopedOpenSSLContext {
   T ctx_;
 };
 
+using ScopedASN1_TYPE = ScopedOpenSSLType<ASN1_TYPE, ASN1_TYPE_free>;
 using ScopedBIO = ScopedOpenSSLType<BIO, BIO_vfree>;
 using ScopedBIGNUM = ScopedOpenSSLType<BIGNUM, BN_free>;
 using ScopedBN_CTX = ScopedOpenSSLType<BN_CTX, BN_CTX_free>;
author	David Benjamin <davidben@google.com>	2016-02-29 23:42:59 +0300
committer	Adam Langley <agl@google.com>	2016-03-01 00:17:19 +0300
commit	fb2c6f8c8565e1e2d85c24408050c96521acbcdc (patch)
tree	affbfa57e4f6bc8524ab01e1608f0d00a6e4937f /crypto/test
parent	7e8ed440135c166d0a29e28548b485b66d1645b8 (diff)