Reject invalid constructed encodings.

According to X6.90 null, object identifier, boolean, integer and enumerated types can only have primitive encodings: return an error if any of these are received with a constructed encoding. Reviewed-by: Emilia Käsper <emilia@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2014-12-17 00:13:19 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-12-17 15:25:58 +0100
commit: 89f40f369f414b52e00f7230b0e3ce99e430a508 (patch)
tree: f5954bc4e157d06748e19363e4519cb74b5d72e8 /crypto/asn1/tasn_dec.c
parent: Add a comment noting the padding oracle. (diff)
download: openssl-89f40f369f414b52e00f7230b0e3ce99e430a508.tar.xz
openssl-89f40f369f414b52e00f7230b0e3ce99e430a508.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 87d7dfdf5c..2cbfa81475 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -870,6 +870,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
 		}
 	else if (cst)
 		{
+		if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+			|| utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+			|| utype == V_ASN1_ENUMERATED)
+			{
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+				ASN1_R_TYPE_NOT_PRIMITIVE);
+			return 0;
+			}
 		buf.length = 0;
 		buf.max = 0;
 		buf.data = NULL;
author	Dr. Stephen Henson <steve@openssl.org>	2014-12-17 00:13:19 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-12-17 15:25:58 +0100
commit	89f40f369f414b52e00f7230b0e3ce99e430a508 (patch)
tree	f5954bc4e157d06748e19363e4519cb74b5d72e8 /crypto/asn1/tasn_dec.c
parent	Add a comment noting the padding oracle. (diff)
download	openssl-89f40f369f414b52e00f7230b0e3ce99e430a508.tar.xz openssl-89f40f369f414b52e00f7230b0e3ce99e430a508.zip