kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

The empty contents are not a valid ASN.1 INTEGER.

Browse Source 
Zero is encoded as a single zero octet. Per X.690, 8.3.1:

  The encoding of an integer value shall be primitive. The contents octets
  shall consist of one or more octets.

Change-Id: If4304a2be5117b71446a3a62a2b8a6124f85a202
Reviewed-on: https://boringssl-review.googlesource.com/2010
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-10-21 00:45:25 -04:00 committed by Adam Langley
parent b5b6854968
commit fbe6f498cd
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/bytestring/bytestring_test.c
View File

@ -467,6 +467,8 @@ typedef struct {
static const ASN1_INVALID_UINT64_TEST kAsn1InvalidUint64Tests[] = { static const ASN1_INVALID_UINT64_TEST kAsn1InvalidUint64Tests[] = {
/* Bad tag. */ /* Bad tag. */
{"\x03\x01\x00", 3}, {"\x03\x01\x00", 3},
/* Empty contents. */
{"\x02\x00", 2},
/* Negative number. */ /* Negative number. */
{"\x02\x01\x80", 3}, {"\x02\x01\x80", 3},
/* Overflow */ /* Overflow */

7
crypto/bytestring/cbs.c
View File

@ -284,7 +284,12 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
data = CBS_data(&bytes); data = CBS_data(&bytes);
len = CBS_len(&bytes); len = CBS_len(&bytes);
if (len > 0 && (data[0] & 0x80) != 0) { if (len == 0) {
/* An INTEGER is encoded with at least one octet. */
return 0;
}
if ((data[0] & 0x80) != 0) {
/* negative number */ /* negative number */
return 0; return 0;
} }