Branch: Tag:

2014-09-29

2014-09-29 23:55:47 by Martin Nilsson <nilsson@opera.com>

Verify that no additional payload is hidden in ASN.1 structures.

308:    void `der=(string asn1)    {    internal_der = UNDEFINED; -  if (init(Standards.ASN1.Decode.simple_der_decode(asn1, x509_types))) { +  if (init(Standards.ASN1.Decode.secure_der_decode(asn1, x509_types))) {    internal_der = asn1;    }    }
655:    }       extensions[ id ] = -  Standards.ASN1.Decode.simple_der_decode(ext->elements[-1]->value, +  Standards.ASN1.Decode.secure_der_decode(ext->elements[-1]->value,    extension_types[id]);    if(sizeof(ext)==3)    {
1399:   TBSCertificate decode_certificate(string|object cert)   {    if (stringp (cert)) { -  cert = Standards.ASN1.Decode.simple_der_decode(cert, x509_types); +  cert = Standards.ASN1.Decode.secure_der_decode(cert, x509_types);    }       if (!cert
1439:   TBSCertificate verify_certificate(string s,    mapping(string:Verifier|array(Verifier)) authorities)   { -  object cert = Standards.ASN1.Decode.simple_der_decode(s); +  object cert = Standards.ASN1.Decode.secure_der_decode(s);       TBSCertificate tbs = decode_certificate(cert);    if (!tbs) return 0;
1724:       foreach(cert_chain; int idx; string c)    { -  object cert = Standards.ASN1.Decode.simple_der_decode(c); +  object cert = Standards.ASN1.Decode.secure_der_decode(c);    TBSCertificate tbs = decode_certificate(cert);    if(!tbs)    FATAL(CERT_INVALID);
1863:   //! DWIM-parse the DER-sequence for a private key.   variant Crypto.Sign.State parse_private_key(string private_key)   { -  Object seq = Standards.ASN1.Decode.simple_der_decode(private_key); +  Object seq = Standards.ASN1.Decode.secure_der_decode(private_key);    if (!seq || (seq->type_name != "SEQUENCE")) return UNDEFINED;    return parse_private_key([object(Sequence)]seq);   }