diff options
| -rw-r--r-- | crypto/src/asn1/Asn1Set.cs | 2 | ||||
| -rw-r--r-- | crypto/src/asn1/DerEnumerated.cs | 28 | ||||
| -rw-r--r-- | crypto/src/asn1/DerInteger.cs | 55 | ||||
| -rw-r--r-- | crypto/src/asn1/pkcs/CertBag.cs | 2 | ||||
| -rw-r--r-- | crypto/test/src/asn1/test/ASN1IntegerTest.cs | 21 |
5 files changed, 66 insertions, 42 deletions
diff --git a/crypto/src/asn1/Asn1Set.cs b/crypto/src/asn1/Asn1Set.cs index 07605f5e1..68ede2275 100644 --- a/crypto/src/asn1/Asn1Set.cs +++ b/crypto/src/asn1/Asn1Set.cs @@ -16,7 +16,7 @@ namespace Org.BouncyCastle.Asn1 abstract public class Asn1Set : Asn1Object, IEnumerable { - // NOTE: Only non-readonly to support LazyDerSequence + // NOTE: Only non-readonly to support LazyDerSet internal Asn1Encodable[] elements; /** diff --git a/crypto/src/asn1/DerEnumerated.cs b/crypto/src/asn1/DerEnumerated.cs index 6690feceb..1344926bd 100644 --- a/crypto/src/asn1/DerEnumerated.cs +++ b/crypto/src/asn1/DerEnumerated.cs @@ -49,30 +49,28 @@ namespace Org.BouncyCastle.Asn1 return FromOctetString(((Asn1OctetString)o).GetOctets()); } - public DerEnumerated( - int val) + public DerEnumerated(int val) { + if (val < 0) + throw new ArgumentException("enumerated must be non-negative", "val"); + bytes = BigInteger.ValueOf(val).ToByteArray(); } - public DerEnumerated( - BigInteger val) + public DerEnumerated(BigInteger val) { + if (val.SignValue < 0) + throw new ArgumentException("enumerated must be non-negative", "val"); + bytes = val.ToByteArray(); } - public DerEnumerated( - byte[] bytes) + public DerEnumerated(byte[] bytes) { - if (bytes.Length > 1) - { - if ((bytes[0] == 0 && (bytes[1] & 0x80) == 0) - || (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0)) - { - if (!DerInteger.AllowUnsafe()) - throw new ArgumentException("malformed enumerated"); - } - } + if (DerInteger.IsMalformed(bytes)) + throw new ArgumentException("malformed enumerated", "bytes"); + if (0 != (bytes[0] & 0x80)) + throw new ArgumentException("enumerated must be non-negative", "bytes"); this.bytes = Arrays.Clone(bytes); } diff --git a/crypto/src/asn1/DerInteger.cs b/crypto/src/asn1/DerInteger.cs index ae14d2a9f..fec7b9420 100644 --- a/crypto/src/asn1/DerInteger.cs +++ b/crypto/src/asn1/DerInteger.cs @@ -60,14 +60,12 @@ namespace Org.BouncyCastle.Asn1 return new DerInteger(Asn1OctetString.GetInstance(o).GetOctets()); } - public DerInteger( - int value) + public DerInteger(int value) { bytes = BigInteger.ValueOf(value).ToByteArray(); } - public DerInteger( - BigInteger value) + public DerInteger(BigInteger value) { if (value == null) throw new ArgumentNullException("value"); @@ -75,27 +73,20 @@ namespace Org.BouncyCastle.Asn1 bytes = value.ToByteArray(); } - public DerInteger( - byte[] bytes) + public DerInteger(byte[] bytes) + : this(bytes, true) { - if (bytes.Length > 1) - { - if ((bytes[0] == 0 && (bytes[1] & 0x80) == 0) - || (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0)) - { - if (!AllowUnsafe()) - throw new ArgumentException("malformed integer"); - } - } - this.bytes = Arrays.Clone(bytes); } - public BigInteger Value + internal DerInteger(byte[] bytes, bool clone) { - get { return new BigInteger(bytes); } + if (IsMalformed(bytes)) + throw new ArgumentException("malformed integer", "bytes"); + + this.bytes = clone ? Arrays.Clone(bytes) : bytes; } - /** + /** * in some cases positive values Get crammed into a space, * that's not quite big enough... */ @@ -104,6 +95,11 @@ namespace Org.BouncyCastle.Asn1 get { return new BigInteger(1, bytes); } } + public BigInteger Value + { + get { return new BigInteger(bytes); } + } + internal override void Encode( DerOutputStream derOut) { @@ -130,5 +126,24 @@ namespace Org.BouncyCastle.Asn1 { return Value.ToString(); } - } + + /** + * Apply the correct validation for an INTEGER primitive following the BER rules. + * + * @param bytes The raw encoding of the integer. + * @return true if the (in)put fails this validation. + */ + internal static bool IsMalformed(byte[] bytes) + { + switch (bytes.Length) + { + case 0: + return true; + case 1: + return false; + default: + return (sbyte)bytes[0] == ((sbyte)bytes[1] >> 7) && !AllowUnsafe(); + } + } + } } diff --git a/crypto/src/asn1/pkcs/CertBag.cs b/crypto/src/asn1/pkcs/CertBag.cs index b6f4c8a30..e561fb890 100644 --- a/crypto/src/asn1/pkcs/CertBag.cs +++ b/crypto/src/asn1/pkcs/CertBag.cs @@ -17,7 +17,7 @@ namespace Org.BouncyCastle.Asn1.Pkcs // this.seq = seq; this.certID = DerObjectIdentifier.GetInstance(seq[0]); - this.certValue = DerTaggedObject.GetInstance(seq[1]).GetObject(); + this.certValue = Asn1TaggedObject.GetInstance(seq[1]).GetObject(); } public CertBag( diff --git a/crypto/test/src/asn1/test/ASN1IntegerTest.cs b/crypto/test/src/asn1/test/ASN1IntegerTest.cs index 6de3f7507..35366ea96 100644 --- a/crypto/test/src/asn1/test/ASN1IntegerTest.cs +++ b/crypto/test/src/asn1/test/ASN1IntegerTest.cs @@ -48,7 +48,7 @@ namespace Org.BouncyCastle.Asn1.Tests new DerInteger(Hex.Decode("ffda47bfc776bcd269da4832626ac332adfca6dd835e8ecd83cd1ebe7d709b0e")); - new DerEnumerated(Hex.Decode("ffda47bfc776bcd269da4832626ac332adfca6dd835e8ecd83cd1ebe7d709b0e")); + new DerEnumerated(Hex.Decode("005a47bfc776bcd269da4832626ac332adfca6dd835e8ecd83cd1ebe7d709b0e")); SetAllowUnsafeProperty(false); @@ -102,6 +102,17 @@ namespace Org.BouncyCastle.Asn1.Tests { IsEquals("malformed enumerated", e.Message); } + + try + { + new DerEnumerated(Hex.Decode("005a47bfc776bcd269da4832626ac332adfca6dd835e8ecd83cd1ebe7d709b0e")); + + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("malformed enumerated", e.Message); + } #endif } @@ -173,7 +184,7 @@ namespace Org.BouncyCastle.Asn1.Tests try { byte[] rawInt = Hex.Decode("FF81FF"); - DerInteger i = new DerInteger(rawInt); + new DerInteger(rawInt); Fail("Expecting illegal argument exception."); } catch (ArgumentException e) @@ -212,7 +223,7 @@ namespace Org.BouncyCastle.Asn1.Tests try { byte[] rawInt = Hex.Decode("FFFFFFFF01FF"); - DerInteger i = new DerInteger(rawInt); + new DerInteger(rawInt); Fail("Expecting illegal argument exception."); } catch (ArgumentException e) @@ -235,7 +246,7 @@ namespace Org.BouncyCastle.Asn1.Tests { SetAllowUnsafeProperty(true); byte[] rawInt = Hex.Decode("0000000010FF"); - DerInteger i = new DerInteger(rawInt); + new DerInteger(rawInt); Fail("Expecting illegal argument exception."); } catch (ArgumentException e) @@ -254,7 +265,7 @@ namespace Org.BouncyCastle.Asn1.Tests { SetAllowUnsafeProperty(true); byte[] rawInt = Hex.Decode("FFFFFFFF10FF"); - DerInteger i = new DerInteger(rawInt); + new DerInteger(rawInt); Fail("Expecting illegal argument exception."); } catch (ArgumentException e) |