heimdal

Author	SHA1	Message	Date
Nicolas Williams	8bc4bae52d	asn1: Free template memory leak New AFL session in progress.	2021-03-09 11:21:54 -06:00
Nicolas Williams	2a826fb331	asn1: Results from latest AFL session	2021-03-09 11:21:47 -06:00
Nicolas Williams	a62dd9887f	hx509: Fix bug found by clang (wrong enum) We need to revisit a lot of code in lib/hx509/, lib/krb5/, and kdc/ now that the ASN.1 compiler properly handles IMPLICIT tagging. And we should take advantage of automatic open type handling.	2021-03-08 17:53:50 -06:00
Nicolas Williams	77126b4058	asn1: Update README-X681.md	2021-03-08 16:16:00 -06:00
Nicolas Williams	fbb1a4e3ec	bx509d: Allow requesting longer cert lifetimes Add a `lifetime=NUMunit` query parameter. Also add a krb5.conf parameter to indicate whether this is allowed. We already have a max lifetime configuration parameter.	2021-03-07 22:20:06 -06:00
Nicolas Williams	00e0475ce2	asn1: Use name not gen_name for JSON enum printing	2021-03-07 16:32:41 -06:00
Nicolas Williams	5d7d1897de	asn1: Pretty-print enum values	2021-03-07 13:36:37 -06:00
Nicolas Williams	be61d72be3	asn1: Some TPM fields have to be EXPLICIT The TCG EK cert profile says that the context tags in the TPMSecurityAssertions type are IMPLICIT. The sample EK cert we have has them as EXPLICIT. What to do?	2021-03-07 00:31:47 -06:00
Nicolas Williams	f7a018f002	asn1: Minor compiler performance improvment	2021-03-06 15:20:42 -06:00
Nicolas Williams	3f206d56fb	asn1: Add missing cases for ENUMERATED	2021-03-06 15:13:53 -06:00
Nicolas Williams	4010ffa96e	asn1: Fix Windows build harder	2021-03-06 14:57:00 -06:00
Nicolas Williams	bc51427ec9	asn1: Update JSON in check-gen.c (fix test)	2021-03-06 14:47:49 -06:00
Nicolas Williams	a450ef1884	asn1: Note lame JSON printing of ENUMERATEDs	2021-03-06 14:47:24 -06:00
Nicolas Williams	7559f36415	asn1: Add -q option to asn1_print	2021-03-06 14:46:52 -06:00
Nicolas Williams	ff571d52a0	asn1: Fix JSON printing bug	2021-03-06 14:46:21 -06:00
Nicolas Williams	d263299016	asn1: Fix OID symbolic resolution bug	2021-03-06 14:46:08 -06:00
Nicolas Williams	834b935cc3	asn1: Add miminized corpus for AFL	2021-03-06 12:47:25 -06:00
Nicolas Williams	979dd59ac9	asn1: Fix Windows build (missing symbols)	2021-03-06 01:02:13 -06:00
Nicolas Williams	94a7483243	asn1: Fix dumb bug in JSON printing	2021-03-06 01:01:51 -06:00
Nicolas Williams	88a4c6f444	asn1: Fix leak in asn1_print	2021-03-05 15:53:20 -06:00
Nicolas Williams	4c261911fa	asn1: Fix alignment issue in templating open types And a stray ^a increment of a 0 into a 1. Found with AFL.	2021-03-05 15:52:30 -06:00
Nicolas Williams	2035efe765	asn1: Fix braino in asn1_print	2021-03-05 14:06:17 -06:00
Nicolas Williams	7bc02e5d5f	asn1: Make note about fuzzing in README	2021-03-05 13:24:21 -06:00
Nicolas Williams	6ecab8ce51	asn1: Make asn1_print a fuzzing tool	2021-03-05 13:19:38 -06:00
Nicolas Williams	4502e989f2	asn1: Fix template decode bug found with AFL The value we initialize a CHOICE's `element` enum field to, prior to decoding the CHOICE value, needs be one that does not cause `asn1_free()` to do anything since we've not done anything yet either.	2021-03-05 13:00:03 -06:00
Nicolas Williams	f548e5d9c6	asn1: Complete `c6fab6c87` (AFL)	2021-03-04 16:15:20 -06:00
Nicolas Williams	114cbc9723	asn1: Document fuzzing in README-template.md	2021-03-04 00:15:54 -06:00
Nicolas Williams	c6fab6c871	asn1: Fix open decode bug found by AFL Should always run AFL before pushing changes to the ASN.1 compiler or template interpreter! Still fuzzing. There are crashers in the _asn1_print() path, though right now they cannot affect anything else in Heimdal other than asn1_print, since that's the only thing calling it yet.	2021-03-03 23:29:25 -06:00
Nicolas Williams	1d2bfd6179	asn1: Fix warnings in asn1_print	2021-03-03 23:28:49 -06:00
Nicolas Williams	4eff66a2cd	asn1: Trade template crash for leak (AFL) Yesterday's fix for an unlikely leak in the template interpreter introduced a crash found by American Fuzzy Lop (AFL).	2021-03-03 10:19:31 -06:00
Nicolas Williams	a0f542486e	asn1: Fix open type decode crash (AFL) Found with American Fuzzy Lop (AFL).	2021-03-03 10:19:31 -06:00
Nicolas Williams	fb5ae095e9	asn1: Fix warnings	2021-03-03 10:15:18 -06:00
Nicolas Williams	a68ccb6693	asn1: Add --raw-sequence option to asn1_print	2021-03-02 21:39:00 -06:00
Nicolas Williams	f5d9ced33c	asn1: Fix broken printing	2021-03-02 21:12:02 -06:00
Nicolas Williams	32974ac421	asn1: Fix leak in asn1_print	2021-03-02 20:56:16 -06:00
Nicolas Williams	f780bdc244	asn1: Fix leaks in template printing	2021-03-02 20:55:55 -06:00
Nicolas Williams	8def829f30	asn1: Fix leaks in template decoding	2021-03-02 20:55:41 -06:00
Nicolas Williams	52b48de856	asn1: Further enhancements to asn1_print	2021-03-02 13:58:56 -06:00
Nicolas Williams	779848bf42	asn1: Fix JSON print bug for IMPORTed types	2021-03-02 13:37:40 -06:00
Nicolas Williams	f58b145109	asn1: Make CSRs nicely printable (fixup)	2021-03-01 17:34:38 -06:00
Nicolas Williams	e8fa948740	asn1: Minor JSON fix	2021-03-01 17:34:04 -06:00
Nicolas Williams	e491521782	asn1: Fix Windows build	2021-03-01 16:29:23 -06:00
Nicolas Williams	7ada3d5d48	asn1: Make CSRs nicely printable For now we just add new types that can auto-decode through open types in CSRs, but we leave the originals as they were to avoid having to update lib/hx509/req.c for now.	2021-03-01 15:27:45 -06:00
Nicolas Williams	a712d4157a	asn1: Remove incorrect comment	2021-03-01 15:27:20 -06:00
Nicolas Williams	2f925d8b09	asn1: Don't crash compiler on unknown actual param	2021-03-01 15:26:41 -06:00
Nicolas Williams	bb3499aa53	hxtool: Add print --raw-json option Add a `--raw-json` to `hxtool print` that uses the new ASN.1 value printer functionality from libasn1.	2021-02-28 18:15:57 -06:00
Nicolas Williams	7f941b220b	asn1: Basic validation of objects / object sets - Validate that required value fields have values specified in objects - Validate that unique value fields have unique values within any object set	2021-02-28 18:15:57 -06:00
Nicolas Williams	d128597cf7	asn1: Add News section to README.md	2021-02-28 18:15:56 -06:00
Nicolas Williams	ece3c688e0	asn1: Enrich asn1_print with schema Our asn1_print, like OpenSSL's, just knows how to parse and dump DER. Ours can attempt to decode OCTET STRING and IMPLICIT-tagged constructed values as DER, which is very useful. But _now_ it's even better. Now it knows about all types exported from all ASN.1 modules in `lib/asn1/` in Heimdal, and if told to print as some type, it will use the new printing interface to print JSON-like representations of values: ``` $ ./asn1_print /tmp/t490/ek2.crt Certificate \| jq '.tbsCertificate.extensions[3]._extnValue[]._values' [ { "_type": "TPMSpecification", "family": "2.0", "level": "0", "revision": "138" } ] [ { "_type": "TPMSecurityAssertions", "version": "0", "fieldUpgradable": true, "ekGenerationType": "655617", "ekGenerationLocation": "655616", "ekCertificateGenerationLocation": "655616", "ccInfo": { "_type": "CommonCriteriaMeasures", "version": "3.1", "assurancelevel": "4", "evaluationStatus": "2", "plus": true, "strengthOfFunction": null, "profileOid": null, "profileUri": null, "targetOid": null, "targetUri": null }, "fipsLevel": { "_type": "FIPSLevel", "version": "140-2", "level": "2", "plus": false }, "iso9000Certified": false, "iso9000Uri": null } ] ```	2021-02-28 18:15:25 -06:00
Nicolas Williams	fb2c81f3e8	asn1: Add printing of ASN.1 values JSON-like printing of ASN.1 parsed values. Status: - Not X.697 (JER) compliant, not even close. - String escaping isn't JSON-compliant. - It's not printing the names of CHOICE types. - It's not printing the names of open type choices (i.e., IOS object names) And yet it's quite useful already. It prints all the weird things in EK certs for example. Here's what it outputs for the EK cert we use in check-gen.c: { "_type": "Certificate", "tbsCertificate": { "_type": "TBSCertificate", "_save": "30820376A00302010202146A0597BA71D7E6D3AC0EDC9EDC95A15B998DE40A300D06092A864886F70D01010B05003055310B3009060355040613024348311E301C060355040A131553544D6963726F656C656374726F6E696373204E56312630240603550403131D53544D2054504D20454B20496E7465726D656469617465204341203035301E170D3138313231343030303030305A170D3238313231343030303030305A300030820122300D06092A864886F70D01010105000382010F003082010A0282010100CC14EB27A78CEB0EA486FA2DF7835F5FA8E905B097012B5BDE50380C355B1A2A721BBC3D08DD21796CDB239FA95310651B1B56FD2CFE53C87352EBD996E33256160404CE9302A08066801E786A2F86E181F949966F492A85B58EAA4A6A8CB3697551BB236E87CC7BF8EC1347871C91E15437E8F266BF1EA5EB271FDCF374D8B47DF8BCE89E1FAD61C2A088CB4036B359CB72A294973FEDCCF0C340AFFD14B64F041165581ACA34147C1C75617047058F7ED7D603E032508094FA73E8B9153DA3BF255D2CBBC5DF301BA8F74D198BEBCE86040FC1D2927C7657414490D802F482F3EBF2DE35EE149A1A6DE8D16891FBFBA02A18AFE59F9D6F149744E5F0D559B10203010001A38201A9308201A5301F0603551D230418301680141ADB994AB58BE57A0CC9B900E7851E1A43C0866030420603551D20043B303930370604551D2000302F302D06082B060105050702011621687474703A2F2F7777772E73742E636F6D2F54504D2F7265706F7369746F72792F30590603551D110101FF044F304DA44B304931163014060567810502010C0B69643A353335343444323031173015060567810502020C0C53543333485450484148433031163014060567810502030C0B69643A303034393030303830670603551D090460305E301706056781050210310E300C0C03322E300201000202008A304306056781050212313A30380201000101FFA0030A0101A1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F300D16053134302D320A0102010100300E0603551D0F0101FF040403020520300C0603551D130101FF0402300030100603551D250409300706056781050801304A06082B06010505070101043E303C303A06082B06010505073002862E687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274", "version": "2", "serialNumber": "6A0597BA71D7E6D3AC0EDC9EDC95A15B998DE40A", "signature": { "_type": "AlgorithmIdentifier", "algorithm": "1.2.840.113549.1.1.11", "parameters": "0500" }, "issuer": { "_choice": "rdnSequence", "value": [ [ { "_type": "AttributeTypeAndValue", "type": "2.5.4.6", "value": { "_choice": "printableString", "value": "CH" } } ], [ { "_type": "AttributeTypeAndValue", "type": "2.5.4.10", "value": { "_choice": "printableString", "value": "STMicroelectronics NV" } } ], [ { "_type": "AttributeTypeAndValue", "type": "2.5.4.3", "value": { "_choice": "printableString", "value": "STM TPM EK Intermediate CA 05" } } ] ] }, "validity": { "_type": "Validity", "notBefore": { "_choice": "utcTime", "value": "2018-12-14T00:00:00Z" }, "notAfter": { "_choice": "utcTime", "value": "2028-12-14T00:00:00Z" } }, "subject": { "_choice": "rdnSequence", "value": [] }, "subjectPublicKeyInfo": { "_type": "SubjectPublicKeyInfo", "algorithm": { "_type": "AlgorithmIdentifier", "algorithm": "1.2.840.113549.1.1.1", "parameters": "0500" }, "subjectPublicKey": "2160:3082010A0282010100CC14EB27A78CEB0EA486FA2DF7835F5FA8E905B097012B5BDE50380C355B1A2A721BBC3D08DD21796CDB239FA95310651B1B56FD2CFE53C87352EBD996E33256160404CE9302A08066801E786A2F86E181F949966F492A85B58EAA4A6A8CB3697551BB236E87CC7BF8EC1347871C91E15437E8F266BF1EA5EB271FDCF374D8B47DF8BCE89E1FAD61C2A088CB4036B359CB72A294973FEDCCF0C340AFFD14B64F041165581ACA34147C1C75617047058F7ED7D603E032508094FA73E8B9153DA3BF255D2CBBC5DF301BA8F74D198BEBCE86040FC1D2927C7657414490D802F482F3EBF2DE35EE149A1A6DE8D16891FBFBA02A18AFE59F9D6F149744E5F0D559B10203010001" }, "issuerUniqueID": null, "subjectUniqueID": null, "extensions": [ { "_type": "Extension", "extnID": "2.5.29.35", "critical": false, "extnValue": "301680141ADB994AB58BE57A0CC9B900E7851E1A43C08660", "_extnValue": { "_type": "AuthorityKeyIdentifier", "keyIdentifier": "1ADB994AB58BE57A0CC9B900E7851E1A43C08660", "authorityCertIssuer": null, "authorityCertSerialNumber": null } }, { "_type": "Extension", "extnID": "2.5.29.32", "critical": false, "extnValue": "303930370604551D2000302F302D06082B060105050702011621687474703A2F2F7777772E73742E636F6D2F54504D2F7265706F7369746F72792F", "_extnValue": [ { "_type": "PolicyInformation", "policyIdentifier": "2.5.29.32.0", "policyQualifiers": [ { "_type": "PolicyQualifierInfo", "policyQualifierId": "1.3.6.1.5.5.7.2.1", "qualifier": "1621687474703A2F2F7777772E73742E636F6D2F54504D2F7265706F7369746F72792F" } ] } ] }, { "_type": "Extension", "extnID": "2.5.29.17", "critical": true, "extnValue": "304DA44B304931163014060567810502010C0B69643A353335343444323031173015060567810502020C0C53543333485450484148433031163014060567810502030C0B69643A3030343930303038", "_extnValue": [ { "_choice": "directoryName", "value": { "_choice": "rdnSequence", "value": [ [ { "_type": "AttributeTypeAndValue", "type": "2.23.133.2.1", "value": { "_choice": "utf8String", "value": "id:53544D20" } } ], [ { "_type": "AttributeTypeAndValue", "type": "2.23.133.2.2", "value": { "_choice": "utf8String", "value": "ST33HTPHAHC0" } } ], [ { "_type": "AttributeTypeAndValue", "type": "2.23.133.2.3", "value": { "_choice": "utf8String", "value": "id:00490008" } } ] ] } } ] }, { "_type": "Extension", "extnID": "2.5.29.9", "critical": false, "extnValue": "305E301706056781050210310E300C0C03322E300201000202008A304306056781050212313A30380201000101FFA0030A0101A1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F300D16053134302D320A0102010100", "_extnValue": [ { "_type": "AttributeSet", "type": "2.23.133.2.16", "values": [ "300C0C03322E300201000202008A" ], "_values": [ { "_type": "TPMSpecification", "family": "2.0", "level": "0", "revision": "138" } ] }, { "_type": "AttributeSet", "type": "2.23.133.2.18", "values": [ "30380201000101FFA0030A0101A1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F300D16053134302D320A0102010100" ], "_values": [ { "_type": "TPMSecurityAssertions", "version": "0", "fieldUpgradable": true, "ekGenerationType": "655617", "ekGenerationLocation": "655616", "ekCertificateGenerationLocation": "655616", "ccInfo": { "_type": "CommonCriteriaMeasures", "version": "3.1", "assurancelevel": "4", "evaluationStatus": "2", "plus": true, "strengthOfFunction": null, "profileOid": null, "profileUri": null, "targetOid": null, "targetUri": null }, "fipsLevel": { "_type": "FIPSLevel", "version": "140-2", "level": "2", "plus": false }, "iso9000Certified": false, "iso9000Uri": null } ] } ] }, { "_type": "Extension", "extnID": "2.5.29.15", "critical": true, "extnValue": "03020520", "_extnValue": [ "keyEncipherment" ] }, { "_type": "Extension", "extnID": "2.5.29.19", "critical": true, "extnValue": "3000", "_extnValue": { "_type": "BasicConstraints", "cA": false, "pathLenConstraint": null } }, { "_type": "Extension", "extnID": "2.5.29.37", "critical": false, "extnValue": "300706056781050801", "_extnValue": [ "2.23.133.8.1" ] }, { "_type": "Extension", "extnID": "1.3.6.1.5.5.7.1.1", "critical": false, "extnValue": "303C303A06082B06010505073002862E687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274", "_extnValue": [ { "_type": "AccessDescription", "accessMethod": "1.3.6.1.5.5.7.48.2", "accessLocation": { "_choice": "uniformResourceIdentifier", "value": "http://secure.globalsign.com/stmtpmekint05.crt" } } ] } ] }, "signatureAlgorithm": { "_type": "AlgorithmIdentifier", "algorithm": "1.2.840.113549.1.1.11", "parameters": "0500" }, "signatureValue": "2048:3D4C381E5B4F1BCBE09C63D52F1F04570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF8869013041E92CDD3280BA4B51FBBD40582ED750219E261A695095674855AACEB520ADAFF9E7E908480A39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC252A4C18A4F3B7C84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971D20EB3DBD763F1E04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C63BE0E516D00D5C6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC474B38F7EE56CBE7D8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F755BBC2806FD2B4E04BDF5D44259DBEAA42B6F563DF7AA7506" }	2021-02-28 18:13:08 -06:00

... 3 4 5 6 7 ...

29623 Commits