Skip Menu |
 

Subject: asn1 decoding of unsigned integers will eventually vause interoperability problems
Download (untitled) / with headers
text/plain 1.5KiB
I was thinking about changing the sequence numbers in the various
structures to
unsigned to comply with the current draft specifications - when I cam
accross the
feature that asn1_decode_unsigned_integer will fail if passed as signed
integer with the high bit set. This may arise from interoperability
with old clients sending signed integers.

I am assuming that the unsigned_integer encoder is correct - they look
right. (I may be wrong about this) - but I have a program that will test
encoding decoding.

I am also feeding the decoder the encoding as a signed integer and
comparing the results.

The following are the encodings of unsigned ints: (The dotest is a macro
- but you see the value
and the der encoding decoding test)

dotest(0, "02 01 00");
dotest(127, "02 01 7F");
dotest(0x7fffffff, "02 04 7F FF FF FF");
dotest(0xFFFF0000, "02 05 00 FF FF 00 00");
dotest(0xFF7f0000, "02 05 00 FF 7F 00 00");
dotest(0xFF800000, "02 05 00 FF 80 00 00");
dotest(0x80000001, "02 05 00 80 00 00 01"); /* Unsigned encoding */

Now - if some of the values are encoded as signed integers - the decoder
fails.

For instance:

do_decode_test("02 04 FF 7F 00 00", 0xFF7f0000);
do_decode_test("02 03 80 00 00", 0xFF800000);

Essentially - the test if the first octet of the encoding is signed.

I believe we should modify the code to allow a signed first bit and
operate in a compatibilty mode
while generating proper unsigned ints.

(As a separate note - I have discovered that heimdal encoding of
unsigned integers violates X.690
by outputing a first byte with all bits set along with the next with the
high bit set).
From: tlyu@mit.edu
Subject: CVS Commit
Download (untitled) / with headers
text/plain 1.1KiB
Sequence numbers are now unsigned. Implement lenient parser for
sequence numbers which folds received negative sequence numbers into
positive unsigned numbers. Constrain the space of initial sequence
numbers to facilitate backwards compatibility.


To generate a diff of this commit:



cvs diff -r1.361 -r1.362 krb5/src/include/ChangeLog
cvs diff -r1.141 -r1.142 krb5/src/include/k5-int.h
cvs diff -r1.158 -r1.159 krb5/src/include/krb5.hin
cvs diff -r5.138 -r5.139 krb5/src/lib/krb5/asn.1/ChangeLog
cvs diff -r5.21 -r5.22 krb5/src/lib/krb5/asn.1/asn1_decode.c
cvs diff -r5.9 -r5.10 krb5/src/lib/krb5/asn.1/asn1_decode.h
cvs diff -r5.45 -r5.46 krb5/src/lib/krb5/asn.1/asn1_k_decode.c
cvs diff -r5.14 -r5.15 krb5/src/lib/krb5/asn.1/asn1_k_decode.h
cvs diff -r5.41 -r5.42 krb5/src/lib/krb5/asn.1/krb5_decode.c
cvs diff -r5.27 -r5.28 krb5/src/lib/krb5/asn.1/krb5_encode.c
cvs diff -r5.396 -r5.397 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.8 -r5.9 krb5/src/lib/krb5/krb/auth_con.h
cvs diff -r5.22 -r5.23 krb5/src/lib/krb5/krb/gen_seqnum.c
cvs diff -r1.73 -r1.74 krb5/src/tests/asn.1/ChangeLog
cvs diff -r1.28 -r1.29 krb5/src/tests/asn.1/krb5_decode_test.c
cvs diff -r1.10 -r1.11 krb5/src/tests/asn.1/utility.c
From: epeisach@mit.edu
Subject: CVS Commit
* asn1_k_encode.c (asn1_encode_krb_safe_body): Use
asn1_encode_unsigned_integer for sequence number.

* asn1_k_decode.c (asn1_decode_krb_safe_body): Use
asn1_decode_seqnum to decode sequence number.


To generate a diff of this commit:



cvs diff -r5.139 -r5.140 krb5/src/lib/krb5/asn.1/ChangeLog
cvs diff -r5.46 -r5.47 krb5/src/lib/krb5/asn.1/asn1_k_decode.c
cvs diff -r5.30 -r5.31 krb5/src/lib/krb5/asn.1/asn1_k_encode.c
From: tlyu@mit.edu
Subject: CVS Commit
* gen_seqnum.c (krb5_generate_seq_number): Fix think-o on sequence
number mask.


To generate a diff of this commit:



cvs diff -r5.402 -r5.403 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.23 -r5.24 krb5/src/lib/krb5/krb/gen_seqnum.c
From: epeisach@mit.edu
Subject: CVS Commit
* krb5.hin: Sequence number of krb5_replay_data should be unsigned.


To generate a diff of this commit:



cvs diff -r1.367 -r1.368 krb5/src/include/ChangeLog
cvs diff -r1.161 -r1.162 krb5/src/include/krb5.hin
From: tlyu@mit.edu
Subject: CVS Commit
Download (untitled) / with headers
text/plain 1.1KiB
pullup from trunk


To generate a diff of this commit:



cvs diff -r1.348.2.12 -r1.348.2.13 krb5/src/include/ChangeLog
cvs diff -r1.135.2.6 -r1.135.2.7 krb5/src/include/k5-int.h
cvs diff -r1.154.2.5 -r1.154.2.6 krb5/src/include/krb5.hin
cvs diff -r5.135.2.4 -r5.135.2.5 krb5/src/lib/krb5/asn.1/ChangeLog
cvs diff -r5.21 -r5.21.2.1 krb5/src/lib/krb5/asn.1/asn1_decode.c
cvs diff -r5.9 -r5.9.2.1 krb5/src/lib/krb5/asn.1/asn1_decode.h
cvs diff -r5.43.2.3 -r5.43.2.4
krb5/src/lib/krb5/asn.1/asn1_k_decode.c
cvs diff -r5.14 -r5.14.2.1 krb5/src/lib/krb5/asn.1/asn1_k_decode.h
cvs diff -r5.29.2.1 -r5.29.2.2
krb5/src/lib/krb5/asn.1/asn1_k_encode.c
cvs diff -r5.40.2.1 -r5.40.2.2
krb5/src/lib/krb5/asn.1/krb5_decode.c
cvs diff -r5.25.2.2 -r5.25.2.3
krb5/src/lib/krb5/asn.1/krb5_encode.c
cvs diff -r5.378.2.11 -r5.378.2.12 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.7.2.1 -r5.7.2.2 krb5/src/lib/krb5/krb/auth_con.h
cvs diff -r5.22 -r5.22.2.1 krb5/src/lib/krb5/krb/gen_seqnum.c
cvs diff -r1.71.2.2 -r1.71.2.3 krb5/src/tests/asn.1/ChangeLog
cvs diff -r1.27.2.1 -r1.27.2.2
krb5/src/tests/asn.1/krb5_decode_test.c
cvs diff -r1.9.2.1 -r1.9.2.2 krb5/src/tests/asn.1/utility.c