Env. prop.: Org.BouncyCastle.Asn1.AllowUnsafeInteger

peterdettman · peterdettman · commit a3ffd09890cd · 2018-10-18T18:15:32.000+07:00
- set to "true" to weaken ASN.1 INTEGER checks - see #156
diff --git a/crypto/NBuild.build b/crypto/NBuild.build
@@ -43,21 +43,21 @@
     <property name="switch" value="-" />
   </target>
   <target name="set-mono-2.0-framework-props">
-    <property name="compile-defines" value="NET_1_1" />
+    <property name="compile-defines" value="NET_2_0" />
     <property name="debug-extension" value="dll.mdb" />
     <property name="enable-nostdlib" value="false" />
     <property name="nunit-console" value="nunit-console" />
     <property name="switch" value="-" />
   </target>
   <target name="set-mono-3.5-framework-props">
-    <property name="compile-defines" value="NET_1_1" />
+    <property name="compile-defines" value="NET_2_0" />
     <property name="debug-extension" value="dll.mdb" />
     <property name="enable-nostdlib" value="false" />
     <property name="nunit-console" value="nunit-console" />
     <property name="switch" value="-" />
   </target>
   <target name="set-mono-4.0-framework-props">
-    <property name="compile-defines" value="NET_1_1" />
+    <property name="compile-defines" value="NET_2_0" />
     <property name="debug-extension" value="dll.mdb" />
     <property name="enable-nostdlib" value="false" />
     <property name="nunit-console" value="nunit-console" />
@@ -71,21 +71,21 @@
     <property name="switch" value="/" />
   </target>
   <target name="set-net-2.0-framework-props">
-    <property name="compile-defines" value="NET_1_1" />
+    <property name="compile-defines" value="NET_2_0" />
     <property name="debug-extension" value="pdb" />
     <property name="enable-nostdlib" value="true" />
     <property name="nunit-console" value="nunit-console.exe" />
     <property name="switch" value="/" />
   </target>
   <target name="set-net-3.5-framework-props">
-    <property name="compile-defines" value="NET_1_1" />
+    <property name="compile-defines" value="NET_2_0" />
     <property name="debug-extension" value="pdb" />
     <property name="enable-nostdlib" value="true" />
     <property name="nunit-console" value="nunit-console.exe" />
     <property name="switch" value="/" />
   </target>
   <target name="set-net-4.0-framework-props">
-    <property name="compile-defines" value="NET_1_1" />
+    <property name="compile-defines" value="NET_2_0" />
     <property name="debug-extension" value="pdb" />
     <property name="enable-nostdlib" value="true" />
     <property name="nunit-console" value="nunit-console.exe" />
diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj
@@ -11194,6 +11194,11 @@
                     SubType = "Code"
                     BuildAction = "Compile"
                 />
+                <File
+                    RelPath = "test\src\asn1\test\ASN1IntegerTest.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
                 <File
                     RelPath = "test\src\asn1\test\ASN1SequenceParserTest.cs"
                     SubType = "Code"
diff --git a/crypto/src/asn1/DerEnumerated.cs b/crypto/src/asn1/DerEnumerated.cs
@@ -62,19 +62,18 @@ public DerEnumerated(
         }
 
         public DerEnumerated(
-            byte[]   bytes)
+            byte[] bytes)
         {
             if (bytes.Length > 1)
             {
-                if (bytes[0] == 0 && (bytes[1] & 0x80) == 0)
+                if ((bytes[0] == 0 && (bytes[1] & 0x80) == 0)
+                    || (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0))
                 {
-                    throw new ArgumentException("malformed enumerated");
-                }
-                if (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0)
-                {
-                    throw new ArgumentException("malformed enumerated");
+                    if (!DerInteger.AllowUnsafe())
+                        throw new ArgumentException("malformed enumerated");
                 }
             }
+
             this.bytes = Arrays.Clone(bytes);
         }
 
diff --git a/crypto/src/asn1/DerInteger.cs b/crypto/src/asn1/DerInteger.cs
@@ -8,6 +8,14 @@ namespace Org.BouncyCastle.Asn1
     public class DerInteger
         : Asn1Object
     {
+        public const string AllowUnsafeProperty = "Org.BouncyCastle.Asn1.AllowUnsafeInteger";
+
+        internal static bool AllowUnsafe()
+        {
+            string allowUnsafeValue = Platform.GetEnvironmentVariable(AllowUnsafeProperty);
+            return allowUnsafeValue != null && Platform.EqualsIgnoreCase("true", allowUnsafeValue);
+        }
+
         private readonly byte[] bytes;
 
         /**
@@ -72,13 +80,11 @@ public DerInteger(
         {
             if (bytes.Length > 1)
             {
-                if (bytes[0] == 0 && (bytes[1] & 0x80) == 0)
-                {
-                    throw new ArgumentException("malformed integer");
-                }
-                if (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0)
+                if ((bytes[0] == 0 && (bytes[1] & 0x80) == 0)
+                    || (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0))
                 {
-                    throw new ArgumentException("malformed integer");
+                    if (!AllowUnsafe())
+                        throw new ArgumentException("malformed integer");
                 }
             }
             this.bytes = Arrays.Clone(bytes);
diff --git a/crypto/src/util/Platform.cs b/crypto/src/util/Platform.cs
@@ -41,7 +41,7 @@ internal static bool EqualsIgnoreCase(string a, string b)
 #endif
         }
 
-#if NETCF_1_0 || NETCF_2_0 || SILVERLIGHT || PORTABLE
+#if NETCF_1_0 || NETCF_2_0 || SILVERLIGHT || (PORTABLE && !DOTNET)
         internal static string GetEnvironmentVariable(
             string variable)
         {
diff --git a/crypto/test/UnitTests.csproj b/crypto/test/UnitTests.csproj
@@ -51,6 +51,7 @@
     </ProjectReference>
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="src\asn1\test\ASN1IntegerTest.cs" />
     <Compile Include="src\asn1\test\ASN1SequenceParserTest.cs" />
     <Compile Include="src\asn1\test\ASN1UnitTest.cs" />
     <Compile Include="src\asn1\test\AdditionalInformationSyntaxUnitTest.cs" />
diff --git a/crypto/test/src/asn1/test/ASN1IntegerTest.cs b/crypto/test/src/asn1/test/ASN1IntegerTest.cs
diff --git a/crypto/test/src/asn1/test/RegressionTest.cs b/crypto/test/src/asn1/test/RegressionTest.cs

Original file line number	Diff line number	Diff line change
`@@ -62,19 +62,18 @@ public DerEnumerated(`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`public DerEnumerated(`
`65`		`- byte[] bytes)`
	`65`	`+ byte[] bytes)`
`66`	`66`	`{`
`67`	`67`	`if (bytes.Length > 1)`
`68`	`68`	`{`
`69`		`- if (bytes[0] == 0 && (bytes[1] & 0x80) == 0)`
	`69`	`+ if ((bytes[0] == 0 && (bytes[1] & 0x80) == 0)`
	`70`	`+ \|\| (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0))`
`70`	`71`	`{`
`71`		`- throw new ArgumentException("malformed enumerated");`
`72`		`- }`
`73`		`- if (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0)`
`74`		`- {`
`75`		`- throw new ArgumentException("malformed enumerated");`
	`72`	`+ if (!DerInteger.AllowUnsafe())`
	`73`	`+ throw new ArgumentException("malformed enumerated");`
`76`	`74`	`}`
`77`	`75`	`}`
	`76`	`+`
`78`	`77`	`this.bytes = Arrays.Clone(bytes);`
`79`	`78`	`}`
`80`	`79`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,14 @@ namespace Org.BouncyCastle.Asn1`
`8`	`8`	`public class DerInteger`
`9`	`9`	`: Asn1Object`
`10`	`10`	`{`
	`11`	`+ public const string AllowUnsafeProperty = "Org.BouncyCastle.Asn1.AllowUnsafeInteger";`
	`12`	`+`
	`13`	`+ internal static bool AllowUnsafe()`
	`14`	`+ {`
	`15`	`+ string allowUnsafeValue = Platform.GetEnvironmentVariable(AllowUnsafeProperty);`
	`16`	`+ return allowUnsafeValue != null && Platform.EqualsIgnoreCase("true", allowUnsafeValue);`
	`17`	`+ }`
	`18`	`+`
`11`	`19`	`private readonly byte[] bytes;`
`12`	`20`
`13`	`21`	`/**`
`@@ -72,13 +80,11 @@ public DerInteger(`
`72`	`80`	`{`
`73`	`81`	`if (bytes.Length > 1)`
`74`	`82`	`{`
`75`		`- if (bytes[0] == 0 && (bytes[1] & 0x80) == 0)`
`76`		`- {`
`77`		`- throw new ArgumentException("malformed integer");`
`78`		`- }`
`79`		`- if (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0)`
	`83`	`+ if ((bytes[0] == 0 && (bytes[1] & 0x80) == 0)`
	`84`	`+ \|\| (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0))`
`80`	`85`	`{`
`81`		`- throw new ArgumentException("malformed integer");`
	`86`	`+ if (!AllowUnsafe())`
	`87`	`+ throw new ArgumentException("malformed integer");`
`82`	`88`	`}`
`83`	`89`	`}`
`84`	`90`	`this.bytes = Arrays.Clone(bytes);`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ internal static bool EqualsIgnoreCase(string a, string b)`
`41`	`41`	`#endif`
`42`	`42`	`}`
`43`	`43`
`44`		`-#if NETCF_1_0 \|\| NETCF_2_0 \|\| SILVERLIGHT \|\| PORTABLE`
	`44`	`+#if NETCF_1_0 \|\| NETCF_2_0 \|\| SILVERLIGHT \|\| (PORTABLE && !DOTNET)`
`45`	`45`	`internal static string GetEnvironmentVariable(`
`46`	`46`	`string variable)`
`47`	`47`	`{`