From 8f4b467f478ccd0bd57128a7ff70cda439477354 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Mon, 22 Aug 2022 09:17:23 -0700 Subject: [PATCH] Fixing line lengths and SMALL_STACK code path --- src/x509.c | 16 ++++++++++------ tests/api.c | 3 ++- wolfcrypt/src/asn.c | 42 ++++++++++++++++++++++++++++++++---------- wolfssl/ssl.h | 15 ++++++++++----- 4 files changed, 54 insertions(+), 22 deletions(-) diff --git a/src/x509.c b/src/x509.c index dbf77a4f3..fd7bed0c2 100644 --- a/src/x509.c +++ b/src/x509.c @@ -5812,8 +5812,8 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) * wolfSSL_X509_print() * return WOLFSSL_SUCCESS on success */ -static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig, int sigSz, int sigNid, - int algOnly, int indent) +static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig, + int sigSz, int sigNid, int algOnly, int indent) { char scratch[MAX_WIDTH]; int scratchLen; @@ -6160,7 +6160,8 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) } /* print version of cert */ - if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8) != WOLFSSL_SUCCESS) { + if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -6238,7 +6239,8 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, } /* print version of cert */ - if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8) != WOLFSSL_SUCCESS) { + if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -7737,7 +7739,8 @@ static int X509CRLPrintRevoked(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, for (i = 0; i < crl->crlList->totalCerts; i++) { if (revoked->serialSz > 0) { - if (X509RevokedPrintSerial(bio, revoked, indent + 4) != WOLFSSL_SUCCESS) { + if (X509RevokedPrintSerial(bio, revoked, indent + 4) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } } @@ -7884,7 +7887,8 @@ int wolfSSL_X509_CRL_print(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl) } /* print version */ - if (X509PrintVersion(bio, wolfSSL_X509_CRL_version(crl), 8) != WOLFSSL_SUCCESS) { + if (X509PrintVersion(bio, wolfSSL_X509_CRL_version(crl), 8) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } diff --git a/tests/api.c b/tests/api.c index 401335e6b..aa01a2c17 100644 --- a/tests/api.c +++ b/tests/api.c @@ -52574,7 +52574,8 @@ static int test_wolfSSL_X509_CRL_print(void) fp = XFOPEN("./certs/crl/crl.pem", "rb"); AssertTrue((fp != XBADFILE)); - AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); + AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); XFCLOSE(fp); AssertNotNull(bio = BIO_new(BIO_s_mem())); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c36033025..9110a4439 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -33325,7 +33325,8 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, } else if (oid == CRL_NUMBER_OID) { localIdx = idx; - if (GetASNTag(buf, &localIdx, &tag, sz) == 0 && tag == ASN_INTEGER) { + if (GetASNTag(buf, &localIdx, &tag, sz) == 0 && + tag == ASN_INTEGER) { ret = GetASNInt(buf, &idx, &length, sz); if (ret < 0) { WOLFSSL_MSG("\tcouldn't parse CRL number extension"); @@ -33333,25 +33334,46 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, } else { if (length > 1) { - mp_int m; + #ifdef WOLFSSL_SMALL_STACK + mp_int* m; + #else + mp_int m[1]; + #endif int i; - mp_init(&m); - ret = mp_read_unsigned_bin(&m, buf + idx, length); + #ifdef WOLFSSL_SMALL_STACK + m = (mp_int*)XMALLOC(sizeof(*m), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (m == NULL) { + return MEMORY_E; + } + #endif + if (mp_init(m) != MP_OKAY) { + return MP_INIT_E; + } + + ret = mp_read_unsigned_bin(m, buf + idx, length); if (ret != MP_OKAY) { - mp_free(&m); + mp_free(m); + #ifdef WOLFSSL_SMALL_STACK + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif return BUFFER_E; } dcrl->crlNumber = 0; - for (i = 0; i < m.used; ++i) { + for (i = 0; i < (*m).used; ++i) { if (i > (int)sizeof(word32)) { break; } - dcrl->crlNumber |= ((word32)m.dp[i]) << + dcrl->crlNumber |= ((word32)(*m).dp[i]) << (DIGIT_BIT * i); } - mp_free(&m); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + mp_free(m); } else { dcrl->crlNumber = buf[idx]; @@ -33659,8 +33681,8 @@ end: if (ret == 0) { #endif /* Parse and store the issuer name. */ - dcrl->issuer = (byte*)GetNameFromDer((byte*)GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_ISSUER], - buff), ASN_NAME_MAX); + dcrl->issuer = (byte*)GetNameFromDer((byte*)GetASNItem_Addr( + dataASN[CRLASN_IDX_TBS_ISSUER], buff), ASN_NAME_MAX); /* Calculate the Hash id from the issuer name. */ ret = CalcHashId(GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_ISSUER], buff), GetASNItem_Length(dataASN[CRLASN_IDX_TBS_ISSUER], buff), diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 24f1067aa..0228abb40 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2790,11 +2790,16 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_C #if defined(HAVE_CRL) && defined(OPENSSL_EXTRA) WOLFSSL_API int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL *crl); WOLFSSL_API int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl); -WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid(const WOLFSSL_X509_CRL* crl); -WOLFSSL_API int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl, unsigned char* buf, int* bufSz); -WOLFSSL_API int wolfSSL_X509_CRL_print(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl); -WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name(WOLFSSL_X509_CRL *crl); -WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev, byte* in, int* inOutSz); +WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid( + const WOLFSSL_X509_CRL* crl); +WOLFSSL_API int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl, + unsigned char* buf, int* bufSz); +WOLFSSL_API int wolfSSL_X509_CRL_print(WOLFSSL_BIO* bio, + WOLFSSL_X509_CRL* crl); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name( + WOLFSSL_X509_CRL *crl); +WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev, + byte* in, int* inOutSz); WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #endif