From 57e9b3c99406cabea8622be7c23d559441905e03 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 5 Mar 2018 16:11:12 -0800 Subject: [PATCH 1/2] Cleanup of the ASN X509 header and XSTRNCPY logic. --- wolfcrypt/src/asn.c | 65 ++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 33 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e98816582..e0928874f 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7264,40 +7264,42 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, } +/* Max X509 header length indicates the max length + 2 ('\n', '\0') */ +#define MAX_X509_HEADER_SZ (37 + 2) -const char* const BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; -const char* const END_CERT = "-----END CERTIFICATE-----"; +const char* const BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; +const char* const END_CERT = "-----END CERTIFICATE-----"; #ifdef WOLFSSL_CERT_REQ - const char* const BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; - const char* const END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; + const char* const BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; + const char* const END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; #endif #ifndef NO_DH - const char* const BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; - const char* const END_DH_PARAM = "-----END DH PARAMETERS-----"; + const char* const BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; + const char* const END_DH_PARAM = "-----END DH PARAMETERS-----"; #endif #ifndef NO_DSA - const char* const BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; - const char* const END_DSA_PARAM = "-----END DSA PARAMETERS-----"; + const char* const BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; + const char* const END_DSA_PARAM = "-----END DSA PARAMETERS-----"; #endif -const char* const BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; -const char* const END_X509_CRL = "-----END X509 CRL-----"; -const char* const BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; -const char* const END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; -const char* const BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----"; -const char* const END_PRIV_KEY = "-----END PRIVATE KEY-----"; -const char* const BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; -const char* const END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; +const char* const BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; +const char* const END_X509_CRL = "-----END X509 CRL-----"; +const char* const BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; +const char* const END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; +const char* const BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----"; +const char* const END_PRIV_KEY = "-----END PRIVATE KEY-----"; +const char* const BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; +const char* const END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; #ifdef HAVE_ECC - const char* const BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; - const char* const END_EC_PRIV = "-----END EC PRIVATE KEY-----"; + const char* const BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; + const char* const END_EC_PRIV = "-----END EC PRIVATE KEY-----"; #endif -const char* const BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; -const char* const END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; -const char* const BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; -const char* const END_PUB_KEY = "-----END PUBLIC KEY-----"; +const char* const BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; +const char* const END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; +const char* const BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; +const char* const END_PUB_KEY = "-----END PUBLIC KEY-----"; #ifdef HAVE_ED25519 - const char* const BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; - const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; + const char* const BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; + const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; #endif #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) @@ -7314,16 +7316,15 @@ int wc_DerToPem(const byte* der, word32 derSz, int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, byte *cipher_info, int type) { + int headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE; + int footerLen = MAX_X509_HEADER_SZ; #ifdef WOLFSSL_SMALL_STACK char* header = NULL; char* footer = NULL; #else - char header[40 + HEADER_ENCRYPTED_KEY_SIZE]; - char footer[40]; + char header[headerLen]; + char footer[footerLen]; #endif - - int headerLen = 40 + HEADER_ENCRYPTED_KEY_SIZE; - int footerLen = 40; int i; int err; int outLen; /* return length or error */ @@ -7344,10 +7345,8 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, #endif /* null term and leave room for \n */ - header[headerLen-1] = '\0'; - footer[footerLen-1] = '\0'; - headerLen -= 2; - footerLen -= 2; + header[--headerLen] = '\0'; + footer[--footerLen] = '\0'; if (type == CERT_TYPE) { XSTRNCPY(header, BEGIN_CERT, headerLen); From b879d138af95d24765542f02e2b9c2a69996628c Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 6 Mar 2018 08:59:10 -0800 Subject: [PATCH 2/2] Fix for using non-const as array sizer (resolves build error with VS). --- wolfcrypt/src/asn.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e0928874f..5c3152afc 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7316,15 +7316,15 @@ int wc_DerToPem(const byte* der, word32 derSz, int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, byte *cipher_info, int type) { - int headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE; - int footerLen = MAX_X509_HEADER_SZ; #ifdef WOLFSSL_SMALL_STACK char* header = NULL; char* footer = NULL; #else - char header[headerLen]; - char footer[footerLen]; + char header[MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE]; + char footer[MAX_X509_HEADER_SZ]; #endif + int headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE; + int footerLen = MAX_X509_HEADER_SZ; int i; int err; int outLen; /* return length or error */