feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix to handle valid serial number with MSB set. Cleanup to consolidate max serial number length check.

Browse Source
This commit is contained in:
David Garske
2017-10-23 18:28:21 -07:00
parent 2dfad0918a
commit e0734d56df
3 changed files with 27 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
wolfcrypt/src/asn.c
View File

@@ -6398,7 +6398,8 @@ WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header)
}
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
int maxSnSz)
{
int i = 0;
int snSzInt = (int)snSz;
@@ -6412,18 +6413,27 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
sn++;
}
/* truncate if input is too long */
if (snSzInt > maxSnSz)
snSzInt = maxSnSz;
/* encode ASN Integer, with length and value */
output[i++] = ASN_INTEGER;
i += SetLength(snSzInt, &output[i]);
XMEMCPY(&output[i], sn, snSzInt);
/* make sure number is positive */
if (snSzInt > 0) {
/* clear MSB bit */
output[i] &= ~0x80;
/* handle zero case... make 1 */
if (output[i] == 0)
output[i] = 0x01;
/* handle MSB, to make sure value is positive */
if (sn[0] & 0x80) {
/* make room for zero pad */
if (snSzInt > maxSnSz-1)
snSzInt = maxSnSz-1;
/* add zero pad */
i += SetLength(snSzInt+1, &output[i]);
output[i++] = 0x00;
XMEMCPY(&output[i], sn, snSzInt);
}
else {
i += SetLength(snSzInt, &output[i]);
XMEMCPY(&output[i], sn, snSzInt);
}
/* compute final length */
@@ -8201,10 +8211,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
if (ret != 0)
return ret;
}
else if (cert->serialSz > CTC_SERIAL_SIZE) {
cert->serialSz = CTC_SERIAL_SIZE;
}
der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial);
der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial,
CTC_SERIAL_SIZE);
if (der->serialSz < 0)
return der->serialSz;
@@ -11109,12 +11117,9 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size)
algoSz = SetAlgoID(SHAh, algoArray, oidHashType, 0);
#endif
if (req->serialSz > EXTERNAL_SERIAL_SIZE)
req->serialSz = EXTERNAL_SERIAL_SIZE;
issuerSz = SetDigest(req->issuerHash, KEYID_SIZE, issuerArray);
issuerKeySz = SetDigest(req->issuerKeyHash, KEYID_SIZE, issuerKeyArray);
snSz = SetSerialNumber(req->serial, req->serialSz, snArray);
snSz = SetSerialNumber(req->serial, req->serialSz, snArray, MAX_SN_SZ);
extSz = 0;
if (snSz < 0)

4
wolfcrypt/src/pkcs7.c
View File

@@ -993,7 +993,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
esd->contentInfoSeq);
esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
esd->issuerSn);
esd->issuerSn, MAX_SN_SZ);
signerInfoSz += esd->issuerSnSz;
esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
@@ -2576,7 +2576,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
#endif
return -1;
}
snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial);
snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial, MAX_SN_SZ);
issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
issuerSerialSeq);

3
wolfssl/wolfcrypt/asn.h
View File

@@ -804,7 +804,8 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
int maxSnSz);
WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
byte* serial, int* serialSz, word32 maxIdx);
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,