feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix to handle valid serial number with MSB set. Cleanup to consolidate max serial number length check.

Browse Source
This commit is contained in:
David Garske
2017-10-23 18:28:21 -07:00
parent 2dfad0918a
commit e0734d56df
3 changed files with 27 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
wolfcrypt/src/asn.c
View File

@@ -6398,7 +6398,8 @@ WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header)
} }
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output) WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
int maxSnSz)
{ {
int i = 0; int i = 0;
int snSzInt = (int)snSz; int snSzInt = (int)snSz;
@@ -6412,18 +6413,27 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
sn++; sn++;
} }
/* truncate if input is too long */
if (snSzInt > maxSnSz)
snSzInt = maxSnSz;
/* encode ASN Integer, with length and value */ /* encode ASN Integer, with length and value */
output[i++] = ASN_INTEGER; output[i++] = ASN_INTEGER;
/* handle MSB, to make sure value is positive */
if (sn[0] & 0x80) {
/* make room for zero pad */
if (snSzInt > maxSnSz-1)
snSzInt = maxSnSz-1;
/* add zero pad */
i += SetLength(snSzInt+1, &output[i]);
output[i++] = 0x00;
XMEMCPY(&output[i], sn, snSzInt);
}
else {
i += SetLength(snSzInt, &output[i]); i += SetLength(snSzInt, &output[i]);
XMEMCPY(&output[i], sn, snSzInt); XMEMCPY(&output[i], sn, snSzInt);
/* make sure number is positive */
if (snSzInt > 0) {
/* clear MSB bit */
output[i] &= ~0x80;
/* handle zero case... make 1 */
if (output[i] == 0)
output[i] = 0x01;
} }
/* compute final length */ /* compute final length */
@@ -8201,10 +8211,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
else if (cert->serialSz > CTC_SERIAL_SIZE) { der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial,
cert->serialSz = CTC_SERIAL_SIZE; CTC_SERIAL_SIZE);
}
der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial);
if (der->serialSz < 0) if (der->serialSz < 0)
return der->serialSz; return der->serialSz;
@@ -11109,12 +11117,9 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size)
algoSz = SetAlgoID(SHAh, algoArray, oidHashType, 0); algoSz = SetAlgoID(SHAh, algoArray, oidHashType, 0);
#endif #endif
if (req->serialSz > EXTERNAL_SERIAL_SIZE)
req->serialSz = EXTERNAL_SERIAL_SIZE;
issuerSz = SetDigest(req->issuerHash, KEYID_SIZE, issuerArray); issuerSz = SetDigest(req->issuerHash, KEYID_SIZE, issuerArray);
issuerKeySz = SetDigest(req->issuerKeyHash, KEYID_SIZE, issuerKeyArray); issuerKeySz = SetDigest(req->issuerKeyHash, KEYID_SIZE, issuerKeyArray);
snSz = SetSerialNumber(req->serial, req->serialSz, snArray); snSz = SetSerialNumber(req->serial, req->serialSz, snArray, MAX_SN_SZ);
extSz = 0; extSz = 0;
if (snSz < 0) if (snSz < 0)

4
wolfcrypt/src/pkcs7.c
View File

@@ -993,7 +993,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
esd->contentInfoSeq); esd->contentInfoSeq);
esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz, esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
esd->issuerSn); esd->issuerSn, MAX_SN_SZ);
signerInfoSz += esd->issuerSnSz; signerInfoSz += esd->issuerSnSz;
esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName); esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz; signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
@@ -2576,7 +2576,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
#endif #endif
return -1; return -1;
} }
snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial); snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial, MAX_SN_SZ);
issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz, issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
issuerSerialSeq); issuerSerialSeq);

3
wolfssl/wolfcrypt/asn.h
View File

@@ -804,7 +804,8 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
int maxSnSz);
WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
byte* serial, int* serialSz, word32 maxIdx); byte* serial, int* serialSz, word32 maxIdx);
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,