From 2dfad0918ab9a894d24499a1563428cb8c2650c9 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 23 Oct 2017 15:36:58 -0700
Subject: [PATCH 1/2] Updated release notes for added `ec_point_formats`
 extension. Fix for setting serial number with random data where the MSB was
 cleared and resulted in a zero. Fix for build type mismatch error in
 wolfCrypt test with ed25519 and WOLFSSL_TEST_CERT defined.

---
 README                | 3 ++-
 README.md             | 3 ++-
 wolfcrypt/src/asn.c   | 6 +++++-
 wolfcrypt/test/test.c | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/README b/README
index 00fda2fa8..7d863e118 100644
--- a/README
+++ b/README
@@ -35,12 +35,13 @@ before calling wolfSSL_new();  Though it's not recommended.
 *** end Notes ***
 
 
-********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/20/2017)
+********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017)
 
 Release 3.12.2 of wolfSSL has bug fixes and new features including:
 
 This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes.
 
+- Added TLS extension for Supported Point Formats (ec_point_formats)
 - Fix to not send OCSP stapling extensions in client_hello when not enabled
 - Added new API's for disabling OCSP stapling
 - Add check for SIZEOF_LONG with sun and LP64
diff --git a/README.md b/README.md
index ead7a9e82..26444bf07 100644
--- a/README.md
+++ b/README.md
@@ -38,12 +38,13 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```
 
-# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/20/2017)
+# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017)
 
 ## Release 3.12.2 of wolfSSL has bug fixes and new features including:
 
 This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes.
 
+* Added TLS extension for Supported Point Formats (ec_point_formats)
 * Fix to not send OCSP stapling extensions in client_hello when not enabled
 * Added new API's for disabling OCSP stapling
 * Add check for SIZEOF_LONG with sun and LP64
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 1411e6c71..9c6c27074 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6417,9 +6417,13 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
     i += SetLength(snSzInt, &output[i]);
     XMEMCPY(&output[i], sn, snSzInt);
 
+    /* make sure number is positive */
     if (snSzInt > 0) {
-        /* ensure positive (MSB not set) */
+        /* clear MSB bit */
         output[i] &= ~0x80;
+        /* handle zero case... make 1 */
+        if (output[i] == 0)
+            output[i] = 0x01;
     }
 
     /* compute final length */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index cb82e6ea6..a00c3830b 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -12880,7 +12880,7 @@ static int ed25519_test_cert(void)
 #endif /* HAVE_ED25519_VERIFY */
     int          ret;
     byte*        tmp;
-    int          bytes;
+    size_t       bytes;
     FILE*        file;
 
     tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);

From e0734d56df0a3e2ac1899549f0e1d7e356a7993d Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 23 Oct 2017 18:28:21 -0700
Subject: [PATCH 2/2] Fix to handle valid serial number with MSB set. Cleanup
 to consolidate max serial number length check.

---
 wolfcrypt/src/asn.c     | 41 +++++++++++++++++++++++------------------
 wolfcrypt/src/pkcs7.c   |  4 ++--
 wolfssl/wolfcrypt/asn.h |  3 ++-
 3 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 9c6c27074..7b30ceea1 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6398,7 +6398,8 @@ WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header)
 }
 
 
-WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
+WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
+    int maxSnSz)
 {
     int i = 0;
     int snSzInt = (int)snSz;
@@ -6412,18 +6413,27 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
         sn++;
     }
 
+    /* truncate if input is too long */
+    if (snSzInt > maxSnSz)
+        snSzInt = maxSnSz;
+
     /* encode ASN Integer, with length and value */
     output[i++] = ASN_INTEGER;
-    i += SetLength(snSzInt, &output[i]);
-    XMEMCPY(&output[i], sn, snSzInt);
 
-    /* make sure number is positive */
-    if (snSzInt > 0) {
-        /* clear MSB bit */
-        output[i] &= ~0x80;
-        /* handle zero case... make 1 */
-        if (output[i] == 0)
-            output[i] = 0x01;
+    /* handle MSB, to make sure value is positive */
+    if (sn[0] & 0x80) {
+        /* make room for zero pad */
+        if (snSzInt > maxSnSz-1)
+            snSzInt = maxSnSz-1;
+
+        /* add zero pad */
+        i += SetLength(snSzInt+1, &output[i]);
+        output[i++] = 0x00;
+        XMEMCPY(&output[i], sn, snSzInt);
+    }
+    else {
+        i += SetLength(snSzInt, &output[i]);
+        XMEMCPY(&output[i], sn, snSzInt);
     }
 
     /* compute final length */
@@ -8201,10 +8211,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
         if (ret != 0)
             return ret;
     }
-    else if (cert->serialSz > CTC_SERIAL_SIZE) {
-        cert->serialSz = CTC_SERIAL_SIZE;
-    }
-    der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial);
+    der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial,
+        CTC_SERIAL_SIZE);
     if (der->serialSz < 0)
         return der->serialSz;
 
@@ -11109,12 +11117,9 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size)
     algoSz = SetAlgoID(SHAh, algoArray, oidHashType, 0);
 #endif
 
-    if (req->serialSz > EXTERNAL_SERIAL_SIZE)
-        req->serialSz = EXTERNAL_SERIAL_SIZE;
-
     issuerSz    = SetDigest(req->issuerHash,    KEYID_SIZE,    issuerArray);
     issuerKeySz = SetDigest(req->issuerKeyHash, KEYID_SIZE,    issuerKeyArray);
-    snSz        = SetSerialNumber(req->serial,  req->serialSz, snArray);
+    snSz        = SetSerialNumber(req->serial,  req->serialSz, snArray, MAX_SN_SZ);
     extSz       = 0;
 
     if (snSz < 0)
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 63c794ba7..a81ef77d1 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -993,7 +993,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
                                     esd->contentInfoSeq);
 
     esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
-                                     esd->issuerSn);
+                                     esd->issuerSn, MAX_SN_SZ);
     signerInfoSz += esd->issuerSnSz;
     esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
     signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
@@ -2576,7 +2576,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
 #endif
         return -1;
     }
-    snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial);
+    snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial, MAX_SN_SZ);
 
     issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
                                     issuerSerialSeq);
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 3ff5ea597..3aa95a424 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -804,7 +804,8 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
 WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
 WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
 WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
-WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
+WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
+    int maxSnSz);
 WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
     byte* serial, int* serialSz, word32 maxIdx);
 WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,