wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-03-06 22:24:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8587 from lealem47/gh8574

Browse Source 
Fix bug in ParseCRL_Extensions
This commit is contained in:
David Garske
2025-06-12 12:09:52 -07:00
committed by GitHub
parent 701e3ba64e 02a49693e2
commit 2fc1110a13
7 changed files with 228 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
wolfcrypt/src/asn.c
View File

@@ -40481,50 +40481,39 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
return ret;
}
else {
if (length > 1) {
int i;
#ifdef WOLFSSL_SMALL_STACK
mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
DYNAMIC_TYPE_BIGINT);
if (m == NULL) {
return MEMORY_E;
}
#else
mp_int m[1];
#endif
if (mp_init(m) != MP_OKAY) {
ret = MP_INIT_E;
}
if (ret == 0)
ret = mp_read_unsigned_bin(m, buf + idx, length);
if (ret != MP_OKAY)
ret = BUFFER_E;
if (ret == 0) {
dcrl->crlNumber = 0;
for (i = 0; i < (int)(*m).used; ++i) {
if (i > (CHAR_BIT *
(int)sizeof(word32) / DIGIT_BIT)) {
break;
}
dcrl->crlNumber |= ((word32)(*m).dp[i]) <<
(DIGIT_BIT * i);
}
}
mp_free(m);
#ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
#endif
if (ret != 0)
return ret;
DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ * CHAR_BIT,
CRL_MAX_NUM_SZ * CHAR_BIT);
NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ * CHAR_BIT, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
#ifdef MP_INT_SIZE_CHECK_NULL
if (m == NULL) {
ret = MEMORY_E;
}
else if (length == 1) {
dcrl->crlNumber = buf[idx];
#endif
if (ret == 0 && ((ret = INIT_MP_INT_SIZE(m, CRL_MAX_NUM_SZ
* CHAR_BIT)) != MP_OKAY)) {
ret = MP_INIT_E;
}
if (ret == MP_OKAY)
ret = mp_read_unsigned_bin(m, buf + idx, length);
if (ret != MP_OKAY)
ret = BUFFER_E;
if (ret == MP_OKAY && mp_toradix(m, (char*)dcrl->crlNumber,
MP_RADIX_HEX) != MP_OKAY)
ret = BUFFER_E;
if (ret == MP_OKAY) {
dcrl->crlNumberSet = 1;
}
FREE_MP_INT_SIZE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ret != MP_OKAY)
return ret;
}
}
}
@@ -40567,6 +40556,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, buf, &idx,
maxIdx);
if (ret == 0) {
word32 localIdx = idx;
/* OID in extension. */
word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum;
/* Length of extension data. */
@@ -40576,39 +40566,42 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
#ifndef NO_SKID
/* Parse Authority Key Id extension.
* idx is at start of OCTET_STRING data. */
ret = ParseCRL_AuthKeyIdExt(buf + idx, length, dcrl);
ret = ParseCRL_AuthKeyIdExt(buf + localIdx, length, dcrl);
if (ret != 0) {
WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension");
}
#endif
}
else if (oid == CRL_NUMBER_OID) {
#ifdef WOLFSSL_SMALL_STACK
mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
DYNAMIC_TYPE_BIGINT);
DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ * CHAR_BIT,
CRL_MAX_NUM_SZ * CHAR_BIT);
NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ * CHAR_BIT, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
#ifdef MP_INT_SIZE_CHECK_NULL
if (m == NULL) {
ret = MEMORY_E;
}
#else
mp_int m[1];
#endif
if (ret == 0) {
if (mp_init(m) != MP_OKAY) {
if (ret == 0 && (INIT_MP_INT_SIZE(m, CRL_MAX_NUM_SZ * CHAR_BIT)
!= MP_OKAY)) {
ret = MP_INIT_E;
}
}
if (ret == 0) {
ret = GetInt(m, buf, &idx, maxIdx);
}
if (ret == 0) {
dcrl->crlNumber = (int)m->dp[0];
}
mp_free(m);
#ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
#endif
if (ret == 0) {
ret = GetInt(m, buf, &localIdx, maxIdx);
}
if (ret == 0 && mp_toradix(m, (char*)dcrl->crlNumber,
MP_RADIX_HEX) != MP_OKAY)
ret = BUFFER_E;
if (ret == 0) {
dcrl->crlNumberSet = 1;
}
FREE_MP_INT_SIZE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
/* TODO: check criticality */
/* Move index on to next extension. */