fix for sanity checks on serial input

This commit is contained in:
JacobBarthelmeh
2026-03-04 15:21:54 -07:00
parent 350706d2c8
commit 37e3a8f3bd
3 changed files with 98 additions and 3 deletions
+2 -2
View File
@@ -15924,13 +15924,13 @@ int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s)
/* WOLFSSL_ASN1_INTEGER has type | size | data
* Sanity check that the data is actually in ASN format */
if (s->length < 3 && s->data[0] != ASN_INTEGER &&
if (s->length < 3 || s->data[0] != ASN_INTEGER ||
s->data[1] != s->length - 2) {
return WOLFSSL_FAILURE;
}
XMEMCPY(x509->serial, s->data + 2, s->length - 2);
x509->serialSz = s->length - 2;
x509->serial[s->length] = 0;
x509->serial[x509->serialSz] = 0;
return WOLFSSL_SUCCESS;
}
+93
View File
@@ -243,3 +243,96 @@ int test_x509_GetCAByAKID(void)
#endif /* WOLFSSL_AKID_NAME */
return EXPECT_RESULT();
}
int test_x509_set_serialNumber(void)
{
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
EXPECT_DECLS;
WOLFSSL_X509* x509 = NULL;
WOLFSSL_ASN1_INTEGER* s = NULL;
#if defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_ASN1_INTEGER asnInt;
#endif
ExpectNotNull(x509 = wolfSSL_X509_new());
#if defined(OPENSSL_EXTRA_X509_SMALL)
XMEMSET(&asnInt, 0, sizeof(asnInt));
asnInt.data = asnInt.intData;
asnInt.isDynamic = 0;
asnInt.dataMax = (unsigned int)sizeof(asnInt.intData);
s = &asnInt;
#else
ExpectNotNull(s = wolfSSL_ASN1_INTEGER_new());
#endif
/* --- invalid inputs that must be rejected --- */
/* NULL x509 */
ExpectIntEQ(X509_set_serialNumber(NULL, s), WOLFSSL_FAILURE);
/* NULL s */
ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE);
if (s != NULL) {
/* length == 0: too short */
s->length = 0;
s->data[0] = ASN_INTEGER;
s->data[1] = 0;
ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s),
WOLFSSL_FAILURE);
/* length == 1: still too short */
s->length = 1;
s->data[0] = ASN_INTEGER;
s->data[1] = 0;
ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s),
WOLFSSL_FAILURE);
/* length == 2: still rejected — the guard requires length >= 3 */
s->length = 2;
s->data[0] = ASN_INTEGER;
s->data[1] = 0;
ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s),
WOLFSSL_FAILURE);
/* wrong type byte */
s->length = 4;
s->data[0] = 0x00; /* not ASN_INTEGER */
s->data[1] = 2; /* length field */
s->data[2] = 0x01;
s->data[3] = 0x02;
ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s),
WOLFSSL_FAILURE);
/* mismatched length byte (data[1] != s->length - 2) */
s->length = 4;
s->data[0] = ASN_INTEGER;
s->data[1] = 99; /* claims 99 bytes but s->length - 2 == 2 */
s->data[2] = 0x01;
s->data[3] = 0x02;
ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s),
WOLFSSL_FAILURE);
/* --- valid two-byte serial number --- */
s->length = 4;
s->data[0] = ASN_INTEGER;
s->data[1] = 2;
s->data[2] = 0x01;
s->data[3] = 0x02;
ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s),
WOLFSSL_SUCCESS);
ExpectIntEQ(x509->serialSz, 2);
/* NUL terminator must be placed right after the copied data */
ExpectIntEQ(x509->serial[x509->serialSz], 0);
ExpectIntEQ(x509->serial[0], 0x01);
ExpectIntEQ(x509->serial[1], 0x02);
}
#if !defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL_ASN1_INTEGER_free(s);
#endif
wolfSSL_X509_free(x509);
return EXPECT_RESULT();
#else
return TEST_SKIPPED;
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
}
+3 -1
View File
@@ -24,9 +24,11 @@
int test_x509_rfc2818_verification_callback(void);
int test_x509_GetCAByAKID(void);
int test_x509_set_serialNumber(void);
#define TEST_X509_DECLS \
TEST_DECL_GROUP("x509", test_x509_rfc2818_verification_callback), \
TEST_DECL_GROUP("x509", test_x509_GetCAByAKID)
TEST_DECL_GROUP("x509", test_x509_GetCAByAKID), \
TEST_DECL_GROUP("x509", test_x509_set_serialNumber)
#endif /* WOLFCRYPT_TEST_X509_H */