wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 03:22:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Error from GetShortInt with negative INTEGER values

Browse Source
This commit is contained in:
Josh Holtrop
2025-08-08 13:15:37 -04:00
parent f114f2cde2
commit 98b6b92a76
4 changed files with 71 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
tests/api/test_asn.c
View File

@@ -411,7 +411,7 @@ int test_SetAsymKeyDer(void)
}
#ifndef NO_ASN
static int test_SetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
static int test_GetSetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
{
EXPECT_DECLS;
@@ -423,6 +423,7 @@ static int test_SetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
word32 outDerSz = 0;
word32 inOutIdx = 0;
word32 maxIdx = MAX_SHORT_SZ;
int value;
ExpectIntLE(2 + valDerSz, MAX_SHORT_SZ);
ExpectIntEQ(outDerSz = SetShortInt(outDer, &inOutIdx, val, maxIdx),
@@ -430,6 +431,11 @@ static int test_SetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
ExpectIntEQ(outDer[0], ASN_INTEGER);
ExpectIntEQ(outDer[1], valDerSz);
ExpectIntEQ(XMEMCMP(outDer + 2, valDer, valDerSz), 0);
if (val < 0x80000000) {
/* GetShortInt only supports positive values. */
inOutIdx = 0;
ExpectIntEQ(val, GetShortInt(outDer, &inOutIdx, &value, maxIdx));
}
#endif /* !WOLFSSL_ASN_TEMPLATE || HAVE_PKCS8 || HAVE_PKCS12 */
#endif /* !NO_PWDBASED */
@@ -442,7 +448,7 @@ static int test_SetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
}
#endif
int test_SetShortInt(void)
int test_GetSetShortInt(void)
{
EXPECT_DECLS;
@@ -453,43 +459,43 @@ int test_SetShortInt(void)
{
/* Input 1 byte min */
valDer[0] = 0x00;
EXPECT_TEST(test_SetShortInt_once(0x00, valDer, 1));
EXPECT_TEST(test_GetSetShortInt_once(0x00, valDer, 1));
/* Input 1 byte max */
valDer[0] = 0x00;
valDer[1] = 0xff;
EXPECT_TEST(test_SetShortInt_once(0xff, valDer, 2));
EXPECT_TEST(test_GetSetShortInt_once(0xff, valDer, 2));
/* Input 2 bytes min */
valDer[0] = 0x01;
valDer[1] = 0x00;
EXPECT_TEST(test_SetShortInt_once(0x0100, valDer, 2));
EXPECT_TEST(test_GetSetShortInt_once(0x0100, valDer, 2));
/* Input 2 bytes max */
valDer[0] = 0x00;
valDer[1] = 0xff;
valDer[2] = 0xff;
EXPECT_TEST(test_SetShortInt_once(0xffff, valDer, 3));
EXPECT_TEST(test_GetSetShortInt_once(0xffff, valDer, 3));
/* Input 3 bytes min */
valDer[0] = 0x01;
valDer[1] = 0x00;
valDer[2] = 0x00;
EXPECT_TEST(test_SetShortInt_once(0x010000, valDer, 3));
EXPECT_TEST(test_GetSetShortInt_once(0x010000, valDer, 3));
/* Input 3 bytes max */
valDer[0] = 0x00;
valDer[1] = 0xff;
valDer[2] = 0xff;
valDer[3] = 0xff;
EXPECT_TEST(test_SetShortInt_once(0xffffff, valDer, 4));
EXPECT_TEST(test_GetSetShortInt_once(0xffffff, valDer, 4));
/* Input 4 bytes min */
valDer[0] = 0x01;
valDer[1] = 0x00;
valDer[2] = 0x00;
valDer[3] = 0x00;
EXPECT_TEST(test_SetShortInt_once(0x01000000, valDer, 4));
EXPECT_TEST(test_GetSetShortInt_once(0x01000000, valDer, 4));
/* Input 4 bytes max */
valDer[0] = 0x00;
@@ -497,7 +503,7 @@ int test_SetShortInt(void)
valDer[2] = 0xff;
valDer[3] = 0xff;
valDer[4] = 0xff;
EXPECT_TEST(test_SetShortInt_once(0xffffffff, valDer, 5));
EXPECT_TEST(test_GetSetShortInt_once(0xffffffff, valDer, 5));
}
/* Corner tests for output size */
@@ -506,43 +512,43 @@ int test_SetShortInt(void)
/* Output 1 byte max */
valDer[0] = 0x7f;
EXPECT_TEST(test_SetShortInt_once(0x7f, valDer, 1));
EXPECT_TEST(test_GetSetShortInt_once(0x7f, valDer, 1));
/* Output 2 bytes min */
valDer[0] = 0x00;
valDer[1] = 0x80;
EXPECT_TEST(test_SetShortInt_once(0x80, valDer, 2));
EXPECT_TEST(test_GetSetShortInt_once(0x80, valDer, 2));
/* Output 2 bytes max */
valDer[0] = 0x7f;
valDer[1] = 0xff;
EXPECT_TEST(test_SetShortInt_once(0x7fff, valDer, 2));
EXPECT_TEST(test_GetSetShortInt_once(0x7fff, valDer, 2));
/* Output 3 bytes min */
valDer[0] = 0x00;
valDer[1] = 0x80;
valDer[2] = 0x00;
EXPECT_TEST(test_SetShortInt_once(0x8000, valDer, 3));
EXPECT_TEST(test_GetSetShortInt_once(0x8000, valDer, 3));
/* Output 3 bytes max */
valDer[0] = 0x7f;
valDer[1] = 0xff;
valDer[2] = 0xff;
EXPECT_TEST(test_SetShortInt_once(0x7fffff, valDer, 3));
EXPECT_TEST(test_GetSetShortInt_once(0x7fffff, valDer, 3));
/* Output 4 bytes min */
valDer[0] = 0x00;
valDer[1] = 0x80;
valDer[2] = 0x00;
valDer[3] = 0x00;
EXPECT_TEST(test_SetShortInt_once(0x800000, valDer, 4));
EXPECT_TEST(test_GetSetShortInt_once(0x800000, valDer, 4));
/* Output 4 bytes max */
valDer[0] = 0x7f;
valDer[1] = 0xff;
valDer[2] = 0xff;
valDer[3] = 0xff;
EXPECT_TEST(test_SetShortInt_once(0x7fffffff, valDer, 4));
EXPECT_TEST(test_GetSetShortInt_once(0x7fffffff, valDer, 4));
/* Output 5 bytes min */
valDer[0] = 0x00;
@@ -550,7 +556,7 @@ int test_SetShortInt(void)
valDer[2] = 0x00;
valDer[3] = 0x00;
valDer[4] = 0x00;
EXPECT_TEST(test_SetShortInt_once(0x80000000, valDer, 5));
EXPECT_TEST(test_GetSetShortInt_once(0x80000000, valDer, 5));
/* Skip "Output 5 bytes max" because of same as "Input 4 bytes max" */
}
@@ -558,8 +564,32 @@ int test_SetShortInt(void)
/* Extra tests */
{
valDer[0] = 0x01;
EXPECT_TEST(test_SetShortInt_once(0x01, valDer, 1));
EXPECT_TEST(test_GetSetShortInt_once(0x01, valDer, 1));
}
#if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA)
/* Negative INTEGER values. */
{
word32 idx = 0;
int value;
valDer[0] = ASN_INTEGER;
valDer[1] = 1;
valDer[2] = 0x80;
ExpectIntEQ(GetShortInt(valDer, &idx, &value, 3),
WC_NO_ERR_TRACE(ASN_EXPECT_0_E));
idx = 0;
valDer[0] = ASN_INTEGER;
valDer[1] = 4;
valDer[2] = 0xFF;
valDer[3] = 0xFF;
valDer[4] = 0xFF;
valDer[5] = 0xFF;
ExpectIntEQ(GetShortInt(valDer, &idx, &value, 6),
WC_NO_ERR_TRACE(ASN_EXPECT_0_E));
}
#endif
#endif
return EXPECT_RESULT();

4
tests/api/test_asn.h
View File

@@ -25,12 +25,12 @@
#include <tests/api/api_decl.h>
int test_SetAsymKeyDer(void);
int test_SetShortInt(void);
int test_GetSetShortInt(void);
int test_wc_IndexSequenceOf(void);
#define TEST_ASN_DECLS \
TEST_DECL_GROUP("asn", test_SetAsymKeyDer), \
TEST_DECL_GROUP("asn", test_SetShortInt), \
TEST_DECL_GROUP("asn", test_GetSetShortInt), \
TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf)
#endif /* WOLFCRYPT_TEST_ASN_H */

19
wolfcrypt/src/asn.c
View File

@@ -1294,6 +1294,12 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
#endif
return ASN_PARSE_E;
}
if (!zeroPadded && (input[idx] >= 0x80U)) {
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
WOLFSSL_MSG_VSNPRINTF("Unexpected negative INTEGER value");
#endif
return ASN_EXPECT_0_E;
}
/* Fill number with all of data. */
*data->data.u16 = 0;
for (i = 0; i < len; i++) {
@@ -1309,6 +1315,12 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
#endif
return ASN_PARSE_E;
}
if (!zeroPadded && (input[idx] >= 0x80U)) {
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
WOLFSSL_MSG_VSNPRINTF("Unexpected negative INTEGER value");
#endif
return ASN_EXPECT_0_E;
}
/* Fill number with all of data. */
*data->data.u32 = 0;
for (i = 0; i < len; i++) {
@@ -3271,7 +3283,7 @@ int GetMyVersion(const byte* input, word32* inOutIdx,
#if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA)
/* Decode small integer, 32 bits or less.
/* Decode small positive integer, 32 bits or less.
*
* @param [in] input Buffer of BER data.
* @param [in, out] inOutIdx On in, start of encoded INTEGER.
@@ -3309,6 +3321,11 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
if (len + idx > maxIdx)
return ASN_PARSE_E;
if (input[idx] >= 0x80U) {
/* This function only expects positive INTEGER values. */
return ASN_EXPECT_0_E;
}
while (len--) {
*number = *number << 8 | input[idx++];
}

4
wolfssl/wolfcrypt/asn.h
View File

@@ -2229,8 +2229,8 @@ WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
WOLFSSL_LOCAL byte GetCertNameId(int idx);
#endif
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
word32 maxIdx);
WOLFSSL_TEST_VIS int GetShortInt(const byte* input, word32* inOutIdx,
int* number, word32 maxIdx);
WOLFSSL_TEST_VIS int SetShortInt(byte* output, word32* inOutIdx, word32 number,
word32 maxIdx);