wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

GetASNInt(): check for invalid padding on negative integer.

Browse Source
This commit is contained in:
Daniel Pouzzner
2020-08-28 12:43:21 -05:00
parent 015c73686f
commit 9c76f19625
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
wolfcrypt/src/asn.c
View File

@ -464,6 +464,17 @@ static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
return ret; return ret;
if (*len > 0) { if (*len > 0) {
#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
/* check for invalid padding on negative integer.
* c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1
*/
if (*len > 1) {
if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80))
return ASN_PARSE_E;
}
#endif
/* remove leading zero, unless there is only one 0x00 byte */ /* remove leading zero, unless there is only one 0x00 byte */
if ((input[*inOutIdx] == 0x00) && (*len > 1)) { if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
(*inOutIdx)++; (*inOutIdx)++;