From a54045113a6c0dc84fe982c1e083fcb7feb42a59 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 2 Mar 2022 17:39:15 -0500 Subject: [PATCH] fixes from review by dgarske --- wolfcrypt/src/asn.c | 55 +++++++++++++++++++++++------------------ wolfssl/wolfcrypt/asn.h | 6 ++--- 2 files changed, 34 insertions(+), 27 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index cc409823e..02b7e4400 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5119,14 +5119,16 @@ static int DumpOID(const byte* oidData, word32 oidSz, word32 oid, #ifdef HAVE_OID_DECODING { - word16 decOid[16]; - word32 decOidSz = sizeof(decOid); + byte decOid[MAX_OID_SZ]; + word16 *out = decOid; + word32 decOidSz = sizeof(decOid) / 2; /* Decode the OID into dotted form. */ - ret = DecodeObjectId(oidData, oidSz, decOid, &decOidSz); + ret = DecodeObjectId(oidData, oidSz, (word16*)decOid, &decOidSz); if (ret == 0) { printf(" Decoded (Sz %d): ", decOidSz); - for (i=0; iunknownExtCallback = cb; +int wc_SetUnknownExtCallback(DecodedCert* cert, + wc_UnknownExtCallback cb) { + if (cert == NULL) { + return BAD_FUNC_ARG; } + + cert->unknownExtCallback = cb; + return 0; } #endif @@ -16954,7 +16960,7 @@ end: /* Parse each extension. */ while ((ret == 0) && (idx < (word32)sz)) { byte critical = 0; - int unknown = 0; + int isUnknownExt = 0; /* Clear dynamic data. */ XMEMSET(dataASN, 0, sizeof(*dataASN) * certExtASN_Length); @@ -16971,28 +16977,29 @@ end: /* Decode the extension by type. */ ret = DecodeExtensionType(input + idx, length, oid, critical, cert, - &unknown); + &isUnknownExt); #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ && defined(HAVE_OID_DECODING) - if (unknown && (cert->unknownExtCallback != NULL)) { - word16 decOid[16]; - word32 decOidSz = sizeof(decOid); + if (isUnknownExt && (cert->unknownExtCallback != NULL)) { + byte decOid[MAX_OID_SZ]; + word32 decOidSz = sizeof(decOid) / 2; ret = DecodeObjectId( dataASN[CERTEXTASN_IDX_OID].data.oid.data, dataASN[CERTEXTASN_IDX_OID].data.oid.length, - decOid, &decOidSz); + (word16*)decOid, &decOidSz); if (ret != 0) { /* Should never get here as the extension was successfully - * decoded earlier. */ - printf("DecodeObjectId failed: %d\n", ret); + * decoded earlier. Something might be corrupted. */ + WOLFSSL_MSG("DecodeObjectId() failed. Corruption?"); + WOLFSSL_ERROR(ret); } - ret = cert->unknownExtCallback(decOid, decOidSz, critical, + ret = cert->unknownExtCallback(decOid, decOidSz * 2, critical, dataASN[CERTEXTASN_IDX_VAL].data.buffer.data, dataASN[CERTEXTASN_IDX_VAL].length); } #endif - (void)unknown; + (void)isUnknownExt; /* Move index on to next extension. */ idx += length; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index ebfb2f498..640d2debc 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1461,7 +1461,7 @@ typedef struct CertSignCtx CertSignCtx; #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ && defined(HAVE_OID_DECODING) -typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit, +typedef int (*wc_UnknownExtCallback)(const byte* oid, word32 oidSz, int crit, const unsigned char* der, word32 derSz); #endif @@ -1827,8 +1827,8 @@ WOLFSSL_ASN_API int ParseCert(DecodedCert* cert, int type, int verify, #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ && defined(HAVE_OID_DECODING) -WOLFSSL_ASN_API void SetUnknownExtCallback(DecodedCert* cert, - wc_UnknownExtCallback cb); +WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert, + wc_UnknownExtCallback cb); #endif WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in,